Operational Auditing--Fall 2007 1-1 Establishing an I/A Function n Reporting structure n Mission statement/ role of dept. n Objectives n Department tone--teamwork.

Operational Auditing--Fall 20071-1

Establishing an I/A Function

Reporting structure Mission statement/ role of dept. Objectives Department tone--teamwork IIA standards Commitment to continuing education


Human Relations Issues

General people techniques Due professional care Hostile management approaches Dealing with external auditors Participative approach w/auditees


General People Techniques

Promote the “wanna” Foster feedback Adopt a consultative approach Use the “Will Rogers’ Approach”


…Due Professional Care

Be fair but don’t whitewash Avoid surprises Go for the win-win Have the guts to go to the top


Hostile Management Approaches

Select the right time for discussion Remain flexible in your conclusions Avoid emotion; sometimes even logic won’t

work Don’t corner yourself or the other party Listen to the other party Help the other guy “to be right”


Dealing with the External Auditors

Different objectives Different accountability Different qualifications Different activities


Cooperation

Economy Efficiency Effectiveness Advantages for the external auditor

Increases external auditor client insight Improves client relations Rotates emphasis

Advantages for the internal auditor Improves training Source of additional work Increases professional knowledge Independent appraisal source

Compliance with SAS 65 and SAS 99


SAS 65

Defines roles Defines function Discusses competency & objectivity Considers nature of the work Discusses coordination Guidelines for evaluation Role of direct assistance


SAS 99

Auditor’s responsibility to detect fraud


Typical Int. Audit Assistance

Design of control systems Reduction of risk assessment Reduction of substantive testing


Create a Cooperative Bridge

Coordination Risk assessment alert Control system disclosure Common sampling tools Pooled IT knowledge Different perspective Constant general communication


Participative Approach

Joint goals Consultation Joint authority Open discussion re: findings Open review of reports


COSO

Committee of Sponsoring Organizations FEI, ACIPA, IMA, IIA and AAA

Sponsored the Treadway Commission in 1987

Issued guidelines for Internal Control in 1992: COSO Cube

Issued guidelines for Enterprise Risk Management in 2004: COSO 2


COSO Control Objectives

Economy & efficiency of operations Reliable financial and operational data

and reports Compliance with laws and regulations


Control Objectives

Reliability and integrity of info Compliance Safeguarding of assets Economical & efficient use of assets Organizational attainment of goals &

objs.


Types of Control

Preventive Detective Corrective Directive Compensating


Methods of Control

Organizational Operational Personnel Review Facilities


Threats to Control

Management override Open access to assets Form over substance approach Conflict of interest


COSO Approach to Achievement

Sound control environment Sound risk assessment process Sound operational control activities

Are the processes working Sound info & communications system Effective monitoring


Control Environment

Culture of integrity, ethics and competence

Overall mgt. philosophy Proper authority & responsibility Proper organization of resources Proper training and development Senior mgt. attention & direction


Internal Audit Process Auditee selection Audit planning Preliminary survey Internal control review Expanded testing Develop findings & recommendations Reporting Follow-up Post audit evaluation


Control Self Assessment (CSA)

Methodology Review and Identification

Key business objectives Related risks Mitigating controls


CSA-History

Introduced by Gulf Canada in 1987 Gulf used facilitated meetings


Facilitated Meetings

Management and staff participate through interviews and polling

Objectives Risks Processes Soft and/or informal controls


General Methodology

Shared process Assessment of internal controls Evaluation of risks Development of action plans Assess the likelihood of achieving

objectives SJSU simulation


General Approaches

Facilitated meetings--group workshops Questionnaires--yes/no answers Management analysis--self studies


Uses

Self analysis for risk* Selection of audit areas* Internal control review* Special projects Soft control analysis

* alternatives to the traditional approach to the I/A process


Benefits

Increases I/A scope Target review of high risk areas Increases the effectiveness of corrective

action Builds team-oriented relationships


What Is Storyboard Flowcharting?

New method for documenting a process. Clean and simple flowcharting method. Allows for clients and auditors to clearly

understand process under review. Simple technique that requires a good graphics

package and a little imagination. Can use Microsoft PowerPoint, Harvard Graphics,

Corel Draw, etc. Does not replace IS flowcharting.


The Basics of Storyboard Meet with client and document process. Use your imagination to choose/draw picture. Under picture write narrative for each step represented. Be creative - good control narrative in green; poor controls in red. Completed storyboard must be reviewed with client. Make any changes necessary. Final copy should be in color for most effective presentation. Different process may require different approach.


How to Storyboard

• Meet with client and document process.

• From client interview create storyboard.

A

A

• Print out story board - black and white draft and color for final.

• Review storyboard with client and obtain sign off.


Start

Customer Service

Rep ReceivesOrder

Scan Form IntoSystem

Shipping FilesYellow

Customer ServiceRep ResearchesAnd CorrectsInformation

Shipping Pulls And

Packs Orders

End

By Phone?

By Mail or Fax?

On StandardOrder Form?

Shipping SendsOrder and Green

Copy (Invoice)

Customer Service Rep.Key Enters

Data on-Line

ApprovedBy Manager?

Send to SpecialOrder

Department

Print Three-Part

Shipper

Yellow and GreenTo ShippingDepartment

Pink to AccountsReceivable

Department

YES

YES YES

NO

NO

YES

Company XYZOrder-fulfillment process

NO


A

A

Customer Representative

Receives orders by faxor mail.

Receives orders by phone.

Standard orders arescanned into system.

Customer Representativeenters order data on-line.

A three-part packing slip is printed per order.

Pink copy sent toaccounts receivabledepartment.

Company XYZOrder-fulfillment process

Packing slip approved by Manager.If not approved, returnedto Customer Representativefor correction

Packing slip

Yellow and green copy go to shipping department.Shipping pulls andpacks orders.

Yellow copy filed inshipping department.

Green copy sentwith order.


Flowcharting

Begin or End

File

Decide

Document

Activity


Work Paper Purposes

Documentation of evidence Audit execution and planning tool Follow-up reference Review facilitator


Other W/P Factors

Ownership: the company Preparation guidelines

Completeness & accuracy Clarity & understandability Legibility & neatness Relevance Attention to detail


Sample Work Paper

Heading Ref.

Review

T/M Legend:

Source

Purpose:

Conclusions

Operational Auditing--Fall 2007 1-1 Establishing an I/A Function n Reporting structure n Mission statement/ role of dept. n Objectives n Department tone--teamwork.

Documents

discussion n

party n

conclusions n

surprises n

roles n

n objectives n department

wanna n foster feedback

external auditor n