Group 1

Operations Auditing
Terminology and Key Concepts

Members:
Sadiarin, Jasmine Lianne
Tan, jason Lorenzo
Temporal, Ma. Angelica
Vanessa, Villanueva
Zapatero, Michelle Anne

Submitted to:
Ms. Catherine Aquino
OPERATIONAL AUDIT
Operational Audit is a methodology for assessing the conformity of implementing the
procedures and methodologies set forth in the department’s instructions, regulations or
documents.
Operational Audit is performed by specialized auditors. Upon completion of the
auditing process, a report of findings with recommendations is submitted. Operational audit
contributes to improving implementation, complying with the government organizations’
procedures and providing the management with points of nonconformity so that corrective and
preventive actions can be taken, thereby improving the efficiency and effectiveness of operations
and increasing customers’ satisfaction.

The systematic process of evaluating an organization’s effectiveness, efficiency &

economy of operations under management’s control & reporting to appropriate persons the
results of the evaluation along with recommendations for improvements.

Why Operational Audit?

● Identify poor work practices in order to improve them.
● Verify that employees implement operations in conformity with instructions and
regulations, which guarantees achieving the desired effectiveness and efficiency.
● Assist in the evaluation of quality control procedures adopted in the organization.
● Evaluate implementation processes in the organization.

Effectiveness versus Efficiency

Effectiveness refers to the accomplishment of objectives.
Efficiency refers to the resources used to accomplish those objectives

Phases in Operational Auditing

● Planning - having a preliminary preparation/risk assessment
– gather background information about the entity’s operation.
 ● Evidence accumulation and evaluation/risk response-You will gather evidence to support
the financial statement and other documents that are useful in performing the audit.
● Reporting and follow-up/Audit Report -Completion, and giving auditor’s opinion

Types of Operational Audits

a. Functional audit
- concentrates on activities of the business, e.g. billing function, production, accounting,
IT.
- Allows specialization, but fails to take into account interrelated functions.
b. Organizational
- Organizational unit, e.g. branch, subsidiary, dept., unit, center
- Concentrates on organizational structure, coordination of activities
c. Special assignments
- Determining the cause of ineffective IT system, fraud investigation

Internal auditing
Is an independent, objective assurance and consulting activity designed to add value and
improve an organization's operations. It helps an organization accomplish its objectives by
bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk
management, control, and governance processes.

Changing roles and responsibilities of internal auditors

Responsibilities of the independent, external governmental auditor should embrace the
following three aspects of management accountability:

● fiscal accountability - includes fiscal integrity, disclosure, and compliance with

applicable laws and regulations;
● managerial accountability - concerned with the efficient and economical use of personnel
and other resources; and
 ● program accountability - designed to assess whether programs are achieving their
intended objectives and whether the best program options have been selected to achieve
these objectives from the standpoint of total cost and outputs.

Internal audit job description and responsibilities

An internal auditor is relied upon to assess how well a company is managing risk.
Working as part of the in-house finance team, they use a systematic methodology to explore how
well internal processes are working and whether company risk and operations could be
improved. Professionals within this job role act as a moderator for all company accounts,
ensuring that they are compliant and that any future risk is identified and managed. Typical
internal auditor responsibilities are:

● Assessing company financial risk

● Safeguarding assets
● Gathering and analyzing data
● Checking the accuracy of financial reports
● Auditing the efficiency of business processes
● Ensuring the business adheres to policies, procedures, legislations and regulations
● Stakeholder communication

The link between financial, compliance, and operational audits

An audit is a type of assurance service that involves accumulating and analyzing support
for information provided by others. The main purpose of the audit is to assure users of financial
information about the accuracy and completeness of the information. To carry out an audit,
accountants collect and evaluate proof of procedures, transactions, and/or account balances and
compare the information with established criteria. The three primary types of audits include
compliance audits, operational audits, and financial statement audits. Although all audits involve
an investigation of supporting information, each type of audit has a different purpose.
 ● Compliance audits - determine whether the company has complied with regulations and
policies established by contractual agreements, governmental agencies, company
management, or other high authority.
● Operational audits - assess operating policies and procedures for efficiency and
effectiveness.
● Financial statement audits - determine whether the company has prepared and
presented its financial statements fairly, and in accordance with established financial
accounting criteria.

Incorporating corporation risk into internal audit ‘s risk-based auditing approach

Risk-based internal audits start by examining the inherent risks your company faces (as
identified by your management and board of directors) and then seek to correct and reframe your
controls according to what risks are the most urgent and have the most potential for loss. This
technique is more in keeping with an enterprise risk management (ERM) approach, as it
examines the organization as a whole rather than by department, as in a traditional audit
methodology. Put more simply, RBIAs give auditors a larger role in your risk reduction
program. Beyond simply diagnosing the problems, they are also a part of the creation of
effective controls and maintaining risk management efforts over time.
One of the benefits of a risk-based audit is that it can be altered and adjusted to match
your company’s risk management process and particular needs. Here are some steps you can take
to help you create and execute a successful audit.

● Understand your risk universe

Risk-based internal audits require internal auditors to understand company
strategies, goals, and objectives. Your auditors or audit committee must understand the
business's strengths, weaknesses, and challenges to target the highest-risk areas. Defining and
classifying your organization's risk universe will help you schedule RBIAs and identify critical
risks. After risk identification, auditors must assess those risks to determine their likelihood,
impact on the organization, and risk mitigation efforts. Your risk register should contain this
information for easy sharing.
 ● Get management involved
Internal auditors should collaborate with senior management to align business
strategy and risks with auditing and monitoring. Management can help internal auditors assess
business risk. It helps internal auditors understand the company's risk tolerance and thresholds.
Risk-based auditing is distinguished by management involvement. Your team knows your
company's business risk best and can help you create an auditing system that works for everyone.

● Determine your risk maturity

Risk appetite is a company's risk tolerance. Risk tolerance is how much a
company can deviate from its risk appetite. Understanding these two business aspects determines
your risk maturity. Stakeholders must understand both concepts and set risk thresholds to
determine when and where to implement internal controls. Internal auditors must understand risk
management policies and individual and organizational process risk appetite. To begin
independent risk assessments, internal auditors must determine management and board risk
tolerance.

Evaluating the effectiveness and efficiency of operations

Efficiency and effectiveness are not the same thing. Efficiency is defined as the ability to
accomplish something with the least amount of wasted time, money, and effort or competency in
performance. Effectiveness is defined as the degree to which something is successful in
producing a desired result; success. Managers need to appreciate the way each affects an
organization. To measure the effectiveness and efficiency in an organization, you have to
examine how it links your objectives to the way you plan to achieve them and the means you
plan to use. A strategy is effective if it uses the resources you allocate according to your plan and
delivers the expected results. You have to continually evaluate use of resources and performance
to check if your strategy is hitting your targets.
 Group 2

The Operational Audit

A written report in Operations Auditing

Submitted By: Members:

Obra, Christian Paolo
Pabalinas, Hersse Dancil
Pedolin, Rhica Mae
Redita, Kaye Celynne

Submitted To:
Dr. Catherine Aquino, CPA

OVERVIEW: OPERATIONAL AUDIT

1. What is Operational Audit?

An operational audit refers to the process of evaluating a company's operating activities –
both on a day-to-day level and a broader scale. Whereas a regular audit evaluates financial
statements, and an operational audit examines how a company conducts its business, with the
aim of increasing overall effectiveness.
 An audit is usually associated with financial matters while operational audits are more
comprehensive and go beyond financial data (although that type of reporting is often included).

2. Who normally performs the operational audit?

Operational audits are usually conducted by the internal audit staff, though specialists can
be hired to conduct reviews in their areas of expertise. The primary users of the audit
recommendations are the management team, and especially the managers of those areas that
have been reviewed.
Normally, the internal auditor performs their review on the three key types including
financial statements audit, compliance audit, and operational audit.

3. Why do we need to perform an operational audit?

The aim of an operational audit is to improve efficiency. The organization can uncover
problems and function more efficiently by evaluating its internal policies and procedures. The
audit's findings are most beneficial to the management team, who may use them to improve
future processes by incorporating these suggestions.
Three of the most important outcomes of a good operational audit are as follows: (a)
Maximize efficiency: Gain a greater understanding of how future policies and
procedures can boost effectiveness.
(b) Understand risks: Businesses run many operational risks, ranging from health and
safety issues to cyber threats. A full operational audit identifies risks like these, as well
as potential problems related to fraud and compliance.
(c) Finetune internal controls: By examining each step of the operational process, an
audit can dive deeper into the impact of any changes to internal controls.

PLANNING AND PERFORMING OPERATIONAL AUDITS: THE ESSENTIAL ELEMENTS

1. PLANNING AN AUDIT

Planning the audit includes establishing the overall audit strategy for the engagement
and developing an audit plan, which includes planned risk assessment procedures and planned
responses to the risks of material misstatement. Planning is not a discrete phase of an audit
but, rather, a continual and iterative process that might begin shortly after (or in connection with)
the completion of the previous audit and continues until the completion of the current audit.

It is essential for the auditor to prepare a good strategic audit plan. If the plan is well
prepared, all kinds of audit risks are identified and detected. A pre-audit meeting lays the
foundation for the operational audit process.

(a) Collect background information about the business helps identify any areas of
concern or industry-specific challenges that need to be addressed.
(b) Conduct interviews with managers in control of potentially risky areas.
(c) Document objectives and activities with risk highlighted and sent back to the
managers for confirmation.
(d) Tests are conducted, with results meticulously documented, to show which new
processes or goals can improve the organization's efficiency using operational
trouble spots.
(e) Auditor writes up a comprehensive audit report. Follow-up visits with management
can help to finetune any ongoing issues with new systems or controls.

2. PERFORMING AN OPERATIONAL AUDIT

The sequence of an operational audit is likely to match the sequence of other internal
audits:
› Establish what should be done/achieved.
› Establish what is being done/achieved.
› Compare ‘what should’ with “what is”.
› Investigate significant differences.
› Assess the effects of the differences.

Most audits stop here. To be truly valuable, the audit should go further:
(a) Determine the cause of the differences.
(b) Develop audit findings and value-adding options and improvement actions.
IDENTIFYING, MEASURING, AND ASSESSING OPERATIONAL OBJECTIVES

Operational objectives are attainable, action-oriented, short-term goals organizations

set and accomplish as a means of partially achieving larger, long-term objectives. They're
typically composed of specific daily, weekly, or monthly tasks that when executed together
contribute to a successful broader goal.

OBJECTIVE OF OPERATIONAL AUDIT

Objectives can vary depending on the type of organization and its (Key Performance
Indicator) KPIs, or whether the audit is being conducted to answer a specific concern from
challenges arising in areas like human resources, customer relations, or manufacturing
slowdowns. There may also be government compliance issues to consider such as consumer
safety. Part of the objective should also be to maintain quality in the auditing process.
The graphic below covers the main standard areas that govern audits:
1. Integrity: Withstand pressures that
may be exerted and take care to
comply with any legal
requirements.
2. Fair Presentation: Present all
results fairly and report significant
concerns.
3. Due Professional Care: Use
diligence, due care, and reasoned
judgments in every situation.
4. Confidentiality: Keep
information secure and
protect confidential or sensitive
information.
5. Independence: Maintain
impartiality and keep actions and reporting bias
6. Evidence-Based: Depend on a factbased approach to reach a reliable conclusion.
Understanding the true status of operations is the basis for a healthier, more competitive, and
more profitable organization.
OPERATIONAL PROCEDURES AND MANAGEMENT’S RESPONSE TO DEVIATIONS

1. INTERNAL AUDIT STANDARD OPERATING PROCEDURES

(a) Conduct Enterprise-Wide Risk Management Assessment

(b) Prepare Annual Internal Audit Plan
(c) Communicate Annual Internal Audit Plan
(d) Conduct Internal Audit Planning and Notification
(e) Perform Audit Fieldwork
(f) Report Results
(g) Conclude Audit
(h) Review Final Audit Report
(i) Disseminate Final Audit Reports

2. PROCESS OF CONTROL

The process of control consists of the following steps:

Step # 1. Determine the Areas of Control:
It is not possible for managers to control every activity and workers also do not
like that every activity is controlled by higher levels. Managers determine the key
areas where controls should be developed. These areas best reflect
organizational performance (critical point control).
Step # 2. Setting Standards:
Standards are the basis for the evaluation of performance. They are related to
the goals of the enterprise. They are the specific criteria to be fulfilled by the
workers.
“A standard is a desired outcome or expected event with which managers can
compare subsequent activities, performance or change.” A company can set the
following standards such as:
(a) Time standards – They specify the time that employees should take to complete
the work.
(b) Production standards – Production standards specify the units that should be
produced within the time standards. For example, the company can set a
production standard that employees should produce 10 units of product A in one
hour.
(c) Cost standards – The products must be cost-effective to generate maximum
profits. Cost standards specify per unit cost of products. For example, cost
standards can specify: Cost of product A should not exceed Rs.5 per unit. (d)
Quality standards – Quality standards maintain the quality of goods. Goods
should be cost-effective and qualitative in nature.
(e) Behavioral standards – These standards specify how employees should
behave with the peer group, superiors, and people outside the organization, such
as customers. Employees should be courteous and polite with workgroups
internal and external to the organization. These standards increase employees’
morale and job satisfaction.
Step # 3. Measurement of Performance:
After setting the standards, workers perform according to these standards.
Managers measure their performance from time to time. Quantitative
performance can be better monitored as against qualitative performance.
Whether or not workers are polite or courteous cannot be easily measured.
Personal observation, performance reports, sample checking, etc. are some of
the ways in which data on performance can be gathered.
Step # 4. Comparison of Performance against Standards:
After measuring the actual performance, it is compared with standard performance.
Two possible situations may arise on this comparison:
I. Actual performance is equal to or more than standard performance.
Though no corrective action is required, managers should appreciate workers’ positive
performance and offer them rewards; financial (bonus, increments) or non-financial (recognition
and prestige). The nature of rewards varies with the needs of employees. II. Actual
performance is less than standard performance, that is, standards have not been
achieved.
When there are deviations in the actual work performance, the deviations may be
significant or insignificant. If the deviation is not significant (deviation within the range of
acceptance), it may be ignored but if it is significant, it should be brought to the notice of
top managers. This is in keeping with the principle of Management by Exception. The
principle states that since managers are preoccupied with many important organizational
matters, every matter should not be reported to them.

Step # 5. Correction of Deviations:

 A Deviation is a minor deviation from an SOP or a planned event.
Examples include: An SOP being used beyond its review date.
- An audit or monitoring visit taking place outside of the schedule.
- A Deviation may be upgraded, upon review, to a Non-Serious Breach or
Breach. After detecting the deviations, managers ensure that deviations do not occur again.
The problem may lie in an initiative to work, or standards may have to be revised because they
are sub-optimal or over-optimal.

The corrective action can be:

(a) Immediate
To avoid major problems. In the production process, for example, if deviations occur at
the transformation stage, they should be corrected immediately, otherwise, the final
output will not sell in the market. Immediate action may involve, hiring additional staff,
removing existing staff, training the staff, changing in leadership style, or changing in
motivators.
(b) Permanent:
Permanent actions remove the cause of deviations so that deviations do not recur in the
future. The fault may not always lie with the execution of standards. The standards and
the measures of performance can also be faulty. Managers may, therefore, must revise
the plans and reform them. A new selection policy, for example, for reshuffling the
employees may be helpful rather than hiring and firing employees within the existing
employment standards.

EVALUATING THE TOOLS MANAGEMENT USES TO SET AND

MONITOR ORGANIZATIONAL GOALS

OBJECTIVE OF OPERATIONAL AUDIT

The term "organizational performance" relates to how well a company's vision, mission,
and objectives are being met. A critical part of strategic management is evaluating the
performance of the organization. To determine what strategic improvements, if any, to make,
executives must know how well their firms are performing. However, performance is a very
complicated topic that requires a lot of thought about how it is measured.
Two important considerations are:
1. Performance measures. A metrics along which organizations can be gauged. Most
executives, investors, and stakeholders watch and examine measures such as profits, stock
price, and sales to better understand how well their organizations are competing in the market,
as well as future predicted results. But these measures provide just a glimpse of organizational
performance.
2. Performance referent. A benchmark or standard is used to make sense of an
organization’s standing along with a performance measure.

The most widely used tools in the organizational audit are the plan-do-check-act or Deming
Cycle, which the auditor uses in their own auditing activities.

What is the Deming Cycle?

The Deming cycle is a four-step iterative
technique used to solve problems and to improve
organizational processes. This was introduced by
Dr. Walter A. Shewhart, the renowned physicist,
and statistician from Western Electric and Bell
Labs.
The Deming Cycle is a well-documented and
proven methodology. There is no need to start
from scratch and reinvent the wheel when an
effective solution already exists.

QUALITY AND PERFORMANCE IMPROVEMENT METHODOLOGIES: THE 4EsS

1. Economy is concerned with minimizing the cost of resources used (people, materials,
equipment, etc.), having regard to the appropriate quality required – keeping the cost of inputs
low without compromising quality.
An example could be where healthcare supplies or services of a specific quality are
purchased at the best possible price.
2. Efficiency is concerned with the relationship between goods and services produced
(outputs) and the resources used to produce them (inputs) – getting the most from available
resources.
Efficiency is about ‘doing things right’.
An example could be where the quality of healthcare has been improved over time without
an increase in cost.
3. Effectiveness is concerned with achieving predetermined objectives (specifically
planned achievements) and having the actual impact (output achieved) compared with the
intended impact
(objective) – achieving the predetermined objective. Effectiveness is about ‘doing the right
things. An example could be where disease rates have fallen because of healthcare provided.
4. Ethics is the standard of moral behavior and conduct expected of organizations and
their employees. This has a direct effect on the operation of controls and therefore on the
achievement of the other 3Es.

