misstatements are detected, which may emanate from errors, fraud,

TYPES OF AUDIT or noncompliance with laws and regulations.

Moreover, the financial audit extends to the five financial statements
WHAT IS AUDIT? – income statement, balance sheet, statement of changes in equity,
“An audit is a systematic process of objectively obtaining and cash flow, and notes to financial statements. Also, the nature of the
evaluating evidence regarding assertions about economic actions and business under audit and its environment should be considered,
events to ascertain the degree of correspondence between these including the internal controls, processes that affect financial
assertions and established criteria and communicating the results to statements, judgments about estimates, and other events,
interested users.” transactions, and practices that significantly affect the financial
-American Accounting Association statements.

TYPES OF AUDIT Types of Financial Audit

1.​ Financial Audit 1.​ External Financial Audit - An audit conducted by an
2.​ Compliance Audit independent certified public accountant which results in an
3.​ Operational Audit audit opinion about the fairness of the financial statements
in accordance with the applicable framework attached to the
auditor’s report.
FINANCIAL AUDIT
2.​ Internal Financial Audit - An internal auditor, an employee
Definition of the company, which results in recommendations for the
An internal auditor can do a financial audit, yet stakeholders management and board of directors regarding the processes
prefer an independent audit done by an independent auditor, a and internal controls that affect the financial reporting
certified public accountant. A financial audit enhances the confidence process, also included in the financial audit report.
of the financial statements through an objective evaluation to provide
a reasonable assurance that the financial statements are accurate and 3.​ Internal Revenue Service Audit - This is a review of the
fairly presented in accordance with the applicable financial accounts and financial information of the business in
framework, whether IFRS or GAAP (GoCardless, 2020). accordance with the tax laws and to ensure that the tax
That said, the difference between internal and external amount reported is accurate.
financial audits is objectivity and independence. The former is
conducted by an internal auditor, an employee of the company, while
an external auditor, a qualified third party, does the latter (Deemer, COMPLIANCE AUDIT
2023)
Definition
Importance A compliance audit is an organization's adherence to
A financial audit is important because it gives reasonable assurance to internal policies, standards, external laws, and regulations that is
the stakeholders that the financial statements prepared by the systematically assessed by reviewing all the processes and operations
company as a basis of their economic decisions are free from errors of an organization. It's a systematic evaluation of an organization's
and material misstatements. Hence, it adds confidence and credibility compliance with external laws, regulations, standards, and internal
to a company's financial statements (Deemer, 2023) policies.
The government auditor carries out a compliance audit. by asking
Backbone them questions concerning internal controls and presenting proof of
Generally Accepted Auditing Standard (GAAS), issued by the Board of compliance. To arrive at a reasonable confidence that an organization
Accountancy, is the basis of an auditor when conducting an audit as it is carrying out the tasks specified by the goal framework or rule,
sets the minimum requirement and procedure on how to audit auditors must apply professional skepticism, exercise judgment, be
financial statements in a manner of consistency, uniformity, independent, and avoid conflict of interest between management.
professionalism, integrity, and objectivity (Deemer, 2023). Hence, (Iqbal, A. & Ramos C., 2023)
Philippine Standards on Auditing (PSA), promulgated by the Auditing
and Assurance Standard Council, are the standards, practices, and Purpose
procedures generally accepted in the Philippines. The purpose of a compliance audit is to obtain a deliverable that
describes the organization's level of conformity with the standards of
Criteria the regulatory body or the target framework. This will show a list of
Financial statements audit has an established criteria as a basis of the any areas where the organization is not in compliance and offer
auditor to conclude whether or not that the financial statements are suggestions for enhancement.
fairly presented. These criteria may be international, such as
International Financial Reporting Framework (IFRS), or traditional, Scope of Compliance Audit
such as Generally Accepted Accounting Principles (GAAP). The scope of a compliance audit is typically financial
records, operational procedures, employee practices, and
Scope of Financial Audit environmental or data protection controls that are assessed to check
The main focus of this kind of audit is the company’s financial if they're against the laws, standards, and internal policies to ensure
statements, where the auditor issues an opinion on whether the that the organization is in compliance.
financial statements are fairly presented in accordance with the By conducting a thorough examination of these areas, auditors can
applicable financial reporting framework. In order to achieve this, the provide valuable insights and recommendations for improvement to
auditor must provide reasonable assurance that material help the organization.
Types of Compliance Audit Important Terms
1.​ Tax Compliance Audits - Conducted by the Bureau of Future-oriented
Internal Revenue (BIR), tax compliance audits are ●​ Unlike financial audits that refer to historical data,
performed to confirm that businesses correctly disclose operational auditing adopts a future focused perspective by
their financial activity and comply with tax laws. identifying the strengths, weaknesses, opportunities, and
threats involved in the operations of an entity. It also
2.​ Labor Compliance Audits - Performed by the Department of emphasized on ways the organization may improve its
Labor and Employment (DOLE), labor compliance audits are future performance.
conducted to make sure businesses abide by labor laws
pertaining to employee contracts, pay, and workplace safety Independent
regulations. ●​ Independent Operational auditing aims to provide unbiased
evaluation of organization's performance and objective
3.​ Corporate Governance and Securities Audits - conducts recommendations. Hence, auditors would report to the
