eBook - ePub

Operational Auditing

Name: Operational Auditing
Author: Hernan Murdock

Principles and Techniques for a Changing World

Hernan Murdock

Share book

362 pages
English
ePUB (mobile friendly)
Available on iOS & Android

eBook - ePub

Operational Auditing

Principles and Techniques for a Changing World

Hernan Murdock

Book details

Book preview

Table of contents

Citations

About This Book

Operational Auditing: Principles and Techniques for a Changing World, 2nd edition, explains the proven approaches and essential procedures to perform risk-based operational audits. It shows how to effectively evaluate the relevant dynamics associated with programs and processes, including operational, strategic, technological, financial and compliance objectives and risks. This book merges traditional internal audit concepts and practices with contemporary quality control methodologies, tips, tools and techniques. It explains how internal auditors can perform operational audits that result in meaningful findings and useful recommendations to help organizations meet objectives and improve the perception of internal auditors as high-value contributors, appropriate change agents and trusted advisors.

The 2nd edition introduces or expands the previous coverage of: • Control self-assessments. • The 7 Es framework for operational quality. • Linkages to ISO 9000. • Flowcharting techniques and value-stream analysis • Continuous monitoring. • The use of Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs). • Robotic process automation (RPA), artificial intelligence (AI) and machine learning (ML); and • Adds a new chapter that will examine the role of organizational structure and its impact on effective communications, task allocation, coordination, and operational resiliency to more effectively respond to market demands.

Frequently asked questions

How do I cancel my subscription?

Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.

Can/how do I download books?

At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.

What is the difference between the pricing plans?

Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.

What is Perlego?

We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.

Do you support text-to-speech?

Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.

Is Operational Auditing an online PDF/ePUB?

Yes, you can access Operational Auditing by Hernan Murdock in PDF and/or ePUB format, as well as other popular books in Business & Revisione contabile. We have over one million books available in our catalogue for you to explore.

Information

Publisher

CRC Press

Year

2021

ISBN

9781000388299

Edition

Topic

Business

Subtopic

Revisione contabile

Index

Business

Chapter 1

Definition, Characteristics, and Guidance

Be a Product of the Product

What does it mean to be a product of the product? It’s quite simple. Be a living example of what you sell, recommend or advise others. Personify what you preach. Show don’t tell. Lead by example.¹

John B. Petersen III

Introduction

Internal audit is undergoing a massive transformation. While its role to provide independent, objective assurance and consulting services to organizations in ways that improve their operations has remained constant for decades and remains true today, how this has been accomplished has changed over time.

Since the founding of the Institute of Internal Auditors (IIA) in 1941, the profession has evolved to adapt its personality, purpose, and approach to the changes taking place in the fields of management and organizational behavior. Universities and other academic institutions capitalized on the lessons of the industrial era and developed organization theories that created systems whereby centralization, a defined hierarchy, distinct authority levels and reporting lines, clear rules, and the division of labor were the norm.

Internal audit adapted to this approach and adopted it, so its methodologies were consistent with these theories. Standardization was the norm and organizations implemented rigid guidelines for how they functioned. Consequently, internal auditors did the same and implemented standardized approaches to audit their clients in those organizations. This search for consistency resulted in the proliferation of checklists, standard audit programs, and procedures. In the end, internal auditing evolved in a way that validated the organizations’ hierarchy and structure, its centralization, assignment of rigid authority, discipline, rules, and the division of labor procedures against the standard model. The audit function, then, focused on assessing an organization’s control or operational effectiveness with this standardization and could do so quickly by using checklists, prepared questionnaires, and reviewing the same documents year after year to verify consistency.

There was, and for those who continue to audit this way, a concealed risk. The focus on standardization limited the auditor’s ability to be creative. Creative thinkers were not sought for nor gravitated toward the profession. Using the excuse, and the legitimate need for independence, internal auditors isolated themselves from the businesses they examined and were supposed to support. Some even abstained from making recommendations to improve the weaknesses they identified. This risk became apparent in the 1960s and lasted through the 1980s.

While internal auditors were protecting their independence, the businesses they served were changing due to globalization, technological advancements, relentless competition, and a new social, demographic, and financial landscape. Companies no longer operated using the standard model. Since manufacturing moved to different countries, it was impractical to have a single procurement function with a single manager overseeing all purchasing activities. Since customers were now located around the world, the approval of customer orders could no longer be handled expeditiously and competently by the sales manager. Purchasing and sales decisions were now being made by regional general managers at the countries where these activities took place. Approving and making adjustments to customer accounts, were no longer handled manually and personally by the company’s controller. There was no need to. The local staff could handle that under the supervision of their local management team. The company’s enterprise resource planning (ERP) system provided the necessary separation of duties and limited transaction processing to those authorized.

Many internal auditors missed these changes and were slow to adapt to the changing landscape, instead believing that the world still operated by the standard business model. The result? Many became irrelevant. Some internal auditors still used their standard checklists, asked the same questions, searched for the same documents, and applied the rules of the standard business model. They continued to insist that outdated procedures be followed, like having the sales vice president approve all customer orders and the corporate controller print out the credit memos and sign them.

