eBook - ePub

Operational Auditing

Name: Operational Auditing
Author: Hernan Murdock

Principles and Techniques for a Changing World

Hernan Murdock

Buch teilen

362 Seiten
English
ePUB (handyfreundlich)
Über iOS und Android verfügbar

eBook - ePub

Operational Auditing

Principles and Techniques for a Changing World

Hernan Murdock

Angaben zum Buch

Buchvorschau

Inhaltsverzeichnis

Quellenangaben

Über dieses Buch

Operational Auditing: Principles and Techniques for a Changing World, 2nd edition, explains the proven approaches and essential procedures to perform risk-based operational audits. It shows how to effectively evaluate the relevant dynamics associated with programs and processes, including operational, strategic, technological, financial and compliance objectives and risks. This book merges traditional internal audit concepts and practices with contemporary quality control methodologies, tips, tools and techniques. It explains how internal auditors can perform operational audits that result in meaningful findings and useful recommendations to help organizations meet objectives and improve the perception of internal auditors as high-value contributors, appropriate change agents and trusted advisors.

The 2nd edition introduces or expands the previous coverage of: • Control self-assessments. • The 7 Es framework for operational quality. • Linkages to ISO 9000. • Flowcharting techniques and value-stream analysis • Continuous monitoring. • The use of Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs). • Robotic process automation (RPA), artificial intelligence (AI) and machine learning (ML); and • Adds a new chapter that will examine the role of organizational structure and its impact on effective communications, task allocation, coordination, and operational resiliency to more effectively respond to market demands.

Häufig gestellte Fragen

Wie kann ich mein Abo kündigen?

Gehe einfach zum Kontobereich in den Einstellungen und klicke auf „Abo kündigen“ – ganz einfach. Nachdem du gekündigt hast, bleibt deine Mitgliedschaft für den verbleibenden Abozeitraum, den du bereits bezahlt hast, aktiv. Mehr Informationen hier.

(Wie) Kann ich Bücher herunterladen?

Derzeit stehen all unsere auf Mobilgeräte reagierenden ePub-Bücher zum Download über die App zur Verfügung. Die meisten unserer PDFs stehen ebenfalls zum Download bereit; wir arbeiten daran, auch die übrigen PDFs zum Download anzubieten, bei denen dies aktuell noch nicht möglich ist. Weitere Informationen hier.

Welcher Unterschied besteht bei den Preisen zwischen den Aboplänen?

Mit beiden Aboplänen erhältst du vollen Zugang zur Bibliothek und allen Funktionen von Perlego. Die einzigen Unterschiede bestehen im Preis und dem Abozeitraum: Mit dem Jahresabo sparst du auf 12 Monate gerechnet im Vergleich zum Monatsabo rund 30 %.

Was ist Perlego?

Wir sind ein Online-Abodienst für Lehrbücher, bei dem du für weniger als den Preis eines einzelnen Buches pro Monat Zugang zu einer ganzen Online-Bibliothek erhältst. Mit über 1 Million Büchern zu über 1.000 verschiedenen Themen haben wir bestimmt alles, was du brauchst! Weitere Informationen hier.

Unterstützt Perlego Text-zu-Sprache?

Achte auf das Symbol zum Vorlesen in deinem nächsten Buch, um zu sehen, ob du es dir auch anhören kannst. Bei diesem Tool wird dir Text laut vorgelesen, wobei der Text beim Vorlesen auch grafisch hervorgehoben wird. Du kannst das Vorlesen jederzeit anhalten, beschleunigen und verlangsamen. Weitere Informationen hier.

Ist Operational Auditing als Online-PDF/ePub verfügbar?

Ja, du hast Zugang zu Operational Auditing von Hernan Murdock im PDF- und/oder ePub-Format sowie zu anderen beliebten Büchern aus Business & Auditing. Aus unserem Katalog stehen dir über 1 Million Bücher zur Verfügung.

