Chapter1

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 4

CHAPTER 1

1. What is operational auditing and how can it add value to the organization?

Internal auditing is an independent, objective assurance and consulting activity designed to add
value and improve an organization’s operations. It helps an organization accomplish its
objectives by bringing a systematic, disciplined approach to evaluate and improve the
effectiveness of risk management, control, and governance processes.

2. Explain the importance of independence and objectivity and how having unfettered access
within the organization impacts the internal auditors’ ability to review any program, process,
system, record, at any time and perform operational reviews.
Independence has to do primarily with the position of internal audit within the organization’s
hierarchy. Internal audit should report to the audit committee (or its equivalent) on the board
of directors so it receives advice and support to perform its duties. Furthermore, internal audit
should not be under the control of those they audit. This direct reporting line to the highest
authority within the organization will help internal audit reach its full potential, and also get the
attention from those whose influence, recognition, and respect can compel corrective action of
any anomalies identified by the auditors.

Objectivity is related to the auditors’ frame of mind and their ability to examine documents,
processes, and programs without a bias, without an agenda, with no other motive than to find
the truth and communicate it accurately and promptly. Conflicts of interest are one of the
biggest threats to objectivity, so internal auditors must be careful to balance maintaining
healthy professional and social relationships with others in the organization without becoming
too cozy with them.

3. Describe the difference between retrospective reviews that focus on past events and
prospective engagements. List some of the future threats that internal auditors should
include in their assessments.

The traditional approach to internal auditing was to perform postmortem reviews to verify that
what was done was done appropriately. This was a practice that followed in the footsteps of
public accounting firms, which inspect transactions that occurred during the preceding fiscal
year. Internal auditors need to go beyond inspecting transactions long after they were
performed because the focus now leans toward an examination of future threats and
vulnerabilities that can derail the organization’s goals and objectives in the short, medium, and
even the long term. In fact, focusing on future events and the future implications of present
events would add more value to their organizations than reporting primarily on past events.
When this happens, as has been common practice in the past, the organization dedicates itself
on correcting past issues, which creates rework.

These future-oriented threats and vulnerabilities can be :

 Operational
 Technological
 Strategic
 Environmental

4. What are five of the skills of internal auditors that have been identified as essential for
success in the future? What can your internal audit department do to develop those skills
among its staff?

 Communication skills, such as oral, written, report writing, and presentation skills
 Problem identification and solution skills, such as conceptual and analytical thinking
 Ability to promote the value of internal audit
 Knowledge of industry, regulatory, and standards changes
 Organization skills

At the individual level, internal auditors, like most professionals today, are expected to take
ownership of their own training and development and not leave it to their employers to decide
and implement. Whereas, in the past, it was common for employees to take a passive
approach, waiting for their employers to tell them when, what, and why training would occur,
today’s auditors should take a more active and engaged approach to their training needs. They
should * Reflect on their present competencies, identify their job needs, and perform a gap
analysis to meet their current skill requirements

Define their career ambitions and chart a roadmap to acquire the skills and competencies
needed in the future

5. Explain the five stages in the IA-CM and its implications for operational auditing.

 Level 5: Optimizing Internal auditing recognized as a change agent - Internal audit is


recognized as a key change agent, continuously improving its professional practices,
integrating performanced data, global leading practices, and feedback to continuously
strengthen the unit and the organization. It plans its workforce needs strategically and
maintains effective ongoing relationships with other units within the organization to
understand the organization’s strategic directions, emerging issues, and risk
 Level 4: Managed Overall assurance on governance, risk management, and control -
Internal audit provides overall assurance on governance, risk management and control,
contributes to the development of the organization’s management, supports
professional bodies, has a planning mechanism for its workforce, and uses quantitative
and qualitative metrics. It coordinates its activities to be sufficiently comprehensive and
provide reasonable assurance at a corporate level that GRC processes are adequate and
functioning as intended to meet the organization’s objectives.
 Level 3: Integrated Advisory services - Internal audit provides guidance and advice to
management. These advisory services add value without the auditor assuming
management responsibility. These services are directed toward facilitation rather than
assurance and include training, system development reviews, performance and control
self-assessment (CSA), and counseling. Internal audit focuses on team building and
competency, developing a professionally qualified staff and effective workforce
coordination within the unit and with other review groups. It uses output performance
measures and tracks cost information. Internal audit is an integral component of the
organization’s management team.
 Level 2: Infrastructure Compliance auditing - The internal audit function focuses on
compliance audits, which evaluate conformity and adherence with internal policies,
laws, regulations, contracts, and other agreements or requirements that preside over
the activities and goals of the area, process, or system being audited.
 Level 1: Initial Ad hoc/isolated audits - The internal audit function is unstructured and
operates in an ad hoc manner. It performs isolated audits primarily examining
documents and transactions for accuracy and compliance. The audit team is often part
of a separate organizational unit with no established capabilities or infrastructure to
support the function.

6. Explain integrated auditing.


Another important development over the past decades is the emergence of integrated auditing
as a type of audit. These are characterized by the simultaneous inclusion of business and IT
subjects in the review. Whereas in the past traditional auditors would perform a review of
accounting/financial controls, and IT auditors would perform their assessment of IT risks and
controls separately, during the 1990s this new practice, commonly referred to as integrated
auditing, emerge

7. Describe the difference between controls-based and risk-based auditing.


Risk Based Audit is an Audit that is done according to the highest risks identified in the Baseline
Risk assessment.
Control based Audit is an Audit that is conducted to measure the effectiveness of the critical
controls that was put in place to minimise the risk.

8. Explain the importance of using business objectives while planning and performing
operational audits, and how to use them when communicating the results of the audit.
By knowing the objective of the business , auditors will come up an idea on how they will create
a plan that will be helpful to the company because basically that is what the business is looking
for. Auditos will explain it more effectively because it meets the business needs cause that was
their objectives.

9. What are the attributes of effective audit evidence outlines in Standard 2310 and what the
implications for operational audits?
Internal auditors must also communicate their conclusions and this requires that their
communications be persuasive. To accomplish this, communications must meet the
requirements of :

◾ Sufficiency. This means that the auditor needs enough information, including quantifiable
facts and figures.

◾ Reliability. Meaning that the information must be trustworthy and free from distortion.

◾ Relevance. This relates to the information being consistent with the objectives and scope of
the review.

◾ Usefulness. This relates to the information helping the organization accomplish its
objectives.Quite often, when clients express confusion, disagreement, or skepticism about the
internal auditors’ communication, it is because the auditor has not met one or more of these
four attributes

10. Explain how an organization could meet its compliance requirements but still fail over the
medium and long term.

Basically all organization must comply all the necessary requirements yo run thrir business but
still the way how they act and manage during operations will judge whether the will last or end
up losing their business.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy