OPERATIONS AUDITING
9. Arrange as:
REVIEW OF GOVERNANCE CONCEPTS
Definition of Terms
Operational audit refers to a systematic process of
evaluating an organization’s effectiveness, efficiency
and economy of operations under management’s
control and reporting to appropriate persons the
results of the evaluation along with recommendations
for improvement. - THE INSTITUTE OF INTERNAL
AUDITORS
Stakeholders- parties interested to and affected by
the affairs and operations of the business.
Stock and profit org.= stockholders and BODirectors.
Non-stock and non-profit= members and BOTrustees.
Comply or explain approach- voluntary compliance
with mandatory disclosure.
Principle of proportionality- allowed flexibility in
establishing corporate governance policies.
Chief Audit executive- responsible for managing the
internal audit activity.
A MODEL OF BUSINESS
Corporate governance- helps ensure proper
stewardship over an entity’s assets.
• Utilize the entity’s resources in the best
interest of absentee owners
• Faithfully report the economic condition
and performance of the enterprise
Board of Directors => Management oversight
Audit Committee => Internal and external audit work
Management=> decides on mission, vision, and goals
REVISED CORPORATE GOVERNANCE IN THE
PHILIPPINES
Salient features:
1. Released Nov. 22, 2016, effective Jan 1, 2017
2. Intended to raise the corporate governance
standard at par with reginal and global cp.
3. Comply or explain approach feature added.
4. No “one size fits all” framework, principle of
proportionality is considered in application.
5. Increase responsibilities of the board.
6. competence and commitment of directors.
7. Protection of shsholders and stakeholders.
8. Full disclosure and transparency
Principles: high-level statements of corporate
governance good practices
Recommendations: objective criteria that are
intended to identify the specific features of
corporate governance good practices.
Explanations: additional info on the
recommended best practice.
CORPORATE GOVERNANCE- system of stewardship
and control to guide org in fulfilling their long-term
economic, moral, legal and social obligations.
*Hold board and senior mgmt. accountable for
ensuring ethical behavior
*reconcile long-term C.S with shareholder value
*Maximize the organizations long-term success.
FOUR CORE PRINCIPLES OF CORP. GOVERNANCE
1. FAIRNESS- receive equal consideration,
sense of justice and avoidance of bias
2. RESPONSIBILITY- carry out duties with
honesty, probity and integrity.
3. ACCOUNTABILITY- held accountable for
decisions and submit themselves to scrutiny
4. TRANSPARENCY- make clear why every
decision was made to shareholders.
BOARD’S GOVERNANCE RESPONSIBILITIES
1.ESTABLISHING A COMPETENT BOARD
Principles:
-headed by a competent board
-collective working knowledge
-5-15 members, elected by shareholders.
-at least 2 independent directors or 20% of the
members of the board.
Independent Director-person who is independent of
management and the controlling shareholder
Recommendations:
 Appropriate mix of competence and
expertise relevant to industry.
 Majority of non-executive directors who
possess the necessary qualifications
 Policy on training of directors, orientation
for first timers and annual training for all
 Policy on board diversity
1 (OpsAud)
 OPERATIONS AUDITING
 Should have a corporate secretary and
compliance officer.
CORPORATE SECRETARY- separate from compliance
officer.
-not a member of BOD
-annually attend training on corporate governance
COMPLIANCE OFFICER- rank of a senior VP or
equivalent
-not a member of BOD
- annually attend training on corporate governance
2.ESTABLISHING CLEAR ROLES AND
RESPONSIBILITIES
Principle:
-roles and responsibilities, by-laws, legal
pronouncements should be clearly made known to all
Recommendations:
 Members should act on a fully informed
basis and best interest of the company
 Board should oversee development and
approve objectives and strategy, monitor
and implement
 Should be headed by a competent and
qualified chairperson.
 Responsible for ensuring and adopting an
