OPERATIONS AUDITING: CHAPTER 1

Objectives:

 To be familiar with the definition and

characteristics of operational auditing
 To be able to identify the scope of operational
audit
 To be familiar with auditing beyond accounting,
financial, and regulatory requirements
 To identify operational threats and
vulnerabilities
 To determine skills required for effective Auditors have now added a further "three E's" to their
operational audits portfolio of matters of audit interest, particularly as a
consequence of their role in the audit of governance
“A future-oriented, systematic, and independent processes as set out in Standards 2110 to 2110.1 of The
evaluation of organizational activities. Financial data Institute of Internal Auditors.
may be used, but primary sources of evidence are
operational policies and achievements related to
organizational objectives. Internal controls and
efficiencies may be evaluated in this type of review.”

“A review of how an organization's management and its

operating procedures are functioning with respect to
their effectiveness and efficiency in meeting stated
objectives.”
Auditing beyond Accounting, Financial, and
“A future-oriented, independent, systematic, business- Regulatory Requirements
focused evaluation of management, and the
organization's activities controlled by management and In the past, their focus and experience was acquired in
third-parties. Its purpose is to improve organizational the accounting field and saw most audit matters through
profitability and the attainment of organizational the prism of accounting requirements.
objectives.”
Overtime, business leaders and managers witnesses
business failures caused by poor management decisions
and practices.

Operations Management
Related issues are waste, inefficiencies, supplies that
arrive late, poor customer satisfaction, and limited
capacity to grow as opportunities arise or customers'
demand changes

Scope of Operations Auditing

 Effectiveness and efficiency of operations
 Reliability of financial reporting Human Resources
 Compliance with applicable laws and Evidenced by poorly supervised trained and evaluated
regulations employees who sometimes become unmotivated and
unproductive
Audit Approach to Operations Audit
Operational auditors are auditing for the "three Es" -
effectiveness, efficiency, and economy to look for
IT
opportunities for business processes to be done Computer systems, designed with an inaccurate
differently so as to improve their 3 E's. understanding of the business needs and uses of these
systems, poor data campture, and inadequare reporting
mechanisms
 Marketing
Mass marketing of products and services at a time when of generating those profits are within the confines of the
consumers prefer to feel unique, or wasteful campaigns law.
because they target the wrong audience
The Value Auditors Provide
CSR - Primary stakeholders, Nature of Interest, and Power
Issues range from child labor, sweatshop conditions
abusive management, and inappropriate waste disposal.
Stakeholder Interest Power
Environmental Health and Safety (EHS) Maintain stable Bargaining power
Practices and conditions related to poor ventilation, employment Work actions,
excessive hear, extreme noise levels, and workplace Employees Receive fair pay strikes, and
hazards caused by chemicals, machinery, and workplace Work in a safe, lawsuits Publicity
configurations among others comfortable environment
Receive regular orders for Refusing to meet
Suppliers goods/services orders
Be paid promptly Supplying to
competitors
Receive value and quality Purchasing from
Customers for money competitors
Receive safe, reliable Boycotting
products Refusing to pay
Receive repayment of Calling loans
Creditors loans Use legal
Collect debts and interest authorities to
*Internal Auditors are unfortunately not always regarded
repossess assets
as highly as they should.
Receive a satisfactory Exercise voting
The Value Auditors Provide Investors return on Investments rights
Internal auditors promote the efficient and effective use Realize an appreciation in Ability to inspect
of resources. Since organizations operate with the value company records
funding received or authorized by their owners or and reports
contributors, it is imperative that the organization Promote economic Adopting
operates with this principle of financial fiduciary Government development regulations and
responsibility. s Raise revenues through laws
taxes Issuing licenses and
A fiduciary duty is a legal duty to act solely in another permits
party's interests. Parties owing this duty are called Publicizing events
fiduciaries. The individuals to whom they owe a duty are Media Keep the public Informed that affect the
called principals. Fiduciaries may not profit from their Monitor company actions public
relationship with their principals unless they have the Activist groups
principals' express informed consent. They also have a Monitor company actions Lobbying
duty to avoid any conflicts of interest between Activist for ethical and legal government for
themselves and their principals or between their groups behavior regulations
principals and the fiduciaries' other clients. Gaining public
support
Internal auditors contribute to this process by making Provide research and Using
sure that these duties are defined, that structures are set Business Information to Improve staff/resources to
to ensure behaviors are aligned with these objectives, support competitiveness help companies
and making recommendations to the board and senior groups Providing legal
management when there are discrepancies jeopardizing political support
the success of these arrangements.