environmental compliance audits to see if businesses are board of directors or president to avoid conflicts of interest.
adhering to environmental laws, such as those pertaining to Moreover, operational auditors should not be responsible
polution prevention and waste management. for operating functions or in correcting deficiencies which
should be the responsibility of operating personnel.
4.​ Data Privacy Compliance Audits - aimed at making sure
businesses abide by the Data Privacy Act of 2012, Systematic
safeguarding private and sensitive information. ●​ Similar to other types of audit, operational audit must also
implement a structured and planned approach in reviewing
Criteria the organization's operations.
1.​ Laws and Regulations
●​ National and local laws—labor laws, tax laws, Business-Focused
environmental laws ●​ Unlike financial auditing that focuses on the preparation of
●​ International laws—GDPR for data protection, financial statements that addresses the needs of external
FCPA for anti-corruption users, operational audits emphasizes on the effectiveness
and efficiency of company operations. It evaluates different
2.​ Internal Policies and Procedures departments and functions within the organization in order
●​ Standard operating procedures to guarantee their profitability and goal attainment.
●​ Internal control frameworks
Purpose
3.​ Industry Standards and Best Practices The purpose of operational audit mainly revolves on improving the
●​ ISO standards (e.g., ISO 9001 for quality profitability of the organization and enhancing the attainment of
management, ISO 27001 for information security) organizational objectives. Specifically, it may aid in:
●​ COSO (Committee of Sponsoring Organizations) 1.​ Management Performance - The management has a
framework for internal controls fiduciary responsibility to organization's owners and
stakeholders. Investopedia (2024) defines fiduciary duty as
4.​ Contractual Agreements the relationship between a beneficiary and the fiduciary who
●​ Supplier/vendor contracts is responsible in acting in the best interest of the former and
●​ Customer agreements ensuring that no conflict of interest would arise. In this
●​ Employment contracts regard, management is assessed through a range of
expectations including corporate service responsibility,
5.​ Ethical Guidelines and Codes of Conduct ethical practices, confidentiality, and positive reputation.
●​ Corporate governance policies 2.​ Procedure Documentation - Apart from ensuring that
●​ Anti-bribery and anti-corruption guidelines (e.g., employees are compliant with established policies and
OECD guidelines) procedures, operational auditing also verifies that these
documents are up to date, relevant, efficient and effective,
safe from unauthorised change, and are communicated
OPERATIONAL AUDIT properly and easily accessible to employees.
3.​ Organizational Structure - Properly structured organization
Definition is crucial in attaining organizational objectives. By
According to Murdock (2017), operational auditing is a future identifying weaknesses in the organizational structure,
oriented, independent, systematic, and business-focused evaluation operational auditing allows organizations to improve in
of management, and the organization's activities controlled by these areas and promote the accurate and prompt flow of
management and third parties. information.
This is done to benefit the organization's stakeholders who trust 4.​ Identifying and Assessing Issues - Operational audit allows
internal auditors to identify anomalies, verify that resources are organizations to determine existing and possible sources of
handled responsibly, and that the organization is structured and issues in the company's operations. Moreover, it also
operating in ways that it is likely to succeed. provides recommendations as to how these issues may be
addressed.
5.​ Maintaining Compliance and Relevant Laws and
Regulations - Operational audit also provides awareness
regarding risks and fraud associated with their controls and
 processes. By uncovering these gaps in the internal control Government Auditors
system, organizations can avoid legal repercussions and Government auditors may also conduct operational audits as part of
mitigate risks. their financial audit particularly:
6.​ Benchmark for Progress and Monitoring - Benchmark is a a) Economy and Efficiency Audits
measure that indicates the performance and progress of an b) Program Audits
organization. Through operational audit, management can
monitor the performance in different areas of their CPA Firm
operation and ensure continuous growth by accomplishing Often, clients would engage with CPA firms for operational audit to
organizational goals and objectives. evaluate one or more specific parts of its business and the company
does not have an internal auditor or the internal auditor lack
Criteria expertise in a certain area.
Unlike compliance and financial auditing, the criteria for evaluating
the effectiveness and efficiency of entities are not clearly established
as it would depend on the objectives set by the board of directors. Due
Types of Audit Financial Compliance Operational
to this, auditors are left with the task of determining aspects relating
Audit Audit Audit
to efficiency and effectiveness that may be improved.
Assertions Fair Compliance Effective and
made by the presentation with law, efficiency
auditee of financial regulations or conduct of
Effctiveness Efficiency statements contract operations or
The capacity of the Using the least amount of activities
organization to meet its inputs to achieve the highest
objectives. amount of output.
Established Applicable Laws, Objectives set
criteria financial regulations by the board
Example: Example:
reporting and contracts of directors
A toy company has established Using the same toy company.
framework
an objective of reducing Assessing company efficiency
defective parts in producing involves the use of resources in
their toy car. To determine the attaining these objectives. Purpose of Provide Describe Mitigate risks
company’s effectiveness, the the audit reasonable conformity and ensure
auditor may establish criteria assurance with attainment of
such as: about the contracts, organizationa
fairly laws, and l goals and
A). Are the machinery properly A). Would more expensive but presentation regulations objectives
assessed for reliability? better quality machinery of financial
B). Are the employees properly produce less cost than those statement
trained regarding quality arising from defects?
control? B). Would automation be Scope of Audit Financial Business Business
cheaper than training the Statements records and processes and
machine operators? procedures systems