effective succession planning program
 Align renumeration of key officers to long-
term interest of the company
 Formal and transparent board nomination
and election policy
 Ensure group-wide policy and system
governing RPT’s and other unusual transac
 Primarily responsible for approving the
selection and assessment of management.
 Establish effective performance
management framework to ensure at par
with standard sets by higher-ups.
 Oversee internal control system is in place.
 Oversee ERM framework is in place.
 Board should have a Board Charter to
formalize its duties and responsibilities.
PRINCIPAL-AGENT RELATIONSHIP
-fiduciary duty of a director to the corporation creates
a principal-agent relationship.
-coz directors have the control and guidance of
corporate affairs and property and hence of the
shareholder’s property interest.
TRUST FUND DOCTRINE
-property of a corporation is considered as a funds
held in trust for the creditors
-directors are entrusted to manage the funds
prudently for the benefit of creditors and
shareholders.
3. ESTABLISHING BOARD COMMITTEES
Principles:
-set up to the extent possible to support the effective
performance of the board’s function
-composition, functions and responsibilities of all
should be contained in publicly available charter
Recommendations:
 Establish committees that focus on specific
board functions
AUDIT COMMITTEE- oversight responsibility for
internal and external audit functions
 At least 3 qualified non-executive directors,
majority including chairman, Independent.
 Relevant background, skills and experience
to accounting, auditing and finance
 Chairman of audit com. should not be
chairman of any other.
NOMINATION COMMITTEE- review and evaluate the
qualifications of all persons nominated to the board
and other appointments.
 Of at least 3 members, 1 should be
independent director.
COMPENSATION OR RENUMERATION-establish a
formal and transparent procedure for developing a
policy on renumeration of directors and officers.
 Of at least 3 members, 1 should be
independent director.
CORPORATE GOVERNANCE - assist the board in
performing corporate governance responsibilities,
incl functions of nomination and renumeration, if they
opted not to have.
 of at least three members, all of whom
should be independent directors, including
the Chairman.
BOARD OVERSIGHT- recommended for issuers of
debt securities and for companies with a high-risk
profile.
 of at least three members, the majority of
whom should be independent directors,
including the Chairman.
2 (OpsAud)
 OPERATIONS AUDITING
 One member have relevant and thorough
knowledge and experience on risk and risk Principles:
management. Recommendations:
RELATED PART TRANSACTIONS (RPT) COMMITTEE-
review all material related party transactions of the Principles:
company. Recommendations:
 Includes transfer of sources, services or
obligations, outstanding transactions of
unrelated that eventually become related.
 Of at least 3 non-executive directors, 2
should be independent including chairman.
4.FOSTERING COMMITMENT
Principles: Directors should devote time and attention
Recommendations:
 Attend and participate in all meetings
 Non-executive directors of the board should
concurrently serve max of 5 publicly listed
companies.
5.REINFORCING BOARD INDEPENDENCE
Principles: endeavor to exercise an objective and
independent judgement on all corporate affairs.
Recommendations:
 Of at least 3 ind. Directors or 1/3 of the
members of the boards, whichever is higher
 Possess the necessary qualifications and
none of the disqualifications.
 Maximum of 9 years cumulative
 Chairman and CEO should be separate indiv
 Designate a lead director among the
independent directors if the chairman is not
independent.
 Director with material interest should
abstain from taking part in the deliberations
for the same
 NEDs should have separate periodic
meetings with the external auditor and
internal audit to ensure check and balances
6.ASSESSING BOARD PERFORMANCE
Principles: best measure is through assessment
process
Recommendations:

