CH 3 objectives and phases

Created by

Niña Kyla

Cards (99)

Operational Auditing 
comprehensive examination of an operating unit or compete organization to evaluate its systems, controls, and performance as measured by management's objectives.
Financial audit 
focuses on measurement of financial position results of operations and cashflows of an entity.
operational audit 
focuses on efficiency, effectiveness and economy of operations.
operational auditor
appraites management's operating controls and systems over such varied
activities as purchasing, data processing, receiving, shipping, office services,
advertising, and engineering.
operational auditor 
appraises management's operating controls and systems over such varied activities as purchasing, data processing, receiving, shipping, office services, advertising, and engineering.
Managers and board of directors 
major users of operational audit reports
Management needs the following 
Assessment of unit performance
Assurance that plans are comprehensive, consistent
Objectives are being carried out to all areas
Information on weakness in operating controls
Reassurance that all operating reports can be relied on as basis for action
The purpose of an operational audit  
is to improve the efficiency of day-to-day operations.
Managers 
use the operational audit to evaluate and analyze the current effectiveness of a company's operations while identifying areas of potential improvement.
The identification of areas requiring improvement 
is a key aspect, as the fundamental purpose of the operational audit is to improve effectiveness.
3 primary outcomes of successful Op. audit 
Maximize efficiency: Gain a greater understanding of how future policies and procedures can boost effectiveness.
Understand risks: Businesses run many operational risks, ranging from health and safety issues to cyber threats.
Fine-tune internal controls. examine each step to dive deeper into the impact
accounting standards  
provide . the broad criteria for evaluating fair presentation, and audit objectives facilitate more specific criteria in deciding whether those standards have been followed, In operational auditing, there are no well-defined criteria.
Specific Criteria. 
usually desirable before starting an operational audit. For example, suppose that you are doing an operational audit of the equipment layout in plants for a company.
Specific criteria questions: 
Were all plant layouts approved by home office engineering at the time of original design?
Has home office engineering done a re-evaluation study of plant layout in the past 5 years?
is each equipment operate @60% of capacity for at least 3 mos each year?
does layout facilitate the movement of new materials to production floor?
does layout facilitate the production of finished goods?
does layout facilitate the movement of finished goods to distribution centers?
does plan layout effectively use existing equipment?
is safety of employees endangered by plant layout?
Sources of Criteria. 
Historical performance.
Benchmarking.
Engineered standards.
Discussion and agreement.
Historical performance. 
Criteria can be based on actual results from prior periods. By using these criteria, auditors can determine whether things have become “better” or “worse” in comparison.
Historical performance. 
The advantage of this approach is that the criteria are easy to derive. However, they may not provide much insight into how well or poor the results are compared to what they could be.
Benchmarking. 
Entities within or outside the client’s organization may be sufficiently similar to the client’s organization to use their operating results as criteria.
Benchmarking. 
often available through industry groups and governmental regulatory agencies.
Engineered standards 
standards. auditors can use time and motion studies to determine efficient production output rates. These criteria are often time-consuming and costly to develop because they require considerable expertise, but in some cases, it may be worth the cost.
Engineered standards 
Standards can be developed by industry groups for use by all their members, thereby spreading the cost.
Discussion and agreement. 
The parties involved should include management of the entity to be audited, the operational auditor, and the entity or persons to whom the findings will be reported.
three phases in an operational audit 
planning,
evidence accumulation and evaluation, and
reporting and follow-up.
PLANNING 
phase includes scoping, budgeting, defining the population of interest, how testing will be performed, and announcing the audit. ___ is arguably the most important part of an audit.
“Failing to plan is planning to fail” comes to mind.
Planning for operational audits is similar to planning for audits of financial statements. Like auditors of financial statements, the operational auditor must determine the scope of the engagement and communicate it to the organizational unit.
PLANNING NECESSARY: 
Staff the engagement properly
Obtain background information about the organizational unit
Understand internal control
Decide on the appropriate evidence to accumulate
Proper Prior Planning Prevents Poor Performance (6 P’s) 
This expression means that it is critical to effectively plan engagements to ensure success. Time spent in the planning phase of an engagement likely will pay great dividends later, helping to ensure that the overall audit is conducted effectively, efficiently, and comprehensively. T
Keysteps in planning an engagement:
Determine engagement objectives and scope
understand the auditee (including the auditee objectives)
identify and assess risks
identify key controls
evaluate the adequacy of control design
create test plan
develop work program
allocate resources to engagement
Determine engagement objectives and scope. 
Each assurance engagement will be a little different, depending on the reason for performing the engagement and the desired end results.
The first step is to establish the objectives of the engagement and outline the scope to articulate the time, geographical, and procedural boundaries.
Understand the auditee (including auditee objectives). 
To conduct an engagement effectively, the auditor must first understand the auditee’s objectives, the tasks undertaken within the area under review to achieve those objectives, and the ways in which performance is monitored and success is measured.
Identify and assess risks. 
The specific events or scenarios that could prevent the achievement of the auditee’s objectives must be identified and assessed.
This assessment typically involves an evaluation of the impact and likelihood of the risk scenarios.
During planning meetings, 
internal auditors should engage in participative practices, involving process owners as much as possible to identify relevant activities, systems, people, and performance standards. When auditors do this, they are better equipped to define the scope more precisely.
Examples of Risk factor 
employee’s competence.
extent of judgement
time
key controls.  
are those that, individually, or when aggregated with other controls, mitigate the auditee’s risk to an acceptable level.
truly integral to achievement of objectives.
Evaluate the adequacy of control design  
The first key evaluation is this.
This step requires the internal auditor to evaluate whether the controls, if they operate effectively, will mitigate the risks that could prevent the achievement of objectives.
test plan 
outlines how each of the key controls will be tested to help the internal auditor evaluate how effectively those controls are operating.
must be linked to the underlying risks so that any deficiencies identified during testing can be evaluated relative to the impact on risk mitigation.
formal work program 
outlines the key tasks in the engagement process and any judgments made regarding the objectives and scope of the engagement.
Covered in typical work program 
Key administrative tasks,
Key meetings
Planning tasks
Fieldwork tasks
Wrap-up steps
Reporting tasks
Planning documentation 
planning memorandum
A risk map
Risk and Control Matrix
Audit plan