Risk-Based Operational Audit - The Basics

Every organization has a primary business objective, the reason for its existence. Whether it is a “for-profit” organization or a “not-for-profit” organization, there is always a primary business objective. And each organization is set up to accomplish that primary business objective.  
The primary business objective is the lifeblood of the organization. And management has the responsibility to set up an operational structure and processes to ensure that the primary business objective is accomplished. However, to do that, there are so many other secondary objectives that have to be achieved. For example, management has to establish various departments like: 

• HR Department– to hire/train personnel
• Procurement Department – to purchase material/goods
• Accounting Department – to pay vendors and employees
• IT Department – to leverage technology 
• Maintenance Department – to care for equipment/infrastructure

There are numerous other possible departments depending on the company and its primary business objective. And every department has its own departmental objectives to directly or indirectly support the primary business objective. And management has the responsibility to establish controls to ensure that these objectives are achieved.
Operational auditing plays an important role in helping management achieve its primary business objective. Internal Audit has the responsibility to evaluate those controls through the operational auditing process to determine if they are adequate and effective.

• Definitions
• IIA internal audit 
• Operational audit

The three primary types of audits
                  Financial
                  Compliance 
                  Operational

• Management’s responsibilities
• Plan, organize, lead, and control
• Establish an organizational structure
• Establish objectives that directly or indirectly support the primary mission
• Assess the risk of not achieving the objectives
• Establish controls to ensure that the objectives are achieved
• Gain an understanding of the operational audit process which includes
• Develop an annual audit plan
• Conduct a preliminary survey of the selected area
• Determine the audit objectives
• Determine the audit scope
• Conduct an entrance conference
• Conduct the fieldwork
• Conduct exit conference
• Communicate the Results to Management
• Follow-up on audit findings

Key IIA Standards relative to operational audits
                  -2010 – Planning 
                  -2201 – Planning Considerations
                  -2220 – Engagement Scope
                  -2240 – Engagement Work Program 
                  -2300 – Performing the Engagement
                  -2400 – Communicating Results 
                  -2500 – Monitoring Progress

This session is designed to give you the basics for doing an operational audit. We will discuss management and audit concepts to help you understand how the process works. We will also do some exercises to further strengthen your knowledge. 

• Audit Managers
• Staff Auditors
• Government Auditors
• Compliance Auditors
• Internal Control Specialists
• Public Accountants
• Accounting Analysts
• Business Analysts
• Quality Control Specialists

Jonnie Keith has been in auditing for over 50 years. He retired in 2012 as the Assistant General Manager (AGM) of Internal Audit with the Metropolitan Atlanta Rapid Transit Authority (MARTA) in Atlanta, Ga. He served in that capacity for over 10 years and was responsible for administering the overall audit activities. In this position, he was also responsible for the review and approval of all internal audit correspondence including audit reports, executive summaries, internal and external correspondence, etc.

Prior to that, he worked at MARTA as the Operational Audit Manager and Senior Contract Compliance Auditor. He also worked at Norfolk Southern Railway (formerly Southern Railway) as a senior operational auditor and started his career at the Federal Reserve Bank of Atlanta as a bank examiner.

Jonnie Keith received a BA degree in Economics from Clark Atlanta University (formerly Clark College). His certifications include:

• Certified Internal Auditor (CIA)
• Certified Fraud Examiner (CFE)
• Certified Government Auditing Professional (CGAP)
• Certified Internal Control Auditor (CICA)

He has been a volunteer seminar instructor for the National Office of the Institute of Internal Auditors for several years.