BARIA, ANNE MARIE D.

CBET-01-502E OPERATIONAL AUDITING

CHAPTER 1 – Definition, Characteristics and Guidance

1. What is operational auditing and how can it add value to the organization?

Operational Auditing is the formal procedure done to control, verify,

and examine whether the objectives of an organization are accomplished or
not. It is similar to Internal auditing but focuses more on the non-financial
aspects. This takes place when the organization seeks to enhance their flow
of operations at the present time. It is essential in any kind of organization
since it identifies the strengths and weaknesses therefore taking action
towards the overall productivity. It paves the way for an increase in profitability
as well as decrease in the insignificant costs and various risks involved in
production such as wastes, rework, idle time or other losses. Additionally, it
ensures that every working activity of the people in the organization is aligned
with their understanding of the process and its purpose in the business.
(Murdock, 2017, p. 3-5)

2. Explain the importance of independence and objectivity and how having

unfettered access within the organization impacts the internal auditors’ ability
to review any program, process, system, record, at any time and perform
operational reviews.

Independence and objectivity are two characteristics that an internal

auditors should possess to provide the best assistance in an organization.
Independence means that the auditors are not in the same level of position
with personnel among the organization. The auditors are directly related to the
highest positions and always be in authority. This creates division between
the auditor and the employees in a good manner. It allows the auditor to focus
only on responsibilities at hand and not concerning other matters in the
organization. Similarly, Objectivity is the auditors personal judgment or
opinion without regarding themselves or any other person. There should not
 be any confusion towards the relationship among parties involved to always
construct very impartial decisions. When auditors have unfettered access
within the organization, it will give rise to a more efficient and effective
application of the auditors tasks in documenting, analyzing and improving the
business due to the fact that there will be no limitation or hindrances to be
encountered by the auditor in any area to be inspected at any time. By this,
the reviews would be presented more accurately. ​(Murdock, 2017, p.6)

3. Describe the difference between retrospective reviews that focus on past

events and prospective engagements. List some of the future threats that
internal auditors should include in their assessments.

The difference between retrospective and prospective reviews is

obviously seen based on their time-scale wherein the information is taken.
Simply stated, retrospective is creating a review based on past data collected
while prospective is creating a review based on the present or future data.
There are some threats that internal auditors should include in their
assessment with retrospective and prospective reviews in mind such as:
(Murdock, 2017, p.17-18)

● Operational
● Technological
● Strategic
● Environmental

4. What are five of the skills of internal auditors that have been identified as
essential for success in the future? What can your internal audit department
do to develop those skills among its staff?

Based on the IIA Research Foundation Core Competencies Report

regarding the top general competencies of internal auditors, I have noticed
that there are five main skills for internal auditors including communication
skills, analytical and critical thinking skills, organizational skills, information
technology knowledge, and regulatory and professional standards knowledge.
 The internal audit department may develop these skills among its staff by
continuously having individual and team assessments. The department may
also plan seminars and training for its staff. Giving additional compensation
may further boost the interest of staff to exert more effort on individual
development of the said skills. ​(Murdock, 2017, p.18)

5. Explain the five stages in the IA-CM and its implications for operational
auditing.
The five stages in the IA-CM are Initial, Infrastructure, Integrated, Managed,
and Optimizing. ​(Murdock, 2017, p.21)

Level 1: Initial is where internal audit is done only when necessary or

needed. The auditors are not staying within the organization but are located in
a separate area because their responsibility will end after the review is
already submitted only for a requirement or as supporting evidence of a
transaction.

Level 2: Infrastructure is where internal audit is done to ensure that an

organization is obeying specific regulations arising from the creation of the
business. It is to verify if the organization is lawful and is following all the
policies included in various agreements made.

Level 3: Integrated is where internal audit is done as a consulting

function where it helps in the development of the management and the people
in the organization. It mainly focuses on the non-financial aspect of auditing
and uses more qualitative information as the basis of review such as
performance information.

