CHAPTER II THEORETICAL
FOUNDATION
2.1 Definition of Operational Audit
Operational audit is an audit which is commonly performed in a company in order to
ensure the effectiveness and efficiency of a company’s operation. Operational audit is
also beneficial in assessing company’s internal control.
Inquiries regarding the
accomplishment of company objectives and the compliance of company activities with
the laws and regulations could also be addressed by operational audit. As the result of an
operational audit, recommendations are presented in purpose of resolving company
problems.
According to The Institute of Internal Auditors (IIA) publication cited in Leung, Coram,
Cooper (2007:662), operational audit is defined as:
…a systematic process of evaluating an organization’s effectiveness,
efficiency, and economy of operations under management’s control, and
reporting to appropriate persons the results of the evaluation along with
recommendations for improvements.
Another definition is also provided by Arens, Elder, and Beasley (2003:13), which
describe operational audit as:
…a review on any part of an organization’s operating procedures and
method for the purpose of evaluating efficiency and effectiveness.
9
10
According to Gill (1999:718), operational audit should consist of:
1.Systematic process
Series of logical, structured and organized procedures involved in an operational audit.
Proper planning is very important in an audit in order to obtain and evaluate evidence
relating to the activity being audited.
2.Evaluating an organization’s operation
Every company’s management owns its performance standards which are expressed as
criteria. The degree of correspondence between actual performance and the criteria are
measured by an operational audit.
3.Effectiveness, efficiency, and economy of operations
The main purpose of an operational audit is to assist the client or the company audited
in improving the effectiveness, efficiency, and economy of its operations.
4.Reporting to appropriate persons
The appropriate recipient of the operational audit is the management or the individual
agency that requested the audit
5.Recommendations for improvement
Recommendations are the result of the operational audit conducted by the auditor.
In summary, operational audit is a systematic and objective evaluation of a company’s
activities, with the purpose of providing recommendations and improving the
effectiveness and efficiency of the company.
11
2.1.1 Purpose and Benefit of Operational Audit
There is major distinction between financial and operational audit. The orientation
between these audits is also dissimilar. Financial audit is oriented to the past, whereas
operational audit concerns for the future.
Purposes of an operational audit, according to Carmichael and Willingham (1987:544),
are:
1. Assess performance
In assessing company’ s performance, the auditor needs to compare the manner in which
an organization conducts its activities, in accordance with (1) objectives established by
management or the engaging party, such as organizational policies, standards, and goals,
and (2) other appropriate measurement criteria.
2. Identify opportunities for improvement
Several alternatives for auditor to identify specific opportunities for improvements are
analysis of interviews with individuals, observation of current operations, reviews of
past and current reports, transaction studies, comparisons with industry standards,
exercise of professional judgment based on experience, or other appropriate means.
3. Develop recommendations for improvements of further actions
Recommendations could be made by the auditors. In certain cases, it is possible for the
auditor to conduct further study, not within the scope of the engagement, and the auditor
may simply refer to reasons why further study of a specific area may be appropriate.
12
Implementation of operational audit is expected to assist the companies in achieving
certain benefits, such as generating progress for the company performance, increasing
the management of company operations.
Companies may have different purposes in conducting operational audit. Nevertheless,
the main objective is improving effectiveness and efficiency of operations in the short
term and increasing company performance in the long term.
2.1.2 Types of Operational Audit
There are three main categories of operational audit which auditors frequently perform.
In every types of operational audit, the main objectives are evaluating internal control
and assessing company’s efficiency and effectiveness.
Arens (2003:740) categorize three main types of operational audits:
1. Functional Audits
Functions are a means of categorizing the activities of a business, such as the billing
function or production function. Various methods have been developed to categorize and
subdivide functions. Prior to the terms, a functional audit is conducted with one or more
functions in a company. Specialization by auditors is permitted in this type of audit.
This specialization has become the main advantage of functional audit.
13
2. Organizational Audits
Organizational audit deals with an entire organizational unit, including all departments,
branches, and subsidiaries. The organization operation and also methods are especially
important in this audit. Therefore, this audit is ideal in order to emphasize how
efficiently and effectively functions interact
3. Special Assignments
Management usually raises the request of special assignment. Examples of this audit
may include determining the cause of an ineffective IT system, investigating the
possibility of fraud in a division, and making recommendations for reducing the cost of
manufacture product.