The aim of using an operational auditing approach is to find out:

1. Whether business operations are being managed in an economic, efficient, effective,
and ethical manner (the 4Es).
2. Whether procedures for promoting and monitoring the 4Es are adequate.
3. Whether real improvements can be made – not just assessing whether there is
compliance or nonconformance.

KEY TOOLS AND TECHNIQUES FOR PERFORMANCE MANAGEMENT

a. Key performance indicators (KPIs) and metrics. It enables rich data-driven

performance conversations and better decision-making.
b. Performance appraisals. Incredibly powerful for aligning the goals of individuals with
the strategic aims of the organization.
c. Management by objectives (MBO). The process of defining specific objectives and
then set out how to achieve each individual objective.
d. Performance management frameworks. The most popular and best-known
management framework is the Balanced Scorecard (BSC).
e. Reward and recognition programs. Simple praise and recognition of a job well done is
just as important for maintaining morale and continued high performance.
f. Personal development plans (PDP). Used to identify specific training and development
needs and create an action plan for meeting those. Also, identifies concrete steps that can help
drive individual performance in the future.
DEVELOPING AND USING METRICS TO MONITOR PERFORMANCE AND RISKS

Operational Metrics

Are key performance indicators that allow you to see what’s going on in the business in
real-time, or per hour, day, week, and month. They provide a closer measurement and
information about where people, processes, or systems are veering off course or falling
behind, which allows you to take the necessary action immediately.

Cost-Per-Click (CPC)

This operational metric is one of the most important for advertising. The CPC overview
of campaigns explains the regular pricing model in online advertising. It allows you to
compare different campaigns and determine which of them had the lowest price.

Cost-Per-Acquisition (CPA)

This metric is even more based on performance than the CPC metric. It doesn’t focus on
the number of clicks but on the cost of acquiring a new customer. This is crucial for
determining the success of campaigns and establishing future actions.

Absenteeism Rate

This operational metric comes from the Human Resources industry. It’s concentrated on
the employees’ engagement which is essential for establishing an effective HR strategy.
It includes the number of employees calling sick or skipping, suggesting the impact it will
have in the future. You can help your HR department by implementing a core HR
software that automatically keeps track of everything.

Overtime Hours

This operational metric can affect the Absenteeism Rate if the employees are dealing
with lots of pressure. Overtime hours should be tracked closely as they can be
interpreted in many ways, depending on the context. For instance, it can tell if the high
volume of orders is leading to overtime hours.
Lead-to-Opportunity Ratio

This metric is related to the sales industry. It reveals details about the number of leads a
sales manager or professional needs to reach revenue goals. This is the first part of the
sales funnel, so it’s easy to notice which leads have become qualified ones and
determine the ratio. If you want to point the sales and marketing team in the right
direction, you should investigate further into the exact source of the qualified leads.
Lead Conversion Ratio

This metric reveals how many interested people have turned into paying customers.
Once you find your baseline, you’ll know the number of leads necessary for a good sales
pipeline. A low conversion rate indicates that you need to make further changes and
adjustments to the sales pipeline.

DEVELOPING AND USING METRICS TO MONITOR PERFORMANCE AND RISKS What

Does KPI Stand For?
Key performance indicators (KPIs) are quantifiable measurements that demonstrate the
effectiveness of an individual, department, or organization in achieving key goals.
Clearly defining goals and tracking meaningful KPIs can provide valuable evidence to
show that internal audit activities are supporting the business’s strategic objectives.

What are KPIs in Audit?

Within internal audit, there are two main types of KPIs: execution and value. Most of the
KPIs tracked by internal audit measure execution and completion rates.
Tracking meaningful KPIs will put an internal audit department in a strong position to
clearly measure and effectively communicate how their activities are supporting
company strategy to the audit committee and senior management—showcasing internal
audit as a partner adding value to the business.

Track Metrics in Your Audit Plan

Incorporating metrics into your overall audit plan can guide executive leadership in
assessing internal audit’s performance and goals and ensure that your individual audit
project metrics tie into these overall metrics as well.
Keep in Mind When Tracking Metrics in an Audit Plan

a. For customer satisfaction results, identify the percentage of surveys returned and if scores
are improving year over year.
b. Identify your percentage of risks audited based on your risk assessment.
Common key performance indicators include:
a. Percentage of the audit plan completed.
b. Count of issues found, and recommendations made.
c. Percentage of recommendations implemented on time.
d. Hours spent per audit.
e. Certifications held by audit team members.

On the other hand, value based KPIs measure the effectiveness of the audit on the business.
Common key performance indicators include:
a. Customer satisfaction.
b. Increased productivity and efficiency.
c. Decreased expenses.
d. Leaner operations.

Ultimately, the KPIs you choose to implement must be the ones that work for your organization.

KEY OPERATIONAL AUDIT TOOLS I. Risk Control Matrix

A Risk and Control Matrix (RACM) is a powerful tool that can help an organization
identify, rank, and implement control measures to mitigate risks. A RACM is a repository
of risks that pose a threat to an organization's operations, as well as the controls in place
to mitigate those risks. The Risk Control Matrix is divided into five sections: financial
reporting elements, objectives, risks, controls and testing.

Financial Reporting Elements This link provides a list of the financial

reporting elements that are linked to the
process in the PCS tab. These are
informational details.
 Objective Management establishes controls to achieve
certain objectives. These objectives support
management's overall objective with respect
to the effectiveness of internal controls over

financial reporting, operational risks and

controls or other types of risks and controls.
The independent public accounting firm
(external auditor) should approve the
objectives relating to financial reporting.

Risk Risk represents "what can go wrong" in a

process. Identifying risks in a process assists
an evaluator to focus on controls that may
mitigate the risk.

Control Controls are designed to a) reduce the

identified risks to an acceptable level and b)
provide reasonable assurance that the
defined objectives are met.

Testing Testing is utilized to support or prove the

control evaluation.

II. Business Process Mapping

Refers to activities involved in defining what a business entity does, who is responsible,
to what standard a business process should be completed, and how the success of a
business process can be determined.

How to Create a Process Map

- Define the start and end points of the process.

- Identify relevant information.
- Get input from key stakeholders.
- Determine what makes the process successful.
- Create an inventory of all tasks, handoffs, and activities.
 - Organize and document your information.
- Use the process map as a baseline for optimization.

Common types of flowcharts for business process mapping

a. Basic Flow Charts - Basic flowcharts are the most common type of diagram used to

visualize business process maps and include shapes such as rectangles for tasks and
activities, circles for events, and diamonds for gateways or decision points.
b. Business Process modeling - Business process modeling is very similar to standard

basic flowcharts, but it has additional details that allow for continuous improvement and
process optimization in the long run.
c. Value stream mapping - Value stream mapping is very useful in many different

industries and is a flowchart method that’s used to analyze and illustrate the steps for
delivering a specific product or service to clients or customers.

III. RACI Matrix

A responsibility assignment matrix (RAM), also known as the RACI matrix or linear
responsibility chart (LRC), describes the participation by various roles in completing
tasks or deliverables for a project or business process. RACI is an acronym derived from
the four key responsibilities most typically used: responsible, accountable, consulted,
and informed. It is used for clarifying and defining roles and responsibilities in cross-
functional or departmental projects and processes.

Creating a RACI model

- Determine the list of key activities and deliverables.

- Determine who is needed to be a part of the project or initiative.
- Determine the project roles and responsible job titles and persons for each activity and
deliverable.
- Hold review sessions with key members of the team for alignment.
IV. Customer Mapping

With a customer's journey to a product (the steps that led to the product's acquisition).
Customer maps are more straightforward: they show where actual customers reside on
a real-world map.

V. Spaghetti Maps

Visual representation using a continuous flow line tracing the path of an item or activity
through a process.
Electronic Document Management System

Locate and retrieve documents by converting from paper documents to our Electronic
Document Management System. This extends to vendor contracts, legal documents,
accounts receivables, accounts payables, and associated backup documents and
receipts. Eliminate the need for file cabinets, file rooms, and paper file storage, thereby
reducing costs.

Computer-Assisted Audit Techniques and Tools

Computer-Assisted Audit Techniques and Tools (CAATTs) are computer tools and
techniques in performing various auditing procedures and improving the effectiveness
and efficiency of obtaining and evaluating audit evidence. It provides effective tests of
controls and substantive procedures where a wide range of techniques and tools are
used to automate the test procedures for evaluating controls, obtaining evidence and
data analysis.

The Asian Organization of Supreme Audit Institutions (ASOSAI) identified types of

CAATTs into two discrete areas of operations:
a. CAATTs used to validate programs/systems (functionality of the programmable
controls).
b. CAATTs used to analyze data files. CAATTs do not directly test the validity of
programs.
 Group 3

Operations Auditing

Audit of Payroll

Researchers/ Reporters:
Mariano, Ma Cristina C.
Miranda, Kayla Marie
Noynay, Marie Nadine B.
Nuñez, Ranniella-Marie

Payroll transactions involve the events and activities related to executive and employee
compensation. This class of transactions includes salaries of personnel, wage earners (factory
workers), sales person’s commission, bonuses to executives, payroll taxes, pensions and profit
sharing plans and other employees’ fringe benefits. The primary errors or irregularities that may
occur are the padded payroll and misappropriation of the unclaimed paychecks.

Identifying Risk and Control or Control procedures

Risks Control Procedure

Unauthorized changes to the payroll Have the personnel department authorize the
hiring of all employees, setting pay levels
and pay rate changes; ensure that there exist:
Management approvals, dual controls,
 system access controls and supervisory
reviews.

Unclaimed payroll checks should be

controlled by account no employees who
have no payroll or cash functions; unclaimed
Misappropriation of unclaimed paychecks should be returned promptly to
payroll checks the treasury department for interim hold and
subsequent redeposit; unclaimed paychecks
should be voided by the treasury department
after a specified period.

Ensure the existence of: segregation of

duties: periodic audits by internal and/or
external auditors; good record keeping;
Fraudulent practices in payroll periodic and surprise reviews by supervisors
preparation for unusual entries, big adjustments,
unusually high payments, and checks to
nonemployees.

Employees might be paid for hours Have time cards approved by the department
not worked or submitting excessive supervisor. not by employee, and submit
hours for payment them to the timekeeping department.

Unauthorized alteration of Implement authorization, testing, and

computer payroll programs for software quality assurance procedures for
fraudulent purposes. payroll program changes.

Terminated employees had not been Reconcile payroll and timekeeping records
removed from the payroll.

Payroll checks are drawn improper Obtain supervisory approval of employee

amounts time cards

Unauthorized alteration of hourly Limit access to payroll master records to

pay rates by payroll clerks payroll supervisors only.

-Allow payroll changes to be authorized only

by the personnel department.
Payroll clerk adding fictitious
-Perform periodic floor checks of employees
employees to the payroll (Ghost
on the payroll.
Employees)
-Ensure that all hiring and terminating is
performed by the personnel department.
 Payments to unauthorized Examine procedures for proper distribution
recipients of paychecks.

Authorize payroll master-file additions and

Payroll fraud
deletions by the personnel department.

Audit of Payroll Objectives:

1. Accurate Tax Reporting & Payments - Tax authorities compel businesses to submit proper
tax returns and taxes withheld from employee wages. In order to make sure that an entity
complies with these standards and avoids penalties and fines, a thorough payroll audit is
essential.

2. Compliance with Employment and Tax Laws - Particularly for businesses with a global
workforce, keeping up with changes in tax and labor rules can be very difficult. Regular payroll
audits can identify compliance shortcomings and provide entities the opportunity to fix them
before a formal tax authority examination.

3. Provide employees with accurate data - Employees rely on the information entities give
them for anything, from pay slips to the documents they need to submit their taxes. Global
companies that experience frequent turnover in their workforce often struggle to maintain
accurate employee records, which, in turn, can lead to inaccurate data on pay stubs or tax
documents. Conducting payroll audits regularly can eliminate this problem.

4. Identify errors and frauds on time - Errors are an inherent part of payroll. Even businesses
that automate their payroll process must manually enter certain information, thus errors are
unavoidable. Regular payroll audits assists in identifying and fixing these errors as soon as they
occur. In addition, a thorough payroll audit can also aid in spotting fraud attempts, such as hiring
ghost workers and taking their money. The audit should also reveal any places where the
company may be vulnerable to payroll fraud so that modifications may be made to lower the
risk.

Audit of Payroll Personnel:

Logically speaking, the payroll department is in charge of managing payroll audits, but human
resources must as well be involved. First, when a human resource or a manager discusses
compensation with an employee, there may be discrepancies between what they say and what the
payroll system actually records. Consider, for instance, a hiring manager who bargains a
candidate's compensation and decides on a greater sum than in the initial offer letter but neglects
to inform human resources.

Second, dealing with employee complaints and any required conversations about pay is a
delicate matter that requires the involvement of human resources. Every time a person's salary
changes, human resources must audit the pay if the payroll system and human resource system
are not integrated.

To verify accurate data, organizations can either conduct routine internal human resource audits
or invite an outside auditor to visit. They should not wait until a government representative
checks on them. In addition, an independent auditor can be useful because they have not
reexamined the data before, unlike entities that can occasionally overlook significant information
when spending too much time looking at the same facts.

Payroll Fraud Schemes

Payroll fraud is the deliberate misappropriation of funds by an employee of a business or

organization. Payroll fraud occurs when an employee causes the organization to issue a payment
by making false claims of compensation. However, an employer may also commit payroll fraud
which has surfaced as a furlough fraud.

Payroll fraud is simply defined as employees altering the payroll system of the company in order
to receive payments they have not earned.

Types of Payroll Fraud

The following are the most common payroll schemes:

1. Ghost Employees Fraud

Ghost employees refers to someone on the payroll who does not actually work for
the company. The ghost employee may be a fictitious person, or a real individual (a
relative/friend or accomplice) who simply does not work for the victim employer.
Through the falsification of personnel or payroll records, a fraudster causes paychecks to
 be generated to a ghost; then the paychecks are converted by the perpetrator or an
accomplice.

How does this work?

For a ghost employee scheme to work, 4 things must happen:
1. The ghost must be added to the payroll
2. Timekeeping and wage rate information must be collected
3. Paycheck must be issued to the ghost
4. The check must be delivered to the perpetrator or an accomplice.

The facts behind how this fraud happens lead to the red flags, which help in effective
detection of the fraud.
Red Flags include:
● Unexplained or unusual increases in wages expense
● Paychecks for employees who:
○ Never take a vacation
○ Never take sick leave
○ Have no social security number (SSN) or an invalid one
○ Have a POB and no physical address

Detection methods
● Reconciling employees in the payroll database with employees in the HR
database; the ghost should be missing in HR
● Getting a copy of the SSN file and at least once a year, reconciling that file with
the employee’s SSNs
● Periodically and unannounced, distributing checks manually, requiring ID to pick
up check
● Rotating duties of handling printed paychecks, or requiring vacation timed with
issuance of payroll

2. Time-sheet / Falsified wages

 The most common method of misappropriating funds from the payroll is
overpayment of wages. For hourly employees, the size of a paycheck is based on two
essential factors: the number of hours worked, and the rate of pay. Therefore, for an
hourly employee to fraudulently increase his paycheck, he must either falsify the
number of hours worked or change his wage rate.

Various ways of executing this scheme includes:

● Manually prepared time cards
● Forging supervisor’s signature
● Collusion with a supervisor
● Rubber stamp supervisors

Red flags include:

● Unexplained or unusual amounts of overtime
● Unusual changes in pay rates
● Unusual or unexplained number of hours paid

Detection methods
● Preparation, authorization, distribution, and reconciliation should be segregated
● Transfers of funds from general accounts to payroll accounts should be handled
independently
● No overtime paid unless authorized in advance
● Sick leave and vacation time should not be granted without supervisory review
and monitored for excessive time taken
● A designated official should verify all wage rate changes
● Timecards should be taken directly to the payroll department after approval
● Time cards should be secured and monitored
● Run programs to actively seek out fraudulent payroll activity

3. Commission Schemes
Commission is a form of compensation calculated as a percentage of the amount
of sales a salesperson or other employee generates. It is a unique form of compensation
that is not based on hours worked or a set yearly salary, but rather on an employee's
revenue output. A commissioned employee's wages are based on two factors: the amount
 of sales he generates and the percentage of those sales he is paid. In other words, there
are two ways an employee on commission can fraudulently increase s pay:(1)falsify the
amount of sales made (2)increase his rate of commission.

Two ways to falsify sales

1. Fictitious sales
2. Altered sales

Red Flags include:

● Unexplained ot unusual increases in commission expense
● Changes in commission rates over time
● Higher rates of return or credits for one salesperson

Detection method
● Run periodic reports to show an unusual relationship between sales figures and
commission figures
● Run reports that compare commissions earned among salespersons
● Track uncollected sales generated by each salesperson
● Conduct random samples of customers to verify that the customer exists

Evaluating Improvement Opportunities

The implementation of an internal audit of a quality management system might reveal areas for
improvement. Management can acquire important insights into how to maximize profit,
efficiency, and customer pleasure by critically analyzing the findings.