Principles:
Recommendations:

Principles:
Recommendations:

3 (OpsAud)
 OPERATIONS AUDITING
Internal auditing-

Foundation of the institute of Internal Auditors in

1941
 Centralization
 Defined hierarchy

4 (OpsAud)
 OPERATIONS AUDITING
CRITERIA FOR EVALUATING EFFICIENCY AND
EFFECTIVENESS
A major challenge- no well-defined criteria
In financial audit-standards
Specific criteria- usually favorable
Sources of criteria:
-historical performance-comparison of prior-period
and current period operations.
-benchmarking- should be in similar nature
-engineered standards
-discussion and agreements
PHASES IN OPERATIONAL AUDITING
-PLANNING
-EVIDENCE ACCUMULATION AND EVALUATION
-REPORTING AND FOLLOW UP
PLANNING
-most important phase
“Failing to plan is planning to fail.”
-when planning is done poorly, rework is common.
First determine the scope of engagement and
communicate it to the organizational unit.
It is also necessary to:
-staff the engagement properly
-obtain background information
-understand the internal control
-decide on the appropriate evidence to accumulate
REMEMBER THE 6PS.
-Proper prior planning prevents poor performance
Steps in planning an engagement.
1. Determine the engagement objectives and
scope.
2. Understand the auditee.
3. Identify and assess risks.
Risk factor- conditions or variables in which
their presence or absence may exacerbate
or diminish the underlying risk.
4. Identify key controls-integral controls.
5. Evaluate the adequacy of the controls- first
key evaluation.
6. Create a test plan- outlines how each key
control are tested.
7. Develop a work program- outlines the key
task in the engagement process.
8. Allocate resources to the engagement.
-not limited to money
-includes time, and personnel
General rule: with each passing audits, auditors
should be a little faster than before.
Exception: when there are changes in process,
workers, systems, or auditors.
Planning also requires:
• Conduct a preliminary risk assessment
• Gather top management input
• Prepare a draft annual audit plan
• Obtain the formal approval of the audit
committee or the board.
Guidelines:
• Distribute annual audit plan to senior
management.
• Keep senior management informed of
any changes.
• Ensure management is informed
about internal audit work at least a
month before.
• Special requested assignments require
different procedures
• If there any special assignment going
parallel with the normal audit
• If there is a need for additional person,
raise requisition at most appropriate
time.
Fraud considerations- intentional deception or
misrepresentation
-managing the risk of fraud is the responsibility of
management
PLANNING ACTIVITIES
1. Evaluation of operation or programs being
carried out
2. Monitoring and evaluating governance
processes.
3. Monitoring and evaluating the effectiveness
of the organization’s risk management
processes.
4. Evaluating the performance of external
auditors
5 (OpsAud)
 OPERATIONS AUDITING
5. Performing consulting and advisory
services.
6. Reporting on internal audit activities
7. Reporting on risk exposures and control
issues.
8. Evaluating specific operations
PLANNING FOR EXTERNAL AND OPERATIONAL
AUDITS
-diverse objective
Financial audit- objective examination and evaluation
of the financial statements of an organization to make
sure that the financial records are a fair and accurate
representation of the transactions they claim to
represent.
Operational audit- an operational audit refers to a
method of examining how an organization conducts
business.
This type of audit identifies areas where a company
can improve.
EVIDENCE ACCUMULATION AND EVALUATION OR
FIELDWORK
Conduct the following steps:
• Conduct test to gather evidence.
• Evaluate the evidence gathered and read
conclusion.
• Develop observations and formulate
recommendations.
AUDIT EVIDENCE- Information or data that the auditor
collects during the audit process to support their
findings and conclusions.
PROFESSIONAL SKEPTICISM- sufficiently suspicion of
data received and reasonably verify that the
information is free from manipulation or
modification.
REASONABLE ASSURANCE- strive to obtain sufficient
appropriate evidence to provide a reasonable basis
for formulating conclusions and advice.
To be persuasive, evidence must be:
-relevant, reliable and sufficient
Guideline
• Evidence obtained from independent third
parties is more reliable.
• Evidence produced by a process or system
with effective controls is more reliable.
• Evidence obtained directly by the internal
auditor is more reliable.
• Documented evidence is more reliable.
• Timely evidence is more reliable.
• Corroborated evidence is more sufficient.
• Larger samples produce more sufficient
evidence.
Types of audit evidence
Testimonial- consist of verbal or written statements
or assertions given by someone as proof regarding the
matter being discussed.
Types:
1. Testimony- it is what the individual states
about on his own personal knowledge
2.
Physical can be either through observation or
inspection:
Observation- visually evaluate physical facilities,
conditions and practices to verify their existence,
condition, valuation and protection.
-the auditee knows that the auditor is observing
-doesn’t know the observation
Document inspection- another common way of
collecting evidence is by reviewing documents.
DOCUMENTARY EVIDENCE
-created information whose reliability is affected by
the source.
ANALYTICAL EVIDENCE- analysis or verification of
information.
Analytical procedure entail assessing information
obtained during an engagement:
-by comparing the information with expectations
identified or developed by the internal auditor
Audit procedures are specific task performed by the
internal auditor to gather the evidence required to
achieve the prescribed audit objectives.
-obtain a thorough understanding of the auditee
-teste the design adequacy and operating
effectiveness
-analyze plausible relationships among different data
-directly test recorded financial and non-financial
information
6 (OpsAud)
 OPERATIONS AUDITING
Obtain sufficient appropriate evidence to achieve the
prescribed audit objectives.

NATURE OF AUDIT PROCEDURES

-relates to the types of tests the internal auditor
performs to achieve his or her objective.

