Add to collection(s) Add to saved
  1. Arts & Humanities
  2. Communications
  3. Marketing
Uploaded by kiziaeunicecalamba

OPERATIONAL-AUDIT-CHAPTER-3

advertisement 
OPERATIONAL AUDIT CHAPTER 3: RISK
ASSESSMENTS
Risk Assessments - the process of
identifying, measuring, and analyzing risks
relevant to a program or process.
-
systematic, iterative, and subject to
both quantitative and qualitative
inputs and factors; dependent on the
timeframe of the
review
Identification of Risks
-
key aspect of any risk assessment
Below are common risks that operational
auditors should consider.
Operational Risk Types
1. Capacity
• Inability to produce as many units as
required • Process generating excessive
amounts of waste
• Producing too many defective parts (i.e.,
error rate)
• Delivering ordered goods or services past
the promised date
• Inability to provide high quality service to
every customer
• Lack of funding to finance business
expansion • Knowledge drain due to
employee turnover
• Failure to respond to changing customer
preferences
3. Compliance
• Failure to meet external requirements
(e.g., laws and regulations)
• Failure to meet internal standard operating
procedure (SOP) requirements
• Failure to meet combined requirements
(e.g., contracts)
4. Natural environment
• Energy supply disruption
• Damage from fire, water, or natural
disasters (e.g., floods, earthquakes,
hurricanes, and tornadoes)
• Inability to secure needed resources (e.g.,
water and minerals)
• Dependency on carbon-based sources of
energy
• Business interruption caused by disease
5. Political
• Changes in legislation or regulation due to
government changes
• Social unrest triggered by changes in
government
2. Strategic
• Failing to maintain beneficial relationships
with customers’
• Computer system’s inability to support the
operating unit’s needs
• Manufacturing lines being unable to keep
pace with sales growth
Internal Constraints
1. Equipment – types of equipment
available and the ways they are used limit
the ability of the process to produce more
high-quality goods and deliver services
2. People – lack of skilled and motivated
workers limits the productive capacity of any
process. Attitudes and other mental models
(e.g., feeling defeated, victimized, or
hopeless) embraced by workers can lead to
behaviors that become a constraint on the
process.
3. Policies – Written and unwritten policies
can prevent the process from producing
more of higher quality goods and services


When evaluating internal dynamics and
risks, internal auditors should be concerned
about:
1. slowest operation in the process
2. synchronization of activities
within/between processes
The Risk Matrix
3. robbing materials and other resources
within or between processes or units
-
Measurement of Risks
-
Measurement process – either
subjective/quantitative; either driven by
facts/not


risks are quite often measured using
a three-point scale of high-mediumlow or a five-point scale. Its key
limitation is that they are not based
on explicit figures/facts
to improve, values can be attached
to the assessments
impact ratings can be expanded to
provide more detailed descriptions of
each range
may include variables such as the
degree of disruption to the org,
bodily injury to workers and others,
security, health and safety, social,
economic, and environmental
widely used and highly effective tool
to record and analyze the objectives,
risks, and controls in the program or
process that is being audited
an essential ingredient when
conducting risk-based audits, as they
provide a means to capture and
analyze these items; the layout varies
by organization
ASSESSING RISKS AND CONTROL
TYPES
Risk assessment – different from risk
management; it is a process that begins by
identifying potential hazards and analyzing
those items to determine what could happen
if the hazard were to occur
Important aspect: identifying and quantifying
the assets that are at risk

The conduct of a risk assessment
means that we should look for
weaknesses (sometimes referred to as
vulnerabilities) that would make an asset
susceptible to damage or loss from the
hazard.
Common weakness: age, condition, location
of building, its contents

