Objectives and Phases of

Operational Audits
Key Objectives of Operational Audits
Defining the objectives of any engagement is essential as an initial step to put it on the right footing for
success. Without clearly defined, communicated, and understood objectives, all involved are likely to drift
during the course of the review by asking for irrelevant documentation, interview, examining transactions etc.

The objectives for the review could be driven by the following:

1. New rules.
Rules can be established internally (e.g., policies and procedures) or externally (e.g., new or updated
laws and regulations), or a combination (e.g., a contract signed by the organization and one or more
external parties).

Example objective:
Internal
To Ensure that the revised/new Sales and billing process is followed by process owners
External
To Ensure that the new government rules are implemented. (Increase Labor rate)
2. Poor performance.
Inefficiencies, waste, rework, or complaints from customers and vendors may trigger management
involvement, resulting in their request to have the matter reviewed by internal audit

3. Compliance issues.
These can be the result of internal quality control initiatives that identify anomalies. In the case of
regulators and inspector reviews that identify instances of noncompliance at other organizations, the
internal audit department may investigate conditions at their organization to determine if a similar problem
exists

4. Anomalous revenues or expenses.

If figures appear dubious, internal audit may review the related transactions to verify they are all
legitimate, they have been recorded in the correct amount, and posted during the correct period. Similarly,
unusually high or low, or otherwise questionable expenses, are likely to result in the request for a thorough
review. (Ex: Unusually high Travel expenses)
Operational Audit Styles/approach

A. VALUE FOR MONEY (VFM) AUDITING

It refers to a style of operational auditing which makes extensive use of key performance
indicators to explore the cost of achieving standards of efficiency and effectiveness
and whether these costs represent good value.
Value for money auditing takes account of the three Es (Efficiency, Effectiveness and
Economy). It frequently makes extensive use of performance indicators in the form of ratios and
other statistics to give an indication of value for money—especially when trends are explored in
these performance indicators over time, or variations in performance are identified
and explained between different operating units.
B. BENCHMARKING
Benchmarking can be defined simply as a comparison of one’s own performance in a specific
area with that applied by others in compatible circumstances. As a technique it is founded on the
premise that there may be viable alternative ways of performing a process and fulfilling a
requirement.
(Example: Comparison of operating process with other companies of similar industry or with other
departments)
The principal objectives of benchmarking include:

• Maintaining a competitive advantage in the appropriate market;

• Establishing current methods, best practice and related trends;
• Ensuring the future survival of the organization;
• Maintaining an awareness of customer expectations (and being able to
address them);
• Ensuring that the organization has the appropriate approach to quality issues
 Phases of Operational Audits

4. Follow-up

3. Reporting

2. Fieldwork

1. Planning
Planning Phase

 Analysis/Understanding of Audit Universe

 Scoping

 Budgeting

 Audit schedule/ Time frame and allocation

 Risk Assessment

 Defining population of interest

 Identify Audit procedures (How testing will be performed)

Risk Factors

Risk factors play an important role during planning, and in particular, during risk
assessments. Risk factors are conditions and other variables that in their presence, or absence,
as the case may be, either exacerbate or diminish the underlying risk.
Audit procedures
Audit procedures
Fieldwork Phase

The next phase in the engagement’s life cycle is fieldwork. This phase is when most of the
testing is performed, and it includes interviewing, documenting, applying testing methodologies,
managing fieldwork, and providing status updates. It consists primarily of two things

1. Determining if the process or program under review is designed effectively so that the related
goals and objectives are likely to be achieved

2. Verify that the controls in place are performing as designed by management

Audit Evidence

Auditors gather evidence to support their work and persuade others that
conditions are satisfactory or not.

There are different types of audit evidence that auditors gather and evaluate during their reviews

1. Testimonial

2. Observation

3. Document Inspection

4. Recalculation/ Reperformance
Persuasive Audit Evidence

Evidences that give

confidence to the auditor
when reaching a conclusion.
Professional skepticism

This is an attitude that includes a questioning mind and a critical assessment of

audit evidence.
Internal auditors should be sufficiently suspicious of data received and
reasonably verify that the information is free from manipulation or modification in
ways that can compromise its quality.
Workpapers

These are documents created by auditors to record the work done. They are a
collection of evidentiary material showing the planning done, the fieldwork
activities performed, and the support for all information mentioned in the audit
report or other communication of results.

The IIA’s Practice Advisory 2330 states that the goal of workpapers are to:
◾ Document the planning, performance, and review of audit work
◾ Provide the principal support for audit communication such as observations,
conclusions,
and the final report
◾ Facilitate third-party reviews and reperformance requirements
◾ Provide a basis for evaluating the internal audit activity’s quality control program
• Narratives
• Flowcharts
• Copies of policies and procedures
• Checklists
• Organizational charts
• Management and financial reports
• Analysis of testing
• Correspondence
• Questionnaires
• Pictures
Sample Process Narrative
Flowcharts

A flowchart is a diagram of the sequence of movements or actions of

people or things involved in a process or activity. They illustrate a business
process and virtually any process can be drawn in the form of a flowchart.
Since the shapes are simple and visual, they are easy to understand.
Sales Process
Internal Control Questionnaire

An internal control questionnaire (ICQ) helps to evaluate internal controls in

specific areas by asking key questions. Internal auditors often use ICQs as a starting
point and then supplement them with other information gathering and control
evaluation techniques such as flowcharts and document reviews.
Reporting
The third phase of the audit is the communication of results, often referred
to as reporting. It consists of communicating findings, observations, and best
practices noted during the review, and developing recommendations for
corrective action
Follow-up
A follow-up review means that the auditor is checking to make sure the
corrective action was performed, so it consists of checking what management did to
address the issue reported.
If the finding is of medium or high severity, it may require a site visit, selecting a
sample of records to test them, or analyzing 100% of the transactions

Recurring findings indicate any of the following troublesome situations:

1. The reported finding was a symptom of something else. So, when corrective actions were
applied, this addressed a symptom or only the affected records/files, but not the root cause.
2. The corrective action was only temporary and over time, behaviors and activities returned to
their original state. This is caused by poor change management procedures.
3. There was no commitment to correct the issue and management fail to act on the
observation