Information

Verlag

CRC Press

Jahr

2021

ISBN

9781000388299

Auflage

Thema

Business

Thema

Auditing

Chapter 1

Definition, Characteristics, and Guidance

Be a Product of the Product

What does it mean to be a product of the product? It’s quite simple. Be a living example of what you sell, recommend or advise others. Personify what you preach. Show don’t tell. Lead by example.¹

John B. Petersen III

Introduction

Internal audit is undergoing a massive transformation. While its role to provide independent, objective assurance and consulting services to organizations in ways that improve their operations has remained constant for decades and remains true today, how this has been accomplished has changed over time.

Since the founding of the Institute of Internal Auditors (IIA) in 1941, the profession has evolved to adapt its personality, purpose, and approach to the changes taking place in the fields of management and organizational behavior. Universities and other academic institutions capitalized on the lessons of the industrial era and developed organization theories that created systems whereby centralization, a defined hierarchy, distinct authority levels and reporting lines, clear rules, and the division of labor were the norm.

Internal audit adapted to this approach and adopted it, so its methodologies were consistent with these theories. Standardization was the norm and organizations implemented rigid guidelines for how they functioned. Consequently, internal auditors did the same and implemented standardized approaches to audit their clients in those organizations. This search for consistency resulted in the proliferation of checklists, standard audit programs, and procedures. In the end, internal auditing evolved in a way that validated the organizations’ hierarchy and structure, its centralization, assignment of rigid authority, discipline, rules, and the division of labor procedures against the standard model. The audit function, then, focused on assessing an organization’s control or operational effectiveness with this standardization and could do so quickly by using checklists, prepared questionnaires, and reviewing the same documents year after year to verify consistency.

There was, and for those who continue to audit this way, a concealed risk. The focus on standardization limited the auditor’s ability to be creative. Creative thinkers were not sought for nor gravitated toward the profession. Using the excuse, and the legitimate need for independence, internal auditors isolated themselves from the businesses they examined and were supposed to support. Some even abstained from making recommendations to improve the weaknesses they identified. This risk became apparent in the 1960s and lasted through the 1980s.

While internal auditors were protecting their independence, the businesses they served were changing due to globalization, technological advancements, relentless competition, and a new social, demographic, and financial landscape. Companies no longer operated using the standard model. Since manufacturing moved to different countries, it was impractical to have a single procurement function with a single manager overseeing all purchasing activities. Since customers were now located around the world, the approval of customer orders could no longer be handled expeditiously and competently by the sales manager. Purchasing and sales decisions were now being made by regional general managers at the countries where these activities took place. Approving and making adjustments to customer accounts, were no longer handled manually and personally by the company’s controller. There was no need to. The local staff could handle that under the supervision of their local management team. The company’s enterprise resource planning (ERP) system provided the necessary separation of duties and limited transaction processing to those authorized.

Many internal auditors missed these changes and were slow to adapt to the changing landscape, instead believing that the world still operated by the standard business model. The result? Many became irrelevant. Some internal auditors still used their standard checklists, asked the same questions, searched for the same documents, and applied the rules of the standard business model. They continued to insist that outdated procedures be followed, like having the sales vice president approve all customer orders and the corporate controller print out the credit memos and sign them.

There was little disagreement about the need for effective internal auditing. Broad consensus existed about the importance of having a strong and reliable internal control environment. Generally, management believed in the importance of having sound internal controls, but did not believe that the internal audit function was making an effective contribution to the company. Boards of directors and their management teams slowly lost confidence in an internal audit function that focused so disproportionately, and inflexibly, on traditional business models that they recommended changes to the business that were clearly out of step with how the company needed to function. The disproportionate focus on compliance led many auditors to focus on what they thought was important to the business and less on what was truly important to the business. Management became disenchanted with auditors who wanted to refrain from making changes, even when the internal and external environments demanded quick and judicious modifications to the business structure and its practices. Beyond the methodology, some managers even wondered why some audits were being performed in the first place.

