CHAPTER II THEORETICAL FOUNDATION. ensure the effectiveness and efficiency of a company s operation. Operational audit is

Transcription

1 CHAPTER II THEORETICAL FOUNDATION 2.1 Definition of Operational Audit Operational audit is an audit which is commonly performed in a company in order to ensure the effectiveness and efficiency of a company s operation. Operational audit is also beneficial in assessing company s internal control. Inquiries regarding the accomplishment of company objectives and the compliance of company activities with the laws and regulations could also be addressed by operational audit. As the result of an operational audit, recommendations are presented in purpose of resolving company problems. According to The Institute of Internal Auditors (IIA) publication cited in Leung, Coram, Cooper (2007:662), operational audit is defined as: a systematic process of evaluating an organization s effectiveness, efficiency, and economy of operations under management s control, and reporting to appropriate persons the results of the evaluation along with recommendations for improvements. Another definition is also provided by Arens, Elder, and Beasley (2003:13), which describe operational audit as: a review on any part of an organization s operating procedures and method for the purpose of evaluating efficiency and effectiveness. 9

2 10 According to Gill (1999:718), operational audit should consist of: 1.Systematic process Series of logical, structured and organized procedures involved in an operational audit. Proper planning is very important in an audit in order to obtain and evaluate evidence relating to the activity being audited. 2.Evaluating an organization s operation Every company s management owns its performance standards which are expressed as criteria. The degree of correspondence between actual performance and the criteria are measured by an operational audit. 3.Effectiveness, efficiency, and economy of operations The main purpose of an operational audit is to assist the client or the company audited in improving the effectiveness, efficiency, and economy of its operations. 4.Reporting to appropriate persons The appropriate recipient of the operational audit is the management or the individual agency that requested the audit 5.Recommendations for improvement Recommendations are the result of the operational audit conducted by the auditor. In summary, operational audit is a systematic and objective evaluation of a company s activities, with the purpose of providing recommendations and improving the effectiveness and efficiency of the company.

3 Purpose and Benefit of Operational Audit There is major distinction between financial and operational audit. The orientation between these audits is also dissimilar. Financial audit is oriented to the past, whereas operational audit concerns for the future. Purposes of an operational audit, according to Carmichael and Willingham (1987:544), are: 1. Assess performance In assessing company s performance, the auditor needs to compare the manner in which an organization conducts its activities, in accordance with (1) objectives established by management or the engaging party, such as organizational policies, standards, and goals, and (2) other appropriate measurement criteria. 2. Identify opportunities for improvement Several alternatives for auditor to identify specific opportunities for improvements are analysis of interviews with individuals, observation of current operations, reviews of past and current reports, transaction studies, comparisons with industry standards, exercise of professional judgment based on experience, or other appropriate means. 3. Develop recommendations for improvements of further actions Recommendations could be made by the auditors. In certain cases, it is possible for the auditor to conduct further study, not within the scope of the engagement, and the auditor may simply refer to reasons why further study of a specific area may be appropriate.

4 12 Implementation of operational audit is expected to assist the companies in achieving certain benefits, such as generating progress for the company performance, increasing the management of company operations. Companies may have different purposes in conducting operational audit. Nevertheless, the main objective is improving effectiveness and efficiency of operations in the short term and increasing company performance in the long term Types of Operational Audit There are three main categories of operational audit which auditors frequently perform. In every types of operational audit, the main objectives are evaluating internal control and assessing company s efficiency and effectiveness. Arens (2003:740) categorize three main types of operational audits: 1. Functional Audits Functions are a means of categorizing the activities of a business, such as the billing function or production function. Various methods have been developed to categorize and subdivide functions. Prior to the terms, a functional audit is conducted with one or more functions in a company. Specialization by auditors is permitted in this type of audit. This specialization has become the main advantage of functional audit.