Vulnerability - “degree to which people,
property, resources, systems, and
cultural, economic, environmental, and
social activity is susceptible to harm,
degradation, or destruction on being
exposed to a hostile agent or factor.”
The process of identifying relevant events
can be done by following any of these
approaches.
1. Objectives based - Identify events that
may hinder the ability of the organization to
achieve its objectives partially or
completely.
- brainstorming and the Adelphi method
may be useful techniques to collect the
relevant information and assess the impact
of these events
2. Scenario based - Create different
scenarios or alternative ways of achieving
objectives and determine how forces
interact. A useful approach is to identify
triggers that can start–stop different
scenarios from occurring
For either of these two approaches,
management must consider the external
and internal factors that can affect event
occurrence:
External - economic, business, natural
environment, political, social, and
technological factors.
Internal - infrastructure, personnel,
processes, and technology


common-risk checking – use a
fabricated list of common risks in your
industry/area of scope
risk charting – combination of above
approaches consists of listing resources
at risk and the threats to those
resources
Mitigation – the impact of hazards and how
to reduce them is the next aspect of the risk
assessment process
Federal Emergency Management Agency
- provides the Mapping Information Platform
and the Risk MAP (Mapping, Assessment,
and Planning) to help organizations by
delivering data that increases public
awareness and leads to action to reduce the
risk to property and life.
US Geological Service (USGS) - has a
great deal of seismic information to help
organizations identify their vulnerabilities
The National Weather Service - provides
rain, hurricane, air quality, winter storm,
flood, and marine weather information
The Environmental Protection Agency
(EPA) - provides information and assistance
regarding harmful effects to human health
or to ecological systems caused by
exposure to any physical, chemical, or
biological entity that can result in an
adverse response (called stressors)
common vulnerabilities and exposures
(CVE) - a list of information security
vulnerabilities and exposures that provides
common names for known cyber security
issues.
If the impact can be significant, the
organization should consider creating a
mitigation strategy. If the impact is
medium/low, then control activities are often
enough.
-
-
The Importance of Control SelfAssessments (CSA)



consist of questionnaires and other
forms that process owners complete
that identify the major activities in
their programs and processes, the
objectives, risks and controls, the
individuals that perform key tasks
and controls, and the major
challenges affecting these programs
and processes.
require managers to think about the
design and condition of their areas
of responsibility, and assess the
presence and quality of the related
controls.
effective CSA programs require
communication, linkage to internal
audit results, providing feedback on
the gap analysis, and reinforcement.
-

MAKE TO ORDER (MTO)
- Involves manufacturing only after a
customer’s order is received, so the
process begins when demand
occurs
- A pull-type supply chain operation
because manufacturing is
performed when demand is
confirmed; pulled by demand
- Process of assembling prepared
parts starts when actual demand
occurs
- Production process starts with the
obtaining of materials and
parts/further back from development
designing (engineering)

MAKE TO STOCK (MTS)
- Push-type operation/production
BUSINESS ACTIVITIES & THEIR RISK
IMPLICATIONS
The following is a select list and discussion
of business practices to provide a general
understanding of the concept, the
implications for internal auditors and where
risk and opportunities lie.

-
ASSEMBLE TO ORDER
Type of production system where the
material is prepared so it can be
assembled quickly upon receipt of the
customer request and is usually
customizable to a certain degree
Parts are already manufactured but
won’t be assembled until the order is
received
Is between two other common
manufacturing strategies: MTS
(products are manufactured in
advance) and MTO (the products are
produced after the order is received.
combining the two strategies,
organizations can get products to the
customer quickly while allowing some
flexibility to be customizable, so
customers can quickly receive
products based on their needs.
Fewer items in inventory, use lesser
storage space
concept is usually associated with
manufacturing, such as computer
systems, industrial equipment, and
automobiles, it is also applicable in
other environments, such as
services, for example, corporate
training.
-
-

Products are manufactured based
on demand forecasts
Since the accuracy of the forecasts
will prevent excess inventory on one
end, and minimize the opportunity
loss due to stockouts on the other,
the issue for organizations is how to
forecast demands accurately.
In environments of mass production
and mass marketing, the
requirement for mass production
urged standardization and efficient
business management such as cost
reduction.
BOTTLENECK
Refers to a point in a process where
there is limited productive capacity
and the flow slows down
- This constriction can slow or even
stop the flow of work until some
intervention occurs, or time passes
allowing items to move through, while
other incoming items continue to
accumulate
- Blockage stalls production affecting
the number of items produced; has
an impact on customer satisfaction
since it leads to an increase in cycle
time
- Additional effects: supply overstock, if
items are being produced faster than
they are being sold
- Another form of long-term bottlenecks
occurs when a machine cannot keep
pace with the demand due to its
inefficiency
- Bottlenecks can be found by
identifying the areas where
accumulation occurs, evaluating the
output of the process, assessing
whether each machine used in the
production process is being used to
its full capacity, and finding the
machine with the highest wait time.

