Internal Audit (TAKEWAYS OPERATIONAL AUDITING) An internal audit is established siya within an organization to examine and evaluate yung mga activities as a service to the organization. Included din dito yung pag conduct nila ng financial audits, examine an operation’s compliance with organizational policies… An external audit is an independent attestation performed by an expert - sila yung nag eexpress ng opinion regarding sa presentation ng financial statements. INTERNAL AUDIT Advantage of Internal Audit Its advantage talaga is it facilitate an efficient organization management. With the right internal audit, yung pag identify ng mga improper procedure within the firm is naassist in fixing them to increase process efficiency. What is Integrity? Although we are not perfect, but through integrity, napagkakatiwalaan tayo ng mga tao sa paligid natin. It reflects how we value our morals and credibility. As a student, kumbaga it’s a reflection of what we are capable to do and being responsible sa mga actions natin. The objectives of the review will depend on several factors. The objectives for the review could be driven by: 1. 2. 3. 4. New rules Poor performance Compliance issues Anomalous revenues or expenses Role: Provide independent, objective assurance, and consulting services to organization. IIA = Institute of Internal Auditor (1941) adapted by the internal audit which is why naka-aligned ang theories nila rito. The audit function, nag focused naman sila in assessing an organization’s control or operation effectiveness with standardization with the use of checklist, prepared questionnaires, and reviewing the same documents after year to verify consistency. The focus of standardization limited the auditor’s ability to be creative. Kung si auditor is pinoprotektahan niya yung kaniyang independence, si organization naman is nagbabago due to globalization, advance technology, and relentless competitions, etc. Sabi, marning auditors ang hindi nakasabay sa pagbabago or they were slow to adapt to the changing landscape and instead na naniwala sila na it will still operate just the way it was before kaya naman ang naging result nito is maraming auditor ang naging irrelevant. Ngayon naman is yung mga internal audit is updated na, kumbaga mas balance na yung operational, reporting, compliance, and with information technology. DEFINITION AND CHARACTERICSTIC OF OPERATIONAL AUDITING Operational Auditing – A future-oriented, systematic, and independent evaluation of organizational activities. Done to benefit the organization’s stakeholders who trust internal auditors to identify anomalies, and that organization structure and operating is working effectively. What is Operational Audit? Ang Operational Audit is an analysis ng organization’s operational procedure. It reviews yung mga policies ni organization, as well as their practices, and system. Itong operational audit is hindi lang yung financial status ng organization ang ineexamine, kundi yung management practices din. It looks for a way to improve the productivity, effectivity, and efficiency ng operation ng isang organization. Importance of Operational Audit Itong operational audit kasi, since we are talking about operation, it provides a fair evaluation sa systems, sa mga procedures, and check yung mga internal controls in place if they are functioning appropriately. It also makes sure na mabawasan nito yung mga risk and ma-accomplish ni organization yung kaniyang mga naka-set na objectives. The definition contains some key language that is important to note: 1. Independence – it has to do with the position of internal audit within the organization’s hierarchy. And to be recognized as independent, si auditor is dapat free from any obligation or sa interest kay client. 2. Objectivity – free from bias nga, without any agenda or other motive aside sa pag examine ng mga documents and process procedures truthfully. Meron talagang pagkakataon na may conflict of interest pero si auditor is need niyang mag maintain ng balance to obtain a healthy professionalism. 3. Assurance – si auditor is knowledgeable enough to give confidence and make statement regarding sa condition matter within the organization. It is often considered a synonym to “compliance” And as we all know, si internal auditor is nagbibigay lang siya ng reasonable assurance but not absolute assurance kasi nga maraming variables within the audit procedures. Compliance can be driven by requirements that are internal or external, regulatory or not, explicit or implied. According to the report, there are four (4) main reasons why organizations report: a) Provide shareholders more transparency b) Gain competitive advantage c) Improve risk management capabilities d) Respond to stakeholder pressure Kapag sinabi kasi natin na “stakeholder” ito yung mga tao or group of people na apektado ng policies, decision, and actions ng isang organization. Making sure that there is a fair treatment and consistent, universal adherence to established social regulations are key objective of compliance reviews. 4. Consulting – ito naman is giving advice sa management and the board, and engage in activities that helps the organization resolves business issues. With the help of this, mas na-aaddress natin yung performance, improvement na need ng organization, process, and activities. 