Audit procedures done to get evidence:

• Inspection of documents or records
• Inspection of tangible asserts
• Observation
• Inquiry
• Confirmation AUDIT WORKING PAPERS
• Recalculation -document prepared by or used by the auditor as part
• Reperformance of the work done
• Analytical procedures -collection of evidentiary material during the audit
• Vouching process
• tracing
EXTENT OF AUDIT PROCEDURES MOST COMMON WORKING PAPERS
-extent of audit procedures pertains to how much 1. narratives- consist of a description of a
audit evidence the internal auditor must obtain to process or business activity and usually
achieve his objectives prepared to explain how work is being done
An internal auditor must determine: in an area being audited.
-the right combination of procedures 2. Flowcharts- diagram of the sequence of
The degree to which individual tests are to be movements or actions of people or things
conducted. involved in a process or activity.
3. Internal control questionnaire- evaluate
TIMING OF AUDIT PROCEDURES internal controls in specific areas by asking
- when audit procedures are performed, and key questions.
the period of time covered
- -before prior end or at prior end GUIDELINES FOR WORKING PAPER PREPARATION
- Certain audit procedures can be performed CAE- responsible for establishing working paper
only at after end policies and procedures.
Relevant factors
-control environment Cross-referencing- linking information from one
-When relevant information is available
-The nature of risk Paper form
-The period or date to which the audit evidence Electronic form or both
relates. Correctly, clearly, concisely and quickly

FIELDWORK REMINDERS
-carry out field work as indicated in the annual audit
plan
-obtain cooperation form the management and the
staff as necessary
-remember that if its not document it is not done
-conduct fieldwork with minimal disruption

7 (OpsAud)
 OPERATIONS AUDITING
Reporting Follow up review- auditor is checking to make sure the
-communicating findings, observation and best corrective action was performed.
practices noted during the review and developing
recommendations for corrective actions METRICS
-exist to assess the performance
Findings: for more serious reportable conditions -visible report and monitor them publicly
-key aspect of effective management.
KEY ATTRIBUTES OF EFFECTIVE AUDIT FINDINGS
1. Criteria- what should exist or occur.
2. Condition- what discovered as a result of
the performance of audit procedures.
3. Cause-reason the conditions exist and why.
4. Effect-impact of the condition
5. Recommendation-action item necessary to
correct the condition, so performance is
consistent with the criteria.
TWEO TYPES OF DEFICIENCIES
1. design- the process or program is poorly structured
and mechanism to avoid problems
2. operating

TWO KEY PROBLEMS OF TELLING CLIENTS WHAT TO

DO:
1. Dependency
2. Lack of ownership

Audit report- final engagement communication

Ways to communicate the results
-memoranda
Outlines
Discussions
-draft working papers

8 (OpsAud)
 OPERATIONS AUDITING
THE 8 E’S
1. Effectiveness- process of evaluating the
degree to which the organization, program
or process is achieving its goals and
objectives.
Consist of comparing the planned outputs
with the actual outputs.
2. Efficiency- relates to the use of inputs and
other resources towards the achievement
of goals and objectives in some form of
productive activity.
Two contributing factors to greater efficiency:
-Employees skills
-Technology
3. Economy refers to the price paid for
organizational resources.
-A better approach to assessing the
economy is to consider the entire value of
the item.
4. Excellence- quality in all everyone does is
essential for continued success. Measuring
quality is essential to determine if it is being
achieved and always remember that people
do what is measured, repeat what is
rewarded and stop doing what is punished.
5. Ethics define as the rules of behavior based
on ideas about what is morally good and
bad, it deals with what is good and bad
behavior, what is morally right or wrong,
and moral duty and obligation.
It is a critical subject for internal auditors
because an individual’s viewpoint regarding
what is right and wrong will drive most
aspects of decision-making and corporate
behavior.
Three P’s to consider:
Profit, People, Planet
“The internal audit activity must assess and
make appropriate recommendation for
improving the governance process in the
promotion of appropriate ethics and values
within the organization.”
What will happened when there is a lack of
ethics?
A key driver of inappropriate behavior in an
organization and can have significant
implications for policy-making and
organizational conduct.
Effects of the lack of ethics:
1. Legal and regulatory issues
2. Decreased organizational
effectiveness.
3. Reputational damage.
4. Decreased employee morale.
Two approaches of ethical principles
Teleological/ prescriptive approach
-focus on the “consequences of the act”
-determine morality of a decision based on the
outcome or consequences.
Deontological Approach
-focus on the inherent rightness or wrongness of
actions themselves, rather than on their
consequences or outcomes.
-Immanuel Kant
6. Equity relates to the treatment of others
with dignity and respect. This should be
done consistently, by everyone, always.
Federally protected classes in the US.
1. Race
2. Color
3. Religion or creed
4. National origin or ancestry
5. Sex
6. Age
7. Physical or mental disability
8. Veteran status
Consequences: Fine, Penalties, Lawsuits.
Management must make sure that they
provide their employees with enough
information.
Key actions
-clearly state job requirements
-Explain the impact of work experience.
-provide clear performance evaluation
criteria
7. Ecology- environmental concerns have
reached high levels over the past years and
will likely continue to garner much attention
in the future. In addition, stakeholders
increasingly expect organizations to act
responsibly toward the environment.
-Beyond compliance, ecological awareness
and stewardship can also have a positive
9 (OpsAud)
 OPERATIONS AUDITING
impact on the organization’s profitability.
Companies can reduce their operating
costs by limiting their water usage,
lowering their consumption of electricity
and generating electricity themselves.
-while environmental stewardship is
expected by all, some don’t respond with
equal fervor to altruistic goals. But these
same individuals may respond favorably.