COLLABORATIVE INVENTORY
MANAGEMENT
- Consists of the cooperation between
a buyer and a supplier to improve
stock availability and reduce costs
- Often accomplished by sharing
forecast information and using a
single plan

CONSIGNMENT
- inventory management and
replenishment method where a buyer
only pays for the products held at a
third-party location when the items
have been sold to the customer.
Unsold products can usually be
returned to the supplier as well.
- means sending goods to another
party, but ownership of these goods
remains with the sender
- often used to place products close to
the customer to reduce shipping
times; also reduce carrying and
inventory costs because the other
organization keeping custody of the
items may warehouse the items at a
lower cost than if the producing
company did it itself by maintaining
multiple storage facilities in various
geographic locations
- items remain on the owner’s financial
records as inventory until sold
- if the organization is incurring high
inventory carrying costs, maintains
multiple storage facilities, and is
unable to manage them effectively, or
delivery times are being affected by
long lead times, a consignment
arrangement may be a useful
recommendation for management
-

-
CYCLE TIME
Refers to the reduction in the time
and related costs needed for a
product or service to move through
part or all of a supply chain
-
-
CONCEPT OF SUPPLY CHAIN
refers to the system of people,
activities, information, and resources
involved in creating and moving a
product or service from the
supplier(s) to the customer

DISTRIBUTION CENTER (DC)
BYPASS OR DROP SHIP
- refers to circumventing the DC or
entire distribution channel by routing
freight directly to its destination
- move products from the manufacturer
directly to the retailer or end user
without going through the typical
distribution channels
- requires coordination with suppliers
and customers to make sure there
are sufficient items in stock and to
address delivery frequencies required
by customers
- reduce cycle time and costs, but may
create risks to the org as
unscrupulous individuals could have
items shipped to an unauthorized
location for personal gain

ELECTRONIC DATA INTERCHANGE
(EDI)
- consist of standardized sets of data
transmitted between various business
partners during business transactions
- By using the same standard, two
companies can exchange documents
and reduce the reliance on paper,
and reduce human interaction saving
time and money
- Easily retrievable and reduced
storage costs while being protected
from natural hazards
- In the case of a buyer and a seller, it
makes possible the sharing of
information regarding supply chain
events, such as invoices, shipping
notices, purchase orders, and
requests for quotation.

used to exchange many other types
of information, such as medical
records, laboratory results,
transportation information (e.g., type
of container and mode of shipment),
and telecommunications
INVENTORY
- Stock of raw materials, semi-finished
goods (e.g., work in process), or
finished material held to protect the
organization against unpredictable,
uncertain, or erratic supply or
demand with the objective of avoiding
stock-out situations
JIT has been advocating
zero or near-zero inventory levels.
The idea is that the organization
should only receive supplies it knows
it will need, these items should arrive
immediately when they are needed,
and they should be moved forward
toward the end user immediately. In
effect, not hold any inventory but
rather use pull systems. A pull
strategy consists of the buyer
“pulling” the goods or information
they need (i.e., demand for their
needs), while the suppliers “push”
these items toward the consumers
- Push production: based on forecast
demand
- Pull production: based on
actual/consumed demand
- main premise: inventory is the
storage of company resources that
could be used elsewhere for more
productive purposes. Inventory also
has carrying costs (e.g., storage and
protection) and if the demand never
materializes, the items may become
obsolete.
FUTURE CHALLENGES AND RISK
IMPLICATIONS
Organizations will increasingly be
confronted with the ff:

INCREASED OUTSOURCING
it was touted as a great mechanism
to reduce expenses, boost
productivity and efficiency, and free
the organization, so it could focus on
its core activities
- However, this trend toward
outsourcing, which began with lowskill repetitive activities being
performed by lower cost third parties,
has evolved to the point where
companies are increasingly becoming
more reliant on third parties to
perform critical business functions.
-
-

