Introduction to

Operational Auditing
Internal Auditing Class

Faculty of Economics

University of Indonesia

Nature of Operational Auditing

Definition

Operational Auditing is :
an independent review including all
aspects of an organization, its
business functions, financial
controls, and the supporting
systems. It involves a systematic
review of an organizations
activities, or a stipulated segment
of them, in relations to specific
objectives. The operational auditor
has an overall objective to assess
the quality of internal controls for
an area, including its effectiveness
and efficiency of operations,
reliability of the financial reporting,
and compliance with applicable
laws and regulations.
Other name of Managerial Auditing
Internal Audit Activities in term of
Financial, Opeartional and
Information System.

Nature of Operational Auditing

Operational Vs Integrated Auditing
The idea of Integrated Auditing is
that every member of the internal
audit team should be able to perform
reviews covering all or any areas of
management interest.
There are no financial, operational
and information system specialist.
Pro and Con
Operational Auditing Need a large
number of auditors who have no
attention to other people expertise.
Auditor should be a generalist, all
auditors should be trained to
understand all aspects of activities
in order to be more comprehensive.
Integrated Auditing creates lower
standards of audit process and
results.

Nature of Operational Auditing

Operational Vs Integrated Auditing

Integreted, efficient, fast, not

flexible, Suitable for repetitive
audit ie branches

Operational, more expensive, longer

time, tailor made, flexible, every
chefs have their own specialties.

Nature of Operational Auditing

Nature of Internal Audit Review
The role of Operational Auditor
is to provide total service to
management through
independent, objective
assessments of operation. Those
review should cover efficiecy
and effectiveness of operation;
reliability of the financial
reporting and compliance to
applicable laws.
No matter how advance,
comprehensive and complete an
organizations system and
procedures, there will be always
failure and breakdown and there
will always be area of
improvement.

Performing the Operational Auditing

Nature of Internal Audit Review
The Process of performing the audit is
same as we discussed before. Started with
prelimimary Study, Audit Plan, Field Work
until Communicating the result and follow
up the recommendation.
Based on The Statement of Responsibility
of IA relleased by The IIA, Operational Audit
should cover :
1.

Reviewing and appraising the

soundness, adequacy and application of
operating control.

2.

Ascertaining the extent of compliance

with established policies, plansm and
procedures.

3.

Ascertaining the reliability of

management data developed within the
organization.

4.

Appraising the quality of performance

in carrying out assigned
responsibilities.

5.

Recommending operating
improvements.

6.

Accounting for and safeguarding

assets.

Performing the Operational Auditing

Financial Audit Procedures for the Operational Auditor
IA involve in financial audit procedures go
beyond the examinationof financial
statement for accuracy and fairness, but
shold cover following areas as well:
1. The soundness of financial policies and
procedures and the organizations
compliance with them.
2. The effectiveness of management over
all financial assets including cash and
short and long term investments.
3. Tax management and administration,
including procedures to determine that
tax returns are filed in a timely manner.

4. Accounting controls over operations

such as activity based costing
procedures or accounting system to
support major projects.
5. Financial analysis and statistical
reporting procedures.
Through these financial procedures an IA
should understand the financial implication
of various organizational activities.

Performing the Operational Auditing

Importance of Information Systems Controls

Like we have discussed before, IA should

consider the implication of information
system controls whenever performing an
operational or management audit.
We have to review the input, the output and
the process of the system.

Performing the Operational Auditing

Types of Operational Audit Procedures

The real key to remember is that the auditor is

always evaluating the efficiency and
effectiveness of the internal control in
operation using the following steps:
1. Understand control risks or management
concerns in the area to be reviewed.
2. Perform a preliminary survey or otherwise
develop an understanding of the area to be
reviewed.
3. Develop an audit plan, objectives and
potential areas for test and evaluation,
identify any areas where specialized help
may be needed.
4. Begin the review by interviewing
responsible personnel or examining
appropriate audit evidence.
5. Evaluate the results of audit tests and other
work and make adjustment for further tests
if necessary.
6. Develop findings, conclusions and
recommendations for corrective action.
Report these to appropriate levels of
internal audit and general management.

Performing the Operational Auditing

Example : Traffic Management in Broadcasting
Business

Step 1. Understanding
Traffics Control Risks
IA should first reevaluate
the control risks
associated with auditees
or prospective auditees.
The initiatives can be
based on management
request or IA routines.
Based on the result of
control risks reevaluation,
IA prioritize the audit
assignments.