Who Independent Government Internal

Scope of Audit performs the auditor Auditor Auditor
Operational audit encompasses all areas for improvement and is not audit?
specific to certain functions or departments. The scope may include
but are not limited to: EXAMPLE 1: MANUFACTURING INDUSTRY
1.​ Business Processes and Systems - For opportunities for Hotdogs R' Us, a hotdog manufacturing company, has experienced a
process optimization. decline in operational efficiency, particularly with the storage of raw
meat trimmings and unsold products. These issues have led to high
2.​ Utilization of Resources - To assess effective use of storage costs and spoilage of products. In response, the company's
workforce, materials, equipment, and technology. internal audit department initiated an operational audit focusing on
inventory management. The audit revealed several key issues:
3.​ Organizational Structure - To determine its efficiency in demand for hotdogs was poorly forecasted, leading to over stocked
supporting organizational goals and objectives. raw meat trimmings, and the storage freezers were inefficient,
contributing to product spoilage.
4.​ Operational Risks - For effective risk management.
To address these chalenges, the auditors recommended reviewing
5.​ Internal Controls - To guarantee its reliability demand forecasts to align production with current market
conditions, ensuring production please are based on accurate demand
Who Performs Operational Audit? data. They also suggested reassessing procurement strategies to
Internal Auditors prevent over-purchasing of materials, reducing wastes, and
Operational audit is one of the types of audit conducted by internal unnecessary costs. Lastly, the auditors advised upgrading or
auditors. As they are familiar with the operations of the organization, replacing the aging storage freezers to improve efficiency and
internal auditors are highly capable of conducting operational audit. minimise spoilage. By implementing these recommendations,
Hotdogs R' Us successfuly reduced production costs, optimized
inventory management, and significantly improved operational
efficiency.
EXAMPLE 2: RETAIL INDUSTRY Factors Driving the Objectives for the Review
ABC Grocery Store, a retail company, conducted an operational audit 1. New Rules
of the customer service process. ●​ Rules can be established internally (e.g., policies and
procedures) or externally (e.g., new or updated laws and
The audit reveals that there is a long waiting time for cashiers, that regulations), or a combination (e.g., a contract signed by the
the number of cashiers is not sufficient to cater to their everyday organization and one or more external parties).
customers, that there is ineffective communication between
employees, which part of it contributes to the first problem, and that 2. Poor Performance
customer service representatives have inadequate training in ●​ Inefficiencies, waste, rework, or complaints from customers
accommodating complaints and other concerns of the customers. and vendors may trigger management involvement,
resulting in their request to have the matter reviewed by
The internal auditor recommended adding additional cashiers based internal audit.
on past experiences with the number of customers they have,
enhancing communication between employees and customers, and 3. Compliance Issues
giving sufficient training programs for al of the employees to foster ●​ Internal audits may investigate potential issues identified
an ethical and functional workplace. These being implemented through quality control initiatives or external reviews,
improved customer retention and brand standing as customer ensuring that similar problems do not exist within their
complaints and concerns are handled wel through enhanced effective organization, monitoring the situation, and verifying
customer service. corrective actions in preparation for future external
compliance reviews.
EXAMPLE 3: SERVICE INDUSTRY
XYZ Customer Solutions, a growing cal center in Manila, underwent 4. Anomalous revenues or expenses
an operational audit to improve efficiency and service quality. The ●​ Internal audit may review sales and expenses if they appear
auditors examined cal handling processes, employee productivity, suspicious, verifying the legitimacy of transactions, correct
and customer satisfaction ratings. They discovered that long wait amounts, and accurate posting periods, especially when
times were caused by outdated cal routing software and a lack of figures seem unusually high, low, or questionable.
proper training for new agents.
Phases of the Operational Audit
Additionaly, the audit revealed that many unresolved customer ●​ Planning
complaints were from inconsistent escalation procedures and not ●​ Fieldwork
properly segregated parts. After reviewing these findings, ●​ Reporting
management implemented a new training program, upgraded the cal ●​ Follow - Up
system, and segregated their duty accordingly to avoid complaints
from customers. Operations were made more efficient by the audit, PLANNING
which also improved customer satisfaction and staff morale. This phase involves defining the scope of the audit, identifying risks,
developing an audit plan, and allocating resources.