Opportunities for Improvement

The Benefits of Effective Auditing

Management frequently sees an internal audit as a disruption to the regular operation of the
company. Employees may be reluctant to participate completely or offer their opinions because
they worry that confidentially won't be upheld. However, the truth is that when planned and
carried out properly, an internal audit may cause little disruption and preserve the anonymity of
people who submit feedback.

Internal audits should, in general, objectively and impartially assess the results of processes to
make sure that these processes are fulfilling the intended expectations and QMS objectives.
Internal auditors have the chance to examine a process objectively, which allows them to spot
issues that would go undiscovered during routine operations. They will also be able to spot
problems with connections across processes that could lead to inefficiencies, opening up
possibilities for increasing the QMS's overall efficacy. By acting on these chances for
improvement, costs can be reduced and profitability can rise.

Third Party Internal Audits

Internal audits conducted by a third party can offer novel perspectives on an organization's
potential. The viewpoints gained from auditing other entities will complement the third party
auditor's unique knowledge and competence in the auditing process. More crucially, an external
auditor won't be constrained by the organization's internal politics and culture, guaranteeing a
higher level of neutrality. When team members from a company are not accessible to conduct an
audit, third party internal audits might be helpful.

When conducting an audit with an outside auditor, management should take the initiative to set
the rules. These include specifying the audit's requirements, parameters, and goals. Previous
audit reports, in particular any results, should be available for examination. Once these limits
have been established, management should make sure that the audit has the necessary time and
resources.

Effective Management Review

Management should analyze the results and suggestions following an audit. Even though this
process is frequently restricted to correcting nonconformities and taking corrective action, it is
important to take the time to seriously consider where there is room for improvement. These
areas of development can include adjustments to company governance, bettering working
conditions, and enhancing inter-organizational communication abilities.

Opportunities Are Everywhere

Every workflow or procedure has room for development. Organizations that want to take
advantage of these opportunities try to foster a culture of continuous improvement by involving
every employee in offering feedback. This is so that front-line employees, as opposed to
managers and senior leaders in a business, can offer a more detailed perspective.
GROUP 4
Researchers/Reporters:
Mabansag, Andrea Chelsie
Macairan, Lyka Maine
Magdaraog, Ma. Elene
Maratas, Mary Madeliene
PRODUCTION
Auditing Production Risks
Production and Auditing Production Risks
What is Production?
o It is the method of turning raw materials or inputs into finished goods or products in a
manufacturing process.
o In other words, it means the creation of something from basic inputs.
o Production may also refer to the goods being produced.
o For instance, some business calls a set of products being produced at the same time a
production run. Both of these definitions are interchangeable.
o Basically, it just means a manufacturing process or the end result of a manufacturing
process
What is Production Risk?
o Risk in production can occur both due ro price and the production process.
o In order to determine the optimal decisions, it is required that the resulting possible profit
levels due to these causes be defined; the preferences over these resulting possible profit
outcomes can be applied to rank alternatives risk management strategies.
Does the Risk Audit approach Increase Audit Production Efficiency?
o By means of observation and experience, direct and indirect tests are employed using
proprietary, working paper data from the larger clients of a major public sector audit
provider and an efficiency frontier analytic methodology, and data envelopment analysis.
o Results based on this proprietary, audit hours data for audit engagements carried out just
after risk audit approach implementation show that they have high levels of production
efficiency and are risk-adjusted, with no significant difference in production efficiency
between higher and lower business risk audit engagements.
 o Results based on audit fees data for audit engagements carried out shortly before and
after risk audit approach implementation show that overall production efficiency
significantly improves. Importantly, while this improvement is significant for lower-risk
audit engagements, there is no significant improvement for higher-risk audit
engagements.
Key Elements of the Production Process and Production Methodologies
What is production process?
o A production process is the method of using economic input or resources, like labor,
capital equipment or land, to provide goods and services to consumers.
o The production process typically covers how to efficiently and productively manufacture
products for sale to reach customers quickly without sacrificing the quality of the
product.
o There are many different types of production processes businesses can follow, according
to their manufacture goals, production numbers and technology tools or software
systems.
Key Elements of production Process
1. Labor
2. Materials
3. Equipment
4. Facilities
5. Cost
Production Methodologies
1. Unit or Job type of Production
● This is the type of production that is most commonly observed when you produce one
single unit of product.
● A typical example of the same will be tailored outfits which are made just for you or a
cake which is made just like how you want it.
● It is one of the most common types of products used because it is generally used by small
businesses like restaurants, individual products providers or individual service providers.
▪ Depends a lot on skills

▪ Dependency is more on manual work than mechanical work

▪ Customer service and customer management plays an important role

2. Batch type of Production
● Batch production is when a facility manufactures specific groups of pieces or completed
products in small preset batch sizes.
● This kind of production method is usually adopted by small companies as its capable of
reducing the initial capital outlay.
● Batch production makes it easier to control the quality and schedule of production as
everything from designs to material requirements are standardized for specific product
variations well before production begins.
● Batch production is commonly used in food production. For example, each morning a
bakery will produce batches of the following products one after another: white bread
loaves.
▪ Production is done in batches

▪ The total number of units required is decided before the batch production starts

▪ Once a batch production starts, stopping it midway may cost a huge amount to the
company.
▪ Demand plays a major role in a batch production. Example – seasonality of
products.
3. Mass Production
● In mass production, employees continuously produce the same items.

● Team members typically split up into different workstations for everyone to use at once.

● Each workstation typically represents one material or addition to a product.

● Once the product gets to the end of the line, it's fully complete and ready to deliver to the
customer.
● As one part of the product is being worked on, another is operating as well, which makes
the process more efficient and productive.
● Mass production is generally used to dole out huge volumes of the product

● It is used only if the product is standardized

● Demand does not play a major role in a Mass production. However, production capacity
determines the success of a mass production.
● Mass production requires huge initial investment, and the working capital demand is
huge too.
 4. Continuous Production or Process Production
● There is a lot of confusion between mass production and continuous production. It can be
differentiated by a single element. The amount of mechanical work involved. In Mass
production, both machines and humans work in tandem. However, in continuous
production, most of the work is done by machines rather than humans. In continuous
production, the production is continuous,24×7 hours, all days in a year.
● There are many chemicals which are manufactured in the form of a continuous process
due to the huge demand across the world. Similarly, the Plastic industry is known to
adopt the continuous production methodology where production can go continuously for
weeks or months depending on the demand. Once the production starts, you only need to
feed in the raw material, and the machines turn out the finalized products.
▪ Majority of the work is done by machines rather than humans

▪ Work is continuous in nature. Once production starts, it cannot be stopped

otherwise it will cause huge loss.
▪ A very controlled environment is required for continuous production.

Identifying Key Cost Drivers to Protect Bottom-Line Results

What are Cost Drivers?
● A cost driver is a unit that derives the expenses and sets a basis on which a particular cost
is to be allocated between the different departments and on the basis of that driver’s
activity completed in that particular period the cost is allocated.
As you’ve learned, the most common bases for predetermined overhead are direct labor hours,
direct labor dollars, or machine hours. Each of these costs is considered a cost driver because of
the causal relationship between the base and the related costs: As the cost driver’s usage
increases, the cost of overhead increases as well. Table 6.1 shows various costs and potential
cost drivers.
Potential cost drivers
● Number of product returns from customers

● Number of square feet

● Number of customer contacts

● Number of employees

● Number of customer orders

● Number of customer online orders

In today’s production environment, there are many activities within the production process that
can contribute to the cost of the product, but determining the cost drivers may be complicated
because some of those activities may change over time. Additionally, the appropriate level of
assigning cost drivers needs to be determined. In some cases, overhead costs such as inspection
increase with each unit inspected, and the costs need to be allocated on a per-unit level. In other
cases, the overhead costs, such as machine setup costs, are incurred each time a batch of products
is manufactured and need to be allocated at the batch level.
To begin the determination of appropriate cost drivers, an accountant analyzes the activities in
the product production process that contribute to the cost of that product. An activity is any
action that consumes company resources, such as taking orders for a product, setting up
machines to produce the product, inspecting the product, and providing customer support before
and through the order process.

Why It’s Important?

• It is evident to know the cost of the product before entering the market to pre-identify
whether the company can make profits out of the products they propose to sell.
• This application is essential to identify the cost allocable to various products as the cost is
allocated based on the activities being performed, and only those costs should be assigned
to a product that includes a particular activity in its productions.
Advantages Disadvantages
1. It provides a competitive edge 1. It is a complex process, and
to the business as they give a not every business can apply
precise distribution of cost the cost drivers in its activities.
based on activities performed. 2. It is hard to determine the
2. These are an advantage for a exact basis for the cost drivers
product as they bring out the to get the actual costs, which
actual cost incurred on the will defeat the ultimate goal of
products based on the correct the business to find the actual
allocation of the processes or cost of the product.
activities. 3. Cost drives application
3. It improves the relationship requires a thorough
between the departments, as understanding of the cost
there are many common functions. Otherwise, it would
activities and processes which either be a selection of the
are performed for in various wrong basis of allocation, or it
department. would be an incorrect selection
4. It helps management to see the of process.
various departments of a
business as one single business
unit as these drivers create a
relationship between the
departments.
Activity-Based Costing (ABC)
An activity’s costs can be allocated to a particular production lot, and this makes activity-based
costing an accurate way of allocating both direct and indirect costs. It is a method of computing
costs associated with each product or line of production in a company based on the number of
resources consumed by each activity.
As a result, cost drivers are most relevant in the ABC costing system. The cost of each activity
is apportioned to specific products or lines of production, based on resources consumed by cost
drivers. A cost driver is a factor that creates or drives the cost of the activity. It is the root cause
of why a particular cost occurred.

CONCEPTS IN PRACTICE
Cost Drivers for Small Businesses
The value of analyzing cost drivers can be used in budgeting beyond allocating overhead to
products. American Express has forums designed to help small businesses be successful.
Knowing the cost drivers for your business can help with budgeting. American Express states
that all business activities are related to five main cost drivers:4
● Employee head count is often the driver for office supply expense.

● Salesperson head count is often the driver for auto and other employee travel expense.

● The number of leads required to reach the target sales goal is often the driver for
advertising, public relations, social media, search engine optimization expense, and other
expenses associated with generating leads.

● Sales and all related variable expenses are often the driver for commissions, bad debt,
insurance expense, and so on.

● Fixed costs, such as postage, web hosting fees, business licenses, and banking fees, are
often overlooked as cost drivers.
 Adapting Production Concepts to Service-Based Organizations
What is Production Concept?
• Production Concept is a marketing strategy that focuses on the production of products
and services.
• The idea behind this approach to marketing involves creating products or services that are
produced with high quality, which will then lead to customer satisfaction.
Production of goods results in a tangible output, such as an automobile, eyeglasses, a golf ball, a
refrigerator—anything that we can see or touch. It may take place in a factory, but it can occur
elsewhere. For example, farming and restaurants produce nonmanufactured goods.
Delivery of service, on the other hand, generally implies an act. A physician’s examination, TV
and auto repair, lawn care, and the projection of a film in a theater are examples of services.
The majority of service jobs fall into these categories:
● Professional services (e.g., financial, health care, legal)

● Mass services (e.g., utilities, Internet, communications)

● Service shops (e.g., tailoring, appliance repair, car wash, auto repair/maintenance)

● Personal care (e.g., beauty salon, spa, barbershop)

● Government (e.g., Medicare, mail, social services, police, fire)

● Education (e.g., schools, universities)

● Food service (e.g., catering)

● Services within organizations (e.g., payroll, accounting, maintenance, IT, HR, janitorial)

● Retailing and wholesaling

● Shipping and delivery (e.g., truck, railroad, boat, air)

● Residential services (e.g., lawn care, painting, general repair, remodeling, interior design)

● Transportation (e.g., mass transit, taxi, airlines, ambulance)

● Travel and hospitality (e.g., travel bureaus, hotels, resorts)

● Miscellaneous services (e.g., copy service, temporary help

Manufacturing and service are often different in terms of what is done but quite similar in terms
of how it is done.

Characteristics or Points of Comparison

● Degree of customer contact.
 ● Labor content of jobs.

● Uniformity o inputs.

● Measurement of productivity.

● Quality assurance.

● Inventory.

● Wages.

● Ability to patent.

There are many similarities between managing the production of products and managing
services. Here are some of the primary factors for both:
a) Forecasting and capacity planning to match supply and demand
b) Process management
c) Managing variations
d) Monitoring and controlling costs and productivity
e) Supply chain management
f) Location planning, inventory management, quality control, and scheduling
Service-Based
• are the ones that give customers or clients a solution in the form of amenities (any
desirable feature), skills, and/or expertise based on their needs.
• The important aspect of this type of company is the client.
Adapting Production Concepts to Service-Based Organizations
• Production concepts and service-based look similar to an extent. Both Production
concepts and service-based engage human and physical resources to deliver the desired
output.
• For example, the Production concept environment of an automotive company uses human
resources such as mechanical engineers, production labor and physical resources like
fabrication, welding, and drilling machinery to deliver finished goods.
REFERENCES
References:
CFI Team. (2022, December 1). Cost Driver - Know the Significance of Cost Drivers in Cost
Accounting. Corporate Finance Institute.
https://corporatefinanceinstitute.com/resources/accounting/cost-driver/
Franklin, M., Graybeal, P., & Cooper, D. (2019, February 14). 6.2 Describe and Identify Cost
Drivers - Principles of Accounting, Volume 2: Managerial Accounting. OpenStax.
https://openstax.org/books/principles-managerial-accounting/pages/1-why-it-matters
Stevenson, W. J. (2018). Production of Goods Versus Providing Services. In Operations
Management 13th Edition (pp. 8–10). McGraw-Hill Education.
https://studylib.net/doc/25672924/operations-management-13th-edition-by-william-j.-stevenson
Anonymous. (2021). Production Process: Definition and Types for Businesses To Use.
https://www.indeed.com/career-advice/career-development/production-process

PROJECT MANAGEMENT

Group 5:

Españo, Mia Grace

Fernandez, Thea Joan
Gonzales, Shiela Marie
Kestler, Sean Solveigh
Kobayashi, Tosh Simon
Project management consists of the process of the process of defining, performing, and
monitoring specific work or project, bounded by a timeline, a defined scope, and goals. It also
involves the planning and organization of a company's resources to move a specific task, event,
or duty towards completion.

Two characteristics that define a project:

1. Unique
2. Temporary

There are many skills and competencies that a PM must possess to be effective. To be successful,
a PM must be a
- Leader
- Initiator
- Role Model
- Negotiator
- Listener
- Coach
- Working Member
- Facilitator
- Employer

Projects have a life cycle that affects their dynamics, structure, and operations, so project
management is heavily influenced by this life cycle. The project life cycles follow these five
phases: initiation, planning, executing, and closing. The fifth phase, monitoring and
controlling, is usually not listed as part of the sequence because it could be misunderstood as
implying that it only occurs at a certain point during the progression. Monitoring and controlling
apply to all phases.

Projects undergo various phases as the objective morphs from concept to reality. The approaches
endorsed by PMI and the IIA are compatible. Internal auditors usually divide their audits and
special projects in three phases: planning, fieldwork, and reporting, and the five project phases fit
into this model as well. While internal auditors don’t explicitly mention monitoring and
controlling, that would be covered in the requirement stating: “Engagements must be properly
supervised to ensure objectives are achieved, quality is assured, and staff is developed.”
(Standard 2340). Otherwise, initiation and planning would fit into planning. Executing fits into
fieldwork, and closing entails reporting on one level and supervision and documentation
closeout, classic activities performed by auditors.
INITIATION
The first stage of the project - The initiation phase, is one of the key tasks performed by defining
the overall project goal. It includes:
- defining the scope of the project
- an analysis of the needs and requirements in measurable terms
- a review of current operations to perform a gap analysis highlighting the transition from
the current to the future state
- a financial analysis showing the budget
- the costs and benefits expected from the project.

PLANNING
The second stage of the project - The planning phase, involves the actions necessary to think and
organize the activities necessary to achieve the project's goals. During this phase:
- A plan is created to define more clearly the precise tasks required
- The scope is sharpened.
- The manager must identify the activities necessary to achieve the project goals, and the
sequence of these activities.

It is fairly common for the duration of an activity to have a range of values due to multiple
estimates, so managers may want to establish:
- An optimistic estimate
- A pessimistic estimate
- A most likely scenario

EXECUTING
The third stage of the project - the executing phase, is when the actual doing takes place. The
primary objective is to keep the project on track after launching it and do what the plan calls for.
The concept and plan are acted on, and some of the most important activities during this phase
Include:
- Leading and managing the team
- Meeting with the team members
- Communicating with stakeholders

CLOSING
The fourth stage of the project - the closing phase, is when the final products, services, and other
outcomes are delivered to the client. It is common for a final report to be prepared that
summarizes the project’s accomplishment, future actions required, if any, and ongoing
maintenance arrangements. Accounting adjustments may be made, and unnecessary assets may
need to be disposed of.

MONITORING AND CONTROLLING

Lastly, team leaders, especially the PM, need to control what is done, how it is done, and by
whom. The pace of project work, its costs, performance quality, and meeting the expectations of
relevant stakeholders are also key concerns and key areas for project management oversight
during the execution of the project. What is required, but not getting done, should also be
determined because they will become the unmet deliverables and scope limitations that will
haunt the project later. While some focus their monitoring and control activities on the executing
phase, that is not the only phase where that should occur.