Organizations embracing environmental

strategies:
PROCTER AND GAMBLER- working with
UNICEF.
Starbucks
Coca-Cola
8. Emotion- this relates to the emotional
attachment and involvement that highly
engaged employees show while working
and interacting with others.
-values
-mission
-vision
-objectives
*all motivating
IMPLICATIONS FOR INTERNAL AUDITOR

10 (OpsAud)
 OPERATIONS AUDITING
ELEMENTS OF INTERNAL CONTROL
1. Control environment
CH4: INTERNAL CONTROL AND RISK
MANAGEMENT 2. Risk assessment
3. Information and communication
Committee of sponsoring organizations of the
4. Monitoring
treadway commission (COSO)-dedicated to providing
5. Entity’s Control activities
thought leadership through the development of
frameworks and guidance on ERM, internal control
-working in an interrelated manner
and fraud deterrence. Joint initiative of:
CONTROL ENVIRONMENT
 American Institute of Certified public
-sets the tone of an organization, influencing control
accountants
consciousness of its people.
 Financial executives international
-umbrella that covers the entire entity and establishes
 Institute of Management Accountants.
the framework
 Institute of internal auditors.
-Factors that affect the control environment are as
 American Accounting Association.
follows: (ICHAMPO)
INTERNAL CONTROL
 Integrity and ethical values communication
-designed and effected by an entity’s board of
and enforcement
directors, management and other personnel to
 Commitment to competence
provide reasonable assurance about:
 Human resources policies and practices
1. Reliability of financial reporting
 Assignment of authority and responsibility
2.Effectiveness and efficiency of operations
 Management’s philosophy and operating
3.Compliance with applicable laws and regulations.
style
Internal Control System- consists of all policies and
 Participation of those charged with
procedures and processes adopted to assist in
governance
achieving management’s objective of ensuring the
 Organizational structure
orderly and efficient conduct of its business.
ROLE OF INTERNAL AUDITOR FOR
Integrity and ethical values communication and
INTERNAL CONTROL
-verifying that management has met its responsibility. enforcement
-entity needs to establish ethical and behavioral
-provide reasonable assurance that the system of
standards that are communicated to employees and
internal control is designed adequately and operating
effectively. are reinforced by day-to-day practice.
-“provide assurance and advisory support to -Senior management and BOD should lead by
example and through the use of policy statements,
management on internal control…includes evaluating
codes of conduct and training.
the adequacy and effectiveness if controls in
responding to risk within the organization’s oversight, Commitment to competence
-Competence- knowledge and skills necessary to
operations and information system.”
accomplish the tasks that define an individual’s job.
-communicates finding with the management, audit
committee and/or BOD. -must specify for a particular job and translate into
LIMITATIONS OF INTERNAL CONTROL required knowledge and skills.
Human resources policies and practices
-Customs, culture and corporate governance system
-should have sound personnel policies for hiring,
may inhibit fraud
-Mistakes of judgments, carelessness, distraction or orienting, training, evaluating, counselling,
promoting, compensating, and taking remedial
fatigue
action.
-inappropriate management override internal control
-extent is also limited by cost considerations -Causes of errors in accounting system has shown
personnel-related issues to be a major cause of error.

