AuditTrends, LLC

Training and consulting for audit excellence

• Home page
• James Roth
• Schedule
• Seminars
  • Best Practices
  • Soft Controls
  • Enterprise Risk Management
  • New Auditor
  • Operational Auditing
  • Leadership & Supervision
  • Relationship Building
  • Report Writing
• Contact

Operational Auditing: A Risk and
Self-Assessment Based Approach

What you will gain from this seminar:

• Understand an audit process used increasingly by world class audit departments
• Practice the key skills used in this process

• Take home proven evaluation tools used in this process

Who should attend:

• Auditors with at least one year of experience
• No prerequisites.

_________________________________________________________________________________

Two-day seminar outline

Introduction
- The COSO challenge: How to evaluate soft controls?
- Participative auditing: Get your customer on the audit team

New Tools for Operational Auditing
- Results of a major IIA research project, Control Model Implementation: Best Practices

A Better Audit Process
- The traditional audit process
- A better audit process:

• Risk-based
• Participative
• Using self-assessment
• High-payback focus on evaluation of system design

- Audit Simulation: Introduction to Monolithic Diversified Industries (MDI)

Phase I: Planning
-Planning steps for a participative audit
- The acquisition audit approach
- Audit Simulation: Notes on research of the human resource function
- Audit Simulation: Participative audit planning meeting
- Identifying and assessing risks: four helpful categories
- Characteristics of well-defined audit objectives
- Audit Simulation: Define audit objectives and scope for MDI Human Resources audit

Phase II: Evaluate the Adequacy of System Design
- Documenting internal controls: traditional methods
- Documenting internal controls: the risk/control matrix
- Teaching your audit customer the risk assessment thought process
- Audit Simulation: Exercises in using the risk/control matrix:

• Defining objectives
• Identifying risks
• Analyzing and assessing risks

- Internal controls: traditional categories
- Business Process Control: a new definition
- Alternative versions of the risk/control matrix:

• Most common features
• COSO-ized
• To evaluate a reengineered process
• To evaluate customer service
• CSA workpaper
• Sample completed matrix

- Key points in using the tool

Phase III: Evaluate the Effectiveness of Key Controls
- Fieldwork: purpose and methods
- Rules of audit evidence, and how they apply to soft controls
- Five principles for evaluating soft controls
- Tool for evaluating effectiveness of soft controls: the CSA Questionnaire
- A risk/control matrix for evaluating the control environment

Phases I-III: Identify Opportunities for Improvement
- The five attribute approach
- Form for developing and reporting opportunities for improvement
- Participative reporting

Phase IV: Reporting
- New approaches to audit reports:

• How to really give credit to proactive management
• Management Action Plans instead of findings and recommendations

© 2009 AuditTrends, LLC Contact AuditTrends