5 13 2. Organizational Audits Organizational audit deals with an entire organizational unit, including all departments, branches, and subsidiaries. The organization operation and also methods are especially important in this audit. Therefore, this audit is ideal in order to emphasize how efficiently and effectively functions interact 3. Special Assignments Management usually raises the request of special assignment. Examples of this audit may include determining the cause of an ineffective IT system, investigating the possibility of fraud in a division, and making recommendations for reducing the cost of manufacture product. Several aspects affecting the type of audit performed are the scope permitted by the company, the benefits expected to be achieved, and request from the company Performance of Operational Audit As in other kinds of audit types, it is crucial that operational audit is to be performed by competent auditors.

6 14 As stated by Arens (2003: ), operational audit is performed mainly by three professions: 1. Internal Auditors Internal auditors could perform either operational or financial audits. These auditors are considered to be effective for the company because normally, they also work for the company audited. However, in an audit performance, internal auditors are obliged to be independent. The internal auditors should report to the board of directors or president. 2. Government Auditors Government auditors usually perform financial audit and also operational audit. In Indonesia, government auditors are represented by Badan Pemeriksa Keuangan (BPK). The result of an operational audit by BPK would be presented to Dewan Perwakilan Rakyat (Legislative Council) as a means in managing Indonesia s economic activities (Jusup, 2001:17). In United States, General Accounting Office (GAO) is the most widely recognized government auditor group. The standard for government auditors in United States is termed The Yellow Book, which defines and sets standards for the performance audits; which are considered essentially the same as operational audits. The objectives of performance audit based on The Yellow Book are economy and efficiency audits and also program audits. 3. CPA Firms CPA firms perform their audit based on their knowledge of client s background. They usually perform financial audit and could be widened into operational audit. The result

7 15 of the audit should be made in form of management letter. Operational audit by CPA firms commonly happen in a company which lack of internal audit staff or internal audit staff lacks expertise in a certain area. In general, auditors should possess their independence in performing operational audit or other types of audit. In the performance of any type of operational audit, auditors are expected to resolve the matters in an uncomplicated manner and presented the result in recommendations. These recommendations should be able to be conducted effectively and efficiently by the company Phases in Operational Audit In managing their working schedule and also services, it is beneficial for auditors to have phases in operational audit. The phases that need to be completed in an operational audit are (Gill, 1999: ): 1. Audit Planning In audit planning, auditors should determine the scope of the engagement and communicate it to the company; obtain background information about the company, comprehend internal control, and decide the appropriate evidence to accumulate. Audit planning begins by developing an audit program. Audit program is composed based on the findings by the auditor in the preliminary study phase. Scheduling the audit performance is also included in audit planning. In operational audit, it is crucial to spend more time with interested parties regarding the terms of engagement and the criteria for evaluation.

8 16 2. Audit Performance In acquiring relevant data, the auditor usually conducts inquiry and observation. Questionnaire is the most common approach used by the auditor as a basis for interviewing auditee personnel. The auditor expects to obtain opinions, comments, and suggested solutions from the responses. Auditors can also conduct observation of auditee personnel to detect inefficiencies and other weaknesses. The next phase in audit performance is analysis. Analysis is also important because it provides a basis for determining the degree to which the auditee is meeting specified objectives. Analysis comprises of the study and measurement of actual performance in relation to some criteria. There are two types of criteria, which are criteria internally developed by the entity and criteria externally developed by the entity. Internally developed criteria could be described in productivity goals and budgets. Externally developed criteria could also be found in information on industry standards or derived by the auditor from previous audits or similar activities. After the audit performance concluded, the auditor should document the findings and the recommendations in working papers. The senior auditor usually will review the working papers to monitor progress and ensure the overall quality of the work. 3. Report Findings The result of operational audit is the audit report. In operational audit, the report is usually sent only to management, with a copy to the unit being audited. The common features of an operational audit report comprise of:

9 17 a. A statement of objectives and scope of the audit In this stage, auditor would include (1) document, analysis, and report regarding the current operations (2) identification of areas that require attention (3) recommendations for corrective action or improvements. The components of the scope are identification of units being audited and the evaluation of specific financial and operational conditions. b. A general description of the work done In this section the auditor will indicate (1) the personnel interviewed; (2) the specific documents, files, reports, and systems used in evaluation; (3) the analysis of data; (4) the development of recommendations for improvement; (5) the discussions with management personnel. c. A summary of findings For consideration purpose, all substantial findings are included in the report. Recommendations for improvements The aim of recommendations is to increase the efficiency and effectiveness of company s operation. Comments of the auditee This feature is optional for auditors. Auditors will include this part only when there is disagreement with the auditee concerning findings and recommendations.

