Date post: | 21-Dec-2015 |
Category: |
Documents |
View: | 215 times |
Download: | 1 times |
Operational Auditing--Fall 20071-1
Establishing an I/A Function
Reporting structure Mission statement/ role of dept. Objectives Department tone--teamwork IIA standards Commitment to continuing education
Operational Auditing--Fall 20071-2
Human Relations Issues
General people techniques Due professional care Hostile management approaches Dealing with external auditors Participative approach w/auditees
Operational Auditing--Fall 20071-3
General People Techniques
Promote the “wanna” Foster feedback Adopt a consultative approach Use the “Will Rogers’ Approach”
Operational Auditing--Fall 20071-4
…Due Professional Care
Be fair but don’t whitewash Avoid surprises Go for the win-win Have the guts to go to the top
Operational Auditing--Fall 20071-5
Hostile Management Approaches
Select the right time for discussion Remain flexible in your conclusions Avoid emotion; sometimes even logic won’t
work Don’t corner yourself or the other party Listen to the other party Help the other guy “to be right”
Operational Auditing--Fall 20071-6
Dealing with the External Auditors
Different objectives Different accountability Different qualifications Different activities
Operational Auditing--Fall 20071-7
Cooperation
Economy Efficiency Effectiveness Advantages for the external auditor
Increases external auditor client insight Improves client relations Rotates emphasis
Advantages for the internal auditor Improves training Source of additional work Increases professional knowledge Independent appraisal source
Compliance with SAS 65 and SAS 99
Operational Auditing--Fall 20071-8
SAS 65
Defines roles Defines function Discusses competency & objectivity Considers nature of the work Discusses coordination Guidelines for evaluation Role of direct assistance
Operational Auditing--Fall 20071-10
Typical Int. Audit Assistance
Design of control systems Reduction of risk assessment Reduction of substantive testing
Operational Auditing--Fall 20071-11
Create a Cooperative Bridge
Coordination Risk assessment alert Control system disclosure Common sampling tools Pooled IT knowledge Different perspective Constant general communication
Operational Auditing--Fall 20071-12
Participative Approach
Joint goals Consultation Joint authority Open discussion re: findings Open review of reports
Operational Auditing--Fall 20071-13
COSO
Committee of Sponsoring Organizations FEI, ACIPA, IMA, IIA and AAA
Sponsored the Treadway Commission in 1987
Issued guidelines for Internal Control in 1992: COSO Cube
Issued guidelines for Enterprise Risk Management in 2004: COSO 2
Operational Auditing--Fall 20071-14
COSO Control Objectives
Economy & efficiency of operations Reliable financial and operational data
and reports Compliance with laws and regulations
Operational Auditing--Fall 20071-15
Control Objectives
Reliability and integrity of info Compliance Safeguarding of assets Economical & efficient use of assets Organizational attainment of goals &
objs.
Operational Auditing--Fall 20071-16
Types of Control
Preventive Detective Corrective Directive Compensating
Operational Auditing--Fall 20071-17
Methods of Control
Organizational Operational Personnel Review Facilities
Operational Auditing--Fall 20071-18
Threats to Control
Management override Open access to assets Form over substance approach Conflict of interest
Operational Auditing--Fall 20071-19
COSO Approach to Achievement
Sound control environment Sound risk assessment process Sound operational control activities
Are the processes working Sound info & communications system Effective monitoring
Operational Auditing--Fall 20071-20
Control Environment
Culture of integrity, ethics and competence
Overall mgt. philosophy Proper authority & responsibility Proper organization of resources Proper training and development Senior mgt. attention & direction
Operational Auditing--Fall 20071-21
Internal Audit Process Auditee selection Audit planning Preliminary survey Internal control review Expanded testing Develop findings & recommendations Reporting Follow-up Post audit evaluation
Operational Auditing--Fall 20071-22
Control Self Assessment (CSA)
Methodology Review and Identification
Key business objectives Related risks Mitigating controls
Operational Auditing--Fall 20071-23
CSA-History
Introduced by Gulf Canada in 1987 Gulf used facilitated meetings
Operational Auditing--Fall 20071-24
Facilitated Meetings
Management and staff participate through interviews and polling
Objectives Risks Processes Soft and/or informal controls
Operational Auditing--Fall 20071-25
General Methodology
Shared process Assessment of internal controls Evaluation of risks Development of action plans Assess the likelihood of achieving
objectives SJSU simulation
Operational Auditing--Fall 20071-26
General Approaches
Facilitated meetings--group workshops Questionnaires--yes/no answers Management analysis--self studies
Operational Auditing--Fall 20071-27
Uses
Self analysis for risk* Selection of audit areas* Internal control review* Special projects Soft control analysis
* alternatives to the traditional approach to the I/A process
Operational Auditing--Fall 20071-28
Benefits
Increases I/A scope Target review of high risk areas Increases the effectiveness of corrective
action Builds team-oriented relationships
Operational Auditing--Fall 20071-29
What Is Storyboard Flowcharting?
New method for documenting a process. Clean and simple flowcharting method. Allows for clients and auditors to clearly
understand process under review. Simple technique that requires a good graphics
package and a little imagination. Can use Microsoft PowerPoint, Harvard Graphics,
Corel Draw, etc. Does not replace IS flowcharting.
Operational Auditing--Fall 20071-30
The Basics of Storyboard Meet with client and document process. Use your imagination to choose/draw picture. Under picture write narrative for each step represented. Be creative - good control narrative in green; poor controls in red. Completed storyboard must be reviewed with client. Make any changes necessary. Final copy should be in color for most effective presentation. Different process may require different approach.
Operational Auditing--Fall 20071-31
How to Storyboard
• Meet with client and document process.
• From client interview create storyboard.
A
A
• Print out story board - black and white draft and color for final.
• Review storyboard with client and obtain sign off.
Operational Auditing--Fall 20071-32
Start
Customer Service
Rep ReceivesOrder
Scan Form IntoSystem
Shipping FilesYellow
Customer ServiceRep ResearchesAnd CorrectsInformation
Shipping Pulls And
Packs Orders
End
By Phone?
By Mail or Fax?
On StandardOrder Form?
Shipping SendsOrder and Green
Copy (Invoice)
Customer Service Rep.Key Enters
Data on-Line
ApprovedBy Manager?
Send to SpecialOrder
Department
Print Three-Part
Shipper
Yellow and GreenTo ShippingDepartment
Pink to AccountsReceivable
Department
YES
YES YES
NO
NO
YES
Company XYZOrder-fulfillment process
NO
Operational Auditing--Fall 20071-33
A
A
Customer Representative
Receives orders by faxor mail.
Receives orders by phone.
Standard orders arescanned into system.
Customer Representativeenters order data on-line.
A three-part packing slip is printed per order.
Pink copy sent toaccounts receivabledepartment.
Company XYZOrder-fulfillment process
Packing slip approved by Manager.If not approved, returnedto Customer Representativefor correction
Packing slip
Yellow and green copy go to shipping department.Shipping pulls andpacks orders.
Yellow copy filed inshipping department.
Green copy sentwith order.
Operational Auditing--Fall 20071-35
Work Paper Purposes
Documentation of evidence Audit execution and planning tool Follow-up reference Review facilitator
Operational Auditing--Fall 20071-36
Other W/P Factors
Ownership: the company Preparation guidelines
Completeness & accuracy Clarity & understandability Legibility & neatness Relevance Attention to detail