eBook - ePub

Operational Auditing

Name: Operational Auditing
Author: Hernan Murdock

Principles and Techniques for a Changing World

Hernan Murdock

Partager le livre

362 pages
English
ePUB (adapté aux mobiles)
Disponible sur iOS et Android

eBook - ePub

Operational Auditing

Principles and Techniques for a Changing World

Hernan Murdock

Détails du livre

Aperçu du livre

Table des matières

Citations

À propos de ce livre

Operational Auditing: Principles and Techniques for a Changing World, 2nd edition, explains the proven approaches and essential procedures to perform risk-based operational audits. It shows how to effectively evaluate the relevant dynamics associated with programs and processes, including operational, strategic, technological, financial and compliance objectives and risks. This book merges traditional internal audit concepts and practices with contemporary quality control methodologies, tips, tools and techniques. It explains how internal auditors can perform operational audits that result in meaningful findings and useful recommendations to help organizations meet objectives and improve the perception of internal auditors as high-value contributors, appropriate change agents and trusted advisors.

The 2nd edition introduces or expands the previous coverage of: • Control self-assessments. • The 7 Es framework for operational quality. • Linkages to ISO 9000. • Flowcharting techniques and value-stream analysis • Continuous monitoring. • The use of Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs). • Robotic process automation (RPA), artificial intelligence (AI) and machine learning (ML); and • Adds a new chapter that will examine the role of organizational structure and its impact on effective communications, task allocation, coordination, and operational resiliency to more effectively respond to market demands.

Foire aux questions

Comment puis-je résilier mon abonnement ?

Il vous suffit de vous rendre dans la section compte dans paramètres et de cliquer sur « Résilier l’abonnement ». C’est aussi simple que cela ! Une fois que vous aurez résilié votre abonnement, il restera actif pour le reste de la période pour laquelle vous avez payé. Découvrez-en plus ici.

Puis-je / comment puis-je télécharger des livres ?

Pour le moment, tous nos livres en format ePub adaptés aux mobiles peuvent être téléchargés via l’application. La plupart de nos PDF sont également disponibles en téléchargement et les autres seront téléchargeables très prochainement. Découvrez-en plus ici.

Quelle est la différence entre les formules tarifaires ?

Les deux abonnements vous donnent un accès complet à la bibliothèque et à toutes les fonctionnalités de Perlego. Les seules différences sont les tarifs ainsi que la période d’abonnement : avec l’abonnement annuel, vous économiserez environ 30 % par rapport à 12 mois d’abonnement mensuel.

Qu’est-ce que Perlego ?

Nous sommes un service d’abonnement à des ouvrages universitaires en ligne, où vous pouvez accéder à toute une bibliothèque pour un prix inférieur à celui d’un seul livre par mois. Avec plus d’un million de livres sur plus de 1 000 sujets, nous avons ce qu’il vous faut ! Découvrez-en plus ici.

Prenez-vous en charge la synthèse vocale ?

Recherchez le symbole Écouter sur votre prochain livre pour voir si vous pouvez l’écouter. L’outil Écouter lit le texte à haute voix pour vous, en surlignant le passage qui est en cours de lecture. Vous pouvez le mettre sur pause, l’accélérer ou le ralentir. Découvrez-en plus ici.

Est-ce que Operational Auditing est un PDF/ePUB en ligne ?

Oui, vous pouvez accéder à Operational Auditing par Hernan Murdock en format PDF et/ou ePUB ainsi qu’à d’autres livres populaires dans Business et Auditing. Nous disposons de plus d’un million d’ouvrages à découvrir dans notre catalogue.