OPERATIONS AUDITING Key steps for effective planning

1. Enterprise-Level Risk Assessment
Agenda 2. Develop Comprehensive Audit Plan
1. Operation Audit 3. Tactical Risk Assessment for Each Audit
a.​ Key Objectives 4. Detailed Engagement Preparation
2. Phases of Operational Audits 5. Comprehensive Risk Evaluation
a.​ Planning
b.​ Fieldwork The Proactive Approach to Organizational Success
c.​ Reporting Success is not just about avoiding risks, but about strategically
d.​ Follow-Up enabling what must go right.

Audit Process Risk Factors

Dynamic conditions that either amplify or mitigate organizational
Operation Audit risks.
An operational audit involves a review of the activities performed in a
program or process in the pursuit of its objectives by individuals, who Impact of risk factors on the risk profile
are often supported by a variety of tools.

Key Objectives of Operational Audits

Clearly defined objectives are essential to avoid wasted time,
frustration, and damage to the audit function’s reputation. Internal
auditors should not define objectives unilaterally but instead involve
management to ensure the review meets their needs. The review
objectives may vary depending on various factors, with
management’s input being crucial.
Planning Importance
1. Engagement with Process Owners ●​ it enables auditors to critically assess and validate
2. Reviewing Previous Audit Workpapers financial information, identify potential risks and
3. Importance of Proper Planning fraud, and maintain the integrity of financial
4. Audit Procedures reporting.
5. Time Estimation and Speed ●​ it helps ensure that auditors' decisions aren't
influenced by personal bias.
Audit Procedures
1. Verify - Confirm or prove the truth of a fact. 1. Workpaper
2. Trace - Track a transaction from its source to its destination. ●​ Workpapers are documents created by auditors to record the
3. Vouch - Reverse-track a transaction from its destination to its work done. They are a collection of evidentiary material
source. showing the planning done, the fieldwork activities
4. Reconcile - Compare information from two sources to verify performed, and the support for all information mentioned in
accuracy or discrepancies. the audit report or other communication of results.
5. Foot - Add the items in a column 5. ●​ Workpapers may include a wide variety of items, ranging
6. Cross-foot - Add the items in a row 6. from process narratives, flowcharts, copies of policies and
7. Observe/tour - Physically observe and note conditions of an area of procedures, checklists, organizational charts, management
interest and financial reports, analysis of testing, correspondence,
questionnaires, and pictures.

FIELDWORK In general, a workpaper should include:

This phase involves gathering evidence, performing tests, and ●​ Objective of the procedure performed
evaluating the effectiveness of controls. ●​ Source of the information evaluated
●​ Name of the auditor who performed the work
Primary Goals ●​ Date when the work was done
1. Determine if the process or program under review is designed ●​ Name and date of supervisory review
effectively so that the related goals and objectives are likely to be ●​ Details showing the work done
achieved. ●​ Reference to other supporting documents, such as
2. Verify that the controls in place are performing as designed by ●​ relevant objectives, risks, and controls
management. ●​ Results of the testing procedure performed
●​ Conclusion
Types of Audit Evidence
Testimonial Characteristics of a High-quality Workpapers
●​ consists of verbal or written statements or assertions given
by someone as proof regarding the matter being discussed.
Types: Hearsay; Testimony

Observational
●​ evidence in observing conditions and dynamics, watching a
process or procedure being performed by others. An
evidence about how well a process is being carried out.
●​ verifies the existence, the condition, valuation, and
protection of physical facilities and practices.
●​ Types: Known Observation; Unknown Obesrvation
REPORTING
Documentary This phase involves documenting the findings, communicating the
●​ Another common way of collecting evidence is by reviewing results to making management, and recommendations improvement.
documents.
●​ documents are examined to verify the date and amount of
transactions, agreements made between various parties,
evidence of authorizations and record of decisions made,
among others. The documents can be internal or external,
financial or nonfinancial.