LIKELIHOOD SCALE
(Likelihood of defined consequences)
Level

Routine Activities

Non-Routine
Activities

A
25% < Occurrence 25% < occurence
(Very High) of total activity of total population

Indicative
Probability
Almost Certain

B 15% < Occurrence < 15% < occurence

(High) 25% of total activity < 25% of total
population

Likely

C
8% < Occurrence < 8% < occurence <
(Medium) 15% of total activity 15% of total
population

Possible

5% < Occurrence < 5% < occurence <

8% of total activity
8% of total
population

E
Occurrence < 5% occurence < 5%
(Very Low) of total activity of total population

Level

Unlikely

Rare

1
(Very High)

A
SIGNIFICANT
(Very High)
1
LIKELIHOOD SCALE

D
(Low)

CONSEQUENCE SCALE

B
(High)

SIGNIFICANT
2

C
SIGNIFICANT
(Medium)
4

2
(High)

3
(Medium)

4
(Low)

5
(Very Low)

SIGNIFICANT
3

HIGH
6

HIGH
10

MEDIUM
15

SIGNIFICANT
5

HIGH
9

MEDIUM
14

LOW
19

HIGH
8

MEDIUM
13

LOW
18

LOW
22

D
(Low)

HIGH
7

HIGH
12

MEDIUM
17

LOW
21

LOW
24

E
(Very Low)

HIGH
11

MEDIUM
16

LOW
20

LOW
23

LOW
25

Step 2. Performing The Traffic

Preliminary Survey
Familiarization (also called preliminary
survey) is the first and the most basic activity
necessary to allow audit team to understand
the operational activities to be reviewed.
There are 2 level : On Desk familiarization
(before the team go to auditees office) and
Preliminary Survey on field.
Steps to be taken in doing On Desk
Familiarization:
1.Definition of the overall purpose of the
review.
2.Discussion with other interested personnel.
3.Accumulation of pertinent data.
4.Advance arrangement with field location.
Step to be taken on Auditees office:
1.Discussion with the responsible managers.
2.Discussion with other key personnels.
3.Walkthrough of Operational Areas.
4.Review of Policies and Procedures.

Master
Program
Acara
Sales
Marketing

Sales
Iklan
Traffic

Produksi

Acquisition

Program

Control
Room

Kandidat
Iklan tayang

Kandidat > Slot ?

Slot
Rearrange
ment

Control
Room

Select based on
priority

Tayang ?

Bukti tayang
To finance

Step 3 Develop the Detailed Audit Plan

IA should give particular attention to the audit
objectives and potential areas for detailed testing.
These Objectives may result from information
gathered in preliminary survey or based on
management request.
Items that have to be considered:

What procedures in place to select the candidate?

Is the selection conducted based on the benefit of the
company?
Are the candidates aired perfectly in order to avoid
disputes?
Are all aired candidates perfectly billed?

Audit Program

No,

Process
1 Traffic

2 Traffic

3 Traffic

4 Traffic dan
Finance

Traffic Audit
Risks
Existing Control
Audit Step
Iklan yg ditayangkan tidak
Setiap iklan memiliki tanda klasifikasi Ambil data bulan januari cek
memaksimalkan kepentingan perusahaan tariff
apakah setiap iklan selalu di sertai
dengan kode klasifikasi tarif
Harus ada sistem yg mendahulukan Ambil data bulan januari cek
iklan dgn tarif premium
apakah ada premium tariff yg gagal
tayang, cek apakah ada tarif murah
yg berhasil tayang.
Iklan dgn tarif yang sama harus
Cek apakah first come first serve
menerapkan first come first serve
dilaksanakan.
Mekanisme penanganan iklan yg ditolak Iklan yg ditolak harus ditawarkan untuk Cek keberhasilan untuk
harus sedapat mungkin tidak
slot iklan yg lain.
menawarkan iklan yg ditolak pada
menimbulkan kecewaan.
sautu slot dipindahkan pada slot
lain.
iklan yg ditolak harus dengan
Cek pembuatan dan pengiriman
pemberitahuan resmi.
surat pemberitahuan resmi
penolakan iklan.
harus ada batas waktu iklan dapat
batas waktu fix slot adalah 5 menit
ditolak.
sebelum tayang, apakah ada iklan
yg berubah setelah batas waktu
tersebut.
Iklan yang diatayangkan salah versi,
Setiap iklan yg tayang dimintakan
apakah setiap iklan tayang diminta
salah waktu atau salah hari; sehingga
persetujuan tertulis, jam, waktu dan
dengan media order yg lengkap.
dapat menimbulkan dispute
versi iklan yg ditayangkan.
Ada iklan yg sdh ditayangkan namun
Control Room menghasilkan laporan Rekonsiliasi laporan tayang dengan
tidak ditagihkan.
tayangan setiap harinya. Laporan
laporan billing.
dihasilkan oleh mesin penayangan.

