Professional Documents
Culture Documents
Operational Audits
Operational Audits
Operational Audits
Mentioning the word audit can conjure up thoughts of financial audits that are often done
to assure stakeholders that financial statements are accurate and complete. However,
that’s not the only type of auditing that’s useful to a business. Organizations of every
type — government, universities, hospitals, manufacturers, banks, and others — need to
understand where they are doing well, and where they need to improve to achieve
sustainable growth. Many companies are looking to operational audits to create greater
value by improving operational performance including dimensions of quality, speed,
agility, efficiency, environment, customer value, and cost.
This guide will help you understand the basics of operational audit processes with expert
insights, checklists, examples to help you start gaining the internal business intelligence
needed to support informed decision making and continuous improvement.
Operational audits are a forward looking process, and are part of many organizations’
ongoing business improvement process toolkit. The findings of operational audits are
intended to diagnose which areas need attention and to safeguard assets by averting
potential future risks.
The Operational Auditing Handbook borrows The Institute of Internal Auditors’ (IIA)
definition of an operational audit: “A systematic process of evaluating an organization's
effectiveness, efficiency and economy of operations under management's control and
reporting to appropriate persons the results of the evaluation along with
recommendations for improvement.”
While an audit is usually associated with financial matters, operational audits are more
comprehensive and go beyond financial data (although that type of reporting is often
included). The primary information sources are policies and achievements related to the
objectives of the organization.
Operational audits are a ‘deep dive’ into every facet of management. As a result, start-
to-finish time frames can vary from a few weeks to many months, depending on scope,
complexity, and size of the organization, and whether the audit is for the entire entity or
a particular business unit. Unlike financial audits, which are conducted by external
entities, operational audits are often carried out by an internal auditor.
“The first step is to establish its objectives, can vary depending on the type of
organization and its KPIs, or whether the audit is being conducted to answer a specific
concern from challenges arising in areas like human resources, customer relations, or
manufacturing slowdowns. There may also be government compliance issues to consider
such as consumer safety.”
Part of the objective should also be to maintain quality in the auditing process. “The
standards that apply are defined by ISO 19011, and that is what I recommend as a best
practice. The graphic below covers the main standard areas that govern audits:
1. Integrity: Withstand pressures that may be exerted and take care to comply with
any legal requirements.
2. Fair Presentation: Present all results fairly and report significant concerns.
3. Due Professional Care: Use diligence, due care, and reasoned judgments in
every situation.
4. Confidentiality: Keep information secure, and protect confidential or sensitive
information.
5. Independence: Maintain impartiality and keep actions and reporting bias-free.
6. Evidence-Based: Depend on a fact-based approach to reach reliable conclusions.
Understanding the true status of operations is the basis for a healthier, more competitive,
and more profitable organization.
Benefits of Organizational Audits
Conducted by an internal or external auditor, audits are objective. They supply a fresh
perspective on the good and not-so-good aspects of organizational practices and
processes. The final report should make management aware of problems they might not
have otherwise understood, and gives them a knowledge-base for making improvements.
Executives can also use organizational audit results to motivate team members and
emphasize existing or new goals. Subsequent actions can then lead to greater
profitability, legal compliance, and employee satisfaction in the long term.
The Organization can achieve its aims by applying disciplined, systematic methods to
assess and advance the effectiveness of control, risk management, and governance
processes.
The Individual can continuously improve their ability to apply knowledge and
skills to deliver the intended results.
The End User or Consumer receives more cost efficient and high-quality
products or services.
The World benefits from a better, more sustainable future.
The internal audit isn’t immune to the pressures organizations can experience, so
auditors need to find innovative means to help their company succeed. Many companies
or specific departments (such as IT) focus on incremental improvement to improve
processes, products, and services, or all three.
When asked about the biggest challenges to conducting operational audits, “Top
management support for the auditing program can sometimes be difficult to obtain,
since, by its nature, the process highlights management issues.” He adds, “There needs
to be effective management processes in place to handle conflict management which
may arise due to the audit, and a systems approach to linking organizational goals and
objectives.”
Change Management
Change management needs to be well-handled. The results of the audit will likely lead
to multiple changes, and team members and managers may have difficulty adjusting to
different expectations, processes, personnel, or budgets. Change can also affect
teamwork, but those issues can be mitigated. To learn about how to manage and build
strong teams who can deal with change, review Everything You Need to Know about
Team Assessments.
Auditor Evaluation
Considering the major responsibility of the auditing position (whether the auditor or
auditors are operating internally or externally), “The competence of the auditor or
auditors should be determined based on explicit evaluation criteria.”
He provides this evaluation checklist to help assist in the selection of the best candidate:
Demand for Internal Auditing Experts Is increasing
As proof that the number of operational audits is increasing, the need for internal auditing
experts is on the rise. Robert Half International has found that the demand for internal
auditors in the United States is going strong and that the need for internal auditors is
growing faster than the average for all occupations through 2024. Demand for the
profession is also mounting in Europe and Asia.