Project Management Challenges

1. Scope Creep
2. Lack of communication
3. Lack of clear goals
4. Poor cost budgeting/planning
5. Inadequate skills of team members
6. Inadequate risk management
7. Lack of accountability
8. The limited engagement of stakeholders
9. Unrealistic deadlines/expectations

Scope Creep

- The total amount of work necessary to finish a project is referred to as the project scope.
For each project, scope creep is a common and expected occurrence that happens when
changes are made to the project scope without following any control procedures, such as
change requests. These changes also have an impact on the project's timeline, budget,
costs, and resource allocation, which may jeopardize the achievement of milestones and
objectives.

Lack of Communication

- Project teams are at risk of miscommunication because it interferes with teamwork.

Team member disputes may result, and the project may be delayed as a result.
 Therefore, effective communication in project management is vitally important for a
successful project.

Lack of clear goals

- One of the most crucial conditions for the project's effective completion is clarity, and
its absence causes a number of management problems. A project manager must also
devise a means of measuring project progress through the use of project milestones and
quality checks. Having a defined set of goals will not only help your team advance, but
it will also help project managers defend their vision in front of top management and
clients.

Poor cost budgeting/planning and schedule estimation

- The majority of managers believe that one of the largest obstacles to good project
management is financial concerns. A project's budget may be prematurely depleted due
to poor cost planning. Similar to how bad scheduling can result in unrealistically tight
deadlines and missed deliverables These frequently result in other problems, such as
demotivated employees, quality problems, increased turnover, withdrawal of financing,
and project termination.

Inadequate skills of team members

- A chain is only as strong as its weakest link, and project teams' effectiveness is greatly
influenced by the quality of each member's skills. You can set up the most ideal
atmosphere as a project manager, but if your team lacks the ability to solve the issue at
hand, your project is doomed to fail. This is a significant issue in project management
that can only be resolved with the right knowledge and foresight.

Inadequate risk management

- An essential component of project management is the ability to anticipate potential

"what if" scenarios and create backup plans. Since there are so many factors that might
lead to endless possibilities, projects rarely go exactly as planned.
Lack of accountability

- When each member feels accountable for their actions and makes an effort to carry out
the task at hand, a project team operates at its peak efficiency. however, if the team
members fail to be accountable for their assigned tasks, it can cause the project to fail
completely.

The limited engagement of stakeholders

- Project managers must make sure that all project stakeholders are in agreement and have
a clear understanding of the project. It's crucial to take the client's feedback into account
and to keep them informed at every level of the project because an uninvolved client
might lead to significant issues in the project's final stages.

Unrealistic deadlines/expectations

- Another project management difficulty that might negatively impact the caliber of the
finished product is having an unattainable deadline. Any competent project manager
negotiates the project timeline by setting deadlines and project tasks in order of
importance.

Project Risk-Assessment Procedures

As defined in PSA 315, risk assessment procedures are audit procedures performed to obtain an
understanding of the entity and its environment, including its projects, and entity’s internal
control, to identify and assess the risks of material misstatements, whether due to fraud or error,
at the financial statements and assertion levels.

Key Risks

● Lack of formal expectations regarding project deliverables, documentation, hiring,

communication, budgeting, and reporting requirements
● Lack of support from senior management

● Poor coordination with other projects and organizational priorities

 ● Project does not support strategic plans

● Excessive timeline, scope, or budget changes cause the project to fall short of plans

● Project does not achieve the stated objectives

● Human, technological, and financial resources are not allocated optimally among
competing projects
● Project risks are not identified, assessed, managed, and results are not communicated

● The organization hires and/or retains unsuitable project management personnel

● Turnover is excessive

● External contractors and suppliers are not authorized, perform substandard work,
andcharge excessively
● Project success is hindered by outdated, inefficient, and ineffective management practices

● The project’s financial resources are mismanaged

● Excessively costly sources of funding are employed

● Required documentation is not maintained as required

● Project managers and team members are unsuitable for the job

● Changing or unclear customer requirements

● Missing, conflicting, or inconsistent specifications

● Incomplete or poorly defined acceptance criteria

● Component defects

● Language or communications difficulties that limit productivity

● Changes in regulatory or user requirements

AUDIT PROCEDURES
1. Obtain an understanding of project’s environment
 ● Risk Assessment Procedures and Related Activities

● Professional Skepticism

● Obtaining Audit Evidence in an Unbiased Manner

● Specific Procedures

● Analytical Procedures (Phases)

2. Consider Materiality
3. Identifying and Assessing the Risks of Material Misstatement

Auditing in Project management

While reviewing the organizations’ project management process, Internal auditors should
confirm that the organization has implemented project management procedures and verify that:
● There is a framework and methodology for project management that outlines exactly how
the project should be carried out as well as the necessary and crucial performance criteria.

● There is an evaluation and approval process for the project, specifying the standards for
quality, the resources available for utilization, and the deadlines for the deliverables.

Key objectives of Project management:

● Projects are planned out and in line with corporate goals.

● Projects are executed with a high level of quality, on schedule, and within the allocated
budget.
● Staff with the necessary skills are obtained and retained.

Sample business with High-risk and High-impact activities:

Construction business involves doing unique construction projects such as to construct a wide
variety of buildings, developments, housing, path, pavement, roads, motorways, and other types
of construction projects.

Common project risks involving construction projects:

● Safety hazards that lead to worker accidents and injuries
● Managing change orders
● Incomplete drawings and poorly defined scope
● Unknown site conditions
● Poorly written contracts
● Unexpected increases in material costs
● Labor shortages
● Damage or theft to equipment and tools
● Natural disasters
● Issues with subcontractors and suppliers
● Availability of building materials
● Poor project management

Key Actions in Auditing Project Management by Phase

Initiation:

● Obtain and review the project’s key project objectives, scope, budget, and deliverables
milestones and timeline, quality requirements, and resource requirements (e.g., human,
material, financial, equipment, and facilities)
● Analyze the data and discuss with the team if the timetable, budget, and scope are
reasonable.
● Identify the stakeholders of the project and verify their interests are being captured and

● addressed

● Review and examine the project charter to see if it gives adequate information regarding
scope, project's goals, stakeholders, roles, responsibilities, resources deliverables, and
authority
● Verify that the charter has been approved and accepted by the relevant stakeholders

● Determine if there is strong sponsorship for the project

 ● Determine if senior management and subject matter experts (SMEs) are involved in the
planning process of the project.
● Verify there is detailed project scope and plan/schedule documentation, detailing
tasks/activities, and assignments
● Obtain and review the project risk assessment to make sure it is comprehensive and
updated periodically to ensure its continued relevance
● Obtain and review the project’s contract(s) to make sure it is in force, it was reviewed by
the legal department before signature, and its terms and conditions provide reasonable
safeguards to protect the organization’s interests

Planning:

● Review the Gantt, CPM, and financial analysis (e.g., payback, ROI, and IRR
calculations)

● Review business requirement documentation, time and cost projections and actuals

● Confirm that the necessary stakeholders have approved the system's functioning and
features
● Verify that application controls (e.g., edits, validations, exception reporting, and control

● totals) are included in the design

● Determine if reporting functionality (internal/external, canned/ad hoc) is included in the

● design

● Determine if data migration is included in the project plan, and if the data will be cleaned
before being migrated into the new system
● Determine if necessary interfacing/compatibility/integration is included in the design and
being built according to plan
● Determine if access controls are included in the design and being built according to plan
with necessary consideration given to segregation of duties
● Verify data quality receives appropriate attention to address accuracy, integrity,
consistency, completeness, and existence expectations
 ● Confirm input, output, processing, backup, recovery, and security controls are part of the
original design

Executing:
● Examine progress reports to see if the work is progressing as expected by ensuring that
their information has enough and pertinent detail, that it is produced with appropriate
regularity, that it is delivered to the required stakeholders, and that any discrepancies are
immediately resolved
● Review the variance analysis for time, cost, and scope

● Review change orders to check for an excessive volume and value, vendor concentration,
and unapproved or missing approvals.
● Review purchases/procurement activities to verify they are for legitimate purchases, were
budgeted, approved, executed, and recorded by authorized individuals
● Inquire with project stakeholders if meetings and other communications occur with
sufficient frequency and detail to facilitate project work and address issues effectively
● Confirm that risk monitoring and reporting systems are detecting problems and resolving
them quickly and efficiently
● Determine whether change management policies are in existence, adhered to by
everybody, and applied consistently and successfully
● Review progress reports to make sure that metrics are being captured, analyzed, and
appropriate responses applied to correct deviations in the project’s progress
● Review relevant metrics. For example
– Schedule metrics
• Critical path slippage
• Cumulative project slippage
• Number of activities added
• Number of activities completed early
• Ratio of activities closed to date to number expected (i.e., activity closure index)
– Resource metrics
• Budget to actual variance
• Excess consumption of funds
• Unplanned overtime and activities
• Staff turnover
Closing:
● Review plan and process to transition the system to operations

● Verify training plans are in place, verify they are sufficiently detailed and will target all

● necessary system users

● Verify maintenance arrangements and service level agreements (i.e., SLAs) provide
adequate safeguards to ensure the continuing operation of the system
● Examine impact analysis documentation

● Examine the following measures of effectiveness to verify the organization will

maximize its benefits from the system:
– Achievement of the established objectives
– User satisfaction
– Usage
– Usability
– Compliance with required design and performance standards
– Flexibility

Important Documents
◾ Project charter
◾ Budget
◾ Feasibility studies (e.g., Market analysis)
◾ Schedule (e.g., Gantt chart and CPM)
◾ Staff list and organizational chart
◾ Contract
◾ List of key suppliers
◾ List of change orders
◾ List of contractors and subcontractors
◾ Recent progress reports
◾ Concept and feasibility analysis

INHERENT RISK ASSESSMENT PROCESS

1. Understand the entity and its environment
2. Identify significant classes of transaction
3. Identify significant risks
CONTROL RISK ASSESSMENT PROCESS
1. Determine the acceptable level of audit risk
2. Identify detection risk to determine the nature, timing, and extent of audit procedures

IT projects and the system development life cycle

The systems development life cycle (SDLC) is a conceptual model used in project management
that describes the stages involved in an information system development project, from an initial
feasibility study through maintenance of the completed application. SDLC can apply to technical
and non-technical systems.

There are five phases generally used to describe project life cycles:
1. Initiation
2. Planning
3. Executing
4. Closing
5. Monitoring and Controlling

Keys to Success and Reasons IT Projects Fail

IT projects represent a strategic and operational enabler for organizational success, but they also
represent a large risk. Except for companies that manufacture and sell hardware or software, IT
acts as the backbone of businesses, enabling data to flow both inside and increasingly outside the
company. It also allows for the delivery of updates, instructions, and performance reports, as
well as the management of staff, resources, and expenses.
Reasons IT Projects Fail:
1. Working backwards from a drop-dead completion date
2. Inexperienced technical lead
3. Buying off-the-shelf package and over-customizing it
4. Poor data modeling
5. Not using a specific methodology
 a. Waterfall. Characterized by the project being divided into sequential phases.
b. Prototyping. The focus is on reducing project risk by breaking a project into smaller
segments.
c. Rapid application development (RAD). It breaks a project into smaller segments
making it
6. Using an inappropriate software tool
7. Poor data migration
8. Poor or insufficient testing
-testing can be further defined by the specific type of attributes or performance being examined,
for example:
a. Graphical user interface (GUI) testing. It evaluates the system’s graphical use
interface, such as the location, appearance, and functionality of buttons, menus, and
dialog boxes.
b. Usability testing. Focuses on testing a product’s ease of use with real users to
determine if it meets its intended purpose.
c. Performance testing. Done to determine how a system performs in terms of
responsiveness and stability under various workloads, including scalability and
reliability.
d. Compatibility testing. This is done to determine if the system is compatible within the
computing environment, such as working effective with different peripherals, operating
systems, databases, emulators, and browsers.
e. Security testing. Designed to identify flaws in the security mechanism that protects the
data and functionality as expected.
f. Penetration testing. Involves simulating an attack by a malicious party by exploiting
found vulnerabilities in the security infrastructure to gain access, highlighting the
potential for a real attacker to gain access to confidential information, affect data
integrity, or limit the availability of a service.
g. Availability testing. Tests designed to make sure that information, communication, and
services are available and ready for use to requesters when expected or needed.
h. Regression testing. It involves verifying that software previously developed and tested
 continues to perform as intended after it was changed.
i. Nonrepudiation testing. As e-commerce continues to grow in volume and importance,
nonrepudiation testing has also become increasingly important.
9. Lack of user involvement
10. Poorly defined, unclear, or no requirements
11. Communication breakdowns
12. Poor failure warning signals
13. Lack of top management commitment
14. Employee turnover

GROUP 6
De Villa, Kimberly Fatima
Dimara, Junel Rein
Dulce, Ashley Anne
Encela, Piolo Andrei

QUALITY CONTROL

In auditing, quality control is the process of ensuring all the quality

protocols of professional standards have been followed while performing

auditing. The process is based on objectivity. All the results provided by this

review are unbiased and based on facts. The firm gets sure that it has complied

with all the quality parameters throughout an audit.

The overall goal of this review is to check whether the firm complies with

professional and organizational standards of quality control or not. This process

enables the auditor to issue a clean audit report.

Why quality control is important for organizational success

Importance of Quality Control for organizational success

Quality control is crucial because in order to create a successful company that

produces goods that meet or surpass consumers' expectations. Additionally, it

serves as the cornerstone of a productive, efficient firm that reduces waste.

Here are a few additional reasons why quality control is crucial for your business,

to be more precise:

Provide Improvement Opportunities

Despite the fact that your quality assurance procedure is effective, there is

always improvement. The only issue is that you have no clue how to make this

procedure more effective. Therefore, you must do quality control to acquire

suggestions for areas where you may improve. The goal is to gather data that

demonstrates how well your quality control methods are working. Finding

performance gaps and taking the right action are simple with this data.

Improve Compliance

The government has established a number of regulatory criteria that a

corporation must abide by; breaking these restrictions may be expensive. If your

organization doesn't adhere to these regulatory obligations, you run the danger

of severe fines and punishments. Enhancing compliance and managing risk are

made possible by quality control.

Enhancing compliance helps an organization save future expenditures and

decreases legal risk while also increasing employee engagement and fostering

a sense of trust among its clientele.

Safety, returns, facilities, warranties, equipment and labor issues

 Safety Quality Control

When you control quality, you measure your company's outputs and take

corrective actions if you are not producing products up to your standards. Use

the same procedures to ensure that your production does not endanger the

health and safety of your employees and that consumers can use your products

safely.

Returns Quality Control

Quality Control Return is a term describing Returns initiated after the product or

material failing to meet specifications during receiving or manufacturing

inspection.

Quality Control Facilities

There are 3 Facilities of Quality Control:

● Inspection before plating to ensure good parts before processing

● Inspection after plating using appropriate measuring tools and;

● Testing equipment.

Implementation of quality procedures of the Nadcap process and AS 9100 for

aerospace customers and ISO 9001 for non-aerospace customers.

Quality Control Warranties

The legal warranty of quality allows a buyer to obtain a reduction of the sale

price or, in the event of serious defects, the annulment of the sale. The legal

warranty of quality is not a warranty for the value of the property brand new.

Quality Control Equipment

Many manufacturing companies include a quality control department that will

verify manufactured parts, as well as the tools used to produce parts. The

measured results need to conform to standards and specifications provided by

the customer. The most common machines to do this are coordinate measuring

machines (CMMs), optical comparators, and video inspection machines.

Quality Control Issue

Throughout the process of manufacturing, issues may occur that affect

production. The end results of these issues are defects, deficiencies, or significant

variations in the final product's expected performance or appearance.

The Importance of Design and the Link to Quality

The Link between Process Weaknesses and Internal Control

Many people think that internal controls "get in the way" and prevent tasks from

being completed. The truth, however, is quite the contrary. The accomplishment

of goals can be affected by unchecked risks. Goals are therefore more likely to

be accomplished by reducing the likelihood and/or impact of these undesirable

events.

There are 3 designs that link to quality control

 ● COSO Framework

● Six Sigma and Lean Six Sigma and;

● ISO 9000 and ISO 31000

COSO FRAMEWORK

COSO states that “internal control is a process affected by an entity’s board of

directors, management, and other personnel, designed to provide reasonable

assurance regarding the achievement of objectives relating to operations,

reporting, and compliance.”

These internal controls are “geared to the achievement of objectives, it consists

of tasks and activities, and adaptable to the entity structure, from the entire

entity, to its operating units and business processes.” Internal controls enable the

achievement of operational objectives by helping to mitigate the risks that can

jeopardize the achievement of those objectives. It is unfortunate, however, that

many people think of internal controls as “getting in the way” and impeding

work from getting done. The reality is quite the opposite. Unchecked risks can

derail the achievement of objectives. So, by mitigating the likelihood and or

impact of these negative events, objectives are actually more likely to be

achieved.

Another important point is that processes are a series of actions taken toward a

purpose. Without an end, processes don’t have any meaning, they become

“busy work” characterized by erratic actions that consume time, financial, and
material resources, and wear out equipment unnecessarily. Employees should

engage in activities within a process because the series of actions and steps will

be orchestrated so as to achieve a goal.