Several aspects affecting the type of audit performed are the scope permitted by the
company, the benefits expected to be achieved, and request from the company.
2.1.3 Performance of Operational Audit
As in other kinds of audit types, it is crucial that operational audit is to be performed by
competent auditors.
14
As stated by Arens (2003:740-742), operational audit is performed mainly by three
professions:
1. Internal Auditors
Internal auditors could perform either operational or financial audits. These auditors are
considered to be effective for the company because normally, they also work for the
company audited. However, in an audit performance, internal auditors are obliged to be
independent. The internal auditors should report to the board of directors or president.
2. Government Auditors
Government auditors usually perform financial audit and also operational audit. In
Indonesia, government auditors are represented by Badan Pemeriksa Keuangan (BPK).
The result of an operational audit by BPK would be presented to Dewan Perwakilan
Rakyat (Legislative Council) as a means in managing Indonesia’s economic activities
(Jusup, 2001:17). In United States, General Accounting Office (GAO) is the most
widely recognized government auditor group. The standard for government auditors in
United States is termed ‘The Yellow Book’, which defines and sets standards for the
performance audits; which are considered essentially the same as operational audits. The
objectives of performance audit based on ‘The Yellow Book’ are economy and
efficiency audits and also program audits.
3. CPA Firms
CPA firms perform their audit based on their knowledge of client’s background. They
usually perform financial audit and could be widened into operational audit. The result
15
of the audit should be made in form of management letter. Operational audit by CPA
firms commonly happen in a company which lack of internal audit staff or internal audit
staff lacks expertise in a certain area.
In general, auditors should possess their independence in performing operational audit or
other types of audit. In the performance of any type of operational audit, auditors are
expected to resolve the matters in an uncomplicated manner and presented the result in
recommendations. These recommendations should be able to be conducted effectively
and efficiently by the company.
2.1.4 Phases in Operational Audit
In managing their working schedule and also services, it is beneficial for auditors to
have phases in operational audit.
The phases that need to be completed in an operational audit are (Gill, 1999:718-721):
1. Audit Planning
In audit planning, auditors should determine the scope of the engagement and
communicate it to the company; obtain background information about the company,
comprehend internal control, and decide the appropriate evidence to accumulate. Audit
planning begins by developing an audit program. Audit program is composed based on
the findings by the auditor in the preliminary study phase. Scheduling the audit
performance is also included in audit planning. In operational audit, it is crucial to spend
more time with interested parties regarding the terms of engagement and the criteria for
evaluation.
16
2. Audit Performance
In acquiring relevant data, the auditor usually conducts inquiry and observation.
Questionnaire is the most common approach used by the auditor as a basis for
interviewing auditee personnel. The auditor expects to obtain opinions, comments, and
suggested solutions from the responses. Auditors can also conduct observation of
auditee personnel to detect inefficiencies and other weaknesses.
The next phase in audit performance is analysis. Analysis is also important because it
provides a basis for determining the degree to which the auditee is meeting specified
objectives. Analysis comprises of the study and measurement of actual performance in
relation to some criteria.
There are two types of criteria, which are criteria internally developed by the entity and
criteria externally developed by the entity. Internally developed criteria could be
described in productivity goals and budgets. Externally developed criteria could also be
found in information on industry standards or derived by the auditor from previous
audits or similar activities. After the audit performance concluded, the auditor should
document the findings and the recommendations in working papers. The senior auditor
usually will review the working papers to monitor progress and ensure the overall
quality of the work.
3. Report Findings
The result of operational audit is the audit report. In operational audit, the report is
usually sent only to management, with a copy to the unit being audited. The common
features of an operational audit report comprise of:
17
a. A statement of objectives and scope of the audit
In this stage, auditor would include (1) document, analysis, and report regarding the
current operations (2) identification of areas that require attention (3) recommendations
for corrective action or improvements. The components of the scope are identification of
units being audited and the evaluation of specific financial and operational conditions.
b. A general description of the work done
In this section the auditor will indicate (1) the personnel interviewed; (2) the specific
documents, files, reports, and systems used in evaluation; (3) the analysis of data; (4) the
development of
recommendations for
improvement; (5)
the discussions
with
management personnel.
c. A summary of findings
For consideration purpose, all substantial findings are included in the report.