Recalculation/Reperformance
●​ Mathematical recalculation is a form of audit evidence and it
consists of checking the accuracy of documents or records.
●​ verifies the accuracy and completeness of the work done,
and confirms that the amount is correct.

Professional Skepticism
●​ an attitude that includes a questioning mind, being alert to
conditions that may indicate possible misstatement due to
fraud or error, and a critical assessment of audit evidence.
Two Types of Deficiencies OPERATIONAL RISK
1. Design ●​ As described by the Basel Committee is the risk of loss
●​ If the design is not conducive to the achievement of the resulting from inadequate or failed internal processes,
organization’s objectives and the enhancement of people, and systems or from external events.
stakeholder value, then there is a design deficiency. ●​ Risk of losses caused by flawed or failed processes, policies,
systems or events that disrupt business operations.
2. Operating
●​ These deficiencies are related to controls that are 4-CAUSE DEFINITION
performing poorly and not acting as designed. Auditor
testing procedures form the basis to determine if the control
is working or not.

Common Implementation Challenges

1. Dependency
●​ Process owners should evaluate the conditions in their unit
and formulate solutions to the problems presented

CATEGORIES OF OPERATIONAL RISKS

Process Owners
1. Internal Fraud - Fraudulent activities or misconduct carried out by
●​ A process owner is a manager accountable for creating,
employees, management, or other individuals within an organization
maintaining, and improving a process, as well as ensuring
that exploit internal systems for personal gain.
its successful implementation and outcomes.

2. External Fraud - Fraudulent activities perpetrated by individuals

2. Lack of Ownership
or entities outside the organization, targeting its assets, operations,
●​ The auditor's role is to verify that processes are designed
or systems for illicit gain.
and performed to achieve their objectives, not to take
responsibility for them. When someone says, "the auditor
3. Employment Practices and Workplace Safety - Potential hazards
told me to do it," it shifts accountability from the process
or risks associated with the organization’s policies, procedures, and
owner to the auditor. Auditors make recommendations, but
practices related to employee management and safety within the
it's up to the process owner to decide whether to accept
workplace
them.

4. Clients, Products, and Business Practices - potential risks that

FOLLOW-UP
arise from the organization’s relationships with clients, the products
A follow-up review means that the auditor is checking to make sure
and services it offers, and the business practices it follows.
the corrective action was performed, so it consists of checking what
management did to address the issue reported.
5. Damage to Physical Assets - Potential for loss, destruction, or
deterioration of an organization’s tangible assets.
Implementation Timeline

6. Technology Failures - Potential for disruptions or malfunctions in

Risk Level Follow-up Period an organization’s technology systems and data management
systems.
High Risk Immediate
7. Execution, Delivery, and Process Management - Risks associated
Medium Risk Within Months with the organization’s ability to effectively execute its strategies,
deliver products or services as promised, and manage internal
Low Risk Annual Review
processes.

Metrics The Operation Risk Management (ORM) Cycle

●​ Metrics exist to assess the performance and provide a Risk Identification
comparison between what should have been done and what Process of systematically recognizing, documenting, and
was actually done. understanding potential risks that may impact an organization’s
●​ Having effective metrics in place, followed by their objectives, operations, and assets.
consistent review and corrective action is a key aspect of
effective management. Risk Assessment
Determine possible mishaps, their likelihood and consequences, and
the tolerances for such events.
RISK ASSESSMENT AND INTERNAL CONTROLS
Risk Treatment
TOPIC OVERVIEW Process of selecting and implementing measures to manage
●​ Identifying and Classifying Operational Risks identified risks.
●​ Discuss different Risk Assessment Tools
●​ Designing effective Internal Controls Risk Monitoring
●​ Risk Assessment Simulation Ongoing process of tracking identified risks, assessing the
●​ Evaluation of Internal Controls effectiveness of risk treatments, and identifying any new risks that
may arise.
Risk Assessment Tools Risk Matrix (with figures)
Risk assessment tools are frameworks, techniques, or software used
to identify, evaluate, and manage potential risks that could impact an
organization, project, or system. These tools help in analyzing the
likelihood and impact of risks, enabling informed decision-making to
minimize negative consequences.