The overall process flow for operational audits, has a set of steps, which includes the use
of PDCA for quality and continuous improvement:
Source: How to Conduct a Quality Internal Audit,
Collecting and Verifying Information: After you receive the audit documents,
review the information sources. Audit the evidence and evaluate it against the
audit criteria. Review conclusions.
Generating Audit Findings: The findings will conform or not conform with
audit criteria. For a non-conforming finding, record the supporting evidence.
Review the information with the auditee to ascertain if the evidence is correct. The
team should meet to review findings at designated and/or appropriate audit stages.
Conducting the Audit Activities: Before the closing meeting to review findings,
the audit team should confer and collect information against objectives. The team
should agree on conclusions, prepare recommendations, and discuss follow-up.
Have a closing meeting facilitated by the team leader to present the findings and
conclusions.
Preparing and Distributing the Audit Report: The team leader reports the
results with a complete, accurate, concise, and clear audit record, and delivers it
within the agreed period. In case of a delay, auditee and program manager should
discuss why it happened. The report must be dated, reviewed, and approved based
on agreed upon procedures. Distribute the report as defined in the plan to the
appropriate recipients.
Completing the Audit: Work is complete when all planned audit activities are
accomplished. Documents are kept or destroyed based on the procedures and
applicable requirements set at the beginning of the audit. If disclosure is necessary,
inform the audit client and auditee as soon as possible. Add lessons learned from
the audit to the continual improvement process.
Here’s a checklist that you can use as a framework. Each part of the checklist will likely
need to be broken down into separate activities - plan, do, check, and act - based on the
size and scope of your particular operational audit. To help organize more granular
activities, you’ll find downloadable templates later in this article.
Audit PBC Checklist Template
Whether you have an internal or external auditor, the entire process is much easier when
you’re prepared. Based on the goal of the audit, the checklist can be a valuable guide to
gathering needed documents, clarifying objectives to the team, and keeping key
stakeholders in the loop. This template helps manage and track the pre-audit, and you
can share it with your auditor in real time to generate comment threads, attach documents
and track status with RYG alerts.
Government Audits: For entities of any size - from cities to the United States federal
government - the documentation is made available to the public in the interest of
transparency.
Financial audits: This type of audit provide an opinion about whether or not financial
statements are true based on accounting standards for the benefits of tax authorities,
customers, investors, and regulators. To learn more specific about financial audits, read
Financial Audit Manual: Processes, Requirements and Checklists.
City Operational Audit Examples - El Paso, Texas: Like most cities, El Paso
Texas reports each fiscal year on multiple operations, functions and services, such
as community and human development management, capital improvements, and
other specific areas it governs. The internal audit for Fiscal Year 2017 is available
in multiple downloadable sections. The reports focus on different areas each year,
as well. Review El Paso Internal Audit for Fiscal Year 2017 and El Paso Internal
Audit for Fiscal Year 2016.
State Operational Audit Plan Example - Indiana Office of Management &
Budget: Deloitte & Touch performed an audit for the for the Indiana Department
of Revenue for its oversight agencies in 2012. You can review the full results in
its Controls and Performance Audit.
Hospital Operational Audit Plan Document Example - University of Texas
(UT): The Office of Internal Audit for UT Health North conducted a risk-based
audit which reviewed equipment leases, acquisitions, maintenance, and
warranties. You can examine the full 27-page document at Capital Equipment
Operational Audit.
University Internal Audit Plan - University of Colorado: Operational audits
evaluate whether university processes are adequate and function in a manner that
helps ensure achievement of objectives. They review operations to see what can
be improved, conduct investigations into suspected or reported irregularities,
assess programs and initiatives, consult with stakeholders, and provide feedback
to ensure sound business practices. You can review the current University of
Colorado Department of Internal Audit 2018 Audit Plan.
Public Facilities - The Port of Seattle: Airport public parking operation
management controls were reviewed to ensure that transactions were handled
correctly in the Seattle-Tacoma International Airport garage and to ensure
facilities were well-managed. Examine The Internal Audit Report:
Comprehensive Operational Audit Airport Public Parking Operation to see the
results.
Credit Union - Sample Credit Union Report on Operations: This is a reporting
template credit unions follow to comply with National Credit Union
Administration (NCUA) standards for operations and management review.
Examine the 22-page format in Sample Credit Union Report on Operations.
Non-Profit/International Relief - United Nations (UN) Audit: The United
Nations performed an audit to track how logistical support was hampered in its
African Union-United Nations Hybrid Operation in Darfur from January 2008
through 2010. Review the Audit of Logistic Operations in UNAMID full report.
Intellectual Property - World Intellectual Property Organization: A 2015
operational report examined the effectiveness and efficiency of essential business
processes including organizational structure, risk management, and controls.
Review the Audit of the Management of WIPO Customer Services.
Pharmaceutical Manufacturing - Univar: Univar is a leading global distributor
of chemistry and related innovative products and services. Labtopia, a consulting
firm, created a sample audit report for suppliers to use to report on operations.
Review the 18-page template Audit Report.
Manufacturing - Factory Audit Report (Asia): Asian Inspection provides the
means for its customers to conduct operational audits. The format for a report
includes workflow charts, system management, labor, hygiene and social
responsibility sections. View the 33-page Factory Audit Report.