Internal controls, then, support existing processes by helping to protect the

organization against risks that threaten the achievement of objectives. Formally

documenting, establishing responsibility and accountability to perform these

activities, and ideally linking the performance of these controls to the

organization’s rewards mechanism, will go a long way toward making sure that

negative events are held in check.

Six Sigma and Lean Six Sigma

Six Sigma is a process improvement methodology designed to make sure that a

process will deliver its output within a prescribed tolerance range. It is a business

and process improvement methodology used to improve processes by using

statistical analysis to identify the sources of error and determine the best way to

eliminate them. It is a collection of management tools and methodologies to

reduce variation, errors, and increase the speed of execution, while focusing on

eliminating mistakes, rework, and waste.

A key objective of Six Sigma is minimizing variability. Variability refers to the

degree to which results differ from what was expected. It has to do with how

much results can vary or change. This is generally not a desirable outcome for a

process, since predictability and consistency of results is better. In fact,

identifying and communicating variability is the key concept driving the

formulation of internal audit findings: The difference between the performance

criteria of a program or process and the condition the auditors identified

through audit techniques while performing a review. Hence, the goal of Six

Sigma and the goal of internal auditors to report deviations from the expected

practice are similar. At a consultative level, internal auditors are tasked with

identifying opportunities to improve business processes, and here again, Six

Sigma can help internal auditors.

Six Sigma and Lean concepts continue to enhance stakeholder value by

providing discipline in organizations. No longer considered a tool for

manufacturing organizations, these methodologies have proven time and time

again that companies in service industries, NGOs, and government

organizations can also benefit from them. In fact, many internal auditors are

pursuing Yellow, Green and Black Belt certifications to understand the principles,

apply the concepts, incorporate the results in their work, and leverage this

expertise to persuade their organizations to adopt the methodology.

ISO 9000 and ISO 31000

According to the ISO, the ISO 9000 family of standards address various aspects

of quality management. This is only one set of the more than 20,500 international

standards the organization has published and that are widely embraced

around the world. In fact, with members in 162 countries and 3368 technical

bodies, ISO provides a great deal of guidance on almost all aspects of

technology and manufacturing. The guidance and tools available are helpful

for companies and organizations who want to ensure that their products and

services meet customers’ requirements, and that quality is improved

consistently.

Standards in the ISO 9000 family include

● ISO 9001:2015—It sets the requirements of a quality management system

● ISO 9000:2015—Addresses the fundamental concepts and language

● ISO 9004:2009—Focuses on how to make a quality management system

more efficient and effective

● ISO 19011:2011—Provides guidance on internal and external audits of

quality management systems

ISO 9001:2015 establishes the criteria for a quality management system and it

can be used by any organization regardless of its size or field of activity.

According to the ISO website there are over a million organizations in over 170

countries that are ISO 9001 certified.

This standard is based on seven quality management principles (Table 8.6),

namely:
Using ISO 9001:2015 helps ensure that customers get consistent, good-quality

products and services, which are an area of focus for internal auditors as well.

So what are the implications for internal auditors?

The definition of internal auditing states that internal auditing is “...designed to

add value and improve an organization’s operations. It helps an organization

accomplish its objectives...” Internal auditors do this by defining the scope of

their review and developing a risk-based audit program during the planning

phase. Later, during fieldwork, they test the structure of programs and processes,

the transactions performed within those programs and processes, and interact

with the operators working within those structures, programs, and processes.

The ISO Quality Management Principles provide a useful baseline to examine

the structure, conditions, and practices within the designated scope area to

determine if the criteria are sound and if the practices are conducive to

successfully meeting the expectations of the organization’s stakeholders.

Internal auditors can use the principles, and the aspirational tenets within them

to construct audit programs that probe for the presence and functioning of the

mechanisms that will enable the program or process to achieve them.

Locating quality issues: Prevention or Detection

Preventive and Detective controls

Definitions of preventative and detective controls must come first.

Preventive controls are measures taken to lessen the chance and consequence

of an error or omission before it occurs. Detective controls, on the other hand,

find mistakes or anomalies after they have happened and notify the need for

corrective action.

Locating quality issues helps maintain consumer expectations and

guarantees product consistency. Additionally, this lowers costs and lowers the

likelihood of liability claims and lawsuits. To avoid errors and catastrophes when

producing or supplying clients, quality control and assurance are necessary.

Quality control and Quality assurance

ISO 9000 defines quality control as “part of quality management focused

on fulfilling quality requirements.” This control helps in regulating the quality of

products or services and prevents unpleasant changes in the quality standards.

Quality assurance, on the other hand, is defined as “part of quality

management focused on providing confidence that quality requirements will

be fulfilled”. Based on the definition, it is implied that quality control is mainly a

detective control while quality assurance is a preventive control.

Quality control is an activity done in order to correct any errors or

deficiencies in a product or service. Human inspection may be needed in order

to foolproof or correct errors immediately before it reaches the consumers. If

there are no controls in place, there is a higher chance that your products or
services will not be good. The more controls you have, the more likely a product

will be flawless.

Quality assurance is an activity that is used to determine whether a

product meets quality standards. It sets and maintains requirements for

producing products or services. It gives confidence that quality requirements

are fulfilled within the organization for consumers and regulators. One example

of quality assurance is testing software under high usage. Another example is

testing a product to know when it will break or fail under heat, water, etc.

Finding the right balance

In order to prevent quality issues, there must be a balance between the

two. The following are the reasons why one cannot rely on detective controls

only:

1. Detection is not always sufficient - Detection is not always perfect

so it is important that it is prevented. Without detection of root

causes, there will always be flaws in the goods/services.

2. Detection can be expensive - This may need additional equipment

or personnel for inspections which may cost a lot.

3. Increases scrap and production costs - when there is a detected

anomaly on a product, it may either be scrapped or reworked. This

may mean an increase in production cost caused by correcting the

error.

4. Customer complaints and product returns - if the method for

detection is ineffective, it can cause a lot of customer complaints

from defective products delivered. Products may also be returned

 which may cost the company. Worse, it may lead to lawsuits and

liability claims.

5. Costly root investigations - relating to the previous number, this may

trigger deep root cause investigations for non-compliance of

standards for service or products. This is both time-consuming and

costly for the manufacturer/service provider.

 OPERATING AUDITING REPORT
HUMAN RESOURCES

GROUP 7
Members:
Consolacion, Angelo Victor
Chua, Stephanie
Dayacap, Brennan
De Chavez, Tricia Mae

CRITICAL ROLE OF HUMAN CAPITAL MANAGEMENT

Personnel are likely to represent the largest proportion of operating costs for an
organization. Furthermore, the performance of (and the contribution made by) employees is
normally crucial to the success or otherwise of the entity. Management is responsible for
ensuring that adequate numbers of suitably experienced, trained and motivated employees are
provided in support of the organization’s objectives. In many organizations, however, the
human resources department is dedicated to obtaining and retaining employee files, and pays
scant attention to the other aspects of the HR function, such as motivation, training,
development, and succession planning to ensure organizational continuity. Meanwhile, human
capital management (HCM) transforms the traditional administrative functions of human
resources (HR) departments — recruiting, training, payroll, compensation, and performance
management — into opportunities to drive engagement, productivity, and business value. HCM
considers the workforce as more than just a cost of doing business; it is a core business asset
whose value can be maximized through strategic investment and management—just like any
other asset.
a. Attract and retain talent
b. Respond with agility to change
 c. Optimize workforce management and spending
d. Improve employee lifecycle

EVALUATING THE EMPLOYEE’S WORK LIFE CYCLE

According to the article from Oracle netsuite. Employee life cycle is a model that works
to explain the different stages most employees will experience with their employer

The employee life cycle starts when they learn about a firm or a job opportunity,
continues through recruitment, hiring, and onboarding during their employment with the
organization, and culminates with their exit and experience after employment.

These are the stages of the employee lifecycle according to Oracle netsuite
1. Attraction
The employee life cycle begins before you’ve even made any contact with the
person in many cases. Employees start their journey with a company in the attraction
phase. While attraction may be easier for well-known national brands, prominent local
businesses or industry-leading organizations, you can’t hire anyone unless they’ve heard
of your business—whether through a job posting or elsewhere—and have some interest
in what you do.

2. Recruiting
Recruiting is where you interact with a prospective employee for the first time.
During the recruitment stage, a prospective worker will become more familiar with your
company culture and what the job entails. Consider the benefits of using current
employees and your own network when seeking qualified candidates over outside firms.

3. Interviewing
Interviewing is a critical phase of the employee life cycle. During the interview,
both the employer and the candidate should ask questions and get a feel for whether or
 not the position is a good fit. While most employers look at interviews primarily as a step
in qualifying employees, it’s just as important for the interviewee to determine if the job
and company culture is right for what they want in a job or career and the employer must
be able to help communicate that in the interview.

4. Onboarding
Think back to your first day at work. It can be exciting, overwhelming and
stressful all at once. Ensuring employees get off to a successful start is a team effort.
Hiring managers, human resources (HR) and IT often need to collaborate to get an
employee onboarded and trained as efficiently as possible while also instilling company
values and connecting them with colleagues.

5. Engagement
Once the new job’s initial excitement wears off and workers settle into a routine,
they may become complacent. Strong company culture and a focus on employee
engagement can help keep your employees excited about what they do when starting
work every day. Engaged employees are generally more productive and likely to stay in
their position longer.

6. Development
While some workers are happy to stay in the same role for many years, others are
motivated to improve their skills and move up within the organization. Even if you have a
small business where there are few opportunities for promotions, you can give staffers
new responsibilities and projects to help them grow within their roles. Regular pay raises
go a long way as well.

7. Retention
Employee attrition is a natural part of running a business. But you can take steps
to retain your best performers. That means listening to their suggestions, empowering
them to improve how they do their work, keeping them engaged and ensuring they are
comfortable in their daily routine.
8. Recognition
A steady paycheck and strong benefits are most likely the main reasons someone
goes to work every day but going a step further with regular employee recognition can
boost employee happiness and dedication to the team. Encouraging managers to
recognize a job well done and offering workers a way to acknowledge their peers can be
beneficial for everyone involved.

9. Offboarding
When an employee leaves, they hopefully do so on good terms. Instead of
escorting someone out of the building when they give two weeks’ notice, it’s best to plan
for a smooth transition of duties, cross-training for anyone who may need to temporarily
take over a project or task and preparation of final payroll and benefits.

10. Separation
In an ideal situation, employees leave your company with fond memories and
well wishes for their peers. To improve your future results, make sure you take the time
to understand why the employee is leaving and get honest feedback on what you can do
to make the company a better place to work in the future. Once you’ve taken care of
things like network account access, keys and company assets, you may want to host a
friendly goodbye lunch or happy hour to celebrate their time at the company.

11. Alumni
After an employee leaves and any final paperwork is done, they may not
disappear from the company’s orbit forever. In addition to ongoing friendships with
current employees, company alumni may still be a source of future referrals. You may
even find you’ll work with them again at some point in the future. Doing your best to not
burn bridges is the best strategy for everyone involved.
But according to Duane Morris, the employee life cycle consist of the following:
The Duane Morris Employee Life Cycle Audit
The Duane Morris Employee Life Cycle Audit reviews:
● Job Applications
● Interview Procedures
● Onboarding Documents
● Employment Agreements
● Confidentiality, Non-Competition, Non-Solicitation and Trade Secret/ Intellectual
Property Protection Agreements
● Employee Handbooks
● Code of Conduct/Ethics Policies
● Cybersecurity and Privacy Policies
● EEO Policies and Training, including #MeToo initiatives
● Wage and Hour Compliance/Pay Practices
● Salary Reviews
● Leave of Absence Compliance
● Employee Safety Procedure

ASSESSING EMPLOYEE MORE AND EFFECTIVENESS OF COMMUNICATIONS

Human resources managers are increasingly prioritizing employee engagement as a

critical key performance indicator. However, employee engagement is a complex construct to
measure, with many different elements constituting how engaged an employee feels. One of the
pillars of engagement is enthusiasm or morale, which managers can boost in a variety of ways,
including by emphasizing worker well-being

What Is Employee Morale?

Morale refers to how an employee feels about their job, the company, and the overall
working conditions. While employee engagement typically refers to a broader set of behaviors an
employee exhibits in relation to their work, morale usually refers more to the mental attitude and
emotional connection an employee demonstrates while they’re working.

A few of the factors that affect employee morale include:

● Workplace culture and organizational leadership

● Alignment between the employee’s skills and the type of work
● Le1vel of feedback, coaching, and development
● Work-life balance and support for managing work-related stress
● Personal health and well-being of the employee

In order to improve employee morale, organizations need to have strategies to help

improve each of these areas for their employees. Using a combination of the below approaches
can help managers gain a deeper understanding of current employee morale levels and how to
improve them.

1. Attitude Surveys
2. Employing Counseling
3. Grievance Reporting
4. Suggestion Boxes
5. Exit Interviews
6. Productivity
7. Engagement
8. Turnover and Absenteeism

Effective Communication Is Vital to Employee Morale

Communication is a vital management component to any organization. Whether the

purpose is to update employees on new policies, to prepare for a weather disaster, to ensure
safety throughout the organization or to listen to the attitudes of employees, effective
communication is an integral issue in effective management. To be successful, organizations
should have comprehensive policies and strategies for communicating with their constituencies,
employees and stakeholders as well as with the community at large.
The Importance of a Comprehensive Communication Strategy

Most HR professionals and organizational leaders agree that linking corporate communication to
business strategy is essential to effective and consistent business operations. With a formal and
comprehensive communication strategy, organizations can ensure that they:

● Communicate consistent messages.

● Establish a recognizable employment brand.
● Deliver messages from the top that are congruent with the organization's mission, vision
and culture.

The Impact of Effective Communication

Effective communication may contribute to organizational success in many ways. It:

● Builds employee morale, satisfaction and engagement.

● Helps employees understand terms and conditions of their employment and drives their
commitment and loyalty.
● Gives employees a voice, an increasingly meaningful component of improving
employees' satisfaction with their employer.
● Helps to lessen the chances for misunderstandings and potentially reduces grievances and
lawsuits.

The Impact of Ineffective Communication

● Ineffective communication may increase the chances for misunderstandings, damage

relationships, break trust, and increase anger and hostility.
● Ineffective communication may stem from poorly aligned strategy, a failure to execute
the strategy, use of the wrong communication vehicle, bad timing, and even nuances such
as word choice or tone of voice.
FOCUSING ON OFTEN NEGLECTED ASPECTS OF PERSONNEL MANAGEMENT
Personnel Management is a traditional approach to managing people in the
organization. Human Resource management is a modern approach to managing people in an
organization.
Personnel Management focuses on personnel administration, employee welfare, and
labor relations. Human Resource management focuses on the organization’s acquisition,
development, motivation, and maintenance of human resources.
Personnel management deals with the managerial functions of estimating and
classifying human resources requirements for meeting organizational goals through people at
work and their relationships with each other. It involves strategies that ensure the right number of
employees, a right combination of talent, training, and performance in jobs.

Often-neglected aspects of personnel management:

1. Lack of Adaptability. Plans and protocols are typically followed by personnel
management to standardize how your company manages its employees. Humans are
neither machines or pieces of data, therefore a strategy that works for one person might
not work for another.
2. Personnel management Costs money and doesn't always yield short-term returns.
The money you invest in personnel management may be necessary cash that your
company could better use for inventory or equipment upgrades.
3. Time. Hours spent training and orienting employees are hours that aren’t spent on
business activities that directly bring in revenue. If the company is short staffed or have
urgent business matters to resolve, a human resources program may divert your staff
when you need them most.
4. Personnel Management is unpredictable. There is no guarantee that the staff you train
will stay with your company. Investing in a human resource program is risky because you
 may devote resources toward improving the skills of personnel who don’t stay with your
company long enough for you to recoup your outlay.

GROUP 8: ENERGY - BATTULAYAN,

BUSANO, CASTOR EXAMINING THE

BENEFITS BEYOND MONETARY

SAVINGS

What is an Energy Audit?

Energy audit is a process or technique of analyzing the energy usage inside a building or
facility. It includes inspection, survey, and analysis of energy flows in a building. A qualified
team is involved in the process where they analyze the various departments and their energy
usage. It is the first step towards identifying the energy saving opportunities in commercial and
industrial settings. An energy audit is a comprehensive evaluation of your company’s use of
energy. Using cutting-edge diagnostic technology, a professional auditor will identify where you
might be wasting energy and then recommend opportunities where you can cut expenses. The
ultimate goal is to find cost-effective solutions for decreasing your energy usage without
negatively impacting your business operations.

It mostly has three stages:

• Investigation or analyzing Phase
• Monitoring Phase
• Analysis & Reporting Phase

Energy audits are essential for all types of industries to reach their goal of energy efficiency.
Who Conducts an Energy Audit?

A registered energy advisor or energy auditor will conduct a home energy audit or
business energy audit. In addition, energy auditors are responsible for completing energy
efficiency assessments of commercial and non-commercial buildings.

What Is Done During an Energy Audit?

There are three parts to an energy audit: evaluation, testing, and efficiency
recommendations. Once the audit is complete, the auditor will provide you with a report outlining
energy consumption, a final energy grading, and home improvement suggestions to cut energy
costs on energy bills.

Are There Different Types of Energy Audits?