Initial

W/P

Step 4, Performing the Actual Operational Review

The audit verification determine the extent to
which actuality conforms to what was asserted in
familiarization step. It should be supported by
sufficient credible evidences which acquired
through oral inquiries, observations, written
confirmations, computer assisted audit
procedures, the tracing of the processing of data,
tests and through other means. The sufficiency of
these evidences need a highly professional
judgment of internal auditors.

Step 5. Evaluation of Audit Results

This is the phase when IA perform a detailed analysis of the
information gathered in terms of the component
elements. IA does detailed analysis of preliminary
findings and try to determine the root cause and the
benefit that company earns if the root cause is
eliminated.

No,

Traffic Audit
Process
Risks
Existing Control
Audit Step
1 Traffic
Iklan yg ditayangkan tidak
Setiap iklan memiliki tanda klasifikasi Ambil data bulan januari cek
memaksimalkan kepentingan perusahaan tariff
apakah setiap iklan selalu di sertai
dengan kode klasifikasi tarif

Initial

W/P

LJ
Ambil data bulan januari cek
apakah ada premium tariff yg gagal
tayang, cek apakah ada tarif murah
RT
yg berhasil tayang.
Iklan dgn tarif yang sama harus
Cek apakah first come first serve
RT
menerapkan first come first serve
dilaksanakan.
Mekanisme penanganan iklan yg ditolak Iklan yg ditolak harus ditawarkan untuk Cek keberhasilan untuk
harus sedapat mungkin tidak
slot iklan yg lain.
menawarkan iklan yg ditolak pada
menimbulkan kecewaan.
sautu slot dipindahkan pada slot
lain.
ADI
Semua komplain didata
periksa daftar komplain dan
ADI
penangannya.
iklan yg ditolak harus dengan
Cek pembuatan dan pengiriman
pemberitahuan resmi.
surat pemberitahuan resmi
ADI
penolakan iklan.
harus ada batas waktu iklan dapat
batas waktu fix slot adalah 5 menit
ditolak.
sebelum tayang, apakah ada iklan
yg berubah setelah batas waktu
ADI
tersebut.
Iklan yang diatayangkan salah versi,
Setiap iklan yg tayang dimintakan
apakah setiap iklan tayang diminta
salah waktu atau salah hari; sehingga
persetujuan tertulis, jam, waktu dan dengan media order yg lengkap dan
dapat menimbulkan dispute
versi iklan yg ditayangkan.
cek penangan komplainnya bila
ada.

A1.1

MIF

A3.1

MIF

A4.1

Preliminary findings
Tidak jelas mekanisme untuk menentukan
iklan mana yg harus tayang dan iklan mana
yg harus terlempar. Existing control tidak
berjalan efektif terbukti dengan banyak iklan
yg tidak memiliki tanda klasifikasi tarif,
banyak iklan bertarif rendah yang
ditayangkan, tidak jelas mana yg datang
lebih awal karena tidak ada catatannya.

Harus ada sistem yg mendahulukan

iklan dgn tarif premium

2 Traffic

4 Traffic

Traffic dan Ada iklan yg sdh ditayangkan namun

Finance
tidak ditagihkan.

Control Room menghasilkan laporan

tayangan setiap harinya. Laporan
dihasilkan oleh mesin penayangan.

A1.2
A13
Banyak complaint yang diterima, terutama
dalam iklan yg dipasang sudah cukup lama
tiba tiba dibatalkan mendadak dalam waktu
yang sangat dekat dgn waktu tayang.
A2.1
A2.2

A2,3

A2,4

Rekonsiliasi laporan tayang dengan

laporan billing.

Policy perusahaan atas kesalahan adalah

menunda penagihan sampai seluruh iklan
yang dipesan dan ditayangkan selesai tanpa
dispute, Bila ada dispute akan diselesaikan
investigasi yg membutuhkan waktu paling
tidak 1 bulan.
Terdapat banyak
komplain mengenai kesalahan versi iklan yg
ditayangkan.
Untuk iklan yg ditayangkan sudah dibilling
dgn sempurna, namun tidak dengan running
text, ad lips, back drop dll perusahaan
tidakmemiliki cara untuk mengontrol hal ini.

Step 6. Audit Findings, Conclusions and

Recommendations
After familiarization, verification and analysis, IA
has to conclude and to provide a basis for its
recommendations.
The step can be categorized into 3 level:
1. How good are the results presently being achieved?
2. Why is the result what it is?
3. What could be done better?
At this step, IA construct the findings into report. The
reporting phase is the final step where what has
been done accomplished is summarized and made
available to higher management and other
interested parties.

Step 7. Follow up the progress of committed action

over audit recommendations
In order to be useful, all recommendations have to be
followed up, and the result should be reported to
the higher level.

Thank you