Operational Auditing Handbook

Auditing Business and IT Processes

Inbunden, Engelska, 2010

Av Andrew Chambers, Graham Rand, Andrew (Management Audit Ltd) Chambers, member of IIA) Rand, Graham (Certified Fraud Examiner

2 359 kr

Beställningsvara. Skickas inom 11-20 vardagar

Fri frakt för medlemmar vid köp för minst 249 kr.

The operational auditing HANDBOOKAuditing Business and IT Processes Second Edition The Operational Auditing Handbook Second Edition clarifies the underlying issues, risks and objectives for a wide range of operations and activities and is a professional companion for those who design self-assessment and audit programmes of business processes in all sectors. To accompany this updated edition of The Operational Auditing Handbook please visit www.wiley.com/go/chambers for a complete selection of Standard Audit Programme Guides.

Produktinformation

Utgivningsdatum2010-04-23
Mått196 x 252 x 56 mm
Vikt1 837 g
FormatInbunden
SpråkEngelska
Antal sidor904
Upplaga2
FörlagJohn Wiley & Sons Inc
ISBN9780470744765

Tillhör följande kategorier

Redovisning inom Ekonomi och ledarskap

Andrew Chambers is Professor of Internal Auditing at London South Bank University and professor emeritus of Cass Business School, London. He runs Management Audit LLP specializing in auditing and corporate governance work, and is a member of the international Internal Auditing Standards Board. Graham Rand specialises in IT auditing, risk management and operational review. His career, in the UK and overseas, has featured involvement in a range of organisations, principally in the electrical retail, financial services and public sectors. Much of his current consultancy is on Information Management, Records Management, IT Security and providing support on the development of Risk Management and Information Security environments.