Two types of energy audits are available: a preliminary energy audit and a detailed energy
audit. The type you choose will depend on your needs.

● Preliminary energy audit: This type of audit is simply a data-gathering exercise that
offers a preliminary analysis. Often the auditor will conduct this type of audit via a walk-
through investigation. A professional energy auditor will utilize readily available data and
limited diagnostic instruments to complete a preliminary energy audit.
● Detailed energy audit: This type of audit is completed by a professional auditor who
monitors, analyzes, and verifies energy use to establish problem areas and ways to
implement energy efficiency improvements. They will present their findings and
suggestions in a detailed technical report. Additionally, during a thorough energy audit, a
professional energy auditor will use sophisticated instrumentation such as a flue gas
analyzer, a scanner, and a flow meter.

What are the Advantages of an Energy audit?

An energy audit will give you a list of action items, with estimated costs and benefits, to
reduce your energy usage, energy costs and carbon footprint. With this clear guidance, it's easy
to prioritize and know exactly what you need to do to reduce your energy costs and greenhouse
gas emissions, how much you’ll need to spend, and what you can expect to save.

When undertaken by an experienced energy auditor:

 ● An auditor should be able to identify a greater number of savings opportunities than you
could on your own.
● An auditor will be able to come up with an estimate of savings to an acceptable degree
of accuracy (as determined by the audit scope).
● An auditor can identify likely desired and undesired consequences of a particular
upgrade, and undertake calculations to quantify them. Eg. In a cold climate the auditor
would quantify both the electricity savings arising from upgrading office lighting to high
efficiency LED, and the increased energy usage of the heating system to heat the
buildings (as more efficient lights produce less heat, heat which usually helps keep the
office warm). The maintenance savings from longer lasting LEDs would also be
identified.
● An auditor can give you up to date advice on specific technologies.
● An auditor can help you avoid investments in well-marketed technologies with dubious
energy saving potential.

What are the Benefits of Energy Audit beyond monetary savings?

An energy audit is recommended to determine the energy consumption associated with
a facility and the potential savings associated with that energy consumption. An energy audit
has significant financial benefits. In particular, energy audits SAVES MONEY because they
show how you spend money on energy and where you waste money on energy. When your
facility becomes more energy efficient, you begin to save electricity and reduce costs on
monthly energy bills. Audits may save up to 30% of your total utility bills.

From a general point of view, an energy audit provides enormous benefits in different areas:

● Ensure Health and Safety: Safety for your family should be of utmost priority to you.
During an energy audit, a facility is inspected for health and safety. The audit team uses
advanced tools and techniques to check if there are any electrical or other hazards,
ensure the wiring is done properly so that it will not lead to electrical fires, test for fuel
leaks in the furnace, perform combustion appliance zone testing on all combustion fuel-
powered appliances.

● Identify Your Potential Energy-saving Opportunities: An energy auditor can assess

where your facility is losing the most energy and then proposes improvements to make
 to help save energy and reduce your utility bills. Once an energy auditor identifies where
your facility requires energy improvements, you can take steps to resolve the issue. An
audit may reveal the need to clean your air ducts, changing settings on appliances,
upgrading appliances to energy-rated models, and etc. With your energy auditor’s
advice, you’ll have a better idea of where to begin.

● Increase Your Comfort Level: Energy audit improves the energy efficiency of your facility
and increases control over your environment. Improvements in insulation and air sealing
reduce heat transfer, leading to a more stable, efficiently heated and cooling space. This
increased comfort through an improved thermal envelope can lead to not only increased
productivity, but also a reduction in utility costs for you.
● Show Environmental Concern: An energy audit helps you reduce overall energy
consumption which has a significant impact on the environment. You will increase the

efficiency of electricity consumption which will decrease the use of electricity from
fossil

fuels which consequently helps lower the carbon footprint of your facility. This is the

most basic step towards saving our planet from the pressing environmental issues that
the

world faces
today.

● Value of Your Facility: Energy audits contribute to a higher property value, as your
facility is better maintained, becomes more energy efficient and saves on overall energy
bills. Increasing your home’s energy efficiency is one of the best home improvements
you can make to increase property values if you eventually sell the property or lease it.
Energy-efficient facilities with additions such as solar panels, a solar hot water system,
extra insulation, and energy-efficient temperature control are highly sought after by
potential buyers.

● Longer Equipment Lifespan: An energy auditor might recommend that you update some
of your equipment for maximum energy savings. If you decide to upgrade, you will not
only save on energy costs, but you can also expect the equipment to last a long time.
 This is because newer, more energy-efficient equipment doesn’t have to work as hard as
older, outdated units to provide the same level of performance.

PERFORMING ENERGY AUDITS EVEN IF

YOU ARE NOT AN ENERGY EXPERT
Professional Energy Auditor

According to information collected from the Department of Energy, running energy audits
should only be done by an energy specialist who is also qualified and recognized by TESDA
and DOE (DOE). Based on the Department of Energy Department Circular DC2021-01-0001, if
you are an individual or business with demonstrated credibility and competence to conduct an
energy audit, you are authorized to be termed an EA or an Energy Auditor. Energy auditors
must also register their names with the DOE - Energy Utilization Management Bureau (EUMB)
first.

A competent EA should also have completed or have at least one year of continuous
experience in energy auditing. These individuals deliver technical audit reports to other
specialists, and these studies serve as the primary foundation for establishing how the
establishment can reduce energy consumption, lower energy expenses, minimize
environmental impact, and improve the establishment's and/or business' performance. As a
result, before performing any responsibilities or tasks in any establishments or businesses, an
energy auditor should be qualified and accepted by DOE. Technical Education and Skills
Development
(TESDA) and the Department of Energy create their certifications (DOE).

Energy auditors also work alongside other specialists such as Certified Energy
Conservation Officers (CECO) and Energy Managers (CEM).

How Do I Conduct an Energy Assessment Even Though I am not an Expert in this area?

While a professional energy auditor is the best way to determine where your facility is
losing energy and where you can save, you can conduct your own simple but diligent walk-
through and spot many problems in any type of facility. This "do-it-yourself" energy audit will not
be as thorough as a professional energy auditor, but it can help you pinpoint some of the easier
areas to address.
It will be helpful to keep a checklist of the areas that you have audited and note the problems
you found. This list will assist you with prioritizing the energy efficiency upgrades you need to
consider.
It’s essential to remember that completing a do-it-yourself facility energy audit will not be as
reliable or credible as hiring a professional. Also, leave it to a professional if you’re not sure about
how to inspect or remedy a problem.

● Step One: Look for air leaks. The first step is to identify any drafty areas. Air leaks are
often found at junctures between doors, windows, electrical outlets, walls, and ceilings.
Should you locate a leak, consider sealing it with caulk or weatherstripping.

● Step Two: Evaluate your facility’s ventilation. After you’ve looked for air leaks, evaluate
your home’s ventilation. If you burn fuel like natural gas, propane, or wood, you must
ensure an adequate and healthy air supply.

● Step Three: Check your insulation levels. This step is pretty simple. You need to check
your facility’s insulation levels by examining the insulation in your attic and around your
heating and cooling systems. Lack of proper insulation causes higher energy usage,
especially during the winter.

● Step Four: Evaluate your lighting. It might not seem like a big energy user, but the
lighting in your house can cause sky-high energy bills. Switching to LEDs, energy-saving
incandescent bulbs, or CFLs can help.

● Step Five: Check your appliances and electronics. One of the best ways to save energy in
your facility is by using energy-efficient appliances. That’s why when conducting your
energy audit, it’s important to consider the types of appliances and electronics you have.

INVESTIGATING KEY ASPECTS OF THE

ORGANIZATION FOR COSTLY WASTEFUL
PRACTICES
There are many energy-efficient solutions accessible for forward-thinking businesses,
from choosing to adopt more resource-efficient models of building, remodeling, and
deconstruction to taking into account alternative insulation, heating, water, waste, and gas
reduction options. By increasing their awareness of their energy use and efficiency, companies
can enhance their energy performance with the aid of an energy audit. Companies must either
establish an energy management system in accordance with the ISO 50001 standard or
undertake regular energy assessments in accordance with EN 16247 or ISO 50002 standards in
order to establish a process of continuous improvement in energy efficiency. Identifying the
finest green choices available to assist the business save energy and money, energy efficiency
evaluations can help you run your business more efficiently.

To maintain a harmonious balance between business and the environment, green building
standards, certifications, and rating systems have been established due to the direct and
indirect environmental impacts that buildings have on their surroundings. These certifications
consider factors such as:

● Water efficiency
● Energy use
● Air and water emissions from manufacturing, disposal and use
● Water, energy or chemical emissions that directly impact Indoor Environmental Quality
(IEQ)
● Technical, economic and environmental quality ● Material and site aspects.

Based on the new energy efficiency act of May 20, 2016, mandates all major businesses to do
an energy audit. An energy audit is a technique used to gather data on how much energy may
be saved by a corporation, taking into account all aspects of its electrical power engineering.
Energy (both electrical and thermal), labor, and materials are frequently determined to be the
top three operational costs in every industry. Energy would invariably rank as the highest
manageable cost or potential cost-saver in each of the aforementioned components, making the
function of managing energy a significant area for cost-cutting. Energy audits will lead to a more
effective understanding of where energy and fuel are utilized in all sectors of the economy and
assist in locating potential waste sources and opportunities for development. Energy systems
are included in virtually every industrial process. A few examples include motor systems, steam
systems, compressed-air systems, pumps, and fan systems.

EVALUATING COMPANY ASSETS AND

PRACTICES FOR COST REDUCTION
OPPORTUNITIES
Energy-Consuming Systems
Boiler Plant Systems – Boilers are used to generate steam and hot water for space heating
and process requirements. In many facilities the boiler plant is the single largest
consumer of fuel energy. All boilers utilize a burner to deliver a mixture of fuel – the
major energy input – and air for the combustion process that produces heat, which is
subsequently transferred to the output medium, either steam or hot water – the major
energy output. There may also be a minor electrical energy input to operate auxiliary
equipment such as a blower.
Building Envelope – include all three types of heat transfer:
. Conduction (through or between adjacent solid materials)

. Convection (air circulation)

. Radiation (electromagnetic waves; e.g., sunlight)

All heat movement and losses through the building envelope can be quantified in
terms of these three types. There are many complex software applications that can
simulate in great detail the energy flows.
It deals only with energy flows and losses from the conditioned space. The energy
flows from the heating or cooling source to the building envelope, it is important to
recognize and understand the interactions between systems and how changing one
system can affect another.

Compressed Air Systems – Compressed air has been termed the third utility, often with
operating costs close to those incurred for electricity and thermal energy. Leaks of
compressed air are the most common and major cause of excessive cost, typically
accounting for about 70% of the total wastage.

Fan and Pump Systems – Fan and pump systems share many similar characteristics and
as a consequence may be analyzed in similar ways from an energy perspective. Each is
typically driven by a motor, either directly or through a belt or gearbox. Both systems will
frequently utilize centrifugal devices to create motion in the fluid or air, and as a result
both systems are governed by a set of rules, known as affinity laws.

Heating, Ventilating and Air-Conditioning Systems – HVAC systems are designed to provide
a comfortable, safe and productive environment for occupants in the form of adequate
ventilation and comfortable temperature and humidity levels.

Lighting Systems – Lighting constitutes a large but necessary portion of the electrical load
in most facilities. The lighting source (lamp, reflector, lens) is only part of the complete
system. The entire enclosed space should be considered part of the system, since many
factors such as wall colour, reflectivity, window situation and interior partitions can have
just as great an effect on the amount of light that is delivered to the task point.

Steam and Condensate Systems – Steam is commonly used as the medium to distribute
heat from the boiler to its point of end-use. The same characteristics that make it useful
as a transport medium (high heat carrying capacity) also make its distribution system
susceptible to energy loss and waste.
Opportunities for Savings in the Demand Profile

Savings Opportunities Through Power Factor Correction – Power factor values, when
viewed alongside the demand profile, help to determine what actions have caused
demand changes. Therefore, it is useful to consider savings opportunities related to
power factor at this point.
. Correct power factor at the service entrance: This can be achieved by adding a
fixed capacitor bank, provided that the load and power factor are constant.
Otherwise, a variable capacitor bank (i.e., one that adjusts to the load and
power factor) will be required.
. Correct power factor in the distribution system: When large banks of loads are
switched as a unit within the distribution system, installing capacitors at the
point of switching may be an advantage. This has a secondary benefit in that
it may also free up current-carrying capacity within the distribution system.
. Correct point-of-use power factor: When a large number of motors start and stop
frequently or are only partially loaded, it may be operationally advantageous
to install power factor correction capacitors at the point of use (i.e., the
motor). In this way the correction capacitors are brought online with the motor
and removed as the motor is stopped.
. Utilize synchronous motors to provide power factor correction: For very large
systems, capacitors can become large and unwieldy. One alternative
approach is to use a large over-excited synchronous motor, which can have
the same effect on an electrical circuit as a capacitor.

Opportunities for Energy Flow Reduction

Special Consideration for the Thermal Energy-Use Inventory

Parameters of the system to yield energy savings:

Time: It may be possible to control operation of the ventilation system more
effectively, reduce operating time, and match it to building occupancy more
closely.
Flow: Although the airflow rates during occupied periods cannot be adjusted, the
rate of unneeded ventilation at night could be reduced by using dampers that
seal properly when closed, or perhaps the system could be shut down
completely at night.
 Temperatures: If the system must run for extended periods to clear stale air
properly, it may be possible to reduce the temperature of the air during
unoccupied periods, using some sort of temperature setback method.
Actual reduction in energy flows is achieved through specific changes to equipment,
devices and operational practices.
Reducible or Recoverable Energy. An energy flow can be either reducible or
recoverable, and energy savings will be realized accordingly:
. Reducible: A flow directly associated with a purchased energy form. In
this case, reducing the flow will directly result in a reduction of
purchased energy. Examples are;
. reducing heat flow through the walls of a building by adding

insulation and
. reducing warm air lost by trimming hours of ventilation.

. Recoverable: A flow of waste heat, the reduction of which will not

directly reduce purchased energy. A good example of this is cooling
water from water-cooled air compressors. This energy flow cannot be
reduced – nor should it be, since it serves a useful purpose. However,
there is real value in the heated water, and it could be used to replace
the purchased energy being used in another system. This is called
energy recovery or heat recovery.
Special Consideration for the Electrical Load Inventory

Look first at the required energy being provided – light, air or water power, process
energy or heat. Also consider the following factors:
. The Diversity Factor. A high value indicates a load that is contributing heavily to
the peak demand.
. Operating Hours. Loads that have valid extended operating hours are good

candidates for efficiency improvement.

. Load Grouping. Are there large groups of loads that have similar operating

hours simply because they operate or are switched only as a group?

. The Night Load. If you have a demand profile available, can you justify the

night load?
 . Loads That Require Monitoring. Are there loads or groups of loads that consume
a significant portion of the overall energy and demand? Could these loads be
monitored for excessive running time or power consumption?

Load Flexibility Assessment

Load flexibility can be defined as the degree to which the pattern of electrical use in a
facility can be changed. The idea of flexible loads should be of interest to energy users
who are considering alternative electric rates, such as time-of-use and real-time pricing.
Flexible loads usually fall into one of the following:
. Energy storage: For practical purposes, this would be hot water or cold (ice)
water storage. Insulated storage tanks can be used to stockpile electrically
heated hot water during off-peak periods, so the heaters can be shut down in
peak periods.
. Product storage: In a plant that produces several different products or in which
the production is in distinct stages that can be run independently, different
products can be manufactured in a specific shift and stockpiled for the
following shift.
. Task rescheduling: In a plant where industrial processes are independent of
each other, it may be possible to schedule some tasks or processes to a
different shift, away from the more expensive electrical time of day.

Opportunities for optimization of the Energy Supply

. Heat Recovery systems utilize waste energy streams to displace inflowing energy. Such
systems range from simple ducting of warm air to complex heat pump systems.

. Heat pumps are used to exploit low-grade energy sources, such as geothermal energy

(ground heat) and air. These are commonly called ground-source and air-source
heat pumps.

. Cogeneration is often referred to as combined heat and power (CHP) systems. When
facilities or processes require hot water and/or steam and at the same time have a
demand for electrical energy, there may be an opportunity to supply both/all of them
from fuel fired combustion equipment. These systems take advantage of what would
otherwise be waste energy. With a typical efficiency of 15% to 30% in converting fuel
to electricity, the waste heat from the exhaust stream can provide the required
thermal inflow to the appropriate facilities or processes; this can boost the overall
efficiency by 50% to 80% or more.

. Renewable energy, such as solar, wind or ground heat, can be used to supplement
conventional energy sources. Although not always economical, certain applications
 of renewable energy may be cost-effective, including off-grid use of photovoltaic
(solar-generated electricity) and wind energy as well as passive solar designs for
new and existing buildings.

. Fuel switching involves replacing one fuel with another, less expensive energy source.
A good example would be converting hot water heating from electric to gas.

. Purchase optimization takes full advantage of the open marketing of natural gas and
electricity. Operations that understand what their energy use patterns are and how
these patterns can be manipulated will benefit most from purchase optimization.

Cost Considerations
Energy consumption can be reduced in two general ways:

. changing the operation of the existing systems and equipment

. changing the system or equipment technology

Two distinct action/cost categories:

. Lower cost – actions that could be funded from operational/expense budgets

and tend to result from operational actions.