There was little disagreement about the need for effective internal auditing. Broad consensus existed about the importance of having a strong and reliable internal control environment. Generally, management believed in the importance of having sound internal controls, but did not believe that the internal audit function was making an effective contribution to the company. Boards of directors and their management teams slowly lost confidence in an internal audit function that focused so disproportionately, and inflexibly, on traditional business models that they recommended changes to the business that were clearly out of step with how the company needed to function. The disproportionate focus on compliance led many auditors to focus on what they thought was important to the business and less on what was truly important to the business. Management became disenchanted with auditors who wanted to refrain from making changes, even when the internal and external environments demanded quick and judicious modifications to the business structure and its practices. Beyond the methodology, some managers even wondered why some audits were being performed in the first place.

As if that weren’t enough, there was another problem. Internal audit in many ways evolved as an offshoot of external audit (i.e., public accounting) and excessively replicated external auditing by focusing on accounting transactions and the process of preparing financial statements. While the focus was generally more detailed and the materiality thresholds used by internal auditors was much lower, reviewing and reperforming accounting procedures seemed wasteful if the organization was already paying their external auditors to audit the accounting practices that led to the publishing of the company’s financial reports.

Much has changed since then. Starting in the early 1990s, internal audit began a transformation process that is bringing it more in line with the true needs of the organizations it serves and the related stakeholders. The emergence of the stakeholder theory and topics about corporate governance, quality, and cycle time, in addition to the constant advocacy work of the IIA have brought many changes to the profession. The dot com meltdown in 2000/2001 and the enactment of the Sarbanes–Oxley Act of 2002 were wake up calls for the profession.

Today internal audit is achieving a healthier balance among operational, reporting, compliance, information technology (IT), fraud, and strategic topics. It is now looking beyond the immediate fiscal year and taking a closer look at longer term trends and the future implications of current dynamics. It is now identifying a wider set of essential skills, and finding that to succeed as a trusted advisor to the board and management, it must bring into its ranks people with a wider skillset, including broad business skills, strong communication skills, and familiarity with technology.

But there is still work to be done. The State of Internal Audit 2013 report from Thomson Reuters Accelus states that although internal auditors are beginning to evaluate more strategic-level risk management and monitoring activities, most internal audit departments continue to focus primarily on process assurance and monitoring activities. Respondents to the survey indicated there is a lack of skilled resources due to the changing role of internal auditors away from traditional quantitative assessments and toward becoming a qualitative assessor of the organization’s goals and strengths. This condition remains true as this book goes to print. In this book, we discuss these dynamics and lay the foundation for effective operational audits.

We begin by defining and understanding the definition, role, and practices of modern internal auditing in general and the evolving world of operational auditing in particular. We examine the concept and manifestation of organizational risks and how internal auditors must adopt a risk-based auditing approach, which will allow it to better support the objectives of the organization.

Integrated auditing is a concept that has been in place for decades, yet many internal auditors still struggle to practice it effectively. We discuss key attributes of effective integrated audits and why it is essential for effective operational audits.

We end this chapter with a review of selected Standards for the Professional Practice of Internal Auditing (the Standards). But more than list them, we discuss their implications in the broader topic of operational auditing, and how these standards can be applied successfully.

Definition and Characteristics of Operational Auditing

Operational auditing is defined as “A future-oriented, systematic, and independent evaluation of organizational activities. Financial data may be used, but the primary sources of evidence are the operational policies and achievements related to organizational objectives. Internal controls and efficiencies may be evaluated during this type of review.”²

The Business Dictionary defines operational audit as “A review of how an organization’s management and its operating procedures are functioning with respect to their effectiveness and efficiency in meeting stated objectives. For example, a business might perform an operational audit if its senior management has become convinced that operational improvements can be made and need to be identified.”³

I worked in banking operations for 6 years after graduating from college. Over time, one of my roles involved working with the marketing and IT departments to bring new product concepts to market and ensure their smooth implementation and operation. The work involved managing account creation and servicing of loan programs from account setup to payoff. There was a great deal of paper involved and the work was tedious, time consuming, and often stressful.

Due to the growth of the organization, the large volume of paper files and the related logistical difficulties of finding files at various stages of processing and storing documents, and manually reviewing each file to ascertain its credit worthiness, the company embarked on a reengineering project. I was invited to participate as a business partner during the reengineering and restructuring project and I gladly accepted the offer. The result was several months documenting existing processes while brainstorming how to make the processes faster, cheaper, and better for all involved.

We hired an external consulting firm and as I split my time between my regular work and the sessions with the consultants, I got an education on brainstorming, documentation, meeting facilitation, collaboration, negotiation, flowcharting, and time management, among many others. In the end, we successfully introduced a credit scoring system that reduced the amount of time and the number of people needed to process loan applications, we replaced paper records with scanned...