Level 4: Managed is where internal audit is done as effective control of

authority over the organization. It uses both qualitative and quantitative
information for measurement in review because of the fact that it presents
review for the organization as a whole, not just for management or for specific
areas within the organization. In this level, the attainment of the objectives is
essential.
 Level 5: Optimizing is where internal audit is done as a pushing tool for
an organization to go beyond the previous levels. It is where the organization
is at its full potential for the reason that the decision after review in this level
has reduced dysfunctions or no dysfunction at all. It leads the organization to
maximize its resources and continuously conform to all policies.

6. Explain integrated auditing.

Integrated auditing is considered as a type of audit which interrelates

the information technology to both financial and operational auditing aspects.
It creates a control not only for reports and production but also towards
various computer systems used in the organization such as softwares,
system-generated reports, documentations etc. With integrated auditing, all of
the information stored is not just accurate but also secured. (Murdock, 2017,
p.20,22)

7. Describe the difference between controls-based and risk-based auditing.

Controls-based and Risk-based auditing are recognizably opposite to

each other. Controls-based auditing aims to identify and apply effective
controls only, disregarding the deeper consequences of implementing the
controls in the process of activities. At all times, it mainly concerns
effectiveness and not achieving objectives, which do not really improve the
organization in the long run. Using this controls-based auditing may lead to a
lot of examinations and expenditures without developing the organization
itself. On the contrary, Risk-based auditing is leaning more towards the
growth of an organization in regards to estimating possible losses while also
implementing controls. Decisions from this are more strategic because it
produces more progress for the management and the organization. It is
beneficial since it suggests solutions from risks identified. (Murdock, 2017,
p.11-12)
8. Explain the importance of using business objectives while planning and
performing operational audits, and how to use them when communicating the
results of the audit.

Objectives represent the long term goals that an organization is

pursuing. It serves as a direction and guidance for every decision-making
situation of the management. As an auditor plans and performs operational
audits, it is crucial to always consider the objectives to reduce the risk of
creating an error or creating a review that is not useful. It is also significant to
identify the specific areas that are in need of auditing as well as appropriately
searching for improvements valuable to the organization. By keeping in mind
the objectives, the auditor may easily communicate to the management by
means of responding through the use of provisions regarding development of
certain objectives of an organization. ​(Murdock, 2017, p.24-25)

9. What are the attributes of effective audit evidence outlines in Standard 2310
and what are the implications for operational audits?

Based on the Standard 2310, an effective audit evidence lies within the
maintenance of effective controls by the auditors assistance. It does not limit
to effectiveness but extends to efficiency where it reflects that controlling may
lead to improvement at the same period it was implemented. The standard
also indicated that changes may happen over time which means every
effective control may and should vary in different situations for the assurance
of success in the future. ​(Murdock, 2017, p.28)

10. Explain how an organization could meet its compliance requirements but still
fail over the medium and long term.

An organization may meet its compliance requirements while failing to

other aspects in the business. Compliance requirement approach did provide
some benefits but it still failed over the medium and long term due to poor
management which consists of failures in various areas such as operations
management, human resources, information technology, marketing, corporate
 social responsibility, and environmental health and safety practices. Failures
in operations management resulted from several wastes and losses in the
persons involved and even the organization itself. Human resources failed
because of ineffective supervision and lack of benefits to continuously
motivate the workers. In the technological sense, computer systems are
inappropriate and do not have the ability to allow organizations to achieve
productivity in an efficient manner. Marketing and Corporate social
responsibility failed because of inaccurate interaction towards the diversity of
the community. Finally, environmental health and safety practices and
conditions are the most common failure even at this point of time due to the
fact that most organizations lack the safety equipment or do not bother
providing because of the mindset that they will not use it. ​(Murdock, 2017,
p.12-13)

References:

Nassiopoulos, V. (2019, June 13). Prospective vs. Retrospective Audits? Our View:
You Need Both. Retrieved from https://www.hayesmanagement.com/prospective-vs-
retrospective-audits-our-view-you-need-both/