1 / 37

Establishing an I/A Function

Establishing an I/A Function. Reporting structure Mission statement/ role of dept. Objectives Department tone--teamwork IIA standards Commitment to continuing education. Human Relations Issues. General people techniques Due professional care Hostile management approaches

cyrus-livingston
Download Presentation

Establishing an I/A Function

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Establishing an I/A Function • Reporting structure • Mission statement/ role of dept. • Objectives • Department tone--teamwork • IIA standards • Commitment to continuing education Operational Auditing--Fall 2007

  2. Human Relations Issues • General people techniques • Due professional care • Hostile management approaches • Dealing with external auditors • Participative approach w/auditees Operational Auditing--Fall 2007

  3. General People Techniques • Promote the “wanna” • Foster feedback • Adopt a consultative approach • Use the “Will Rogers’ Approach” Operational Auditing--Fall 2007

  4. …Due Professional Care • Be fair but don’t whitewash • Avoid surprises • Go for the win-win • Have the guts to go to the top Operational Auditing--Fall 2007

  5. Hostile Management Approaches • Select the right time for discussion • Remain flexible in your conclusions • Avoid emotion; sometimes even logic won’t work • Don’t corner yourself or the other party • Listen to the other party • Help the other guy “to be right” Operational Auditing--Fall 2007

  6. Dealing with the External Auditors • Different objectives • Different accountability • Different qualifications • Different activities Operational Auditing--Fall 2007

  7. Cooperation • Economy • Efficiency • Effectiveness • Advantages for the external auditor • Increases external auditor client insight • Improves client relations • Rotates emphasis • Advantages for the internal auditor • Improves training • Source of additional work • Increases professional knowledge • Independent appraisal source • Compliance with SAS 65 and SAS 99 Operational Auditing--Fall 2007

  8. SAS 65 • Defines roles • Defines function • Discusses competency & objectivity • Considers nature of the work • Discusses coordination • Guidelines for evaluation • Role of direct assistance Operational Auditing--Fall 2007

  9. SAS 99 • Auditor’s responsibility to detect fraud Operational Auditing--Fall 2007

  10. Typical Int. Audit Assistance • Design of control systems • Reduction of risk assessment • Reduction of substantive testing Operational Auditing--Fall 2007

  11. Create a Cooperative Bridge • Coordination • Risk assessment alert • Control system disclosure • Common sampling tools • Pooled IT knowledge • Different perspective • Constant general communication Operational Auditing--Fall 2007

  12. Participative Approach • Joint goals • Consultation • Joint authority • Open discussion re: findings • Open review of reports Operational Auditing--Fall 2007

  13. COSO • Committee of Sponsoring Organizations • FEI, ACIPA, IMA, IIA and AAA • Sponsored the Treadway Commission in 1987 • Issued guidelines for Internal Control in 1992: COSO Cube • Issued guidelines for Enterprise Risk Management in 2004: COSO 2 Operational Auditing--Fall 2007

  14. COSO Control Objectives • Economy & efficiency of operations • Reliable financial and operational data and reports • Compliance with laws and regulations Operational Auditing--Fall 2007

  15. Control Objectives • Reliability and integrity of info • Compliance • Safeguarding of assets • Economical & efficient use of assets • Organizational attainment of goals & objs. Operational Auditing--Fall 2007

  16. Types of Control • Preventive • Detective • Corrective • Directive • Compensating Operational Auditing--Fall 2007

  17. Methods of Control • Organizational • Operational • Personnel • Review • Facilities Operational Auditing--Fall 2007

  18. Threats to Control • Management override • Open access to assets • Form over substance approach • Conflict of interest Operational Auditing--Fall 2007

  19. COSO Approach to Achievement • Sound control environment • Sound risk assessment process • Sound operational control activities • Are the processes working • Sound info & communications system • Effective monitoring Operational Auditing--Fall 2007

  20. Control Environment • Culture of integrity, ethics and competence • Overall mgt. philosophy • Proper authority & responsibility • Proper organization of resources • Proper training and development • Senior mgt. attention & direction Operational Auditing--Fall 2007