GLOBAL SOURCING
- Whereas most companies used to
work with, and obtain their raw and
semi-finished goods from local
suppliers, it is commonplace now for
organizations to search the globe for
suppliers.
- driven by lower prices and the related
savings, but also because the quality
of foreign-sourced inputs has
increased in most cases

-

-
MARGIN COMPRESSION
As competition has expanded to a
more global environment, and some
of the new competitors benefit from
lower costs and even subsidies and
protectionist practices in some
countries, many organizations
struggle to remain competitive under
such conditions.
TECHNOLOGY
Technological changes include ERP
systems with built-in supply chain
management, product life cycle
management, customer relationship


management, supplier relationship
management, document
management, and project
management functionality.
can also manage transportation,
warehousing, billing, collections,
staffing, and payroll
GROWTH IN ASIA AND OTHER
DEVELOPING MARKETS
- The increasing purchasing power and
wealth creation in emerging markets
is opening new opportunities that
many organizations cannot miss. This
is resulting in the search for
customers and the related adaptation
of sales and marketing activities to
address the different conditions in
these diverse markets.
IMPROVED CUSTOMER ANALYTICS
information is being gathered from
credit card transactions, internet
traffic, loan information, POSs
devices, and other means, resulting
in the accumulation of data that is
increasingly being mined and
analyzed by specialists.
- the widespread availability and
analysis of data captured everywhere
will result is a better understanding of
the customer, and continue to drive a
closer identification of their needs
and wants
-

DATA CAPTURE AND TRANSFER
CAPABILITIES
- Improvements in data storage,
lowering the costs dramatically over
the past three decades,
improvements in networking
capabilities (local area network [LAN],
wide area network [WAN]) and the
internet, and enhancements in
wireless communications, such as
radio frequency identification (RFID),
make it increasingly easy and
economical for organizations to
obtain, analyze, and disseminate
information real time or near real
time.


ENVIRONMENTAL INITIATIVES
- Ecological considerations are
increasingly becoming a key concern
for organizations. Whether it is the
sourcing of materials locally, sourcing
them through fair-trade practices,
reducing the amount of inputs and
packaging used, lowering the amount
of waste generated, manufacturing
goods using recycled components, or
producing items from reused
ingredients, environmental
considerations are affecting how
organizations are perceived and even
steering buying decisions
- The focus is not limited to what is
produced, but also how items are
produced and even under what
conditions
GOVERNMENT INVOLVEMENT
While the degree of acceptance of
government involvement varies by
country and changes over time,
governments in general are
increasingly becoming more involved
in the support of private sector
activities
- the result of a greater understanding
of the role that governments can play
to facilitate trade, provide protection
under the rule of law, educate
populations, build needed
infrastructure, provide favorable tax
regimes, and reduce financial
controls to facilitate the flow of
capital.
- Evident in the number of trade
agreements
- Due to infrastructure challenges
around the world, organizations are
likely to embark on public–private
-
collaboration efforts through private
investment, public policy, and shared
infrastructure investment. Companies
and governments will work to build,
improve, and operate roads, ports,
airports, and railroads.

GEO-POLITICAL RISKS
- The rise of extremism around the
world threatens organizations’
abilities to operate freely around the
world
- Some of this is related to bombings
on the facilities of companies in the
oil and gas and other extractive
industries to attacks on the general
population that frightens tourists and
affects the tourism industry (e.g.,
airlines, hotels, restaurants, and
museums).

CORRUPTION
- dishonest or unethical conduct by a
person entrusted with a position of
authority, often to acquire personal
benefit, it includes many activities
including bribery and embezzlement,
though it may also involve practices
that are legal in many countries, such
as blatant favoritism and nepotism,
discrimination, and largesse
- distorts the market by shifting
resources to less productive
purposes and increases the cost of
doing business by forcing additional
payments
- also creates skepticism and
suspicion. In the public sector, it limits
the welfare of the population and is
often evidenced in substandard
infrastructure, child labor, human
trafficking, high child mortality, poor
education standards, and
environmental damage
Related documents
The ending inventory for CBCR Co. was overstated by $2001... effect did the error have on
The ending inventory for CBCR Co. was overstated by $2001... effect did the error have on
View sample resume
View sample resume
Download
advertisement