. Higher cost – actions that may require capital funding and tend to involve the

installation of equipment or new technology.

Cost Reduction

It refers to measures implemented by a company to reduce its expenses and improve

profitability. These are typically implemented during times of financial distress for a company or
during economic downturns. They can also be enacted if a company's management expects
profitability issues in the future, where cost reduction can then become part of the business
strategy.

Conducting the preliminary analysis

This effort provides enough information to undertake any necessary changes in the audit
plan. An overview of unit operations, important process steps, areas of material and energy use,
and sources of waste generation should be presented in a flowchart. The auditor should identify
the various inputs and outputs at each process step. The preliminary flowchart is simple, but
detailed information and data about the input and output streams can be added later after the
detailed energy audit.
Analyzing energy bills

Energy bills, especially those for electricity and natural gas, are very useful for
understanding and analyzing a plant’s energy costs. It is important to understand the different
components of these bills, so that a correct and helpful analysis can be conducted.

Inventory and measurement of energy use

Gathering data through an inventory and measurement is one of the main activities of
energy auditing. The energy audit team should be well-equipped with all of the necessary
measurement instruments. These instruments can be portable or installed in certain equipment
(CRES 2000).
Energy Audit Instruments. It focuses on the type of measurement that should be
conducted and the analyses that can be made from those measurements in both
electrical and thermal utilities. This is useful for the energy auditors and can help them to
follow a systematic approach in order to assess the energy use and performance in an
industrial plant.
 .

Electrical load inventory - to prioritize the electricity-saving opportunities is by

the magnitude of the loads. Therefore, identifying and categorizing different
loads in a plant can be useful. Because the inventory of the loads also
quantifies the demand associated with each load or group of loads, it is
valuable for further interpretation of the demand profile.
. Thermal energy use inventory - The energy flow chart can show all energy flows
into the facility, all outgoing flows from the facility to the environment, and all
significant energy flows within the facility. List of the thermal energy outflows
is not exhaustive, but does include the major thermal energy flows:

. Energy system-specific measurements - There are different types of energy

systems in a plant such as pumping, fan, compressed air, steam, and
process heating systems. Each of these systems has their own unique
characteristics and they often require different measurement techniques and
instruments.
. Energy balance - all energy inputs can be quantified and balanced against all
energy outputs. A convenient graphical representation of this is the Sankey
diagram. In a Sankey diagram, the energy losses/outflows, the energy
gains/inflows, as well as the useful energy in a given energy system are
represented quantitatively and in proportion to the total energy inflow,
according to existing data from energy bills and invoices, calculations and in-
site measurements in the plant.

Analyzing energy use and production patterns

. Load/Demand profile - Electricity loads can change over time based on changes in
end-user demand. The load profile can be monthly, daily, hourly or, if possible, more
frequently. The time interval of a load profile depends on the purpose of the final
analysis for which the load profile is needed. Most of the electricity bills provide
enough information required for the development of the monthly load profile.

. Scatter diagram for presenting the dynamics of the energy-production relationship -

The position of each point in the scatter diagram is the result of explainable causes
and production circumstances that have occurred during the observed period. If
production varies, it is expected that the energy use will vary as well. When the
energy use–production relationship is visualized in a scatter diagram, variations in
performance become visible immediately and the auditor can begin to interpret the
variation and take action.

. Interpretation of energy-production data pattern on a scatter diagram - A scatter diagram

visualizes energy use patterns and can be used for qualitative analysis as explained
 .

above, but it does not provide quantitative information. To conduct the quantitative
analysis, the statistical methods such as regression analysis should be applied.

Benchmarking and comparative energy performance analysis

Energy efficiency benchmarking and comparisons can be used to assess a company’s

performance relative to that of its competitors or its own performance in the past. Benchmarking
can also be used for assessing the energy performance improvement achieved by the
implementation of energy-efficiency measures.

Plant performance may be benchmarked to:

. Past performance: comparing current versus historical performance.

. Industry average: comparing to on an established performance metric, such as

the recognized average performance of a peer group.
. Best in class: benchmarking against the best in the industry and not the

average.
. Best Practices: qualitative comparing against certain, established practices or
groups of technologies considered to be the best in the industry.

Key steps in benchmarking include:

. Determine the level of benchmarking (for example, technology, process line,
or
facility)
Develop metrics: select units of measurements that effectively and
appropriately express energy performance of the plant (e.g., kWh/ton
product, GJ/ton product, kgce/ton product, etc.)
. Conduct comparisons to determine the performance of the plant or system

being studied compare to the benchmark.

. Track performance over time to determine if energy performance being
improved or worsening over time in order to take the appropriate actions (US
EPA 2007).

Cost-benefit analysis of energy-efficiency opportunities

. Life-cycle cost analysis (LCCA) is an economic method of project financial evaluation in

which all costs from owning, operating, maintaining, and disposing of a project are
taken into account. LCCA is useful for evaluating energy-efficiency projects because
the capital cost of energy efficiency projects is incurred at once at the beginning of
the project, while the savings occur throughout the lifetime of the project.
 .

. Life cycle cost (LCC) method is the total cost of owning, operating, maintaining, and
disposing of the technology over the lifetime of the project or technology. In this
method, all costs are adjusted (discounted) to reflect the time value of money. The
LCC of a technology or measure has little value by itself; it is most useful when it is
compared to the LCC of other alternatives which can perform the same function in
order to determine which alternative is most cost effective for this purpose. These
alternatives are typically "mutually exclusive" alternatives because only one
alternative for each system evaluated can be selected for implementation.

. Net present value (NPV) method of a project is one of the basic economic criteria that are
used for accepting or rejecting a project. Two conditions must be satisfied if a project
is to be acceptable on economic grounds:
. The expected present value of the net benefits (or net present value (NPV)) of

the project must not be negative when discounted at an appropriate rate.

 .

The expected NPV of the project must be at least as high as the NPV of
mutually exclusive alterative.

. Internal rate of return (IRR) method is also often used in the evaluation of the economic
feasibility of a project. The IRR is the discount rate that results in a zero NPV for the
project; thus, IRR is closely related to the NPV. If the IRR equals or exceeds the
appropriate market discount rate, then the project’s NPV will not be negative and the
project will be acceptable from the NPV point of view as well.

. Simple payback period (SPP) method calculation does not use discounted cash flows.

The SPP also ignores any changes in prices (e. g., energy price escalation) during
the payback period. The acceptable SPP for a project is typically set at an arbitrary
time period often considerably less than its expected service period. SPP ignores all
costs, savings, and any residual value occurring after the payback date. Payback is
not a valid method for selecting among multiple, mutually-exclusive, project
alternatives. The payback measures also should not be used to rank independent
projects for funding allocation.

Comprehensive Assessment

Purchased Energy Sources. Energy is purchased in a variety of commodities with

varying energy content. This information is useful for analyzing the unit cost of energy
from various sources and making savings calculations.

Purchasing Electrical Energy. Understand how organization purchases electricity. In

part, this relates to metering by the supply utility.

Costs of implementing a measure also includes the following:

. Initial cost of implementing the retrofit (quotes by contractors).

. Decrease in lamp life resulting in increased re-lamping costs.

. Decrease in lamp life due to increase in switching

Any increase in maintenance costs, such as higher-cost lamps and ballasts,
higher cost of repairs or lower life of any replacement energy-efficient
equipment.
. Increase in heating costs due to more efficient or switched lighting (assuming

heat from lights ends up as useful space heat).

Assessing Disadvantages Associated with Savings – consider the direct costs and the
impact that the planned implementation will have on occupants, comfort, productivity,
safety and equipment maintenance. Also consider any potential interactions between the
new equipment and existing systems and the likelihood that the expected savings will be
 .

Group 9
BUSINESS SYNERGIES
Anastacio, Karla
Angara, Bryan Red T
Asilo, Lorie
Bacani, Joseph
Baflor, Rhica
 .

Operations Auditing, COSO, and ERM (ANASTACIO)

What is Operational Auditing?

The process of assessing a company's operational activities, both on a daily basis and on
a larger scale, is referred to as an operational audit. Operational auditing is defined as “A future-
oriented, systematic, and independent evaluation of organizational activities. Financial data may
be used, but the primary sources of evidence are the operational policies and achievements
related to organizational objectives. Internal controls and efficiencies may be evaluated during
this type of review.” It also involves evaluating management’s performance, since they have a
fiduciary responsibility toward the organization’s owners and other relevant stakeholders.

“A review of how an organization’s management and its operating procedures are

functioning with respect to their effectiveness and efficiency in meeting stated objectives." is
how Business Dictionary defines Operational Audit.

The definition contains some key language that is vitally important to note:
● Independence
● Objectivity
● Assurance
● Consulting
● Designed to add value
● Improve an organization’s operations
● Help an organization accomplish its objectives
● By bringing a systematic and disciplined approach
● To evaluate and improve the effectiveness

The purpose of operational auditing is to improve organizational profitability and the

attainment of organizational objectives. These go beyond a review of internal control issues
since management does not achieve its objectives simply by adhering to satisfactory systems of
 .

internal control. Instead, management must define its goals, set appropriate strategies, staff the
organization with enough and competent workers, and execute effectively.

Operational audits provide a great deal of versatility in the objectives they pursue. While
financial reviews focus on whether financial statements faithfully reflect the activities during the
period under review (e.g., income statement, statement of cash flows), or the condition as of the
last day of the fiscal year (e.g., balance sheet), operational reviews focus on any or all aspects of
business operations and attempt to identify opportunities for improvement.

The COSO Frameworks: ICF and ERM

COSO of the Treadway Commission is a private sector initiative formed in 1985 to

sponsor this National Commission on Fraudulent Financial Reporting. The National Commission
was sponsored by five professional associations: The Institute of Internal Auditors (IIA),
American Institute of Certified Public Accountants (AICPA), American Accounting Association
(AAA), Institute of Management Accountants (IMA), and Financial Executives Institute (FEI),
and also included representatives from industry, public accounting, investment firms, and the
New York Stock Exchange (NYSE).

COSO’s goal was to improve the quality of financial reporting through a focus on
corporate governance, ethical practices, and internal control. Emphasis is also given to ERM and
fraud deterrence. COSO issued the IC-IF in 1992, which was revised and reissued in May 2013
and was effective from December 15, 2014.

The 2013 COSO IC-IF contains 17 principles representing the fundamental concepts
associated with each component. The COSO Framework is typically represented in the form of a
cube showing the five components of internal control, the three categories of objectives, and the
entity’s structure, which is represented by the third dimension.
 .

COSO defines the Control Environment as the “set of standards, processes and structures
that provide the basis for carrying out internal control across the organization.” This component
comprises the tone at the top, communication about ethical behavior and internal control with all
levels of staff, and the overall integrity and values of the organization.

Control Environment

The Control Environment can be broken down into five distinct principles, or concepts, and each
concept’s related risks. The concepts and risks are as follows:

● The organization demonstrates a commitment to integrity and ethical values. This

principle ultimately starts with tone at the top, which begins with the board of directors
and management communicating—through both directive and their own behavior—the
importance of an ethical work environment and its role in achieving organizational goals.
● The board of directors demonstrates independence from management and exercises
oversight of the development and performance of internal control. Not only should the
board of directors maintain independence—both in fact and in appearance—from
management, but it should have the necessary expertise to fulfill individual roles.
● With board oversight, management establishes structures, reporting lines, and appropriate
authorities and responsibilities in the pursuit of objectives.
 .

● The organization demonstrates a commitment to attracting, developing, and retaining

competent individuals in alignment with objectives.
● The organization holds individuals accountable for their internal control responsibilities
in the pursuit of objectives.

Control frameworks provide a roadmap to identify, assess, and manage objectives, risks
and controls. It is also important to note that control frameworks are updated periodically and
these revisions give organizations an opportunity to further improve their internal control
mechanisms.

Communication, Consistency, and Belief in the Message

It is vital for management to communicate clearly, consistently, and often what is

allowed and what is not. By setting clear expectations there is a better chance that they will be
followed. But being followed depends to a large extent on management “walking the talk” and
demonstrating through their actions that they believe in the messages.

Having a code of ethics, code of conduct, and conflict of interest statement is very
important to formally establish the expectations for proper conduct. Codes of ethics should act as
a guideline or reference point for acceptable behavior and ethical decision-making. New
employees should receive these documents upon hire and sign-off indicating they agree to abide
by them. Training should also be required upon hire to make sure that employees understand
fully what the documents mean.

Another useful activity that leading organizations practice is to have short articles,
vignettes, scenarios, and surveys that are distributed periodically to all staff. This can be done
through the company’s newsletter, e-mail, and intranet posts. Running lunch and learning or
brown bag lunch sessions is another helpful practice. These lunch and learn sessions are informal
lunchtime events with a discussion topic allowing employees to hear a short presentation or
video, have a short discussion, and engage a subject matter expert on topics related to risks and
controls.
 .

By partnering with Human Resources, Legal, IT, and Loss Prevention, among others, the
organization will see internal auditors also as educators and advisors. It is helpful for employees
to hear from and about internal audit in other settings and not only when they are being audited.

Form over Substance

This consists of the management practices whereby on the surface it appears as though an
essential activity has been performed, when in fact that is not so. This includes signatures that
suggest transaction review and approval, when in fact the individual did not review the relevant
documents as expected.

Principles underlying the control environment are:

1. The organization should demonstrate a commitment to integrity and ethical values.
2. The board of directors demonstrates independence from management and exercises
oversight of the development and performance of internal control.
3. Management establishes, with board oversight, structures, reporting lines, and
appropriate authorities and responsibilities in the pursuit of objectives.
4. The organization demonstrates a commitment to attract, develop, and retain competent
individuals in alignment with objectives.
5. The organization holds individuals accountable for their internal control responsibilities
in the pursuit of objectives.

Entity Level Controls

Entity level controls are used to determine if an organization’s values, systems, policies,
and processes would enable or dissuade fraud and encourage proper conduct. They refer to the
entity’s management style, as reflected in the corporate culture, values, philosophy, and
operating style, the organizational structure, and policies and procedures in place.

Typical areas of interest include:

◾ Controls over management override
◾ The company’s risk assessment methodology and techniques that identify both risks and
owners of risk
 .

◾ Extent and quality of controls over centralized processing, including shared service
environments and outsource service providers
◾ Controls to monitor results of operations
◾ Controls over the preparation, review and communication of period-end financial and
operational reporting, both internally and externally
◾ Policies that address significant business control and risk management practices
◾ The extent, accuracy, and suitability of policies and procedures related to governance,
operations, risk management, control, and compliance expectations
◾ Hiring and retention practices
◾ Fraud prevention and detection controls, including analytical procedures
◾ The competence, scope, and depth of the work of the internal audit function
◾ Effectiveness of the whistle-blower hotline
◾ Adherence to the word and spirit of the code of conduct
◾ IT environment and organizations
◾ Results of organizational self-assessment reviews
◾ The depth of oversight of the company’s disclosure committee
◾ The extent, competence, consistency, and extent of tone setting and oversight displayed by
the board of directors, senior and middle management in their role as governance providers
◾ Assignment of authority and responsibility across all layers of the organizational structure
◾ Account reconciliations, variance analysis reporting, and related corrective measures
◾ Effectiveness of the mechanism to remediate control weaknesses
◾ Management triggers embedded within IT systems
◾ The establishment and reliability of physical and logical segregation of duties
◾ Effectiveness of change-management practices affecting the organization

Internal auditors are encouraged to remember that a person’s behavior is determined by

the person and his or her environment. There are a number of different and competing forces that
combine to result in the situation the individual encounters.

Tone in the Middle

 .

When it comes to ethics, deciding who becomes managers is of critical importance. If

employees think that their bosses treat them ethically, honestly, and fairly, that is what they will
think about the company.

The manager determines and reinforces the values, ethics, honesty, and workplace
dynamics, and also influences the process of getting customers and making sure they are happy.
This means that the “tone in the middle” dictates workplace conditions leading to customer and
employee satisfaction, turnover, profits, and the achievement of goals and objectives. The
workplace environment is in many ways determined by the level of employee engagement.

There is a very big difference in results when workers are engaged, not engaged, or
actively disengaged. Internal auditors should work with management to determine how engaged
the workforce is.

Risk Assessment

The second component of the COSO framework relates to the identification,

quantification, analysis, and management of organizational risks. Risks are those events that can
jeopardize the organization’s ability to achieve its objectives.

Risks are typically assessed along two dimensions:

1. Likelihood, or the probability that these events occur
2. Impact, or the consequence if these events occurred

Establishing objectives is a precondition to risk assessment. A risk assessment is the

process of identifying, assessing, and measuring risks to the organization, program, or process
under review. It is imperative, however, before embarking on the risk assessment journey, that
relevant objectives be identified.
 .

