S r. M a n a g e r R i s k A d v i s o r y. D a n S m i t h. D e c e m b e r S e r v i c e s. Operational Auditing & Operations Management

Transcription

1 Operational Auditing & Operations Management Operational Auditing & Operations Management D a n S m i t h S r. M a n a g e r R i s k A d v i s o r y S e r v i c e s D e c e m b e r Experis December

2 Objectives for this session - Explore definitions and key concepts for operations management and operational auditing - Discuss what makes a good operational auditor and perhaps, a good operations manager - Participant activities will provide the opportunity to demonstrate conducive and adversarial approaches to auditing and how the auditee and auditor can work better together. - Discuss audit program development tips Experis December

3 Definitions of Operations Management The design, execution, and control of operations that convert resources into desired goods and services and implement an organization s strategy source: Operations management is the corporate area in charge of designing, managing and tracking different processes. These processes are made up of interrelated, sequential activities through which the components and actors required (raw materials, labor, capital, information, the client, and such) are transformed into products. source: Miguel Angel Heras, ESADE Business School Operations management is the term used for the activities which produce and deliver products and services. Source: Slack N., Chambers & Johnston, Operations Management, fourth edition Experis December

4 Definition of Operational Auditing Operational Auditing is a systematic process of evaluating an organization s effectiveness, efficiency and economy of operations. It s objectives are to evaluate an organization s performance and to enhance performance by making recommendations for improvement to better attain strategic goals and objectives of the organization. Experis December

5 The Three E s of Operational Auditing Economy Minimizing the cost of resources for an activity (Doing things at a lower price) Efficiency Performing tasks with reasonable effort (Doing things the right way) Effectiveness The extent to which objectives are met (Doing the right things) Experis December

6 Financial vs. Compliance vs. Operational Auditing Financial Compliance Operational Objective: Attest to the fairness of financial statements. Primary Audience: Direction of Audits: Public, Stockholders & Board Audit Basis: Financial Reporting Objectives / GAAP Determine adherence to policies, procedures, laws and regulations. Evaluate and improve the effectiveness, efficiency and economy of operations Regulators Management, customers, and, increasingly, regulators Looking Back Looking Back Looking at Present and Into Future Corporate standards of business conduct, internal policies, specific laws and regulations. Mission, Vision and Objectives of the organization and its management Examples: Annual audits performed by public accountants. Contract audits, audits for OSHA or Banks Process audits and reviews, IT Operations, Departmental Reviews Experis December

7 Are blinders on or off? For who? Operations manager Internal auditor Experis December

8 Are blinders on or off? For who? Experis December

9 Experis December

10 What makes a good auditor? What makes a good operations manager? Experis December

11 Attributes of an Ideal Operational Setting Strategic objectives defined for the company Functional area objectives defined and measurable (KPIs) for relevant stakeholders Processes are defined in a level specific manner Proliferation and alignment of personnel toward common known goals Experis December

12 What should IA do in such a setting? Assess whether functional objectives tie to company objectives Assess measurement system(s) risk is it subject to manipulation and/or judgment without appropriate oversight? Determine if policies and procedures are documented and assess their quality (do controls exist?) Assess whether conflicting objectives exist and the extent to which they could impact efficiency and effectiveness (comp programs, internal/external customers, cash flow vs. fulfillment, etc ) Experis December

13 Specific Audit Steps Planning & audit program development Documenting the process & assessing inherent risk Identify controls and develop risk and control matrix Evaluate control design Test control execution Issue discussion and resolution Reporting Follow up Experis December

14 Planning How can I get specific enough with my audit objectives? Know the context Experis December

15 Planning Reduce the context to writing, in a well articulated manner consider disbursements: Disbursements can leave the company in one of five methods outside of payroll. Those methods, their percent of total disbursements, volume, and average disbursement are The most significant risks with disbursements is concentrated in two of these methods as follows The cost of processing method one and five is per payment, the others were not determinable in the planning process of the audit Experis December

16 Planning How do I gain an understanding about the area? Interviews and Discussions Internal Control Questionnaires Background Information Review Review Process Documentation What is missing? Experis December

17 Objectives Tie-ins to strategic objectives Audit Objectives: These must be specific, considering knowledge about the audit target such as: Provide assurance over management controls for authorizing sales commission payments and spot bonus payments for the Southeast sales organization. Provide assurance over the efficient and effective use of resources to procure payment through the XX methods of payment. Provide assurance over warehouse practices to fulfill orders within management s stated service level agreement of 99.5% within 24 hours. Experis December

18 Risk Assessment Of the Audit Target Business Impact Likelihood of Occurrence Risk Velocity Reputational Risk Fraud Risk Management Concern Experis December

19 Temporary Diversion Experis December

20 Audit Program Tips Are planned steps reasonable considering the budget? Do audit steps clearly align with strategic objectives, business objectives and the audit objectives? Do the right controls have an audit program step to evaluate control design and possibly effectiveness? Are planned steps risk appropriate inquiry, observation, inspection, and re-performance? Experis December

21 Audit Program Tips Arrange the audit program steps in a logical, sequential manner and relate them to the specific audit objectives. Clearly state the kind or extent of testing required to achieve the objectives. Where necessary, provide explanations for performing complex audit program steps. Did we follow-through on out-of-scope areas that others may assume are included in the audit? Experis December

22 Risk and Control Matrix Control objective - The high-level actions taken to ensure focus is taken to align with & achieve the entity's objectives. Control activity The actual control activity that ensure we know or understand the extent to which management directives are carried out. This should be obtained in the process documentation phase of information gathering. Control frequency, type (e.g., automated or manual) Evidence of control Tangible document, record, log etc., that can be reviewed/tested to provide evidence that the control is in place. Experis December

23 Evaluate Control Design Do controls expected to be in place appear to provide assurance company & functional objectives are met? Are inherent risks based on the process addressed by controls expected to be operating effectively? Does it appear an economical and efficient use of resources is in place? Considering technology investments? Do we expect evidence of the accomplishment of established objectives and goals for operations to exist? Experis December

24 Brain Teaser - Question Question It's Prttey fnuny how we can raed tihs einrte snetnece wtih all tehse ltters all out of palce, and we can cnotniue to keep raednig and sitll mekas snece of waht we are raeding. No mttar how mnay tmies you raed tihs oevr and oevr you can sitll mkae snese of it. How is taht pssoible? I ask again, how is that possible? Experis December

25 Brain Teaser - Answer Answer As long as the first and last letter of the word is in its correct position, you can position the middle letters in any order and still make sense of it. Our eyes just glance at the first and last letters of a word. Experis December

26 Why was that exercise relevant Experis December

27 Test Design and Execution Management and Administrative Controls/Risks/Concerns Clearly defined responsibilities Management monitoring systems Control environment Delegation of authority Organization Cost of operating the function Training Experis December

28 Test Design and Execution Accounting Controls/Risks/Concerns Segregation of duties Safeguarding of assets Cost of operating the function Misappropriation of assets Authorization of transactions Omission of recording of transactions Reliability and integrity of information Experis December

29 Documentation of Issues Condition What are the facts? Criteria What ought to be? Cause Why? Effect So What? Recommendation What Needs to be Done? Experis December

30 Reporting & Follow-up Value added recommendations Know your audience Communicate issues during the audit no surprises Schedule follow-up audit Experis December

31 Questions & Comments For more information Dan Smith, Sr. Manger, Risk Advisory Services Experis Finance Charlotte Office (704) Experis December