Chapter 1: Introduction to Operational Audit

Operational Auditing
❖ The term "operational auditing" has no generally accepted definition.
❖ It is usually used to refer to a scope of auditing which examines and evaluates the
operating, managerial, or administrative performance of an activity or organization
beyond that required for an audit of accounts and financial statements.
❖ The primary purpose of such extended auditing is to identify opportunities for greater
efficiency and economy and for improved effectiveness in carrying out procedures
and operations.
❖ The basic objective:
➢ better information for managers and decision makers and
➢ improvement of one kind or another in relation to the goals of the organization.
Literature on Operational Auditing
❖ There is some useful published literature on operational auditing, although there are as
yet no really good textbooks on the subject.
❖ However, we will anchor our discussion to the published materials from the Northern
Virginia Chapter of the Federal Government Accountants Association.
➢ This compilation was published in June of this year under the heading "Auditing
Operational Management Performance Effectiveness.”
❖ The AICPA Committee in its "Suggested Guidelines for the Structure and Content of
Audit Guides Prepared by Federal Agencies For Use by CPAs” include a short
discussion for operational auditing.
➢ This material should be of special interest to practicing CPAs since it undertakes
to analyze the nature of operational auditing in relation to the traditional
approaches of the CPA to auditing of financial statements and operations.
❖ Why do you think there are no existing guidelines on how an operational auditor
conducts operational auditing in contrast to audit of financial statements where
guidelines and auditing standards are very necessary?
➢ THIS IS AN INTERNAL ENGAGEMENT. COMPANIES DIFFER HOW
INTERNAL OPERATION IS CONDUCTED, SO AS TO OPERATIONAL AUDIT
TESTING.

Operational Auditing Standards

❖ Under operational audit, no explicit standard was present but a scope of this type of
assurance engagement cover three important areas:
➢ An examination of financial transactions, accounts, and reports, including an
evaluation of compliance with applicable laws and regulations.
➢ A review of efficiency and economy in the use of resources.
➢ A review of operations to determine whether desired results are effectively
achieved.
❖ As CPAs, we are well acquainted with our Generally Accepted Auditing
Standards(GAAS). We know what they mean and when to say the appropriate opinion.
Over the years these standards evolved as applicable to examinations which lead to
professional opinions on the fairness of financial statements.
➢ And those standards may be applied as well for operational auditing if no
standard was set by the internal entities.
❖ An audit of financial statements, which includes an examination of financial
transactions and accounts, is only a part of the underlying need for an internal audit.
❖ Audit of FS
➢ Are the accounts fairly presented?
➢ Are the accounts disclosed fairly?
➢ Are the internal controls effective in protecting the integrity of the accounts reported?
❖ However, in operation audit, accountants do not only focus on whether the source
document matches what was disclosed.
❖ For example, in government operation, operational auditor are more concerned with
these assessment questions:
➢ Are public funds really being used for good and needed purposes?
➢ Is the spending for the operation really necessary?
➢ How good a job is being done?
❖ In a broad sense, these questions are financial questions. But they are also operating or
management questions. Auditors whose main concern is auditing accounts and financial
statements cannot shed much light on questions such as these.
❖ A review of compliance with legal and regulatory requirements. This requirement is
most important in reviewing organization legality of operations.
➢ What are the relevant laws and regulations that apply to the organization's operations?
➢ What are the organization's policies and procedures for ensuring compliance?
➢ Have there been any recent changes to the laws and regulations that apply to the
organization?
➢ What are the organization's procedures for reporting and investigating potential
non-compliance?
❖ An extension of the evaluation of the internal control system to enable the auditor to
make judgments on its adequacy for ensuring the production of accurate information and
promoting the conduct of operations that are efficient, effective, and in compliance with
applicable laws and regulations.
❖ A scope of auditing that embraces not only financial and accounting operations but
considerations of efficiency and economy and effectiveness of results of
operations.
➢ Are the organization's resources being used in the most efficient way possible?
➢ Are the organization's objectives being met effectively?
➢ Are there any unnecessary costs incurred in the operation?
➢ Are all resources properly documented and disclosed?
➢ Are the controls 3Es?
❖ The new standards, therefore, incorporate not only the AICPA standards pertaining to
financial statements, but also contain specific standards on the need in the organization
audit of operation.
 ➢ Who do you think is the primary benefactor of this type of audit engagement, the
organization or the public?
➢ Since, operational audit primarily benefit the organization, is this a violation of
auditing standard where an audit should primarily benefit the public interest from
the beginning to the end of engagement?
■ No, an operational audit primarily benefiting the organization does not
violate the audit standard that states that the benefit should be to the
public. The IIA's International Standards for the Professional Practice of
Internal Auditing states that the purpose of internal auditing is to add
value and improve an organization's operations. This can be done by
providing assurance on the effectiveness of risk management, control,
and governance processes, and by providing recommendations for
improvement.
■ These benefits can ultimately benefit the public by ensuring that the
organization is operating in a responsible and efficient manner. For
example, an operational audit of a healthcare organization may find that
the organization is not following proper procedures for handling patient
information. This information could lead to changes in the way the
organization handles patient information, which could protect the privacy
of patients.
■ The benefits of operational audits to the organization and the public are
significant. While the primary beneficiary of an operational audit may be
the organization, the public can also benefit indirectly from the
improvements that are made as a result of the audit.
Summary
- (SCOPE) three important areas:
(1) examination of financial transaction & accounts and evaluation of compliance
(2) Review of efficiency and economy (resources)
(3) Review of Operation (desired results)
- GAAS: standards applicable to examinations → opinions on the fairness of FS

