Process Level Auditing (PLA) involves auditors facilitating managers to assess control strengths and weaknesses within related business activities. The auditor and managers work together to develop improvement plans where needed. With PLA, all existing controls are reviewed by managers and auditors to determine how to improve efficiency. The internal audit acts as a consultant to enhance department operations. PLA improves the organization by incorporating manager operational knowledge, assessing processes as continuous flows, helping managers understand impact across activities, and applying controls for maximum efficiency and effectiveness.
2. What is Process Level Auditing (PLA)?
PLA means the auditor
acts as a facilitator to help
the managers of a group
of related activities
assess the control
strengths and weakness.
Together, we develop
action plans for
improvement, where
necessary.
3. In a PLA Environment:
All existing controls and
procedures are reviewed by
managers and auditors to
determine what is needed for
improved efficiency.
Internal Audit, in the capacity
of in-house consultant, works
with the "client" to enhance the
operations of the various
departments.
4. How Will Process Level Auditing Improve
the Organization?
The managers' operational knowledge of the process
becomes part of the audit.
Each segment of the process is summed into one continuous
flow.
The managers gain an understanding of how the activities in
their segment impact the process.
The risks factors are assessed for potential impact to the
process, and controls are applied for maximum efficiency
and effectiveness.
5. The Managers' Expanded Role Under PLA
The managers' would participate in the process by:
A. Identifying the segments that constitute a process.
B. Contributing first-hand observations and ideas
regarding the state of existing controls and potential risks
in the process.
C. Developing a flowchart that links the segments into a
process stream.
D. Achieving improvements in cost, quality, and service
within a specific process and ultimately the Organization .
E. Contributing to the development of action plans to reduce
unacceptable risks to acceptable levels.
7. Examples of Risks
Reporting - The effect of inaccurately prepared financial statements,
which should reflect the organization's financial position accurately,
fairly and in accordance with Corporate Accounting Policies .
Legal Liability – The risk that new laws will be enacted, which
unfavorably affect business operations and revenues.
Regulatory - The risk that an organization operates or engages in
transactions in such a way as to be out of (compliance with Federal
and State laws and regulations - consequences include financial,
civil, criminal, administrative sanction/penalties, and unfavorable
publicity.
Competition - The inability to effectively remain abreast of the
demands of the marketplace or to respond to competitive challenges.
Strategy - The risk that strategy decisions don't accomplish the
desired outcome.
8. CONTINUED
Examples of Risks
Reputation - The risk to an organization's reputation because of
actions of employees, poor performance in the marketplace or
violation of legal or regulatory statutes.
Asset Safeguarding - Due to misadministration or the deliberate
improper act of employees, customers or third parties. These could
include fraud, theft, destruction of records, conflict of interest, misuse
of position or other misrepresentation.
Human Resources - Arises from insufficient competent staff
available to support business activity or the control functions
surrounding it .
Technology - Arises from disruption to business and/or support
operation functions due to system or technology malfunction,
insufficient capacity or inability to recover from disruption due to
power loss, fire, flood, terrorist attack, etc .