Informations

Éditeur

CRC Press

Année

2021

ISBN

9781000388299

Édition

Sujet

Business

Sous-sujet

Auditing

Chapter 1

Definition, Characteristics, and Guidance

Be a Product of the Product

What does it mean to be a product of the product? It’s quite simple. Be a living example of what you sell, recommend or advise others. Personify what you preach. Show don’t tell. Lead by example.¹

John B. Petersen III

Introduction

Internal audit is undergoing a massive transformation. While its role to provide independent, objective assurance and consulting services to organizations in ways that improve their operations has remained constant for decades and remains true today, how this has been accomplished has changed over time.

Since the founding of the Institute of Internal Auditors (IIA) in 1941, the profession has evolved to adapt its personality, purpose, and approach to the changes taking place in the fields of management and organizational behavior. Universities and other academic institutions capitalized on the lessons of the industrial era and developed organization theories that created systems whereby centralization, a defined hierarchy, distinct authority levels and reporting lines, clear rules, and the division of labor were the norm.

Internal audit adapted to this approach and adopted it, so its methodologies were consistent with these theories. Standardization was the norm and organizations implemented rigid guidelines for how they functioned. Consequently, internal auditors did the same and implemented standardized approaches to audit their clients in those organizations. This search for consistency resulted in the proliferation of checklists, standard audit programs, and procedures. In the end, internal auditing evolved in a way that validated the organizations’ hierarchy and structure, its centralization, assignment of rigid authority, discipline, rules, and the division of labor procedures against the standard model. The audit function, then, focused on assessing an organization’s control or operational effectiveness with this standardization and could do so quickly by using checklists, prepared questionnaires, and reviewing the same documents year after year to verify consistency.

There was, and for those who continue to audit this way, a concealed risk. The focus on standardization limited the auditor’s ability to be creative. Creative thinkers were not sought for nor gravitated toward the profession. Using the excuse, and the legitimate need for independence, internal auditors isolated themselves from the businesses they examined and were supposed to support. Some even abstained from making recommendations to improve the weaknesses they identified. This risk became apparent in the 1960s and lasted through the 1980s.

While internal auditors were protecting their independence, the businesses they served were changing due to globalization, technological advancements, relentless competition, and a new social, demographic, and financial landscape. Companies no longer operated using the standard model. Since manufacturing moved to different countries, it was impractical to have a single procurement function with a single manager overseeing all purchasing activities. Since customers were now located around the world, the approval of customer orders could no longer be handled expeditiously and competently by the sales manager. Purchasing and sales decisions were now being made by regional general managers at the countries where these activities took place. Approving and making adjustments to customer accounts, were no longer handled manually and personally by the company’s controller. There was no need to. The local staff could handle that under the supervision of their local management team. The company’s enterprise resource planning (ERP) system provided the necessary separation of duties and limited transaction processing to those authorized.

Many internal auditors missed these changes and were slow to adapt to the changing landscape, instead believing that the world still operated by the standard business model. The result? Many became irrelevant. Some internal auditors still used their standard checklists, asked the same questions, searched for the same documents, and applied the rules of the standard business model. They continued to insist that outdated procedures be followed, like having the sales vice president approve all customer orders and the corporate controller print out the credit memos and sign them.

There was little disagreement about the need for effective internal auditing. Broad consensus existed about the importance of having a strong and reliable internal control environment. Generally, management believed in the importance of having sound internal controls, but did not believe that the internal audit function was making an effective contribution to the company. Boards of directors and their management teams slowly lost confidence in an internal audit function that focused so disproportionately, and inflexibly, on traditional business models that they recommended changes to the business that were clearly out of step with how the company needed to function. The disproportionate focus on compliance led many auditors to focus on what they thought was important to the business and less on what was truly important to the business. Management became disenchanted with auditors who wanted to refrain from making changes, even when the internal and external environments demanded quick and judicious modifications to the business structure and its practices. Beyond the methodology, some managers even wondered why some audits were being performed in the first place.