Purpose
●​ Identify Potential Risks
●​ Evaluate Likelihood and Impact
●​ Prioritize Risks
●​ Develop Mitigation Strategies
●​ Optimize Resource Allocation
●​ Improve Decision Making
●​ Enhance Compliance and Safety

How to Choose the Right Tool

●​ Define Your Risk Scope
●​ Assess the Complexity
●​ Consider Industry Standards
●​ Balance Accuracy & Effort
SWOT Analysis
●​ Use a Combination if Needed
●​ Strengths
●​ Weaknesses
Risk Matrix
●​ Opportunities
The risk matrix is a widely used and highly effective tool to record
●​ Threats
and analyze the objectives, risks, and controls in the program or
process that is being audited as defined in the scope definition. The
COSO Framework (COMMITTEE OF SPONSORING ORGANIZATIONS
risk matrix is an essential ingredient when conducting risk-based
OF THE TREADWAY COMMISSION)
audits, as they provide a means to capture and analyze these items.
The COSO Framework (Committee of Sponsoring Organizations of the
Treadway Commission) is a widely used framework for internal
Why is it an Effective Risk Assessment Tool?
control, risk management, and fraud in organizations. It provides
●​ Simple and Easy to Use
structured guidelines to prevention help companies manage risks,
●​ Provides a Visual Representation of Risks
improve governance, and ensure financial reporting reliability.
●​ Helps in Risk Prioritization
●​ Supports Decision-Making and Risk Mitigation
Purpose
●​ Adaptable to Various Industries and Risk Types
●​ Enhance Internal Control
●​ Improve Risk Management
Rist Matrix - 3x3
●​ Ensure Compliance
●​ Strengthen Corporate Governance
●​ Increase Operational Efficiency
●​ Support Reliable Financial Reporting

Key Components of the COSO

Risk Matrix - 5x5

 Information and 13. Uses relevant, high-quality
Control Environment
Communication information
This refers to the workplace environment, characterized by the way 14. Communicates internally to
the organization is structured, the manner of leadership, the degree support controls
of openness, management’s operating style, having and practicing 15. Communicates externally
the tenets of its code of ethics and statement of values.
Monitoring Activities 16. Conducts ongoing and/or separate
Risk Assessment evaluations
17. Evaluates and communicates
Risk assessment involves a dynamic and iterative process of
deficiencies
identifying, analyzing, and deciding how best to respond to these
risks in relation to the achievement of objectives.

Control Activities Designing Effective Internal Controls

Controls are actions established through policies and procedures that
mitigate the likelihood and/ or impact of risks. IMPORTANCE 0F INTERNAL CONTROL
1.​ Prevention of Fraud and Mismanagement
Information & Communication 2.​ Accuracy of Financial Reporting
Refers to the flow of information in an organization. Without the 3.​ Regulatory Compliance
requisite information many controls cannot be performed at all, and 4.​ Operational Efficiency.
when the information is inadequate, this can also compromise the 5.​ Risk Management
quality of internal controls.
Designing Effective Internal Controls
Monitoring Activities STEP 1: CONTROL ENVIRONMENT
Serves as a very effective tool to assist management in understanding ●​ Establish Organizational Culture
how all components of internal control are being applied and can ●​ Promote Leadership and Governance
enhance organizational effectiveness when applied as intended. ●​ Provide Training and Awareness
Monitoring activities can be performed as ongoing or as separate ●​ Create and Enforce a Code of Ethics of Conduct
evaluations.
STEP 2: RISK ASSESSMENT
Objectives ●​ Identify Risks
●​ Operations ●​ Assess the Impact of the Identified Risks
●​ Reporting ●​ Treat the Risk
●​ Compliance ●​ Continuous Evaluation
●​
Levels of Structure STEP 3: CONTROL ENVIRONMENT
●​ Entity Level ●​ Develop and Implement Policies and
●​ Division ●​ Procedures
●​ Operating Unit ●​ Implementation of Controls
●​ Function ●​ Ensure Privacy

STEP 4: INFORMATION AND COMMUNICATION

●​ Develop Information System
17 Principles of Internal Control ●​ Establish Communication System
●​ Practice Internal Reporting
Control Environment 1. Demonstrates Commitment to
●​ Establish External Communication
integrity and values
2. Demonstrates independence and
exercises oversight responsibility STEP 5: MONITORING ACTIVITIES
3. Establishes structure, authority and ●​ Continuously Monitoring
responsibility ●​ Conduct Internal Audits
4. Demonstrates commitment to ●​ Performance Review
attracting, developing and retaining
●​ Corrective Actions
competent staff
5. Enforces accountability

Risk Assessment 6. Specifies suitable, specific objectives RISK ASSESSMENT SIMULATION

