1 / 23

Today’s Session

Today’s Session. Engagement overview review BPO selection Engagement planning Emphasis on risk related testing. Engagement Process. Planning: Selecting the BPO Pre-site planning Performing: Conducting the preliminary survey Review internal controls Expanding tests as necessary

najwa
Download Presentation

Today’s Session

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Today’s Session • Engagement overview review • BPO selection • Engagement planning • Emphasis on risk related testing Operational Auditing--Spring 2012

  2. Engagement Process • Planning: • Selecting the BPO • Pre-site planning • Performing: • Conducting the preliminary survey • Review internal controls • Expanding tests as necessary • Generating findings • Communicating: • Reporting the results • Conducting follow-up • Assessing the process Operational Auditing--Spring 2012

  3. BPO Selection • 6 R’s • General methodology • Resource planning Operational Auditing--Spring 2012

  4. Selecting an Auditee“The 6 R’s” • Risk • Resources • Reward • Requests • Requirements • Revisions in operations or mgt. Operational Auditing--Spring 2012

  5. Method of Selection • Set selection strategy • Identify potential BPOs • Rank by risk • Choose entities Operational Auditing--Spring 2012

  6. Sample Selection Strategies • Location • Financial exposure • Operational complexity • Staffing • Mgt. Interest • Functional type • Process type • Decision center Operational Auditing--Spring 2012

  7. Risk Factors • Quality of control system • Mgt. Competence • Mgt. Integrity • Size & liquidity of assets • System changes • Complexity • Personnel changes • Economic performance • Growth rate • Systems use Operational Auditing--Spring 2012

  8. Risk Factors, cont. • Time since last audit • Performance pressure • Government regulation • Employee morale • Politics & publicity • Geographic location • External audit plans Operational Auditing--Spring 2012

  9. Risk Analysis Methodology • Select top 5 risk factors • ID risk on scale of 1 to 5 • Total the risk score • Rank in order of risk Operational Auditing--Spring 2012

  10. Project Prioritization & Selection • Rank by risk • Rank by hours • Compare to resources • Re-prioritize as necessary Operational Auditing--Spring 2012

  11. Audit Planning • Establish purpose, objective & scope • KTT--Gather background info • Understand the BPO • Assess risk and related control • Identify and assess potential risks • Identify key controls • Prepare preliminary program that addresses risks and controls • Select resources • Report planning • Contact BPO • Logistics approval Operational Auditing--Spring 2012

  12. Purpose/Type of Engagement • Financial • Control • Information technology • Compliance • Operations • All or any of the above Operational Auditing--Spring 2012

  13. Nature of Objectives • Goal of the engagement • Recall the 6 R’s • Frame in terms of the S-C-O-R-E model Operational Auditing--Spring 2012

  14. Scope • Degree of coverage • Scope can be based on: • Adequacy of controls • Effectiveness of controls • Quality of performance Operational Auditing--Spring 2012

  15. Understanding the BPO • Know the BPO’s processes • Flow charting • Review routine reports • Identify relevant metrics • Potential for fraud • Quickly analyze the processes before assessing risk • Consider the “O’Brien 7” Operational Auditing--Spring 2012

  16. BPO Analysis—the O’Brien 7 • Mission statement • Objectives and goals • Organization chart • Management recap • Major processes • Resources • Constraints Operational Auditing--Spring 2012

  17. BPO Process Review • Identify the processes • Identify the process objectives or desired outcomes • Identify the related risks • Identify the controls mitigating the risks* • Identify the exception reporting process* • Ensure that overall monitoring of the process exists* *Test these items! Operational Auditing--Spring 2012

  18. Risk and Related Controls • Brainstorm nature and nature of risk • Risk = anything that gets in the way of the BPO’s objectives • Risk of likelihood: RL • Risk of impact: RI • Ascertain any related controls • Design testing based on the results • See pps. 13-22 thru 13-35 Low, medium or high Operational Auditing--Spring 2012

  19. Program Preparation • General segments—see sample workpapers on web site • Audit preparation • Initial survey • Systems review • Detailed operations review (TBD) • Reporting issues • Wrap-up procedures • Use Risk  Control  Testing approach Operational Auditing--Spring 2012

  20. Resources • Business skills • Assurance skills • Language/cultural skills • Technical skills • Consider SME’s and virtual BPP’s Operational Auditing--Spring 2012

  21. Expected Outcomes and Reporting • Anticipate findings • Financial misstatements • Control weaknesses • BPO objective issues • Inefficiencies • Compliance failure • Type of report • Report distribution Operational Auditing--Spring 2012

  22. Contact BPO • Alert BPO, unless it is a surprise review • Remember, we are guests in their location Operational Auditing--Spring 2012

  23. Final Logistics • Make sure all is “go” for the review • Get final department approval Operational Auditing--Spring 2012

More Related