REGUNAYAN, MARCO PAUL C.

CBET – 01 – 502E PROF. MACRINAVIOLETA MUTUC

CHAPTER 2: Objectives and Phases of Operational Audits

1. List three reasons management may ask for an operational audit to be performed,
and explain how the audit program would be impacted by each of them.

First, the purpose of an operational audit is to improve the efficiency of day-to-day

operations. In other words, managers review the routine processes and procedures of those
employees, such as production workers, who do the primary work of the company.
Second, managers use the operational audit to evaluate and analyze the current
effectiveness of a company's operations while identifying areas of potential improvement.  
And lastly, managers typically analyze all factors involved in transforming the company's
resources into products and services that are valuable to the business's customers. This includes
the routine processing, production, inspection, storage and delivery of products and services.

2. Explain the importance of identifying risk factors and using them during the
planning phase.

Risk factors play an important role during planning, and in particular, during risk
assessments. Risk factors are conditions and other variables that in their present, or absence, as
the case may be, either exacerbate or diminish the underlying risk. Identifying risk factor is one
of the most frustrating activities for a team and the most rewarding if relevant risks are captured
and correctly mitigated. Risk should be identified has early has possible. Even before the
planning phase, in the initiation. It will ensure not only removing the obstacles to task
completion, but activities would flow easily and you can be sure that your deadlines and goals
will be met. Risk identification let you better adjust your planning, but mitigation in place early.
Risk is a continuous process.

(page 38)

3. Explain how an auditor would perform each of the following procedures:

a. Trace – an auditor must trace the transaction from the source to its destination, which
could be financial, operational, or regulatory report
b. Vouch – an auditor must do the reverse-tracing of a transaction from the destination to its
source.
c. Reconcile – an auditor must tie information from two separate sources to verify the
accuracy or expected discrepancies.
d. Foot – an auditor must add items in a column.
e. Cross-foot – an auditor must add items in a row.

(page 40)
 4. What is testimonial evidence and how is it gathered?

Testimonial evidence consists of verbal or written statements or assertions given by someone

as proof regarding the matter being discussed. In the case of internal audits, anyone being
audited may be asked to give testimonial evidence during interviews about a variety of topics.
Testimonial evidence is often gathered during interviews so it is typically verbal, but it can
be written if provided in a questionnaire, as a result of an e-mail or when requested verbally, but
the response is in writing. Interviews are a very common form of evidence gathering and it often
involves an auditor speaking with one or more individuals about matters related to the
engagement.

(pages 41-42)

5. Give two examples where observation is a useful technique to examine operational

risks and related controls.

First, in a work site, there is a possibility that the laborers don’t wear their safety equipment
consistently, even if they are supposed to and they know they should. But when the auditor or
anyone who’s in the top management is present for observation, they wear their gear and follow
workplace procedures to avoid being discovered and reported.
Second, during interviews, it can involve overreporting “good behavior” or underreporting
“bad behavior,” and its manifestation during observation is the behavioral change, sometimes
also in the form of speeding up or slowing down as their interests are best served. So when
auditors are observing working conditions, they should be mindful of this possibility and use the
procedure that will give them the most reliable information.

(page 43)

6. Give two examples where document inspection is a useful technique to examine

operational risks and related controls.

First, in the case of accounts payable payments, the auditor may want to look at the amount
of each payment to compare it to the invoice received, the address where the payment should
have been sent, and the name of the person who approved the payment to make sure the approver
is authorized to do so. Although internal auditors are not expected to be experts on altered or
forged documents, they should pay close attention to each document in search of anomalous
elements constituting red flags.
Second, during the inspection period, seller shall also make available such other documents
relating to the property as purchaser may reasonably request in writing to the extent the same are
in seller's possession or control.

(page 43)
 7. Explain professional skepticism and why it is important for all auditors.

The professional standards define professional skepticism as “an attitude that includes a
questioning mind, being alert to conditions that may indicate possible misstatement due to fraud
or error, and a critical assessment of audit evidence.” Given this definition, one quickly realizes
that professional skepticism can’t be easily measured. Nor is it something that is cultivated
overnight. It is a skill developed over time and a skill that auditors should constantly build and
refine.
Auditor applies professional skepticism to the audit directly impacts the quality of their
service. Applying an appropriate level of professional skepticism enhances the likelihood the
auditor will understand your industry, lines of business, business processes, and any nuances that
make your company different from others, as it naturally causes the auditor to ask questions that
may otherwise go unasked. These questions not only help the auditor appropriately apply
professional standards, but also help the auditor gain a deeper understanding of your business.
This will enable the auditor to provide insights and value-added services an auditor who doesn’t
apply the right degree of skepticism may never identify.

8. Provide three benefits of drawing process maps (flowcharts or value stream maps,
as some would rather call them).

A flowchart is a diagram of the sequence of movements or actions of people or things

involved in a process or activity. They illustrate a business process and virtually any process can
be drawn in the form of a flowchart.
Three benefits of drawing process maps or flowcharts:
First, since the shapes are simple and visual, they are easy to understand and review.
Second, it can be very helpful to understand where inefficiencies occur and how a process
can be improved by reducing excessive hand offs delays, and redundancies.
Lastly, it can be very useful as a managerial tool for discussion and analysis, errors may
standout and be obvious.

(pages 49-50)

9. What is an internal controls questionnaire and how can auditors use it during the
planning and fieldwork phases of audits?

An internal control questionnaire (ICQ) helps to evaluate internal controls in specific areas
by asking key questions. Internal auditors often use ICQs as a starting point and then supplement
them with other information gathering and control evaluation techniques such as flowcharts and
document reviews. They are used by process owners to help them assess their operation.
ICQs can also be very helpful when the auditor needs to collect large amounts of
information. This can be the case when the audit involves multiple locations, or there are many
individuals with information that the auditor needs, but interviewing each person individually
and sequentially will delay the completion of the audit. In those cases, preparing and sending a
questionnaire can be very helpful to collect large amounts of data quickly.

(page 50)
 10. Explain the acronym CCCER.

When there is a discrepancy between the criteria and existing conditions, the CCCER/5C
model (Criteria, Condition, Cause, Effect and Recommendation) provides a structured, reliable,
simple, yet effective framework to document these conditions.
The criteria are the performance standards or expectations set by relevant stakeholders. The
criteria are used in making the evaluation or verification, and consist of the expected
performance.
The condition refers to what the auditor discovered as a result of applying auditing
procedures. It is the factual evidence that the internal auditor found during the review.
The cause is the reason the condition exists. The cause explains why there is a difference
between expected and actual conditions.
The effect constitutes the consequence of the condition identified. It relates to the risk or
exposure the organization, program, process, or others will face because the condition is not
consistent with the criteria.
The recommendation is the action, or collection of actions, that if successfully implemented,
will neutralize the cause, stop the effect, and restore the condition to the desirable state.

(pages 221-224)

REFERENCES:

Murdock, H. (2016). Operational Auditing: Principles and Techniques for a Changing World
(Internal Audit and IT Audit) (1st ed.). Auerbach Publications.

Why is it important to identify project risks during the planning phase of the project? (2020,
September 20). [Link].
[Link]
identify-project-risks-during-the-planning-phase-of-the-project-

Professional Skepticism and Why it Matters to Audit Stakeholders. (n.d.). BerryDunn. Retrieved
September 20, 2020, from [Link]
skepticism-and-why-it-matters-to-audit-stakeholders