Internal auditors serve the public and common interests Identifying Operational Threats and Vulnerabilities
by making sure that owners receive the return on their The traditional approach to internal auditing was to
investments that they are entitled to, and that the means perform postmortem reviews to verify that what was
done was done appropriately.
 3. Communication
4. Judgement
Internal auditors need to go beyond inspecting 5. Work well with all management levels
transactions long after they were performed because the 6. Possess governance and ethics sensitivity
focus now leans toward an examination of future threats 7. Be team players
and vulnerabilities that can derail the organization's 8. Relationship building
goals and objectives in the short, medium, and even the 9. Work independently
long term. 10. Team Building
11. Leadership
Identifying Operational Threats and Vulnerabilities 12. Influence
13. Facilitation
Operational - maintaining operational capacity, speed 14. Staff Management
of execution (i.e., cycle time), staffing levels, employee 15. Change catalyst skills
motivation, knowledge transfer, system development,
and implementation Whereas, in the past, it was common for employees to
Technological - including protection of intellectual take a passive approach, waiting for their employers to
property and personally identifiable information, denial tell them when, what, and why training would occur,
of service attacks, business continuity due to staff today's auditors should take a more active and engaged
turnover, and system development approach to their training needs. They should:
Strategic - concerns related to strong customer and 1. Reflect on their present competencies, identify their
vendor relations, customer loyalty, building effective job needs, and perform a gap analysis to meet their
business partnerships, outsourcing arrangements, and current skill requirements
mergers and acquisitions 2. Define their career ambitions and chart a roadmap to
Environmental - may include reliable supply of water acquire the skills and competencies needed in the future
and electricity, achieving a lower carbon footprint, and
reducing the amount of natural resources used during "Business changes, resources change, and risks change,
business activities so both operations and IT must adapt and continually
improve to support the business and mitigate risks to
The IlA's 2015 Global Pulse of Internal Audit, acceptable levels."
Embracing Opportunities in a Dynamic Environment
states, Integrated Auditing
• The approach employed by public accountants, their
"The mandate to address emerging and evolving risks is focus was centered on financial assertions, such as
clear. Risks are emerging at an unprecedented pace, and occurrence, completeness, accuracy, classification,
stakeholders' impatience with surprises is evident." (p. existence, and valuation of accounting, and financial
8). information, as inputs for the organization's financial
statements.
The Skills Required for Effective Operational Audits • Over time it became apparent that accounting/financial
1. Communication skills, such as oral, written, report controls are increasingly dependent on computer
writing and presentation skills systems. For example, exception reports, which identify
2. Problem identification and solution skills, such as transactions that do not meet pre-established criteria, are
conceptual and analytical thinking the result of a computer algorithm that defines rules.
3. Ability to promote the value of internal audit • The approach employed by public accountants, their
4. Knowledge of industry, regulatory, and standard focus was centered on financial assertions, such as
changes occurrence, completeness, accuracy, classification,
5. Organization skills existence, and valuation of accounting, and financial
6. Conflict resolution/negotiation skills information, as inputs for the organization's financial
7. Staff training and development statements.
8. Change management skills • Over time it became apparent that accounting/financial
9. Accounting and IT/CT frameworks, tools, and controls are increasingly dependent on computer
techniques systems. For example, exception reports, which identify
10. Cultural fluency and Foreign language skills transactions that do not meet pre-established criteria, are
the result of a computer algorithm that defines rules.
Behavioral Skills • As organizations grow in size and complexity, it is
1. Confidentiality more common today to achieve integrated audits through
2. Objectivity team composition.
• Integrated audits are designed to address IT questions
while simultaneously examining the business dynamics.
• These are characterized by the simultaneous inclusion
of business and IT subjects in the review.