Preface xvAcknowledgements xviiPart I Understanding Operational Auditing 11 Approaches to Operational Auditing 3Definitions of “Operational Auditing” 3Scope 4Audit Approach to Operational Audits 12Resourcing the Internal Audit of Technical Activities 16Productivity and Performance Measurement Systems 19Value for Money (VFM) Auditing 22Benchmarking 232 Business Processes 27Introduction 27An Audit Universe of Business Processes 28Self Assessment of Business Processes 30A Hybrid Audit Universe 30Reasons For Process Weaknesses 30Identifying the Processes of an Organisation 32Why Adopt a “Cycle” or “Process” Approach to Internal Control Design and Review? 35Business Processes in the Standard Audit Programme Guides 35The Hallmarks of a Good Business Process 36Academic Cycles in a University 373 Developing Operational Review Programmes For Managerial and Audit Use 40Scope 40Practical Use of SAPGs 41Format of SAPGs 45Risk in Operational Auditing 504 Governance Processes 75Introduction 75Internal Control Processes being Part of Risk Management Processes 75Risk Management Processes being Part of Governance Processes 76Objectives of Governance, Risk Management and Control Processes 77The COSO View of Objectives 78Should there be a Single Set of Objectives? 80The Internal Governance Processes 81The Board and External Aspects of Corporate Governance 81The Board’s Assurance Vacuum 82Risk and Control Issues for Internal Governance Processes 84Risk and Control Issues for the Board 87Risk and Control Issues for External Governance Processes 905 Risk Management Processes 95Introduction 95Objectives of Risk Management 95Essential Components of Effective Risk Management 98The Scope of Internal Audit’s Role in Risk Management 99Tools for Risk Management 101The Risk Matrix 101Risk Registers 106Risk Management Challenges 107Control Issues for Risk Management Processes 1126 Internal Control Processes 116Introduction 116Paradigm 1: COSO on Internal Control 118Paradigm 2: Turnbull on Internal Control 128Paradigm 3: COCO on Internal Control 129Paradigm 4: A Systems/Cybernetics Model of Internal Control 130Paradigm 5: Control by Division with Supervision 135Paradigm 6: Control by Category 137The Objectives of Internal Control 139Determining Whether Internal Control is Effective 141Control Cost-Effectiveness Considerations 142Issues for Internal Control Processes 1437 Review of the Control Environment 147Introduction 147Control Objectives for a Review of the Control Environment 147Risk and Control Issues for a Review of the Control Environment 148Fraud 1498 Reviewing Internal Control Over Financial Reporting—The Sarbanes-Oxley Approach 151Introduction 151Costs and Benefits 1542007 SOX-LITE 155Revised Definitions of “Significant Deficiency” and “Material Weakness” 156Using a Recognised Internal Control Framework for the Assessment 157Risk and Control Issues for the Sarbanes-Oxley s. 302 and s. 404Compliance Process 1719 Business/Management Techniques and Their Impact On Control and Audit 178Introduction 178Business Process Re-Engineering 178Total Quality Management 181Delayering 187Empowerment 189Outsourcing 191Just-In-Time Management (JIT) 19510 Control Self Assessment 199Introduction 199Survey and Workshop Approaches to CSA 200Selecting Workshop Participants 200Where to Apply CSA 200CSA Roles for Management and for Internal Audit 201Avoiding Line Management Disillusionment 202Encouragement from the Top 203Facilitating CSA Workshops, and Training for CSA 204Anonymous Voting Systems 205Comparing CSA with Internal Audit 205Control Self Assessment as Reassurance for Internal Audit 206A Hybrid Approach—Integrating Internal Auditing Engagements with CSA Workshops 206Workshop Formats 207Utilising CoCo in CSA 208Readings 210Control Self Assessment 21011 Evaluating the Internal Audit Activity 214Introduction 214Ongoing Monitoring 214Periodic Internal Reviews 215External Reviews 216Common Weaknesses Noted by Quality Assurance Reviews 217Internal Audit Maturity Models 218Effective Measuring of Internal Auditing’s Contribution to the Enterprise’s Profitability 219Control Objectives for the Internal Audit Activity 232Part II Auditing Key Functions 23712 Auditing the Finance and Accounting Functions 239Introduction 239System/Function Components of the Financial and Accounting Environment 239Control Objectives and Risk and Control Issues 240Treasury 241Payroll 243Accounts Payable 246Accounts Receivable 248General Ledger/Management Accounts 251Fixed Assets (and Capital Charges) 253Budgeting and Monitoring 256Bank Accounts and Banking Arrangements 258Sales Tax (VAT) Accounting 261Taxation 263Inventories 266Product/Project Accounting 268Petty Cash and Expenses 270Financial Information and Reporting 272Investments 27413 Auditing Subsidiaries, Remote Operating Units and Joint Ventures 276Introduction 276Fact Finding 277High Level Review Programme 278Joint Ventures 27914 Auditing Contracts and the Purchasing Function 285Introduction 285Control Objectives and Risk and Control Issues 285Contracting 289Contract Management Environment 290Assessing the Viability and Competence of Contractors 295Maintaining an Approved List of Contractors 297Tendering Procedures 299Contracting and Tendering Documentation 302Selection and Letting of Contracts 304Performance Monitoring 306Valuing Work for Interim Payments 308Contractor’s Final Account 310Review of Project Outturn and Performance 31315 Auditing Operations and Resource Management 317Introduction 317System/Function Components of a Production/Manufacturing Environment 318Control Objectives and Risk and Control Issues 318Planning and Production Control 318Facilities, Plant and Equipment 321Personnel 324Materials and Energy 327Quality Control 330Safety 332Environmental Issues 335Law and Regulatory Compliance 338Maintenance 33916 Auditing Marketing and Sales 343Introduction 343System/Function Components of the Marketing and Sales Functions 343General Comments 344Control Objectives and Risk and Control Issues 344Product Development 345Market Research 348Promotion and Advertising 350Pricing and Discount Policies 353Sales Management 355Sales Performance and Monitoring 359Distributors 362Relationship with the Parent Company 366Agents 368Order Processing 371Warranty Arrangements 375Maintenance and Servicing 377Spare Parts and Supply 38017 Auditing Distribution 383Introduction 383System/Function Components of Distribution 383Control Objectives and Risk and Control Issues 384Distribution, Transport and Logistics 384Distributors 388Stock Control 392Warehousing and Storage 39518 Auditing Human Resources 399Introduction 399System/Function Components of the Personnel Function 399Control Objectives and Risk and Control Issues 399Human Resources Department 400Recruitment 404Manpower and Succession Planning 408Staff Training and Development 410Welfare 413Performance-Related Compensation, Pension Schemes (and other Benefits) 415Health Insurance 422Staff Appraisal and Disciplinary Matters 424Health and Safety 427Labour Relations 430Company Vehicles 43219 Auditing Research and Development 437Introduction 437System/Function Components of Research and Development 437Control Objectives and Risk and Control Issues 437Product Development 438Project Appraisal and Monitoring 442Plant and Equipment 445Development Project Management 447Legal and Regulatory Issues 45020 Auditing Security 453Introduction 453Control Objectives and Risk and Control Issues 454Security 454Health and Safety 457Insurance 46021 Auditing Environmental Responsibility 463Introduction 463Environmental Auditing 465The Emergence of Environmental Concerns 465EMAS—The European Eco-Management and Audit Scheme 466Linking Environmental Issues to Corporate Strategy and Securing Benefits 467Environmental Assessment and Auditing System Considerations 468The Role of Internal Audit 470Example Programme 470Part III Auditing Information Technology 47722 Auditing Information Technology 479Introduction 479Introduction to Recognised Standards Related to Information Technology and Related Topics 480System/Function Components of Information Technology and Management 486Control Objectives and Risk and Control Issues 48823 It Strategic Planning 48924 It Organisation 49325 It Policy Framework 49626 Information Asset Register 50227 Capacity Management 51128 Information Management (IM) 51429 Records Management (RM) 52430 Knowledge Management (KM) 54231 It Sites and Infrastructure (Including Physical Security) 55432 Processing Operations 55933 Back-Up and Media Management 56234 Removable Media 56635 System and Operating Software (Including Patch Management) 57036 System Access Control (Logical Security) 57637 Personal Computers (Including Laptops and PDAS) 58038 Remote Working 58539 Email 59040 Internet Usage 59841 Software Maintenance (Including Change Management) 60542 Networks 60943 Databases 61344 Data Protection 61645 Freedom of Information 62746 Data Transfer and Sharing (Standards and Protocol) 63647 Legal Responsibilities 64548 Facilities Management 64849 System Development 65150 Software Selection 65551 Contingency Planning 65852 Human Resources Information Security 66153 Monitoring and Logging 66754 Information Security Incidents 67155 Data Retention and Disposal 68056 Electronic Data Interchange (EDI) 68857 Viruses 69158 User Support 69459 Bacs 69660 Spreadsheet Design and Good Practice 69961 It Health Checks 70762 It Accounting 710Appendix 1 Index to SAPGs on the Companion Website 712Appendix 2 Standard Audit Programme Guides 719Appendix 3 International Data Protection Legislation 729Appendix 4 International Freedom of Information Legislation 763Appendix 5 Information Management Definitions 835Appendix 6 IT and Information Management Policies 839Bibliography 852Index 859