Professional Documents
Culture Documents
2operational Audit - Objectives and Phases of Operational Audits
2operational Audit - Objectives and Phases of Operational Audits
Albert Einstein
INTRODUCTION
➢ An Operational Audit involves a review of the activities performed in a program or process in the
pursuit of its objectives by individuals, who are often supported by a variety of tools.
The objectives of the review will depend on several factors. First of all, we
must determine whose objectives the engagement is intending to address. Internal
audit should be careful not to define the objectives unilaterally.
Key Objectives of Operational Audits
The objectives for the review could be driven by:
New Rules
➢ Rules can be established internally (e.g., policies and procedures) or externally
(e.g., new or updated laws and regulations), or a combination (e.g., a contract
signed by the organization and one or more external parties).
Poor Performance
➢ Inefficiencies, waste, rework, or complaints from customers and vendors may
trigger management involvement, resulting in their request to have the matter
reviewed by internal audit.
Key Objectives of Operational Audits
The objectives for the review could be driven by: (Cont.)
Compliance Issues
➢ These can be the result of internal quality control initiatives that identify
anomalies.
• This may also include the Entity’s Planning, Budget, and Technological Systems.
• The infrastructure could also include management reports because the extent, accuracy,
proper distribution, and amount of detail contained in it weigh heavily on management’s
ability to perform its duties.
• Lastly, this infrastructure may also include the organizational structure and the
assignment of responsibility and accountabilities
Key Objectives of Operational Audits
• Concerns over business risks, internal and external changes in the internal
and/or external environment and dynamics affecting the organization’s
governance may also influence the objectives of an operational review.
The starting point should be the performance of a risk assessment that allows the CAE to
prepare an audit plan based on the results of an analysis of the organization’s audit universe.
• Communicating With The Corresponding Process Owner About The Timing Of The Review
• Requesting Needed Financial And Operational Reports And Documents,
• Coordinating Staff Availability,
• Identifying The Systems In Use And;
• Defining The Scope, Objectives, Work Schedule, And Budget For The Engagement.
Phases of the Operational Audit
Depending on the scope and objectives for the engagement, they should also consider
other risks, such as operational, legal liability, corporate image (e.g., reputation),
industry specific, compliance, and IT-related risks.
Phases of the Operational Audit
The Following Questions Can Be Very Helpful When Identifying Risk:
• What could go wrong?
• How could that unit fail?
• Are there any liquid assets that require special care and oversight?
• What physical assets are bought and used? How do they need to be protected and
used for maximum effectiveness?
• What intellectual or digital assets are used and constitute a key success factor?
These might include personally identifiable information, copyrights, and licenses.
• How could someone or something disrupt the operations?
• What are the objectives and how do we know if the unit is achieving them?
• Where are the people, processes, systems, or assets vulnerable?
• On what information do they rely the most?
Phases of the Operational Audit
What Must Go Right for Them to Succeed?
✓ Internal auditors can help management achieve its organizational goals by focusing
on the review of activities and other exposures with the highest significance and
likelihood of harming the organization.
✓ Organizations must also excel at delivering, consistently, what the customer needs
and wants.
Phases of the Operational Audit
What Must Go Right for Them to Succeed?
✓ Proactive auditors will look beyond isolated negative events and also look for
the interdependencies that management’s strategic objectives and resources
have.
Phases of the Operational Audit
Risk Factors
Consequently, risk assessments should not be limited to the identification of risks, but should
also:
Help to identify opportunities,
Determine the organization’s preparedness an;
Identify those responsible for appropriately responding to those events
❑ Risk factors are conditions and other variables that in their present, or absence, as the case
may be, either exacerbate or diminish the underlying risk.
❑ The presence of some factors increases the likelihood or impact of the underlying risks.
Phases of the Operational Audit
Risk Factors
Another risk factor is the extent of judgement that can be exercised when performing relevant
operational and control activities.
➢ As the extent of judgment increases, the underlying risk of error, abuse, and malfeasance
increases. So these factors have an opposite effect on the underlying risks.
Phases of the Operational Audit
Risk Factors
• When auditors plan engagements in relative isolation, they often miss important aspects
of the operation and the systems in use that may play an important role in identifying the
risks that should be examined during the audit
Phases of the Operational Audit
Risk Factors
• Internal auditors also benefit from reviewing prior audit workpapers as it provides
insights into the operation reviewed, areas of concern, location of relevant data and
documents, key individuals, amount of time various procedures took for completion, and
verbal observations brought to the attention of process owners.
• Good planning will prevent avoidable problems during fieldwork and good planning
demands that a suitable amount of time be invested in these activities
Phases of the Operational Audit
Typical Audit Steps For Audit Programs
The Planning Phase also involves estimating the amount of time tasks will take for
completion. This can be done by examining the time logs from previous audits to provide
an estimate about the possible time for the current audit.
It is also important to remind auditors that because of the reliance placed on previous time
estimates, underreporting the amount of time it takes to perform tasks is usually not a good
idea.
END OF PRESENTATION
Feel free to reach out to us if you have any questions.