process level auditing presentation

15
Process Level Auditing

Post on 19-Oct-2014

1.215 views

Category:

Documents


0 download

DESCRIPTION

Process Level Auditing (PLA) Presentation

TRANSCRIPT

PowerPoint Presentation

Process Level Auditing

What is Process Level Auditing (PLA)?

PLA means the auditor acts as a facilitator to help the managers of a group of related activities assess the control strengths and weakness. Together, we develop action plans for improvement, where necessary.

In a PLA Environment:

All existing controls and procedures are reviewed by managers and auditors to determine what is needed for improved efficiency.

Internal Audit, in the capacity of in-house consultant, works with the "client" to enhance the operations of the various departments.

How Will Process Level Auditing Improve the Organization?

The managers' operational knowledge of the process becomes part of the audit.

Each segment of the process is summed into one continuous flow.

The managers gain an understanding of how the activities in their segment impact the process.

The risks factors are assessed for potential impact to the process, and controls are applied for maximum efficiency and effectiveness.

Responsibilities of Internal Audit to the Organization

The Institute of Internal Auditors set standards for the professional practice of Internal Auditing. They defined internal Auditing as an:

"... Independent appraisal function established within an organization to examine and evaluate its activities as a service to the organization..."

"...The objective of internal auditing is to assist members of the organization in the effective discharge of their responsibilities...

"... To this end, internal auditing furnishes them with the analyses, appraisals, recommendations, counsel and information concerning the activities reviewed.."

CONTINUED

Responsibilities of Internal Audit to the Organization

Internal Audit must also keep the Board of Trustees informed of the adequacy of internal controls. In a process level auditing environment, these key functions will not change.

Internal Audit ObjectivesCurrent Practice

The objectives of Internal Audit currently are to determine that existing policies and procedures within one area are adequate, properly implemented, and personnel are in compliance.Practice Under PLA

The objectives of Internal Audit would be to facilitate the group's assessment of the process to determine where controls are needed, to adequately protect the assets of the organization.

CONTINUED Internal Audit ObjectivesCurrent Practice

As part of its objectives the Internal Audit department currently identifies financial and operational problem areas and recommends modifications or development of new policies and procedures to assure that assets are safeguarded throughout the organization.Practice under PLA

As part of its objectives the Audit process group would review the entire process, and collectively recommend modifications or development of policies and procedures that enhance the process, as well as adequately safeguard organization assets.

FUNCTIONS OF INTERNAL AUDITCurrent Practice

Internal Auditors currently focus on insuring that adequate controls exist within each segment of a process.

Internal Auditors examine activities as a service to the organization.

Internal Auditors perform independent appraisals.Practice Under PLA

The Auditor would facilitate a review of the process that focus on controls within a total process.

Internal Audit would facilitate the identification of unacceptable risks, and opportunities for reduction to acceptable levels.

Independent appraisals would continue.

CONTINUEDFUNCTIONS OF INTERNAL AUDIT Current Practice

Internal Audit:

Assists the organization in the effective discharge of their duties.

Furnishes management with analyses, recommendations, counsel, and information on activities reviewed.

Reports to the Audit Committee and all levels of management, its findings, conclusions and recommendations.Practice under PLA

Internal Audit would:

Continue to assists members of the organization in the effective discharge of their duties.

Furnish management with analyses, recommendations, counsel, and information on activities reviewed.

Report to the Audit Committee and all levels of management, its findings, conclusions, and recommendations.

The Managers' Expanded Role Under PLAThe managers' would participate in the process by:

A. Identifying the segments that constitute a process.

B.Contributing first-hand observations and ideas regarding the state of existing controls and potential risks in the process.

C. Developing a flowchart that links the segments into a process stream.

D. Achieving improvements in cost, quality, and service within a specific process and ultimately the Organization .

E. Contributing to the development of action plans to reduce unacceptable risks to acceptable levels.

Examples of Risks Financial - Service Revenue or budget driven.

Legal Liability The Organization's potential exposure from any lawsuits relative to the activities of the process. Regulatory Compliance - Any Federal, State, or Local legislation impacting the activities of the process.

Corporate Image - Issues that impact the public's perception of the institution.

Industry Specific - Issues that are specific to a particular industry such as healthcare.

CONTINUEDExamples of Risks

Confidentiality of Data - Adherence to the privacy and confidentiality of customer/patient information. Safeguarding Proprietary Data - The need to keep such data confidential.

Systems Recovery - The need to develop a disaster plan for any interruption to the data collection and storage system.

Operational Risk - Changes in the methods for achieving the objectives of the process.

Data Integrity and Reliability - The state of data collection, storage and accuracy within a department.

Methodology of Risk AssessmentIdentify the business segments within the process.

Facilitate the identification of risk factors within the process and classify by category.

Facilitate the ranking of the risk factors according to degree of importance to the process, and potential exposure to the organization.

Determine the order of audit field tasks, by giving priority to risks with highest potential exposure.

Perform the audit field tasks according to the risk ranking developed by the process group.

CONTINUEDMethodology for Risk AssessmentReview the findings of the audit field work with the process group.

Re-rank the risks according to the findings of the audit.

Facilitate a discussion of the opportunities for reducing risk and improving effectiveness and efficiency.

Prepare an audit report outlining the process and opportunities for improvement.