• Recommendations for improvements
The aim of recommendations is to increase the efficiency and effectiveness of
company’s operation.
• Comments of the auditee
This feature is optional for auditors. Auditors will include this part only when there is
disagreement with the auditee concerning findings and recommendations.
18
4. Follow-up Performance
The auditor is required to follow up on the auditee’s response to the audit report. The
failure in receiving an appropriate response must be reported to senior management by
the auditor.
Subsequently, the phases in operational audit is required to be achieve several goals ,
such as (1) to ensure the effectiveness and efficiency of company activity, (2) to assist
the company in improving its operations and developing the performance.
2.2 Definition of Internal Control
One of the purposes of operational audit is also to evaluate efficiency and effectiveness
of internal control and eventually provide recommendations to the management.
In accordance with Agoes (1999:180), efficiency and effectiveness were defined as
follows:
a.Effective occurs when a company could accomplish its goal, objectives, or programs
in a targeted range of time, regardless of the cost.
b.Efficient occurs when a company could achieve bigger results (output) along with the
least amount of cost (input).
Accordingly, concise explanation of effectiveness and efficiency are:
a) Effectiveness - the assessment of a company in determining the extent the company
has been successful in realizing its goal, objectives, or programs.
19
b) Efficiency - correlation between the output results of the company’s activity and the
input consumed to generate the results (output).
Furthermore, Auditing and Assurance Handbook 2008 ( ASA 315: 218), affirm that,
‘obtaining an understanding of the entity and its environment, including its internal
control is a continuous, dynamic process of gathering, updating, and analyzing
information throughout the audit.’
In accordance with The Committee of Sponsoring Organizations (COSO) of the
Treadway Commission, (Gill, 2004: 273), internal control can be defined as:
…a process, affected by an entity’s board of directors, management, and
other personnel, designed to provide reasonable assurance regarding the
achievement of objectives in the following categories: reliability of
financial reporting, compliance with applicable laws and regulations, and
effectiveness and efficiency of operations.
The definition of internal control according to Ikatan Akuntan Indonesia (IAI),
published in Standar Profesional Akuntan Publik (IAI, 2001:319.2), is:
Internal control is the process carried out by the commissioner,
management, and the staffs in the entity, which is designed to provide
reasonable assurance in accomplishing three main purposes: (a) reliability
of financial reporting (b) efficient and effective company’s operations (c)
compliance with the rules and regulations.
20
A company’s size has an essential effect on the nature of internal control. However, if
the various subcomponents of internal control are examined, it becomes obvious that
most are applicable to both large and small companies.
2.2.1 Purpose of Internal Control
Three purposes of applying internal control in a company are (1) Reliability of financial
reporting, (2) Compliance with rules and regulations, and (3) Efficiency and
effectiveness in company activities.
Standar Profesional Akuntan Publik (IAI, 2001:319.2) identifies the purpose of internal
control as follows:
1. Reliability of financial reporting
Management has the obligation of establishing and maintaining entity’s controls.
Therefore, the management should ensure that the financial report has been prepared
according to reporting standard.
2. Effectiveness and efficiency of the company’s operations
By applying good internal control, it is anticipated that ineffective and inefficient use of
resources could be diminished.
3. Compliance with the law and regulations
The company’s operations should be complied with rules and regulations, which could
affect the company directly or indirectly.
21
As a conclusion, by applying the appropriate degree of internal control in a company,
the company could achieve its short term and long term goal in an efficient and effective
way.
2.2.2 Components of Internal Control
Internal control includes five significant categories that management designs and
implements to provide reasonable assurance that management’s control objectives will
be met. These are called the components of internal control (Arens, 2003:274-281)
1. The control environment
Control environment consists of the actions, policies, and procedures that reflect the
overall attitudes of top management, directors, and owners of an entity about internal
control and its importance to the entity.
In understanding and assessing control environment, auditors should also consider other
subcomponents such as integrity and ethical values, commitment to competence, board
of directors or audit committee participation, management’s philosophy and operating
style, organizational structure, assignment of authority and responsibility, and human
resource policies and practices.
2. Risk Assessment
Risk assessment for financial reporting includes identifying and analyzing risks which
are relevant to the preparation of financial statements in conformity with Generally
Accepted Accounting Principles (GAAP).