10 18 4. Follow-up Performance The auditor is required to follow up on the auditee s response to the audit report. The failure in receiving an appropriate response must be reported to senior management by the auditor. Subsequently, the phases in operational audit is required to be achieve several goals, such as (1) to ensure the effectiveness and efficiency of company activity, (2) to assist the company in improving its operations and developing the performance. 2.2 Definition of Internal Control One of the purposes of operational audit is also to evaluate efficiency and effectiveness of internal control and eventually provide recommendations to the management. In accordance with Agoes (1999:180), efficiency and effectiveness were defined as follows: a. Effective occurs when a company could accomplish its goal, objectives, or programs in a targeted range of time, regardless of the cost. b.efficient occurs when a company could achieve bigger results (output) along with the least amount of cost (input). Accordingly, concise explanation of effectiveness and efficiency are: a) Effectiveness - the assessment of a company in determining the extent the company has been successful in realizing its goal, objectives, or programs.

11 19 b) Efficiency - correlation between the output results of the company s activity and the input consumed to generate the results (output). Furthermore, Auditing and Assurance Handbook 2008 ( ASA 315: 218), affirm that, obtaining an understanding of the entity and its environment, including its internal control is a continuous, dynamic process of gathering, updating, and analyzing information throughout the audit. In accordance with The Committee of Sponsoring Organizations (COSO) of the Treadway Commission, (Gill, 2004: 273), internal control can be defined as: a process, affected by an entity s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: reliability of financial reporting, compliance with applicable laws and regulations, and effectiveness and efficiency of operations. The definition of internal control according to Ikatan Akuntan Indonesia (IAI), published in Standar Profesional Akuntan Publik (IAI, 2001:319.2), is: Internal control is the process carried out by the commissioner, management, and the staffs in the entity, which is designed to provide reasonable assurance in accomplishing three main purposes: (a) reliability of financial reporting (b) efficient and effective company s operations (c) compliance with the rules and regulations.

12 20 A company s size has an essential effect on the nature of internal control. However, if the various subcomponents of internal control are examined, it becomes obvious that most are applicable to both large and small companies Purpose of Internal Control Three purposes of applying internal control in a company are (1) Reliability of financial reporting, (2) Compliance with rules and regulations, and (3) Efficiency and effectiveness in company activities. Standar Profesional Akuntan Publik (IAI, 2001:319.2) identifies the purpose of internal control as follows: 1. Reliability of financial reporting Management has the obligation of establishing and maintaining entity s controls. Therefore, the management should ensure that the financial report has been prepared according to reporting standard. 2. Effectiveness and efficiency of the company s operations By applying good internal control, it is anticipated that ineffective and inefficient use of resources could be diminished. 3. Compliance with the law and regulations The company s operations should be complied with rules and regulations, which could affect the company directly or indirectly.

13 21 As a conclusion, by applying the appropriate degree of internal control in a company, the company could achieve its short term and long term goal in an efficient and effective way Components of Internal Control Internal control includes five significant categories that management designs and implements to provide reasonable assurance that management s control objectives will be met. These are called the components of internal control (Arens, 2003: ) 1. The control environment Control environment consists of the actions, policies, and procedures that reflect the overall attitudes of top management, directors, and owners of an entity about internal control and its importance to the entity. In understanding and assessing control environment, auditors should also consider other subcomponents such as integrity and ethical values, commitment to competence, board of directors or audit committee participation, management s philosophy and operating style, organizational structure, assignment of authority and responsibility, and human resource policies and practices. 2. Risk Assessment Risk assessment for financial reporting includes identifying and analyzing risks which are relevant to the preparation of financial statements in conformity with Generally Accepted Accounting Principles (GAAP).