Risk assessment involves a dynamic and iterative process of identifying, analyzing, and
deciding how best to respond to these risks in relation to the achievement of objectives.
Management specifies objectives within three separate but related categories:
● Reporting
● Compliance
● Operations

Business and Process Risk

This is the risk that the organization’s processes are not effectively obtaining, managing,
and disposing of their assets, that the organization is not performing effectively and efficiently in
meeting customer needs, is not creating value or is diluting value by suffering the degradation of
financial, physical, and information assets.
● Capacity risk ● Catastrophic loss risk:
● Execution risk: ● Industry risk:
● Supply chain risk: ● Planning risk:
● Business interruption risk: ● Organization structure risk:
● Human resources risk: ● Integrity and fraud risk:
● Product or service failure risk: ● Trademark erosion risk:
● Product development risk: ● Reputation risk:
● Cycle time risk: ● Data integrity:
● Health and safety risk: ● Infrastructure risk:
● Leadership risk: ● Commerce risk:
● Outsourcing risk: ● Access risk:
● Competitor risk: ● Availability risk:

Technological and Information Technology Risks

These risks relate to conditions where IT is not operating as intended, the integrity and
reliability data is compromised, and significant assets are exposed to potential loss or misuse. It
also relates to the inability to maintain critical systems and processes. It includes:
● Data and system availability risk: ● Infrastructure risk:
● Data integrity risk: ● Commerce risk:
● System capacity risk: ● Access risk:
● Data integrity: ● Availability risk:
Personnel Risks

Personnel risks relate to conditions that limit the organization’s ability to obtain, deploy,
and retain sufficient numbers of suitably qualified and motivated workers. As organizations
increasingly rely on their workforce to produce goods and services that add value to their
customers, management is confronted with the risk that personnel shortages limit their ability to
deliver consistently with high quality in the short and long terms.

Financial Risks

Financial risks can result in poor cash flows, currency and interest rate fluctuations, and
an inability to move funds quickly and without loss of value to where they are needed.

Environmental Risks

Environmental risk relates to the actual or potential threat of negative effects on the
environment by emissions, wastes, and resource depletion. This can be caused by an
organization’s activities and it influences living organisms, land, air, and water.

Political

This is a type of risk faced by organizations, investors, and governments. It refers to the
effects that political decisions, events, or conditions can cause when they affect the profitability
of a business, or the ability to operate freely. It has to do with the complications organizations
may encounter as a result of political decisions.

Social Risk

Social risk relates to dynamics where an issue affects stakeholders who can form negative
perceptions that can cause some form of damage to the organization. Social risk can be
influenced by strategic and operational decisions management makes that affect issues
stakeholders care about. Social risk is also influenced by societal dynamics affecting the
workforce and target customers, such as their age, racial composition, national origin, and family
structure decisions.

Specific

By being specific, goals become clearer and they avoid the ambiguity that can often
impair goal- setting. Managers and employees know what they are expected to do and can focus
their energy, resources, and priorities accordingly to accomplish them. Another important
characteristic of specific goals are easier to quantify and monitor for performance evaluations.

Measurable

When goals are measurable it is easier to link their completion to the performance
monitoring and rewards mechanism. Having a method to measure the degree of success
accomplishing the related goal is essential. In fact, the lack of oversight and clear metrics to
gauge performance is a common reason goals are ineffective and individuals fail to achieve
them.

Achievable

Unachievable goals may also lead employees to fabricate financial and operational results
in their attempts to appear to achieve their goals. Goals can be deemed achievable when they are
aligned with the mission of the organization and the individual. Furthermore, by making them
aspirational and ambitious, they build confidence and serve to motivate those involved to pursue
something great. It also helps when the goals have milestones and checkpoints that will allow the
person responsible for their completion to witness progress.

Relevant
 Goals should also be aligned with the mission and strategy of the organization, the
process, and the individual. A common discovery when reviewing processes is that there are
tasks performed that do not add value to the process or the customer. Similarly, if the worker
does not see how the task is relevant personally to their career or job description, it is very likely
that they will be far less motivated to perform that task diligently.

Time-Bound

It is quite simple, yet it is the root cause why many items on people’s to-do lists never get
completed. Setting deadlines requires making a commitment to oneself and the person who
oversees the completion of the goal. Goals should precipitate a plan to accomplish the goal. The
deadline should create a sense of urgency and time pressure. The combination of goals, plans,
and deadlines brings out the talents in people and with proper management, synergies can be
leveraged among all involved.

Evaluated

Excitable goals motivate workers and make stakeholders more willing to provide the
needed resources and approvals. Goals must also extend the capabilities of those involved in
working toward its completion. This means that the goal must be difficult to achieve and push
those involved to work hard to achieve it, but not so difficult that it violates the other element:
achievable. When goals are so easy to achieve that they are guaranteed, it can create
opportunities for abuse.

Rewarding

The rewards received should be commensurate with the effort exerted and the outcome
achieved. If the amount of effort is greater than the reward, chances are that workers will
eventually lower the amount of sacrifice made. Goals should also be reviewed by those involved
in their formulation and performance toward their completion so everyone is clear about what the
goals mean, what the implications are, and the short- and long-term benefits to the individual,
organization, and customers.

Control Activities
Controls are actions established through policies and procedures that mitigate the
likelihood and/or impact of risks. Controls are performed at all levels of the organization, at
various stages within processes and over the technological infrastructure of the organization.

If controls are not designed effectively, it is highly unlikely they are going to operate
effectively. Even if they are designed effectively, there is no guarantee of effective performance
unless the implementation process addresses the relevant aspects of change management to
ensure the sustainability of these measures.

Control activities can be categorized as:

● Preventive:
● Detective:
● Directive:
● Compensating:

When comparing risks and controls, there is always a need to find the appropriate
equilibrium between the two. Internal auditors must be careful not to fall into the trap of thinking
that whenever in doubt, they should recommend an increase in controls.

Information and Communication

The fourth component in the COSO IC/IF model refers to the flow of information in an
organization. Ideally, there are clear, consistent, timely, and purposeful directions emanating
from the top of the organization providing direction and establishing the criteria to measure
performance results.
 There should also be information flowing up in the organization, providing feedback
about results and any issues or unaddressed challenges employees are facing. This forms the
foundation for management operating and financial reports.

Lastly, there should also be lateral flows of information between individuals and
operating units to ensure cooperation and coordination among them. Effective, timely, and clear
lateral communication can prevent confusion, duplication of efforts, and the purchase of assets
already in place in the organization.

Communication is one of the most important activities in organizations. At the most basic
level, relationships grow out of communication, and the effective functioning and even survival
of organizations is based on having effective relationships.

Communication should be a continuous, iterative process of obtaining and sharing

necessary information. Information must be shared for its utility to be maximized. While there
are always considerations related to appropriate use and need to know, many organizations are
afflicted by the scarcity of information and its limited distribution among those who could
benefit from it.

Monitoring Activities

Monitoring activities consist of ongoing, separate or a combination of evaluations used to

determine whether each of the five components of internal control is present and functioning.
Ongoing evaluations are built into business processes at different levels of the organization and
provide timely information on how well or poorly these activities are performing.

Monitoring should be viewed in a broader context relating to more than identifying and testing
control activities. The following illustrates how monitoring applies to other components:
● Control environment:
● Risk assessment:
 ● Information and communication:

In general, the monitoring component serves as a very effective tool to assist

management in understanding how all components of internal control are being applied and can
enhance organizational effectiveness when applied as intended. Monitoring activities can be
performed as ongoing or as separate evaluations.

The Role of other Gatekeepers within the Organization(ANGARA)

What is a gatekeeper?
A Gatekeeper can be anyone who blocks people from speaking with a decision-maker
within an organization. The decision-maker may be a manager, supervisor, director, president, or
executive. It’s the gatekeeper’s job to screen unwanted calls so the important decision-maker
doesn’t interrupt their day with various distractions that can impact their efficiency and output.

CEOs and other key leaders in companies are typically very busy. The gatekeeper's role is to
prevent them from spending unwanted time talking with people who won't help them with
their business objectives.

There are multiple people within a company that act as gatekeepers. But the most common
positions for these people are the following:

● Receptionist
● Secretaries
● Administrative assistants
● Middle management
● Researchers

Responsibilities of Gatekeepers within the Organization

 ● responsible for deciding who can get through to the decision-maker, with the goal of
preventing interruption from bothersome visitors and callers.
● shields and protects the person in charge.
● screens calls and visitors, typically deflecting ones they believe are unimportant.
● protecting management from day-to-day inquiries while allowing them to focus on
meeting company objectives.

Different Types of Gatekeepers

B2B Gatekeepers
B2B gatekeepers, such as receptionists and secretaries, are typically responsible for taking all
general phone calls for the office and setting appointments. They're rarely involved in the
decision-making process, so your best tactic may be to use the system to your advantage. Don't
try to get past them; let them do their job and arrange an appointment for you to see the decision-
maker.

Executive Assistants
Executive assistants often become involved in the buying process, at least on an advisory level,
so you might want to take a different approach with them. It's best to treat these kinds of
gatekeepers as extensions of the decision-maker. You need to sell them, then give them some
time to sell you to the boss. Start by explaining what you're offering, then tell them that you'll
touch base again in a week or so.

B2C Gatekeepers
B2C salespeople also have to deal with gatekeepers, although the gatekeeper function is less
formal. B2C gatekeepers generally turn out to have a say in the purchase, so it's extremely
important to be respectful toward them. As with the executive assistant, you might want to
devote some time to selling to them as well.

Monitoring and Reporting

Ongoing/Continuous monitoring
It is done in a variety of ways and is a natural management responsibility, which is done by
internal audit management and by senior general management as part of their oversight role of
internal audit. It should also be a regular responsibility of the audit committee of the board.
Continuous monitoring refers to the processes that management puts in place to ensure that the
policies, procedures, and business processes are operating effectively. It typically addresses
management’s responsibility to assess the adequacy and effectiveness of controls. Many of the
techniques management uses to monitor controls continuously are similar to those that may be
performed in continuous auditing by internal auditors. The principles of continuous monitoring
are simple and include the following:
● Define the control points within a given business process, according to the COSO ERM
framework if possible.
● Identify the control objectives and assurance assertions for each control point.
● Establish a series of automated tests that will indicate whether a specific transaction
appears to have failed to comply with all relevant control objectives and assurance
assertions.
● Subject all transactions to the suite of tests at a point in time close to that at which the
transactions occur.
● Investigate any transactions that appear to have failed a control test.
● If appropriate, correct the transaction.
● If appropriate, correct the control weakness.

Organizations should recognize, and remember, that the ownership of internal control belongs to
management. Continuous monitoring takes continuous auditing and puts the at-risk transactions
at the fingertips of management.

The report of deviations can be done via traditional electronic or printed reports in typical charts
and tables, but notifications can be sent via email using visual reporting and dynamic reporting
interfaces as well. The evolution of technology is such that, today, internal auditors can provide
management of the at-risk transactions in real time for ownership, response, and resolution.
The fix was to reduce the review process and do so as close to real time as possible. The data
available, and the computer technology available, created a fertile environment for what was
called CAATTs.

SIX SIGMA (Bacani)

- a process improvement methodology designed to make sure that a process will deliver its
output within a prescribed tolerance range.
 - It is a business and process improvement method-ology used to improve processes by
using statistical analysis to identify the sources of error and determine the best way to
eliminate them.
- A term that is based on statistical modeling, whereby the maturity, stability, and con-
formance with expected accuracy yields is described by a sigma rating.
- Sigma rating - a measure of the quality of a process
- relies heavily on statistical methods
- used to further the organization’s goals and objectives and is a means to an end, not an
end unto itself. The purpose is to increase the effectiveness of the organization, by
identifying and removing the causes of defects. The result is better functioning processes
that are more efficient and have near zero errors, so quality improves.
- Bill Smith - introduced Six Sigma at Motorola in 1986 and Jack Welch further cemented
the program by introducing it, promoting it, and making it a key aspect of his business
strategy at General Electric in 1995.

The most common methodology in Six Sigma is DMAIC

● D - define
● M - measure
● A - analyze
● I - improve
● C - control
In general, the DMAIC methodology is used for existing processes, while DMADV (DFSS) is
used when building a new or highly modified process or product.
● D - define
● M - measure
● A - analyze
● D - design
● V - verify
A key objective of Six Sigma is minimizing variability.
- Variability refers to the degree to which results differ from what was expected. It has to
do with how much results can vary or change.

COMPUTER ASSISTED AUDIT TECHNIQUES _ CAATS ( BAFLOR )

Computer Assisted Audit Techniques is defined as an auditing method that uses computer
software tools to query business data to produce reports that will enhance an audit.. It
enhances risk identification by leveraging the power of metrics. By establishing KRIs
( Key Risk Indicator ) and monitoring the behavior, Internal auditor can get early
indication when the underlying risk profile is starting to dri-fit. With the help of this tool ,
the internal accounting department of any firm will be able to provide more analytical
results. This tool is used throughout every business environment and also in the industry
sector.
Key Risk Indicator ( KRIs ) is similar to Key Performance Indicator ( KPIs ) which are
both quantifiable measures that an organization or industry uses to compare performance
in terms of operational and strategic goals. Examples: Sales , production figures, number
of employees and number of customers are all examples of KPIs. KRIs on the other
hand , provide a slightly different view of operational results.
Production Figures, the number of accidents and suffered errors caused during the
production process are the key risk indicators because they show underlying risk . The
affected risk impacts health and safety , compliance regulation and adherence with
internal procedures and values. Errors are also Key Risk Indicators because they affect
the quality of goods and services causing decreases in customer satisfaction, increasing
warranty claims, and returns handlings , they waste company and human resources and
can result in fines , penalties , recalls, and lawsuits.
General Key Performance Indicators includes sales growth by product and services, profit
margin , sales by customer , inventory turnover, number of orders, call received and
customers. Internal Auditors should be familiar with Key performance indicators as it
would be common for the retail sector.
2 Broad Categories of CAAT
● Audit Software
- Used to interrogate clients' systems.
- Can be either package , off the shelf or purpose written work on a client's
system.
- Can scrutinize large volumes of data in an efficient way than doing it
manually.
- Can present the result to be open for investigation.
● Test Data
- Involves the auditor in submitting dummy data into the clients system to
ensure that the system correctly processes it and detects and corrects
misstatements.
- The objective is to test the operation of application controls within the
system.
- Test data should include both data with errors and without errors .
 - Data may be processed during normal operation cycle ( live test data ) or
during special run at a point in outside the normal operation cycle.
● ADVANTAGE OF CAATS
- Allows Auditor to independently access the data stores on a computer system
without dependence on clients
- Test the reliability of clients software.
- Increase the accuracy of audit test and
- Performance audit test more efficiently , which will result more cost effective
audit in the long term.
● Disadvantages of CAAT
- Can be expensive and time consuming to set up ( software ) must either be
purchased or designed by specialist IT Staff.
- Clients permission to cooperate may be difficult to obtain
- Potential incompatibility with the clients computer system
- Audit team may not have sufficient IT skills and knowledge to create the complex
data extracts and programming required.
- Data may be corrupted or lost during the application of Computer assisted data
techniques ( CAAT ).
- Audit team may not have the knowledge / training to understand the CAAT
results.
● Other Techniques
○ Integrated Test Facilities
- Involves the creation of dummy ledgers and records to test data.
- Enables more frequent and efficient test data procedures to be performed
live and the information can simply be ignored by the client when printing
out internal records.
○ Embedded Audit Software
- This requires a purpose written audit program to be embedded into the
client's accounting system.
- Program is designed to perform certain tasks ( similar to audit software )
with the advantage that it can be turned on and off at the auditor
throughout the accounting year.
- This allows the auditor to gather a certain transaction for testing to identify
peculiarities that require attention during the final audit.
● CAAT Working Papers
(a) Planning
- Objectives defined in clear terms
- Specific CAAT nature and volume
- Control to be exercised in test runs and final runs with reference data files
 - Staffing , timing and cost.
(b) Execution
- Preparation and testing procedures control
- Details of the test performed by the CAAT
- Relevant technical information about the computer accounting system
( computer files layouts ).
(c) Cost Audit evidence
- Output provided
- Audit conclusion
- Description of the audit work performed on the output.
(d) Others
- Recommendation of the management
- Suggestion for using CAAS

Balanced Scorecard ( Baflor )

- Refers to a strategic management performance metric used to identify and
improve various internal business functions and their resulting external outcomes.
- Used to identify and improve various internal business functions and their
resulting external outcomes.
- Data collection is crucial to providing quantitative results as managers and
executives gather and interpret the information . Company personnel can use the
information to make better decisions.
- The concept of BSCs was first introduced in 1992 by David Norton and Robert
Kaplan, who took previous metric performance measures and adapted them to
include nonfinancial information.
- BSCs were originally developed for for-profit companies but were later adapted
for use by nonprofits and government agencies. The balanced scorecard involves
measuring four main aspects of a business: Learning and growth, business
processes, customers, and finance.
- BSCs allow companies to pool information in a single report, to provide
information into service and quality in addition to financial performance, and to
help improThe scorecard can provide information about the firm as a whole when
viewing company objectives. An organization may use the balanced scorecard
model to implement strategy mapping to see where value is added within an
organization. A company may also use a BSC to develop strategic initiatives and
strategic objectives.
Characteristics of the Balanced Scorecard Model (BSC) Information is collected
and analyzed from four aspects of a business:
(1) Learning and growth are analyzed through the investigation of training
and knowledge resources. This first leg handles how well information is
captured and how effectively employees use that information to convert it
to a competitive advantage within the industry.
(2) Business processes are evaluated by investigating how well products are
manufactured. Operational management is analyzed to track any gaps,
delays, bottlenecks, shortages, or waste.
(3) Customer perspectives are collected to gauge customer satisfaction with
the quality, price, and availability of products or services. Customers
provide feedback about their satisfaction with current products.
(4) Financial data, such as sales, expenditures, and income are used to
understand financial performance. These financial metrics may include
dollar amounts, financial ratios, budget variances, or income targets.