22
In order to understand more about risk assessment in a company, auditors usually could
use control risk matrix which described control which needed for certain function in a
company, perform questionnaires and discussion with management. Relevant transaction
class audit objective in control risk matrix consist of completeness, existence and
occurrence, allocation and valuation, and presentation and disclosure. The more
effective the internal controls, the lower the control risk and inherent risk. The
relationship between control risk and detection risk is inversed, whereas the relationship
between control risk and substantive test is direct. Thus, when the control risk and
inherent risk are high, substantive test is needed. And when the detection risk is high,
test of control is needed.
3. Control Activities
Control activities are the policies and procedures, which help ensure that necessary
actions are taken to address risks in the achievement of the company’s objectives.
Statements on Auditing Standards (SAS) 94 and COSO Report note that control
activities are generally related to policies and procedures that affect segregation of
duties, information processing, physical controls, and performance reviews. There are
five types of specific control activities, which are adequate segregation of duties, proper
authorization of transactions and activities, adequate document and records, physical
control over assets and records, and independent checks on performance.
23
4. Information and Communication
The role of information and communication system within a company is to initiate,
record, process, and report the entity’s transactions; and maintain accountability for the
related assets. To understand the design of the accounting information system, the
auditor (1) determines the major classes of transactions of the entity, (2) how those
transactions are initiated and recorded, (3) what accounting records exist and their
nature, (4) how the system captures other events that are significant to the financial
statements, and (5) the nature and details of the financial reporting process followed.
5. Monitoring
Monitoring activities deal with the ongoing or periodic assessment of the quality of
internal control performance by management to determine that controls are operating as
intended and that they are modified as appropriate for changes in conditions.
The major types of monitoring activities a company uses and how these activities are
used to modify internal controls when necessary are the most important things the
auditor needs to know about monitoring. The most common way to obtain this
understanding is by discussion with management. In addition, an adequate internal audit
staff can reduce external audit costs by providing direct assistance to the external
auditors.
Each component of internal control comprises of policies and procedures which are
considered necessary in attaining the purposes of internal control.
24
2.2.3 Relation between Operational Audit and Internal Control
Analyzing and evaluating internal control of a company is required for an auditor, as
stated by Standar Profesional Akuntan Publik (IAI,2001:319.02), ‘Reasonable
knowledge of internal control should be acquired with the aim of planning the audit and
determining the nature, timing, and extent of the audit’.
Ratliff (1996:753) defines the relation between internal control and operational audit as
follows, ‘Operational audits examine and evaluate systems of internal control and the
quality of performance in carrying out assigned responsibilities’.
He further states that the key to understanding operational auditing is to understand
internal control. All operational audit tests generally are linked directly to some aspect
of organizational operations (Ratliff, 1996:753-757). Therefore, it is certain that
operational audits are conducted to enhance and support internal control as means in
achieving company’s goals.
Weaknesses in company’s internal control, such as errors, inaccuracy and fraud, indicate
greater risk for the company. If the auditor assumes the company’s internal control as
ineffective, the auditor should expand the audit scope and perform substantive test in
preventing greater risk to occur. On the contrary, if the auditor presumes the internal
control of the company as effective, the auditor could simply complete test of control or
reduce the scope of the audit when performing substantive test.
25
2.2.4 Definition of Accounting Information System
In performing operational audit, particularly in describing the flow of company’s
operation and also its organizational structure, the audit is supported by accounting
information system.
According to Hall, information system could be defined as:
‘Specialized subset of information system that processes financial transactions
(Hall, 2007:9).’
Hall also stated several documentation techniques which support the performance of
operational audit, such as (2007: 58-62):
1. Data Flow diagrams
In this method, symbols are representing the entities, processes, data flows, and data
stores that pertain to a system.
2. Entity Relationship Diagrams
This method applies documentation technique to represent the relationship between
entities.
3. Flowcharts
A flowchart is a graphical representation of a system that describes the physical
relationship between key entities.
Components in accounting information system maintain a proper performance of an
operational audit.
26
2.2.5 Relation between Operational Audit and Accounting Information System
In Operational audit the main purpose is to assess the internal control of the company in
order to evaluate the company’s performance. In assessing the internal control, there are
methods applied.