11 (OpsAud)
 OPERATIONS AUDITING
Assignment of authority and responsibility
-how authority and responsibility for operating
activities are assigned and how reporting
relationships and authorization hierarchies are
established.
-Includes policies
✓ Acceptable business practices, knowledge,
and experience of key personnel, and
resources provided for carrying out duties.
✓ Directed at ensuring that all understand
the entity’s objectives.
Management’s philosophy and operating style
-Establishing, maintaining, and monitoring the
entity’s internal controls are management’s
responsibility. Characteristics that may signal
important information includes:
✓ Management’s approach to taking and
monitoring business risks.
✓ Attitude and actions towards financial
reporting
✓ Attitude toward information processing
and accounting functions and personnel.
Participation of those charged with governance.
-BOD and Audit committee significantly influence the
control consciousness of the entity. Must take their
fiduciary responsibilities seriously and actively
oversee the entity’s accounting and reporting
policies and procedures.
-Factors that can impact the effectiveness:
✓ Independence from management
✓ Experience and stature of its members
✓ Extent of involvement and scrutiny of the
entity’s activities
✓ Appropriateness of its actions
✓ Information it receives.
✓ Degree to which difficult qs are raised and
pursued with management.
✓ Interaction with external and internal
auditors.
Important duties of audit committee:
✓ Dictate, compensation, and oversight of
the public accounting firm conducting the
entity’s audit.
✓ Resolution of disagreements between
management and audit team
✓ oversight of the entity’s internal audit
function
✓ approval of non-audit services provided by
the public accounting firm performing the
audit engagement.
✓ Oversight of the anonymous Fraud hotline
Organizational structure
-how authority and responsibility are delegated and
monitored.
-Provides framework for achieving entity-wide
objectives.
CONTROL ACTIVITIES
-policies and procedures that help ensure that
management’s directives are carried out and are
implemented to address risk identified in the risk
assessment process.
-automated or manual
-it includes:
✓ Performance reviews- should have controls
that independently check the performance
of individuals or processes in the system.
✓ Information processing controls, including
authorization and document-based
controls. Two main categories:
-General controls-overall information
processing environment and include
controls over data and network operations.
-Application controls- apply to the
processing of individual applications;
ensure that each transaction is properly
authorized; all relevant information must be
captured.
✓ Physical controls-physical security of
assets.
✓ Segregation of duties-segregate the
authorization of transactions, recording of
transactions and custody of the related
assets.
Control activities can be categorized as:
Preventive-act before the error or omission can occur
and reduce the likelihood of the event.
Detective-identify errors and anomalies after they
have occurred and alert the need for corrective
action.
Directive-temporary controls that are implemented
to redirect employee actions.
12 (OpsAud)
 OPERATIONS AUDITING
Compensating- put in place when a control is not
where it is expected as proper design would stipulate.
INFORMATION SYSTEMS AND COMMUNICATION
-information system consist of infrastructure,
software, people, procedures, and data.
-communication involves providing an understanding
of individual roles and responsibilities pertaining to
internal control over financial reporting.
-Relevant, accurate and timely information must be
available to individuals at all levels of an organization.
MONITORING
On-going and separate evaluations. Determine
whether the other components of internal control
continue to function over time.
Reporting deficiencies- identified and communicated
in a timely manner to those parties for taking
corrective action.
RISK ASSESSMENT
-risk- possibility that events will occur and affect the
achievement of objectives and strategy.
Different types of risk faced by the organizations:
-Business and process risk
-technological and information tech
PRODUCT OR SERVICE FAILURE RISK- faulty or
nonperforming products and services that do not
meet customer expectations.
CYCLE TIME RISK- unnecessary activities threaten the
organization’s capacity to develop, produce, market
and deliver goods and services in a timely manner.
PRODUCT DEVELOPMETN RISK- ineffective product
development threat to ability to meet or exceed
customer’s expectations consistently over the long
term.
HEALTH AND SAFETY RISK- failure to provide a safe
working environment for workers.
Leadership risk- workers are not being led effectively.
Outsourcing risk-result in third parties not performing
in a way that is consistent with the organization’s
strategies, objectives and behavioral standard and
expectations.
Competitor risk- actions by competitors may threaten
the organization’s competitive advantage.

Natural environment risk

-energy supply disruption
-damage from fire, water, or natural resources
-inability to secure needed resources
-dependency on carbon-based energy resources
POLITICAL RISK
-changes in legislation and regulation due to
government changes
-social unrest triggered by changes in government
Execution risk- inability to produce consistently
without compromising quality.
Business interruption risk- unavailability of raw
material threatens the organization’s ability to
continue operations.
Supply chain risk- being unable to maintain a steady
stream of supplies when needed.
Human resources risk- a lack of knowledge, skills and
experiences among the organization’s key personnel
that threatens the ability to achieve business
objectives.

13 (OpsAud)