5. Design to add value – this shows the importance of having an internal auditor within the organization. Siguro sa tingin ng iba, lalo na sa mga non-auditors is gastos lang ang pagkakaroon ng internal auditor since may regulations naman, may BOD naman, pero in reality is ang mga internal auditors kasi is 6. 7. 8. 9. nakakapagbigay ng objective and relevant assurances as well as contributes to the effectiveness of risk management and control processes. Improve an organization’s operation – ang mga internal auditor kasi nga is nakakapagbigay ng objectives and relevant assurance and contributes to the effectiveness of risk management and control processes. Help an organization accomplish its objectives – many auditors practices what has been commonly referred to as control-based auditing in essence kasi they look for the controls within the process or program and then check kung lahat is present and working accordingly. Sinasabi na si auditor to help the organization accomplish its objectives is to addressed those risk na pwedeng maka-apekto doon sa mag accomplish nila ng objectives. By bringing a systematic, disciplines approach – this is encapsulated in the Standards, the Practice Guides and Practice Advisories na nagbibigay ng guidance on how to plan, execure, and communicate para makakuha ng magandang result. To evaluate and improve the effectiveness – ang role kasi ni auditor is beyond sa pag eevaluate ng business dynamics or to write audit report. Nakakatulong din kasi ito sap ag improve ng ability ni auditor to achieve its goals and objectives like risk management (refers to the identification, measurement, assessments, and response to risk) control (activities that mitigate relevant risks and help the organization avoid surprises) governance process (wide subject that includes matter related to organization structure, reporting lines, span of control, resources allocation, accountability, discipline, rewards mechanism) THE OTHER PARTS OF THE DEFINITION The word “consulting” thinking in terms of the auditors’ attitude, disposition, frame of mind, and working practices. Example: many internal auditors focus on one-on-one interviews and practice facilitated sessions, where you bring together several employees for discussion, fact finding, brainstorming solution. Another work, “improve an organization’s operations” make sure that control activities are performed accordingly as well as checking risk for slowdowns, reword, and other operational malfunctions that are result of what consider “other type of risk: Another important aspect of operational auditing is rather than merely verifying that employees are performing their duties according to policies and procedures, internal auditor also verifies of qualitative aspects of the organization and its activities. In the end, operation auditing is design to evaluate the effectiveness and efficiency of business activities, process, programs, functions, and units. The scope may be different from traditional fiscal-year scope, periods, since achieving these objectives may require an analysis of multiple time period to identify, analyze, and understand trends, patterns, outliers, and other positive or negative dynamics of interest. THE RISK-BASED AUDIT Ang risk-base in auditing is an approach na kumbaga naka-focus to identify ano ba yung mga need i-prioritize na area na mataas yung risk within the organization and providing an audit plan to address those risks. Si Internal auditor is ginagamit itong approach na ito to develop plans and para mas maging mas maintindiahan natin yung risk na meron si organization. Halimbawa nito is yung mga risk like sa production delays, wastage, hindi magandang customer service, high employee and customer turnover, and pagkakaron ng mga system failure. The drive to achieve diversity provides a competitive edge for the profession as we broaden our recruitment efforts and thrive to make sure that every auditor individually, and internal audit departments collectively, possess the knowledge and proficiency to perform their duties. This concept of risk-based auditing is in contrast to what has been dubbed controlsbased auditing. The latter is defined as audit that focus on identifying and evaluating internal control without enough regard to their value to the process. This can happen because auditors take a preexisting work program without researching the nuances of the present audit scope sufficiently or even when they perform planning activities, their interviews and other research only focuses on identifying existing controls without fully understanding the key risks and objectives of the process under review.’ Kapag kasi control-based approach, si auditor is then listens and searches for references to control with the intention to verify yung existence and effectiveness and ang epekto nila ito that they are testing the control in relative isolation nang hindi naiintindihan ng buo yung connection nito sa objectives and risk ng program under review, Sa risk-based naman kasi, it requires more brainstorming, more interactions sa process owners, a more in-dept understanding sa organization’s business and machnisim to address past, present, future vulnerabilities. In short, internal auditors is to anticipate the needs of stakeholders, develop forwardlooking risk management practices, and support the business objectives, identify, monitors, and deal with emerging technology risk and enhance audit finding through the greater use of data analytics. AUDITING BEYONG FINANCIAL, AND REQUIREMENTS ACCOUNTING, REGULATORY The other key focus area was compliance with regulatory requirements. In this case, auditors adopted a fairly binary approach to audit by attempting to understand the rules and regulations affecting a program or process. They then would apply a very effective methodology: Are they doing what the rulebook says? If “Yes”, the test results were satisfactory. If “No” the results were documented and communicated as findings. Over time, business leaders and managers witnessed business failure caused by poor management decision and practices. By poor management, referring to inadequate: Operations management – nagiging waste lang, inefficiencies, and poor customer satisfaction and limited lang yung capacity to grow as opportunities arise or customer’s demand change. Human resources – nakikita ito or reflected sa poorly supervised, trained, and evaluated employees who sometimes become unmotivated and unproductive. IT – pagdating naman sa computer, nangyayari ito kapag maling data ang nailagay or iba sa kailangan ng business kaya nag reresulta ito sa maling reporting mechanism Marketing – nagiging sayang lang yung pera for marketing kung hindi naman appropriate yung way lalo na kung maling target consumer. CSR – issues range from child labor, sweatshop conditions, abusive management, and inappropriate waste disposal. Environment Health and Safety (EHS) – ito is mga practices and condition related sa poor ventilation, excessive hear, extreme noise level, and workplace hazard cause by chemicals… Advisory and Consulting engagement are performed to take advantage of internal auditor’s broad skillset and experience. High level of financial, accounting, IT, management, and business analysis skills are typically required to perform these reviews. THE VALUE AUDITORS PROVIDE Sadly, yung mga internal auditor hindi ganoon napapahalagahan. There are managers and employess na hindi narerecognize yung importance ng pagkakaroon ng internal auditor. Ang mga internal auditor, they provide efficient and effective use of resources. Since organizations operate with the funding received or authorized by their owners or contributors, it is imperative that the organization operates with this principle of financial fiduciary responsibility A fiduciary duty is a legal duty to act solely in another party’s interests. Parties owing this duty are called fiduciaries. The individuals to whom they owe a duty are called principals. Fiduciaries may not profit from their relationship with their principals unless they have the principals’ express informed consent. They also have a duty to avoid any conflicts of interest between themselves and their principals or between their principals and the fiduciaries’ other clients. Recognition of the duties that all employees have to the principals is central to the proper discharge of their responsibilities as employees, who should always act in the interests of the main stakeholders of the organization. To this effect, internal auditors contribute to this process by making sure that these duties are defined, that structures are set to ensure behaviors are aligned with these objectives, and making recommendations to the board and senior management when there are discrepancies jeopardizing the success of these arrangements. In the aggregate, internal auditors serve the public and common interests by making sure that owners receive the return on their investments that they are entitled to, and that the means of generating those profits are within the confines of the law. STAKEHOLDER Kung ang mga stakeholder can facilitate the attainment of objectives or make decisions regarding resources, it is imperative that auditor understand their role and influences. Ang stakeholder kasi is may power to use resources para sa gumawa ng isang event or to secure a desired outcome. In general, ang stakeholder power can be categorize as political power, voting power, economic power, and legal power. When it comes naman sa conducting a stakeholder analysis, importante na yung aspect of modern internal auditing kasi it gives the auditor an appreciation for the various parties interested sa outcome and outputs ng organization as well as its programs and related process. In addition, dapat daw sa planning phase palang is ma-identify na agad natin yung mga internal and external stakholders to make sure they seek their input as to what their objectives, and plans are for the area audited. Integrated Auditing Isa sa mga naging important development daw over the past decades is the emergence of integrated auditing as type of audit. Based on online definition, and integrated audit is one that combines yung examination ng financial statement with an evaluation of internal control. Level 5: Optimizing = Integrated Auditing recognized as a change agent, continuously improving its professional practices. Level 4: Managed = CHAPTER 2 The objectives for the review could be driven by 1. New Rules – it can be established internally (policies and procedures) or externally (new or updated regulations) or a combination. laws and