7. Identifies and analyzes risks A structured process that uses computational models, statistical
8. Assesses fraud risk techniques, or scenario-based methods to analyze potential risks in a
9. Identifies and analyzes significant system, project, or organization. It involves generating and
changes evaluating various possible outcomes to understand the likelihood
and impact of adverse events. The goal is to enhance
Control Activities 10. Selects and develops control
decision-making, optimize risk mitigation strategies, and improve
activities that help mitigate risks
11. Selects and develops general overall resilience against uncertainties.
controls over technology
12. Bases controls on thorough policies
and procedures
Purpose
●​ Provides Numeric Data BOOKS OF ACCOUNTS AND REGISTRIES
●​ Facilitates Objective Decision-Making IN OPERATIONS AUDITING
●​ Helps in Risk Prioritization
●​ Enables Financial Planning Understanding the role of Ledgers
●​ Enhances Stakeholder Communication The ledger is a systematic compilation of a group of accounts. It is
●​ Supports Continuous Risk Monitoring used to classify the effects of business transactions on the accounts.

Monte Carlo Simulation DIFFERENT KINDS OF LEDGERS

A mathematical method that uses probability distributions to account 1. General ledger
for risk and uncertainty. Instead of relying on a single-point estimate 2. Subsidiary ledgers
(like traditional methods), the Monte Carlo method generates a range 3. Sales ledger
of possible outcomes. It is a probabilistic model that can include an The sales ledger represents accounts receivable, and the
element of uncertainty or randomness in its prediction. purchase ledger shows accounts payable. However, both are
also represented in the general ledger
Scenario Analysis Simulation
Process of estimating the expected value of a portfolio after a given Understanding the role of General Ledger
period of time, assuming specific changes in the values of the ●​ It is the “reference book” of the accounting system and is
portfolio's securities or key factors take place, such as a change in the used to classify and summarize transactions.
interest rate. Scenario analysis is commonly used to estimate changes ●​ It contains accounts for assets, liabilities, equity, revenue,
to a portfolio's value in response to an unfavorable event and may be and expenses, forming the basis for financial reporting and
used to examine a theoretical worst-case scenario. decision-making.
●​ It is the central record that consolidates all financial
Monte Carlo vs. Scenario Analysis transactions from different sources, including the purchase
and sales ledgers

Feature Scenario Analysis Monte Carlo Simulation

Understanding the role of Subsidiary Ledger
●​ The Sales Ledger maintains records of all sales transactions.
Approach Uses a few well-defined Uses thousands of
scenarios randomized simulation ●​ It tracks customer invoices, payments received, and
outstanding receivables, supporting revenue management.
Output Limited number of Probability distribution ●​ It helps businesses monitor customer payments, reducing
possible outcomes of outcomes the risk of bad debts

Complexity Relatively simple Requires statistical Understanding the role of Purchase Ledger
modeling ●​ The Purchase Ledger tracks all transactions related to
purchases and expenses.
Use Case Strategic planning, Financial modeling
●​ It records supplier invoices, payments, and outstanding
business expansion, risk Forecasting, investment
assessment analysis liabilities, helping the business manage accounts payable.
●​ This ledger ensures that all expenses are recorded correctly
and that suppliers are paid on time.

