230 likes | 356 Views
Today’s Session. Engagement overview review BPO selection Engagement planning Emphasis on risk related testing. Engagement Process. Planning: Selecting the BPO Pre-site planning Performing: Conducting the preliminary survey Review internal controls Expanding tests as necessary
E N D
Today’s Session • Engagement overview review • BPO selection • Engagement planning • Emphasis on risk related testing Operational Auditing--Spring 2012
Engagement Process • Planning: • Selecting the BPO • Pre-site planning • Performing: • Conducting the preliminary survey • Review internal controls • Expanding tests as necessary • Generating findings • Communicating: • Reporting the results • Conducting follow-up • Assessing the process Operational Auditing--Spring 2012
BPO Selection • 6 R’s • General methodology • Resource planning Operational Auditing--Spring 2012
Selecting an Auditee“The 6 R’s” • Risk • Resources • Reward • Requests • Requirements • Revisions in operations or mgt. Operational Auditing--Spring 2012
Method of Selection • Set selection strategy • Identify potential BPOs • Rank by risk • Choose entities Operational Auditing--Spring 2012
Sample Selection Strategies • Location • Financial exposure • Operational complexity • Staffing • Mgt. Interest • Functional type • Process type • Decision center Operational Auditing--Spring 2012
Risk Factors • Quality of control system • Mgt. Competence • Mgt. Integrity • Size & liquidity of assets • System changes • Complexity • Personnel changes • Economic performance • Growth rate • Systems use Operational Auditing--Spring 2012
Risk Factors, cont. • Time since last audit • Performance pressure • Government regulation • Employee morale • Politics & publicity • Geographic location • External audit plans Operational Auditing--Spring 2012
Risk Analysis Methodology • Select top 5 risk factors • ID risk on scale of 1 to 5 • Total the risk score • Rank in order of risk Operational Auditing--Spring 2012
Project Prioritization & Selection • Rank by risk • Rank by hours • Compare to resources • Re-prioritize as necessary Operational Auditing--Spring 2012
Audit Planning • Establish purpose, objective & scope • KTT--Gather background info • Understand the BPO • Assess risk and related control • Identify and assess potential risks • Identify key controls • Prepare preliminary program that addresses risks and controls • Select resources • Report planning • Contact BPO • Logistics approval Operational Auditing--Spring 2012
Purpose/Type of Engagement • Financial • Control • Information technology • Compliance • Operations • All or any of the above Operational Auditing--Spring 2012
Nature of Objectives • Goal of the engagement • Recall the 6 R’s • Frame in terms of the S-C-O-R-E model Operational Auditing--Spring 2012
Scope • Degree of coverage • Scope can be based on: • Adequacy of controls • Effectiveness of controls • Quality of performance Operational Auditing--Spring 2012
Understanding the BPO • Know the BPO’s processes • Flow charting • Review routine reports • Identify relevant metrics • Potential for fraud • Quickly analyze the processes before assessing risk • Consider the “O’Brien 7” Operational Auditing--Spring 2012
BPO Analysis—the O’Brien 7 • Mission statement • Objectives and goals • Organization chart • Management recap • Major processes • Resources • Constraints Operational Auditing--Spring 2012
BPO Process Review • Identify the processes • Identify the process objectives or desired outcomes • Identify the related risks • Identify the controls mitigating the risks* • Identify the exception reporting process* • Ensure that overall monitoring of the process exists* *Test these items! Operational Auditing--Spring 2012
Risk and Related Controls • Brainstorm nature and nature of risk • Risk = anything that gets in the way of the BPO’s objectives • Risk of likelihood: RL • Risk of impact: RI • Ascertain any related controls • Design testing based on the results • See pps. 13-22 thru 13-35 Low, medium or high Operational Auditing--Spring 2012
Program Preparation • General segments—see sample workpapers on web site • Audit preparation • Initial survey • Systems review • Detailed operations review (TBD) • Reporting issues • Wrap-up procedures • Use Risk Control Testing approach Operational Auditing--Spring 2012
Resources • Business skills • Assurance skills • Language/cultural skills • Technical skills • Consider SME’s and virtual BPP’s Operational Auditing--Spring 2012
Expected Outcomes and Reporting • Anticipate findings • Financial misstatements • Control weaknesses • BPO objective issues • Inefficiencies • Compliance failure • Type of report • Report distribution Operational Auditing--Spring 2012
Contact BPO • Alert BPO, unless it is a surprise review • Remember, we are guests in their location Operational Auditing--Spring 2012
Final Logistics • Make sure all is “go” for the review • Get final department approval Operational Auditing--Spring 2012