As if that weren’t enough, there was another problem. Internal audit in many ways evolved as an offshoot of external audit (i.e., public accounting) and excessively replicated external auditing by focusing on accounting transactions and the process of preparing financial statements. While the focus was generally more detailed and the materiality thresholds used by internal auditors was much lower, reviewing and reperforming accounting procedures seemed wasteful if the organization was already paying their external auditors to audit the accounting practices that led to the publishing of the company’s financial reports.

Much has changed since then. Starting in the early 1990s, internal audit began a transformation process that is bringing it more in line with the true needs of the organizations it serves and the related stakeholders. The emergence of the stakeholder theory and topics about corporate governance, quality, and cycle time, in addition to the constant advocacy work of the IIA have brought many changes to the profession. The dot com meltdown in 2000/2001 and the enactment of the Sarbanes–Oxley Act of 2002 were wake up calls for the profession.

Today internal audit is achieving a healthier balance among operational, reporting, compliance, information technology (IT), fraud, and strategic topics. It is now looking beyond the immediate fiscal year and taking a closer look at longer term trends and the future implications of current dynamics. It is now identifying a wider set of essential skills, and finding that to succeed as a trusted advisor to the board and management, it must bring into its ranks people with a wider skillset, including broad business skills, strong communication skills, and familiarity with technology.

But there is still work to be done. The State of Internal Audit 2013 report from Thomson Reuters Accelus states that although internal auditors are beginning to evaluate more strategic-level risk management and monitoring activities, most internal audit departments continue to focus primarily on process assurance and monitoring activities. Respondents to the survey indicated there is a lack of skilled resources due to the changing role of internal auditors away from traditional quantitative assessments and toward becoming a qualitative assessor of the organization’s goals and strengths. This condition remains true as this book goes to print. In this book, we discuss these dynamics and lay the foundation for effective operational audits.

We begin by defining and understanding the definition, role, and practices of modern internal auditing in general and the evolving world of operational auditing in particular. We examine the concept and manifestation of organizational risks and how internal auditors must adopt a risk-based auditing approach, which will allow it to better support the objectives of the organization.

Integrated auditing is a concept that has been in place for decades, yet many internal auditors still struggle to practice it effectively. We discuss key attributes of effective integrated audits and why it is essential for effective operational audits.

We end this chapter with a review of selected Standards for the Professional Practice of Internal Auditing (the Standards). But more than list them, we discuss their implications in the broader topic of operational auditing, and how these standards can be applied successfully.

Definition and Characteristics of Operational Auditing

Operational auditing is defined as “A future-oriented, systematic, and independent evaluation of organizational activities. Financial data may be used, but the primary sources of evidence are the operational policies and achievements related to organizational objectives. Internal controls and efficiencies may be evaluated during this type of review.”²

The Business Dictionary defines operational audit as “A review of how an organization’s management and its operating procedures are functioning with respect to their effectiveness and efficiency in meeting stated objectives. For example, a business might perform an operational audit if its senior management has become convinced that operational improvements can be made and need to be identified.”³

I worked in banking operations for 6 years after graduating from college. Over time, one of my roles involved working with the marketing and IT departments to bring new product concepts to market and ensure their smooth implementation and operation. The work involved managing account creation and servicing of loan programs from account setup to payoff. There was a great deal of paper involved and the work was tedious, time consuming, and often stressful.

Due to the growth of the organization, the large volume of paper files and the related logistical difficulties of finding files at various stages of processing and storing documents, and manually reviewing each file to ascertain its credit worthiness, the company embarked on a reengineering project. I was invited to participate as a business partner during the reengineering and restructuring project and I gladly accepted the offer. The result was several months documenting existing processes while brainstorming how to make the processes faster, cheaper, and better for all involved.

We hired an external consulting firm and as I split my time between my regular work and the sessions with the consultants, I got an education on brainstorming, documentation, meeting facilitation, collaboration, negotiation, flowcharting, and time management, among many others. In the end, we successfully introduced a credit scoring system that reduced the amount of time and the number of people needed to process loan applications, we replaced paper records with scanned...