EVALUATING INTERNAL CONTROLS

Benefit of General Ledger
1.​ Ensures Financial Accuracy
How to evaluate internal controls?
2.​ Prevents Unauthorized Transaction
1.​ Assess the Control Environment
3.​ Aids in Fraud Detection
2.​ Evaluate Risk Assessment
4.​ Improves Decision Making
3.​ Investigate Control Activities
4.​ Examine Information and Communication System
Benefits of Sales Ledger
5.​ Analyze Monitoring Activities
1.​ Prevents Revenue Leakage
2.​ Reduces Risk of Bad Debts
Ten Important Tips in Evaluating Internal Controls
3.​ Detects Sales Fraud
1.​ Index Existing Controls
4.​ Strengthens Cash Flow Management
2.​ Understand which Controls are most Relevant to Audit
3.​ Continue the Audit After Determining Control Exist
Benefit of Purchase Ledger
4.​ Check for Deficiencies
1.​ Prevents Overpayments & Duplicate Payments
5.​ Determine if the Deficiency is in Design or Operation
2.​ Improves Expense Control
6.​ Assess the Severity of the Deficiency
3.​ Detects Supplier Fraud
7.​ Evaluate the Reliability of Information Used to Determine
4.​ Enhances Supplier Relationships
Severity
8.​ Avoid Defaulting to Maximun Severity
Understanding the role of Ledgers
9.​ Identify further Audit Procedures to Control Related Risks
●​ Financial Record Accuracy
10.​ Tailor further Audit Procedures based on the Individual
●​ Strengthening Internal Controls
Client
●​ Audit Efficiency
Understanding the role of Registers Key Objectives
The Registers and Logs are structured records of business assets, 1.​ Ensure Payroll Accuracy
transactions, or key operational data used to track, manage, and 2.​ Provide Financial Record-Keeping
maintain financial transactions and business activities. 3.​ Ensure compliance with Tax and Relevant Laws
4.​ Track Employer Payroll Liabilities and Workforce Expenses
Three Main Types of Registers
1.​ Fixed Asset Register Benefits
2.​ Inventory Log A well maintained Payroll Register :
3.​ Payroll Register 1.​ Prevents Payroll Errors and Overpayments
2.​ Strengthens Employee Satisfaction and Retention
FIXED ASSET REGISTERS 3.​ Enhances Compliance and Reduces Legal Risks
It is a detailed record of all long-term tangible assets owned by an 4.​ Supports Business Decision-Making and Financial Planning
organization. It includes information such as the asset’s description,
purchase date, cost, depreciation, maintenance records, and disposal TRACING TRANSACTIONS THROUGH THE RECORDING PROCESS IN
details. OPERATIONAL AUDITING
●​ Operational auditing ensures efficiency, effectiveness, and
KEY OBJECTIVES compliance in business processes.
1.​ Assets are correctly and accurately reflected in the accounts. ●​ A key part of operational auditing is tracing transactions
2.​ All capital expenditure is justified and approved. through accounting records.
3.​ All assets are identified, recorded and regularly verified. ●​ Helps detect errors, fraud, and inefficiencies in financial
4.​ Depreciation is appropriate reporting.
5.​ Asset disposals and write-offs are valid, authorized and
correctly reflected Key Objectives
●​ Understand the transaction recording process
Benefits ●​ Learn how to trace transactions through different
A well maintained Fixed Asset Registers : accounting records
1.​ Prevents asset mismanagement and loss ●​ Identify errors, inconsistencies, and potential fraud in
2.​ Optimizes resource allocation financial statements.
3.​ Enhances decision making ●​ Conduct an activity analyzing sample accounting records.
4.​ Aids in asset lifecycle planning
OVERVIEW OF TRANSACTION RECORDING PROCESS
INVENTORY LOGS 1.​ Source Documents (Invoices, Receipts, Purchase Orders)
It is a meticulously maintained log that monitors the inflow, outflow, 2.​ Journal Entries (Recording Transactions Chronologically)
and current status of various stock items. This record offers an 3.​ Ledger Posting (Classifying Transactions in the General
accurate and real-time insight into the quantity, value, and Ledger)
movement of goods within a company’s operations. 4.​ Trial Balance Preparation (Checking for Balances)
5.​ Financial Statement Preparation (Summarizing
KEY OBJECTIVES Information)
1.​ All inventory values and quantities are accurate
2.​ All stock purchases, issues and other movements are valid IMPORTANCE OF TRACING TRANSACTIONS
and correctly reflected 1.​ Ensures financial data accuracy.
3.​ Increase Inventory Accuracy 2.​ Detects fraudulent transactions or errors.
4.​ Monitor stock levels in real-time 3.​ Verifies compliance with accounting standards.
5.​ Optimize resource allocation 4.​ Improves internal controls and efficiency.

BENEFITS METHODS FOR TRACING TRANSACTIONS

A well maintained Inventory Logs : ●​ Vouching - Tracing backward from financial statements to
1.​ Prevents Overstocking & Stockouts source documents.
2.​ Stock Aging Analysis ●​ Tracing – Following a transaction forward from the source
3.​ Reduces Inventory Shrinkage and Theft document to the financial statements.
4.​ Analyzed consumption patterns, reorder points, and stock ●​ Analytical Procedures – Reviewing trends, ratios, and
turnover ratios variances in data.
●​ Reconciliations – Matching records to external
PAYROLL REGISTERS confirmations (bank statements, invoices, etc.)
A Payroll Register is a structured document or record that contains
detailed payroll information for all employees within a company for a EXAMPLE OF TRACING TRANSACTIONS
specific pay period. It includes details such as: Scenario: A company records a $5,000 sale on January 10.
●​ Employee names and IDs 1. Locate the sales invoice (Source Document).
●​ Gross wages/salaries 2. Check the journal entry: **Dr. Accounts Receivable $5,000 / Cr.
●​ Overtime pay, bonuses, and deductions (e.g., taxes, Sales Revenue $5,000**.
insurance, retirement contributions) 3. Confirm posting to the General Ledger.
●​ Net pay (take-home salary) 4. Verify the trial balance and financial statements.
●​ Employer payroll liabilities (e.g., obligations, social security, 5. Compare with bank deposit records.
benefits)
KEY TAKEAWAYS
●​ Tracing transactions is crucial for ensuring financial
integrity.
●​ Understanding the recording process helps in identifying
errors and fraud.
●​ Operational auditing improves business efficiency and
compliance