Process Level Auditing Presentation


Published on

Process Level Auditing (PLA) Presentation

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Process Level Auditing Presentation

  1. 1. <ul><li>Process Level Auditing </li></ul>
  2. 2. <ul><li>What is Process Level Auditing (PLA)? </li></ul><ul><li>PLA means the auditor acts as a facilitator to help the managers of a group of related activities assess the control strengths and weakness. Together, we develop action plans for improvement, where necessary. </li></ul>
  3. 3. <ul><li>In a PLA Environment: </li></ul><ul><li>All existing controls and procedures are reviewed by managers and auditors to determine what is needed for improved efficiency. </li></ul><ul><li>Internal Audit, in the capacity of in-house consultant, works with the &quot;client&quot; to enhance the operations of the various departments. </li></ul>
  4. 4. <ul><li>How Will Process Level Auditing Improve the Organization? </li></ul><ul><li>The managers' operational knowledge of the process </li></ul><ul><li>becomes part of the audit. </li></ul><ul><li>Each segment of the process is summed into one continuous </li></ul><ul><li>flow. </li></ul><ul><li>The managers gain an understanding of how the activities in </li></ul><ul><li>their segment impact the process. </li></ul><ul><li>The risks factors are assessed for potential impact to the </li></ul><ul><li>process, and controls are applied for maximum efficiency </li></ul><ul><li>and effectiveness. </li></ul>
  5. 5. <ul><li>Responsibilities of Internal Audit to the Organization </li></ul><ul><li>The Institute of Internal Auditors set standards for the professional practice of Internal Auditing. They defined internal Auditing as an: </li></ul><ul><li>&quot;... Independent appraisal function established within an organization to examine and evaluate its activities as a service to the organization...&quot; </li></ul><ul><li>&quot;...The objective of internal auditing is to assist members of the organization in the effective discharge of their responsibilities...“ </li></ul><ul><li>&quot;... To this end, internal auditing furnishes them with the analyses, appraisals, recommendations, counsel and information concerning the activities reviewed..&quot; </li></ul>
  6. 6. <ul><li>CONTINUED </li></ul><ul><li>Responsibilities of Internal Audit to the Organization </li></ul><ul><li>Internal Audit must also keep the Board of Trustees informed of the adequacy of internal controls. In a process level auditing environment, these key functions will not change. </li></ul>
  7. 7. <ul><li>Internal Audit Objectives </li></ul><ul><li>Current Practice </li></ul><ul><li>The objectives of Internal Audit currently are to determine that existing policies and procedures within one area are adequate, properly implemented, and personnel are in compliance. </li></ul><ul><li>Practice Under PLA </li></ul><ul><li>The objectives of Internal Audit would be to facilitate the group's assessment of the process to determine where controls are needed, to adequately protect the assets of the organization. </li></ul>
  8. 8. <ul><li>CONTINUED </li></ul><ul><li>Internal Audit Objectives </li></ul><ul><li>Current Practice </li></ul><ul><li>As part of its objectives the Internal Audit department currently identifies financial and operational problem areas and recommends modifications or development of new policies and procedures to assure that assets are safeguarded throughout the organization. </li></ul><ul><li>Practice under PLA </li></ul><ul><li>As part of its objectives the Audit process group would review the entire process, and collectively recommend modifications or development of policies and procedures that enhance the process, as well as adequately safeguard organization </li></ul><ul><li>assets. </li></ul>
  9. 9. <ul><li>FUNCTIONS OF INTERNAL AUDIT </li></ul><ul><li>Current Practice </li></ul><ul><li>Internal Auditors currently focus on insuring that adequate controls exist within each segment of a process. </li></ul><ul><li>Internal Auditors examine activities as a service to the organization. </li></ul><ul><li>Internal Auditors perform independent appraisals. </li></ul><ul><li>Practice Under PLA </li></ul><ul><li>The Auditor would facilitate a review of the process that focus on controls within a total process. </li></ul><ul><li>Internal Audit would facilitate the identification of unacceptable risks, and opportunities for reduction to acceptable levels. </li></ul><ul><li>Independent appraisals would continue. </li></ul>
  10. 10. <ul><li>CONTINUED </li></ul><ul><li>FUNCTIONS OF INTERNAL AUDIT </li></ul><ul><li>Current Practice </li></ul><ul><li>Internal Audit: </li></ul><ul><li>Assists the organization in the effective discharge of their duties. </li></ul><ul><li>Furnishes management with analyses, recommendations, counsel, and information on activities reviewed. </li></ul><ul><li>Reports to the Audit Committee and all levels of management, its findings, conclusions and recommendations. </li></ul><ul><li>Practice under PLA </li></ul><ul><li>Internal Audit would: </li></ul><ul><li>Continue to assists members of the organization in the effective discharge of their duties. </li></ul><ul><li>Furnish management with analyses, recommendations, counsel, and information on activities reviewed. </li></ul><ul><li>Report to the Audit Committee and all levels of management, its findings, conclusions, and recommendations. </li></ul>
  11. 11. <ul><li>The Managers' Expanded Role Under PLA </li></ul>The managers' would participate in the process by: A. Identifying the segments that constitute a process. B. Contributing first-hand observations and ideas regarding the state of existing controls and potential risks in the process. C. Developing a flowchart that links the segments into a process stream. D. Achieving improvements in cost, quality, and service within a specific process and ultimately the Organization . E. Contributing to the development of action plans to reduce unacceptable risks to acceptable levels.
  12. 12. <ul><li>Examples of Risks </li></ul><ul><li>Financial - Service Revenue or budget driven. </li></ul><ul><li>Legal Liability – The Organization's potential exposure from any lawsuits relative to the activities of the process. </li></ul><ul><li>Regulatory Compliance - Any Federal, State, or Local legislation impacting the activities of the process. </li></ul><ul><li>Corporate Image - Issues that impact the public's perception of the institution. </li></ul><ul><li>Industry Specific - Issues that are specific to a particular industry such as healthcare. </li></ul>
  13. 13. <ul><li>CONTINUED </li></ul><ul><li>Examples of Risks </li></ul><ul><li>Confidentiality of Data - Adherence to the privacy and confidentiality of customer/patient information. </li></ul><ul><li>Safeguarding Proprietary Data - The need to keep such data confidential. </li></ul><ul><li>Systems Recovery - The need to develop a disaster plan for any interruption to the data collection and storage system. </li></ul><ul><li>Operational Risk - Changes in the methods for achieving the objectives of the process. </li></ul><ul><li>Data Integrity and Reliability - The state of data collection, storage and accuracy within a department. </li></ul>
  14. 14. <ul><li>Methodology of Risk Assessment </li></ul><ul><li>Identify the business segments within the process. </li></ul><ul><li>Facilitate the identification of risk factors within the process and classify by category. </li></ul><ul><li>Facilitate the ranking of the risk factors according to degree of importance to the process, and potential exposure to the organization. </li></ul><ul><li>Determine the order of audit field tasks, by giving priority to risks with highest potential exposure. </li></ul><ul><li>Perform the audit field tasks according to the risk ranking developed by the process group. </li></ul>
  15. 15. <ul><li>CONTINUED </li></ul><ul><li>Methodology for Risk Assessment </li></ul><ul><li>Review the findings of the audit field work with the process group. </li></ul><ul><li>Re-rank the risks according to the findings of the audit. </li></ul><ul><li>Facilitate a discussion of the opportunities for reducing risk and improving effectiveness and efficiency. </li></ul><ul><li>Prepare an audit report outlining the process and opportunities for improvement. </li></ul>