As if that weren’t enough, there was another problem. Internal audit in many ways evolved as an offshoot of external audit (i.e., public accounting) and excessively replicated external auditing by focusing on accounting transactions and the process of preparing financial statements. While the focus was generally more detailed and the materiality thresholds used by internal auditors was much lower, reviewing and reperforming accounting procedures seemed wasteful if the organization was already paying their external auditors to audit the accounting practices that led to the publishing of the company’s financial reports.

Much has changed since then. Starting in the early 1990s, internal audit began a transformation process that is bringing it more in line with the true needs of the organizations it serves and the related stakeholders. The emergence of the stakeholder theory and topics about corporate governance, quality, and cycle time, in addition to the constant advocacy work of the IIA have brought many changes to the profession. The dot com meltdown in 2000/2001 and the enactment of the Sarbanes–Oxley Act of 2002 were wake up calls for the profession.

Today internal audit is achieving a healthier balance among operational, reporting, compliance, information technology (IT), fraud, and strategic topics. It is now looking beyond the immediate fiscal year and taking a closer look at longer term trends and the future implications of current dynamics. It is now identifying a wider set of essential skills, and finding that to succeed as a trusted advisor to the board and management, it must bring into its ranks people with a wider skillset, including broad business skills, strong communication skills, and familiarity with technology.

But there is still work to be done. The State of Internal Audit 2013 report from Thomson Reuters Accelus states that although internal auditors are beginning to evaluate more strategic-level risk management and monitoring activities, most internal audit departments continue to focus primarily on process assurance and monitoring activities. Respondents to the survey indicated there is a lack of skilled resources due to the changing role of internal auditors away from traditional quantitative assessments and toward becoming a qualitative assessor of the organization’s goals and strengths. This condition remains true as this book goes to print. In this book, we discuss these dynamics and lay the foundation for effective operational audits.

We begin by defining and understanding the definition, role, and practices of modern internal auditing in general and the evolving world of operational auditing in particular. We examine the concept and manifestation of organizational risks and how internal auditors must adopt a risk-based auditing approach, which will allow it to better support the objectives of the organization.

Integrated auditing is a concept that has been in place for decades, yet many internal auditors still struggle to practice it effectively. We discuss key attributes of effective integrated audits and why it is essential for effective operational audits.

We end this chapter with a review of selected Standards for the Professional Practice of Internal Auditing (the Standards). But more than list them, we discuss their implications in the broader topic of operational auditing, and how these standards can be applied successfully.

Definition and Characteristics of Operational Auditing

Operational auditing is defined as “A future-oriented, systematic, and independent evaluation of organizational activities. Financial data may be used, but the primary sources of evidence are the operational policies and achievements related to organizational objectives. Internal controls and efficiencies may be evaluated during this type of review.”²

The Business Dictionary defines operational audit as “A review of how an organization’s management and its operating procedures are functioning with respect to their effectiveness and efficiency in meeting stated objectives. For example, a business might perform an operational audit if its senior management has become convinced that operational improvements can be made and need to be identified.”³

I worked in banking operations for 6 years after graduating from college. Over time, one of my roles involved working with the marketing and IT departments to bring new product concepts to market and ensure their smooth implementation and operation. The work involved managing account creation and servicing of loan programs from account setup to payoff. There was a great deal of paper involved and the work was tedious, time consuming, and often stressful.

Due to the growth of the organization, the large volume of paper files and the related logistical difficulties of finding files at various stages of processing and storing documents, and manually reviewing each file to ascertain its credit worthiness, the company embarked on a reengineering project. I was invited to participate as a business partner during the reengineering and restructuring project and I gladly accepted the offer. The result was several months documenting existing processes while brainstorming how to make the processes faster, cheaper, and better for all involved.

We hired an external consulting firm and as I split my time between my regular work and the sessions with the consultants, I got an education on brainstorming, documentation, meeting facilitation, collaboration, negotiation, flowcharting, and time management, among many others. In the end, we successfully introduced a credit scoring system that reduced the amount of time and the number of people needed to process loan applications, we replaced paper records with scanned...