14 22 In order to understand more about risk assessment in a company, auditors usually could use control risk matrix which described control which needed for certain function in a company, perform questionnaires and discussion with management. Relevant transaction class audit objective in control risk matrix consist of completeness, existence and occurrence, allocation and valuation, and presentation and disclosure. The more effective the internal controls, the lower the control risk and inherent risk. The relationship between control risk and detection risk is inversed, whereas the relationship between control risk and substantive test is direct. Thus, when the control risk and inherent risk are high, substantive test is needed. And when the detection risk is high, test of control is needed. 3. Control Activities Control activities are the policies and procedures, which help ensure that necessary actions are taken to address risks in the achievement of the company s objectives. Statements on Auditing Standards (SAS) 94 and COSO Report note that control activities are generally related to policies and procedures that affect segregation of duties, information processing, physical controls, and performance reviews. There are five types of specific control activities, which are adequate segregation of duties, proper authorization of transactions and activities, adequate document and records, physical control over assets and records, and independent checks on performance.

15 23 4. Information and Communication The role of information and communication system within a company is to initiate, record, process, and report the entity s transactions; and maintain accountability for the related assets. To understand the design of the accounting information system, the auditor (1) determines the major classes of transactions of the entity, (2) how those transactions are initiated and recorded, (3) what accounting records exist and their nature, (4) how the system captures other events that are significant to the financial statements, and (5) the nature and details of the financial reporting process followed. 5. Monitoring Monitoring activities deal with the ongoing or periodic assessment of the quality of internal control performance by management to determine that controls are operating as intended and that they are modified as appropriate for changes in conditions. The major types of monitoring activities a company uses and how these activities are used to modify internal controls when necessary are the most important things the auditor needs to know about monitoring. The most common way to obtain this understanding is by discussion with management. In addition, an adequate internal audit staff can reduce external audit costs by providing direct assistance to the external auditors. Each component of internal control comprises of policies and procedures which are considered necessary in attaining the purposes of internal control.

16 Relation between Operational Audit and Internal Control Analyzing and evaluating internal control of a company is required for an auditor, as stated by Standar Profesional Akuntan Publik (IAI,2001:319.02), Reasonable knowledge of internal control should be acquired with the aim of planning the audit and determining the nature, timing, and extent of the audit. Ratliff (1996:753) defines the relation between internal control and operational audit as follows, Operational audits examine and evaluate systems of internal control and the quality of performance in carrying out assigned responsibilities. He further states that the key to understanding operational auditing is to understand internal control. All operational audit tests generally are linked directly to some aspect of organizational operations (Ratliff, 1996: ). Therefore, it is certain that operational audits are conducted to enhance and support internal control as means in achieving company s goals. Weaknesses in company s internal control, such as errors, inaccuracy and fraud, indicate greater risk for the company. If the auditor assumes the company s internal control as ineffective, the auditor should expand the audit scope and perform substantive test in preventing greater risk to occur. On the contrary, if the auditor presumes the internal control of the company as effective, the auditor could simply complete test of control or reduce the scope of the audit when performing substantive test.

17 Definition of Accounting Information System In performing operational audit, particularly in describing the flow of company s operation and also its organizational structure, the audit is supported by accounting information system. According to Hall, information system could be defined as: Specialized subset of information system that processes financial transactions (Hall, 2007:9). Hall also stated several documentation techniques which support the performance of operational audit, such as (2007: 58-62): 1. Data Flow diagrams In this method, symbols are representing the entities, processes, data flows, and data stores that pertain to a system. 2. Entity Relationship Diagrams This method applies documentation technique to represent the relationship between entities. 3. Flowcharts A flowchart is a graphical representation of a system that describes the physical relationship between key entities. Components in accounting information system maintain a proper performance of an operational audit.

