Business Processes
Audit Universe
 is the collective grouping of auditable
’components’ – sometimes also called auditable
areas, units or entities – that support the
development of the internal audit plan and help
to identify appropriate internal audit coverage
that the chief audit executive (CAE) can then
prioritise.
 One of the advantages of having an audit
universe is that it enables the internal audit
activity to be clear about the extent of coverage
of the organisation each year. It can also provide
a degree of rigour and transparency around
areas not being audited and help inform and
support decisions over the internal audit
activity’s resourcing requirements.
Ways to define the audit areas of an audit review
project:
 Separate the “productive” or commercial
aspects of the business (such as manufacturing
or sales) from the support or infrastructure
activities (such as accounting, photocopying or
security)
 Identifying the discrete departments
Using “departmental” or “functional” basis with the
advantage of:
1. the area under review is clearly bounded, and
2. reporting lines to responsible management are
clear-cut

Dividing up the audit universe for review
purposes into a number of business processes
The auditor who chooses the business process
method of defining the scope of audit reviews is faced
with the need to identify all the relevant managers
responsible for the activities within the scope of the
engagement. And, the main benefit of this approach is
that it should encompass all the relevant issues and aim
to provide reassurance to management on the
effectiveness of the internal control measures in place
across the whole process.
Auditors will need to assess the risks inherent within
their organisations as the primary basis for allocating
audit review resources, and accordingly adopt the most
suitable review methods for their specific circumstances.
Self-Assessment of Business Process
Conducted thru Control Self-Assessment (CSA)
workshop attended by representative from each
of the part of the organization that need to
coordinate in the business process
A Hybrid Audit Universe
Internal audit activity that addresses the same
issues as part of a process audit and also as part of a
functional audit.
Reasons for Process Weakness
“Control is likely to be weaker between sections than
within sections”
Identifying the Processes of an Organization
Six Ubiquitous Processes
 The Revenue Process - activities that
exchange the organization’s products and
services for cash
 The Expenditure Process - activities/systems
that acquire goods, services, labor and property;
pay for them; and classify, summarize and report
what was acquired and what was paid
 The Production/Conversion Process “conversion” relates to the utilization and
management of various resources (inventory
stock, labor, etc.) in the process of creating the
goods and services to be marketed by the
organization. The key issues in this process
include accountability for the movement and
usage of resources up to the point of supply
which is then dealt with in the revenue cycle
 The Treasury Process - process is
fundamentally concerned with those activities
relating to the organisation’s capital funds
 The Financial Reporting Process concentrates upon the crucial consolidation and
reporting of results to various interested parties
(i.e. management, investors, regulatory and
statutory authorities)
 The Corporate Framework Process – it
incorporates those activities concerned with
ensuring effective and appropriate governance
processes and external accountability.
An Alternative, More Detailed Classification of
Business Processes
 Cash process
 Information process
 Integrity process
 Launching a new product process
 Payments process
 Production process
 Product life process
 Revenue process
 Time process
WHY ADOPT A ‘‘CYCLE’’ OR ‘‘PROCESS’’
APPROACH TO INTERNAL CONTROL DESIGN AND
REVIEW?
BUSINESS PROCESSES IN THE STANDARD AUDIT
PROGRAMME GUIDES (SAPGs)
Standard Audit Programme Guides (SAPGs) pertains to:
 A step-by-step set of audit procedures and
instructions that should be performed to
complete a specific area of the audit.
 A practical method of documenting all. the
elements of an operational audit review in a form
which resembles the traditional internal control
questionnaire (ICQ)
 A document developed to serve as a checklist of
questions to be asked during an audit
THE HALLMARKS OF A GOOD BUSINESS PROCESS
1. designed to meet objectives which are clear;
2. has regard to competitive issues;
3. performance can be (and is) measured;
4. unsatisfactory performance is rectified;
5. activities are completed in a timely way;
6. processes are cost effective;
7. controls are “preventative” rather than merely
“permissive”;
8. as few “movements”/“stages” as possible;
9. unnecessary steps have been eliminated;
10. proper authorisations;
11. controls positioned as early as possible in the
process;
12. documented;
13. has an audit trail;
14. right people doing the right job;
15. room for adaptation;
16. defines risks within the process itself.