Audit of Financial Operation Audit

Transaction

➢ Are public funds really being used for good and needed purposes?
➢ Is the spending for the operation really necessary?
➢ How good a job is being done?

- Financial questions but also operating/management question

Review of compliance with legal and regulatory requirements

➢ ➢ What are the relevant laws and regulations that apply to the organization's operations?
Are the accounts ➢ What are the organization's policies and procedures for ensuring compliance?
fairly presented? ➢ Have there been any recent changes to the laws and regulations that apply to the organization?
➢ Are the accounts ➢ What are the organization's procedures for reporting and investigating potential non-compliance?
disclosed fairly?
➢ Are the internal Efficiency and economy and effectiveness
controls effective ➢ Are the organization's resources being used in the most efficient way possible?
in protecting the ➢ Are the organization's objectives being met effectively?
integrity of the ➢ Are there any unnecessary costs incurred in the operation?
accounts ➢ Are all resources properly documented and disclosed?
reported? ➢ Are the controls 3Es?

- Operational Audit benefiting the ORGANIZATION.

- Purpose: add value and improve an organization's operations.
- Benefit to Public (indirect benefit) = organization is operating in a responsible and efficient
manner
Benefits of Operational Audit
❖ There are many benefits to conducting operational audit; and those benefits are primarily
for the organization rather than the public. Yet, the public still get benefit from it indirectly
➢ Identify areas where the organization can improve its efficiency and
effectiveness.
➢ Ensure that the organization is complying with all applicable laws and
regulations.
➢ Protect the organization's assets, reputation, and ability to operate.
➢ Provide management with valuable insights into the organization's operations
and make better decisions.
➢ Improve the assurance level of the financial statement before an independent
auditor.
➢ Provide goals to shoot for in making improvements in auditing policies,
procedures, and business practices.
➢ Better evaluations will be obtained on performance of programs and activities
and identify who will be accountable.
➢ Timely evaluation of state, local, and federal level of policies.

Chapter 2:

Operational Audit
❖ Used to mean any of the ff.
➢ Audit of operating units
➢ Audit of functional areas
❖ Committee of Sponsoring Organizations (COSO) – operational audit = “reasonable
assurance” of:
➢ Effectiveness and efficiency of operations
➢ Reliability of Financial Statements
➢ Compliance with applicable laws and regulations
❖ Operational Audit - encourage to review and report on any matters which may be
unsound within the scope of its purpose.

