SJ State Operational Auditing BT 852 October 12, 2006 Page 1 San Jose State University October 12, 2006 Internal Audit: A 2006 Perspective Lynn Falbo [email protected]
Dec 18, 2015
SJ StateOperational Auditing BT 852October 12, 2006Page 1
San Jose State University
October 12, 2006
Internal Audit: A 2006 Perspective
Lynn Falbo [email protected]
SJ StateOperational Auditing BT 852October 12, 2006Page 2
Agenda
“Audit” Evolution
Working for Multi-national companies
Career Opportunities
Questions
SJ StateOperational Auditing BT 852October 12, 2006Page 3
“Audit” Evolution”
“Audit Generations”
1. Control-Based Auditing
2. Process-Based Auditing
3. Risk-Based Auditing
4. Risk-Management Based Auditing
Merging / integration of Financial, Operational, IT focus
SJ StateOperational Auditing BT 852October 12, 2006Page 4
Audit "Generation": One Two Three Four
Control-Based Process-Based Risk-Based Risk Mgmt-Based
Objective:Compliance with
underlying guidelines
Effectiveness and efficiency of
a process
Effectiveness of controls and
procedures to mitigate key risks
Effectiveness of risk management activities to achieve objectives and optimize/mitigate risks
Approach:
Understand guidelines and
audit for compliance
Compare current process to best
practices
Identify key business risks and evaluate controls to mitigate
the risks
Understand objectives, identify related risks,
understand tolerance levels, identify performance and risk measures, and assess risk management effectiveness
Focus:
Identify compliance
exceptions and errors
Identify gaps between the
current process and best practices
Identify controls and procedures that are
not operating as needed to mitigate the
key risks
Identify gaps between current and desired risk management
effectiveness
Testing Approach:
Statistical based predictive and
substantive tests, with some
compliance tests
Consulting focused
evaluation of current and best practices, with
some compliance tests
Combination of substantive and
compliance tests, focusing only on key
risks
Combination of substantive and compliance tests, focusing only on key
objectives and the related risks
Recommendations:Relate exceptions
or errors to the relevant guidelines
Relate gaps to specific
operational objectives
Relate exceptions or errors to key risks
Relate gaps in risk management effectiveness to
underlying risks and key business objectives
Audit Generations
SJ StateOperational Auditing BT 852October 12, 2006Page 5
Knowledge about ideal situations
ComparisonAnalysis of Documents
InterviewsQuestionnaires
Actual
Key DataStructure
ProcessesInterfaces
etc.
Recommendationsconstructive
future-orientedfeasible
improving processes and profits
Ideal (Better)
StrategyBusiness PolicyLaw, guidelinesState of the Art
Customer Surveysetc.
Audit Process Methodology
are the keys for improvements
Understanding the actual status
Introduction
SJ StateOperational Auditing BT 852October 12, 2006Page 6
“Audit” Evolution” – Questions
Introduction
What Generation is represented by previous slide “Audit Process Methodology” model?
What Generation best represents the focus of SOX (COSO Internal Control Framework)?
What Generation best describes the methodology you were taught?
What Generation is predominant in industry today?
SJ StateOperational Auditing BT 852October 12, 2006Page 7
COSO Internal Control Framework
SJ StateOperational Auditing BT 852October 12, 2006Page 8
COSO / Cobit Internal Control Framework
SJ StateOperational Auditing BT 852October 12, 2006Page 9
COSO ERM (Enterprise Risk Management) Framework
SJ StateOperational Auditing BT 852October 12, 2006Page 10
SJ StateOperational Auditing BT 852October 12, 2006Page 11
Agenda
“Audit” Evolution
Working for Multi-national companies
Career Opportunities
Questions
SJ StateOperational Auditing BT 852October 12, 2006Page 12
Working for Multi-national companies
Unique challenges
Culture
Management style
Philosophy
“Global” business model
Diversity
Organization
SJ StateOperational Auditing BT 852October 12, 2006Page 13
Agenda
“Audit” Evolution
Working for Multi-national companies
Career Opportunities
Questions
SJ StateOperational Auditing BT 852October 12, 2006Page 14
Career Opportunities
Audit
Accounting / Finance
SOX Compliance
Other…..
SJ StateOperational Auditing BT 852October 12, 2006Page 15
Career Opportunities
Auditor for a Day
– Exposure to the audit profession
– Site visit at local companies
– Attendance at the IIA meeting
SJ StateOperational Auditing BT 852October 12, 2006Page 16
Agenda
“Audit” Evolution
Working for Multi-national companies
Career Opportunities
Questions