18 Relation between Operational Audit and Accounting Information System In Operational audit the main purpose is to assess the internal control of the company in order to evaluate the company s performance. In assessing the internal control, there are methods applied. This method applied is frequently related to accounting information system. Accounting information system could provide the written description of a system which could be wordy and difficult to follow. By using documentation techniques, the auditors could capture visual image which could convey vital system information more effectively and efficiently than words do. For example, the auditor needs to evaluate the internal control and procedures of purchasing department in the company; the auditor could use a flowchart to describe this situation. The auditor will begin by interviewing individuals involved in the purchase order process to determine what they do. Based on the findings and facts, the auditor could create a flowchart of this system. This flowchart would clearly identify the system that it represents. 2.3 Definition of Purchase Within a company, there are areas which possess high risk factors. One of these areas is the purchasing area. In a company, purchase is the main function in maximizing company s production activity. Purchase volume depends on the size of the company. There are several definitions of sales, including: 1. According to Ebert and Griffin Purchasing is the acquisition of all the raw materials and services that a company needs to produce its products ( Ebbert and Griffin, 2005: 210).

19 27 2. In accordance with Soemarso, Purchasing activity could include, purchasing goods in cash or credit, purchasing goods for the purpose of production activity and other company activities (Soemarso, 1999:208). In summary, purchase could be defined as the result of company s activity in acquiring production goods within a period of time. Purchase is performed in two ways: 1. Cash purchase In this type of purchase, the company is obliged to make the payment alongside the acceptance of merchandises ( Arens, 2003:542). 2. Credit purchase This type of sales enables the company to receive the merchandises and make the payment afterwards, within an agreed upon of time and terms. Accounts payable occur as the result of credit purchase ( Arens. 2003:543). 2.4 Definition of Account Payable Lenience in terms of payment may be provided for the company by the seller, such as permitting the company to make payment within an agreed period of time and terms. Lenience in payment only occurs in credit purchase. Account payable in credit purchase is regarded as a liability due to the obligation that a company expects to fulfill in the future. In accounting manner, account payable is considered as current liabilities. Current liabilities are obligations which fall due before one year from the balance sheet date.

20 28 There are several definitions for account payable, such as: 1. Horngren (2002:329) defines account payable as Amounts owed to suppliers. 2.According to Nickels, McHugh, McHugh, accounts payable could be defined as, Money owed to others for merchandise and services purchased on credit but not yet paid (Nickels: 558). 3.Arens, Alder and Beasley defined accounts payable as: Unpaid obligations for goods and services received in the ordinary course of business (Arens, 2003: 552). 2.5 Summary of Theoretical Foundation Operational audit is conducted as a review of company s activities. The benefits of operational audit are assessing the company performance, identifying weaknesses in company functions, increasing efficiency and effectiveness of company operations, and providing recommendations for the development of the company. There are three types of operational audit which are commonly performed by auditors; they are functional audit, organizational audit, and also special assignment. The stages usually pursued in operational audit are audit planning, audit performance, report findings, and audit follow-up. Enhancing efficiency and effectiveness of company operations has become the main purpose of operational audit. Effectiveness and efficiency are crucial in a company because by enhancing both of them; a company can easily manage its operations and accomplish its objectives.

21 29 Internal control should also be reviewed by auditors in conducting operational audit. In performing internal control, management should also consider the components of internal control, such as control environment, risk assessment, control activities, information and communication, and monitoring. Proper application of internal control could ensure the reliability and compliance of financial reporting, and also increase the level of effectiveness and efficiency of the operations. In providing the visual description of the internal control of the company, the auditor would apply the documentation techniques in accounting information system. These documentation techniques would provide great amount of assistance in understanding more about the company s operation and relation between entities audited. Credit purchase could be considered as an obligation which must be fulfilled by the company. Account payable is also crucial because if the company could not pay their account or could not be resolved, the amount in the account payable could affect the company performance in negative way. The objective of this thesis is to perform operational audit on credit purchase and account payable functions on fabric at PT. Henrydew Putra Sanjaya. Prior to the situation in PT Henrydew Putra Sanjaya, the type of operational audit which will be conducted is the functional audit. By conducting operational audit, it is expected that the

22 30 auditor could identify the weaknesses of the company in both functions and subsequently provide recommendations to prevent future losses and risks. This audit performance is also conducted to evaluate the level of internal control in the company. Eventually, this audit could increase in effectiveness and efficiency of company activity especially in credit purchase and account payable on fabrics. This audit would also be performed based on the proper audit phases.