  21. Internal Audit Process • Auditee selection • Audit planning • Preliminary survey • Internal control review • Expanded testing • Develop findings & recommendations • Reporting • Follow-up • Post audit evaluation Operational Auditing--Fall 2007

  22. Control Self Assessment (CSA) • Methodology • Review and Identification • Key business objectives • Related risks • Mitigating controls Operational Auditing--Fall 2007

  23. CSA-History • Introduced by Gulf Canada in 1987 • Gulf used facilitated meetings Operational Auditing--Fall 2007

  24. Facilitated Meetings • Management and staff participate through interviews and polling • Objectives • Risks • Processes • Soft and/or informal controls Operational Auditing--Fall 2007

  25. General Methodology • Shared process • Assessment of internal controls • Evaluation of risks • Development of action plans • Assess the likelihood of achieving objectives • SJSU simulation Operational Auditing--Fall 2007

  26. General Approaches • Facilitated meetings--group workshops • Questionnaires--yes/no answers • Management analysis--self studies Operational Auditing--Fall 2007

  27. Uses • Self analysis for risk* • Selection of audit areas* • Internal control review* • Special projects • Soft control analysis * alternatives to the traditional approach to the I/A process Operational Auditing--Fall 2007

  28. Benefits • Increases I/A scope • Target review of high risk areas • Increases the effectiveness of corrective action • Builds team-oriented relationships Operational Auditing--Fall 2007

  29. What Is Storyboard Flowcharting? • New method for documenting a process. • Clean and simple flowcharting method. • Allows for clients and auditors to clearly understand process under review. • Simple technique that requires a good graphics package and a little imagination. • Can use Microsoft PowerPoint, Harvard Graphics, Corel Draw, etc. • Does not replace IS flowcharting. Operational Auditing--Fall 2007

  30. Meet with client and document process. Use your imagination to choose/draw picture. Under picture write narrative for each step represented. Be creative - good control narrative in green; poor controls in red. Completed storyboard must be reviewed with client. Make any changes necessary. Final copy should be in color for most effective presentation. Different process may require different approach. The Basics of Storyboard Operational Auditing--Fall 2007

  31. A • Print out story board - • black and white draft and • color for final. • Review storyboard • with client and obtain • sign off. How to Storyboard A • Meet with client and document process. • From client interview • create storyboard. Operational Auditing--Fall 2007

  32. Start Company XYZ Order-fulfillment process Customer Service Rep Receives Order Customer Service Rep Researches And Corrects Information NO Approved By Manager? By Phone? Customer Service Rep. Key Enters Data on-Line Print Three-Part Shipper YES YES NO Yellow and Green To Shipping Department On Standard Order Form? By Mail or Fax? Pink to Accounts Receivable Department Scan Form Into System YES YES NO Shipping Pulls And Packs Orders Send to Special Order Department ShippingFiles Yellow Shipping Sends Order and Green Copy (Invoice) End Operational Auditing--Fall 2007

  33. Company XYZ Order-fulfillment process A Receives orders by fax or mail. Standard orders are scanned into system. Customer Representative A three-part packing slip is printed per order. Receives orders by phone. Customer Representative enters order data on-line. Pink copy sent to accounts receivable department. A Green copy sent with order. Packing slip approved by Manager. If not approved, returned to Customer Representative for correction Packing slip Yellow and green copy go to shipping department. Shipping pulls and packs orders. Yellow copy filed in shipping department. Operational Auditing--Fall 2007

  34. Flowcharting Begin or End File Activity Decide Document Operational Auditing--Fall 2007

  35. Work Paper Purposes • Documentation of evidence • Audit execution and planning tool • Follow-up reference • Review facilitator Operational Auditing--Fall 2007

  36. Other W/P Factors • Ownership: the company • Preparation guidelines • Completeness & accuracy • Clarity & understandability • Legibility & neatness • Relevance • Attention to detail Operational Auditing--Fall 2007

  37. Sample Work Paper Ref. Heading Purpose: Conclusions T/M Legend: Review Source Operational Auditing--Fall 2007

More Related