eBook - ePub
The Operational Auditing Handbook
Auditing Business and IT Processes
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
About this book
The operational auditing HANDBOOK
Auditing Business and IT Processes
Second Edition
The Operational Auditing Handbook Second Edition clarifies the underlying issues, risks and objectives for a wide range of operations and activities and is a professional companion for those who design self-assessment and audit programmes of business processes in all sectors.
To accompany this updated edition of The Operational Auditing Handbook please visit www.wiley.com/go/chambers for a complete selection of Standard Audit Programme Guides.
Frequently asked questions
Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
- Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
- Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weāve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere ā even offline. Perfect for commutes or when youāre on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access The Operational Auditing Handbook by Andrew Chambers,Graham Rand in PDF and/or ePUB format, as well as other popular books in Business & Leadership. We have over one million books available in our catalogue for you to explore.
Information
Part I:
Understanding Operational Auditing
Chapter 1
Approaches to Operational Auditing
DEFINITIONS OF āOPERATIONAL AUDITINGā
Business processes often step across the frontiers between sections within a business, requiring high standards of coordination between different organisational parts. Control is often weaker where coordination is required between sections that are organisationally separate. Internal auditors are likely to be more productive if they focus considerable attention to the points of interface between organisational parts where coordination is required but is more difficult to achieve than within a single section of the business. Furthermore, internal auditors are likely to be more productive if a significant proportion of the audit engagements they perform are of natural business processes that step across the businessās organisational frontiers. We state this up front as it is so important, and we shall explore this innovative audit approach in detail in Chapter 2 when we have established some fundamentals in this chapter.
The term āoperational auditingā conjures up different images for internal auditors. It may be used to mean any of the following:
The audit of operating units such as manufacturing plants, depots, subsidiaries, overseas operating units, and so on. While the audit scope may cover only accounting, financial and administrative controls it may be broadened in scope to cover the administrative and operational controls, risk management and governance processes of the operating unit under review. To impose general scope limitations for internal audit activities is inconsistent with the global Standards of The Institute of Internal Auditors (www.theiia.org).
The audit is how the functional areas of a business (such as sales, marketing, production, distribution, HR, etc.) account for their activities and exercise financial control over them. This meaning of operational auditing acknowledges that the internal auditing activity should review all the operational areas of the business, but too narrowly specialises in the audit of accounting and financial controls. It is likely to imply that the internal auditing activity is representing only the finance director or the chief accountant in providing assurance about accounting and financial control across the business.
The audit of any part of the business (operating unit, functional area, section, department or even business process, etc.) where the audit objective is to review the effectiveness, efficiency and economy with which management is achieving its own objectives. Depending upon how broadly one defines internal control, the approach to operational auditing goes further than a review of detailed internal control procedures since managementās objectives are not achieved merely by adhering to satisfactory systems of internal control.
The classic management writers, Koontz, OāDonnell and Weihrich, endorsed this approach to operational auditing:
An effective tool of managerial control is the internal audit, or, as it is now coming to be called, the operational audit ā¦ Although often limited to the auditing of accounts, in its most useful aspect operational auditing involves appraisal of operations generally ā¦ Thus operational auditors, in addition to assuring themselves that accounts properly reflect the facts, also appraise policies, procedures, use of authority, quality of management, effectiveness of methods, special problems, and other phases of operations.
There is no persuasive reason why the concept of internal auditing should not be broadened in practice. Perhaps the only limiting factors are the ability of an enterprise to afford so broad an audit, the difficulty of obtaining people who can do a broad type of audit, and the very practical consideration that individuals may not like to be reported upon. While persons responsible for accounts and for the safeguarding of company assets have learned to accept audit, those who are responsible for far more valuable thingsāthe execution of the plans, policies and procedures of a companyāhave not so readily learned to accept the idea.1
SCOPE
A key issue for a business and its internal audit function to decide upon is whether the scope of internal audit work in an operational area of the business should be restricted to a review of the appropriateness of, and extent of compliance with, key internal controls or should be a more comprehensive review of the operation generally.
The Committee of Sponsoring Organizations (COSO) view of internal control rightly sees one of the three objectives of internal control as being to give āreasonable assuranceā of āeffectiveness and efficiency of operationsā:
Internal control is broadly defined as a process, effected by the entityās board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
- Effectiveness and efficiency of operations.
- Reliability of financial reporting.
- Compliance with applicable laws and regulations.2
So COSOās broad view of internal control is that internal control (i.e. management control) is everything that management does in order that there is reasonable assurance the business will achieve all of its objectives. A narrower view of internal control is that it is only one of a number of facets of managementāamong others being planning, organising, staffing and leading. It is true that these facets overlap and an internal audit which intends to focus more narrowly on key internal controls is likely to need to address planning, organising, staffing and/or leadership issues to some extent, since deficiencies in these may weaken control. But there will be many aspects of planning, organising, staffing and leading which are neutral in their effect on the functioning of key controls but which contribute to providing reasonable assurance of the achievement of efficient and effective operations.
The important issue is whether internal audit may legitimately draw managementās attention to deficiencies in planning, organising, staffing and leading which, while not weakening the design and operation of key controls, nevertheless impede the achievement of objectives more generally. In the past internal audit was often defined as the independent appraisal of the effectiveness of internal control. The Institute of Internal Auditorsā current (2009) definition of internal auditing, subscribed to globally, is that:
Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organizationās operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.3
So, should an enlightened enterprise restrict internal audit to narrow internal control matters, or should internal audit be encouraged to review and report on any matters which may be unsound? Differing positions are adopted in different enterprises. The middle-of-the-road approach is to encourage internal audit to interpret its mission as being the appraisal of internal control (in all its component parts,4 in all operational areas of the business and at all levels of management). If during the course of audit work, other matters are noted which should be of management concern but do not directly have a control dimension, internal audit should be encouraged to report on them.
Beyond the consideration of the point of focus for audit reviews of operational areas, the audit function will have to define those aspects of the organisation which are to be subject to review. In practice, of course, this will vary considerably between organisations, and will be related directly to the nature of the business and the way the organisation is structured. For example, a multinational pharmaceutical company may have its principal manufacturing bases and research and development activities in only those few countries where the economic and commercial environments are most suitable, whereas sales and marketing operations (of varying scale) may exist in every country where there is a proven market for the products.
Although the focus of operational auditing is likely to be on those activities which are most strongly as...
Table of contents
- Cover
- Half Title page
- Title page
- Copyright page
- Preface
- Acknowledgements
- Part I: Understanding Operational Auditing
- Part II: Auditing Key Functions
- Part III: Auditing Information Technology
- Appendix 1: Index to SAPGs on the Companion Website
- Appendix 2: Standard Audit Programme Guides
- Appendix 3: International Data Protection Legislation
- Appendix 4: International Freedom of Information Legislation
- Appendix 5: Information Management Definitions
- Appendix 6: IT and Information Management Policies
- Bibliography
- Index