Scope of Operational Audit

❖ Internal Auditing - independent, objective assurance and consulting actively designed
to add value and improve an organization’s operation.
➢ Operation Audit
➢ Strategic Audit
➢ Audit of Financial Statements
➢ Audit of Information Technology
❖ Help the organization accomplish its objectives by bringing a systematic disciplined
approach to evaluate and improve the effectiveness of risk management control and
government process
Audit of Operating Audit
❖ Audit of the entire areas of operating unit
➢ Audit of Financial Statements
➢ Audit of Information Technology
➢ Internal Audit
■ Compliance audit
■ Operation audit
■ Strategic audit
❖ Includes function areas of the business account for their activities and exercise financial
control over them

Audit of Functional Areas

❖ Where the audit objective is to review the effectiveness, efficiency, and economy with
which the management is achieving its own objective.
❖ Does only operational audit

Scope of Operational Unit

❖ Management and administration
❖ Financial and accounting
❖ Personnel and human relations
❖ Procurement
❖ Stock and materials handling
❖ Production and manufacturing
❖ Marketing and sales
❖ Aftersale support
❖ Research and Development
❖ Information technology
❖ Specialized audit

Approach to Operational Audit

❖ Auditors should keep in mind the objective of management fo the operations being
audited

Planning Stage
➢ Establish what are management’s objective
➢ Unclear objective → then these objective must be worked out within
management before the audit engagement can process
■ “Auditor’s objective is not synonymous with management’s objective”

Auditing for the 3es and 6es

1. Economy
2. Efficiency
3. Effectiveness
4. Equity - avoidance of discrimination and unfairness; acceptance and promotion of
diversity
5. Environment - acting in an environmentally responsible way
6. Ethics - legal and moral

❖ 6Es are each measured in the subject of operational audit by setting a targets auditor
set.
➢ Standard = management’s objective
 ❖ We need to avoid:
➢ BENCHMARKING against other organization for indications as to whether we
are “economic enough”, “efficient enough”, and “effective enough”
➢ Comparing with other parts of our organization
➢ Measuring and interpreting trends over time
➢ Aiming for continuous improvement

Benchmarking
❖ Comparison of one’s own performance in a specific area with that applied by others in
compatible circumstances
❖ Objective:
➢ Maintaining a competitive advantage in the appropriate market
➢ Established current methods

Performance Measurement System

❖ Organizations are likely to have in place a number of key performance measures to
assess the achievement of their objective and goals
1. Demand performance measure
- Measure effectiveness and efficiency
- Indicate the volume of output and when linked to measures of input of
resources, give useful information on quality or quantity measures.
2. Economy performance measure
3. Efficiency performance measure
4. Equity performance measure
5. Environment performance measure
6. Ethics performance measure

Audit of operating units Vs. Audit of functional areas

An audit of operational areas, also known as an operational audit, examines the efficiency,
effectiveness, and economy of an organization’s processes, focusing on improving overall
operations and resource utilization across multiple departments. In contrast, an audit of
functional areas targets specific departments or functions within the organization, such as
finance or HR, to assess internal controls, compliance, and risk management. While operational
audits have a broader scope, covering key processes that contribute to the organization’s core
activities, functional audits concentrate on the performance and regulatory adherence of
individual functions. The outcomes of operational audits typically include recommendations for
process improvements, whereas functional audits provide insights into compliance and risk
management within specific areas. Together, these audits help ensure both operational
efficiency and regulatory compliance within the organization.

"Auditor's objective is not synonymous with management's objective"

The statement "Auditor's objective is not synonymous with management's objective"
emphasizes the distinct roles and responsibilities each holds within an organization. The
auditor's primary objective is to provide an independent and objective assessment of the
financial statements and internal controls, ensuring they are free from material misstatements
and fairly represent the organization's financial position. In contrast, management's objective is
to effectively run the organization, making strategic decisions that enhance performance,
profitability, and compliance. While auditors focus on maintaining independence and providing
unbiased opinions for stakeholders, management is deeply invested in the organization’s
success and is responsible for achieving its strategic goals. These differences highlight the need
for auditors to remain objective and independent in their evaluations, as their role is to
safeguard the accuracy and reliability of financial reporting, which is essential for stakeholders.

Why avoid BENCHMARKING?

In the context of an operational audit, it may be necessary to avoid benchmarking against other
organizations, as such comparisons can be misleading due to differences in context, resources,
and objectives. Similarly, comparing with other parts of the organization might ignore the unique
challenges and conditions specific to each department or unit, leading to skewed conclusions.
Measuring and interpreting trends over time could be irrelevant if significant changes have
occurred in the operational environment, making past performance an unreliable indicator of
current effectiveness. Additionally, focusing on continuous improvement may not always be
appropriate if the audit's primary goal is to ensure that current processes meet defined
standards and are functioning effectively as they are. By avoiding these practices, the audit can
concentrate on a context-specific evaluation of operations based on present-day standards and
requirements.