This method applied is frequently related to accounting information system. Accounting
information system could provide the written description of a system which could be
wordy and difficult to follow. By using documentation techniques, the auditors could
capture visual image which could convey vital system information more effectively and
efficiently than words do. For example, the auditor needs to evaluate the internal control
and procedures of purchasing department in the company; the auditor could use a
flowchart to describe this situation. The auditor will begin by interviewing individuals
involved in the purchase order process to determine what they do. Based on the findings
and facts, the auditor could create a flowchart of this system. This flowchart would
clearly identify the system that it represents.
2.3 Definition of Purchase
Within a company, there are areas which possess high risk factors. One of these areas is
the purchasing area. In a company, purchase is the main function in maximizing
company’s production activity. Purchase volume depends on the size of the company.
There are several definitions of sales, including:
1. According to Ebert and Griffin ‘Purchasing is the acquisition of all the raw materials
and services that a company needs to produce its products’ ( Ebbert and Griffin, 2005:
210).
27
2. In accordance with Soemarso, ‘ Purchasing activity could include, purchasing goods
in cash or credit, purchasing goods for the purpose of production activity and other
company activities’ (Soemarso, 1999:208).
In summary, purchase could be defined as the result of company’s activity in acquiring
production goods within a period of time. Purchase is performed in two ways:
1. Cash purchase
In this type of purchase, the company is obliged to make the payment alongside the
acceptance of merchandises ( Arens, 2003:542).
2. Credit purchase
This type of sales enables the company to receive the merchandises and make the
payment afterwards, within an agreed upon of time and terms. Accounts payable occur
as the result of credit purchase ( Arens. 2003:543).
2.4 Definition of Account Payable
Lenience in terms of payment may be provided for the company by the seller, such as
permitting the company to make payment within an agreed period of time and terms.
Lenience in payment only occurs in credit purchase.
Account payable in credit purchase is regarded as a liability due to the obligation that a
company expects to fulfill in the future. In accounting manner, account payable is
considered as current liabilities. Current liabilities are obligations which fall due before
one year from the balance sheet date.
28
There are several definitions for account payable, such as:
1. Horngren (2002:329) defines account payable as ‘Amounts owed to suppliers.’
2.According to Nickels, McHugh, McHugh, accounts payable could be defined as,
‘Money owed to others for merchandise and services purchased on credit but not yet
paid ‘(Nickels: 558).
3.Arens, Alder and Beasley defined accounts payable as:
Unpaid obligations for goods and services received in the ordinary course of business
(Arens, 2003: 552).
2.5 Summary of Theoretical Foundation
Operational audit is conducted as a review of company’s activities. The benefits of
operational audit are assessing the company performance, identifying weaknesses in
company functions, increasing efficiency and effectiveness of company operations, and
providing recommendations for the development of the company. There are three types
of operational audit which are commonly performed by auditors; they are functional
audit, organizational audit, and also special assignment. The stages usually pursued in
operational audit are audit planning, audit performance, report findings, and audit
follow-up.
Enhancing efficiency and effectiveness of company operations has become the main
purpose of operational audit. Effectiveness and efficiency are crucial in a company
because by enhancing both of them; a company can easily manage its operations and
accomplish its objectives.
29
Internal control should also be reviewed by auditors in conducting operational audit. In
performing internal control, management should also consider the components of
internal control, such as control environment, risk assessment, control activities,
information and communication, and monitoring.
Proper application of internal control could ensure the reliability and compliance of
financial reporting, and also increase the level of effectiveness and efficiency of the
operations.
In providing the visual description of the internal control of the company, the auditor
would apply the documentation techniques in accounting information system. These
documentation techniques would provide great amount of assistance in understanding
more about the company’s operation and relation between entities audited.
Credit purchase could be considered as an obligation which must be fulfilled by the
company. Account payable is also crucial because if the company could not pay their
account or could not be resolved, the amount in the account payable could affect the
company performance in negative way.
The objective of this thesis is to perform operational audit on credit purchase and
account payable functions on fabric at PT. Henrydew Putra Sanjaya. Prior to the
situation in PT Henrydew Putra Sanjaya, the type of operational audit which will be
conducted is the functional audit. By conducting operational audit, it is expected that the
30
auditor could identify the weaknesses of the company in both functions and
subsequently provide recommendations to prevent future losses and risks.
This audit
performance is also conducted to evaluate the level of internal control in the company.
Eventually, this audit could increase in effectiveness and efficiency of company activity
especially in credit purchase and account payable on fabrics. This audit would also be
performed based on the proper audit phases.