The Operational Auditing Handbook

The Operational Auditing Handbook : Auditing Business and IT Processes

5 (1 rating by Goodreads)
By (author)  , By (author) 

Free delivery worldwide

Available. Dispatched from the UK in 3 business days
When will my order arrive?


This handbook helps auditors evaluate, measure, and check internal management and financial procedures and systems to increase efficiency and prevent fraud. Reflecting the variety of business situations that auditors face, it encourages them to develop creative approaches for dealing with the problems encountered during the operational audit review. This new edition is fully updated to take account of developments in internal control and corporate governance under Sarbanes-Oxley, and in audit processes particular to financial institutions in light of the credit crunch. It also contains new and updated case studies and checklists.
show more

Product details

  • Hardback | 900 pages
  • 195 x 252 x 54mm | 1,842g
  • John Wiley & Sons Ltd
  • Chichester, United Kingdom
  • English
  • 2nd Edition
  • 0470744766
  • 9780470744765
  • 1,068,009

Flap copy

The Operational Auditing Handbook, Second Edition clarifies the underlying issues, risks and objectives for a wide range of operations and activities and is a professional companion for those who design self-assessment and audit programmes of business processes in all sectors.

To accompany this updated edition of The Operational Auditing Handbook please visit for a complete selection of Standard Audit Programme Guides.
show more

Table of contents

Preface. Acknowledgements. PART I UNDERSTANDING OPERATIONAL AUDITING. 1 Approaches to Operational Auditing. Definitions of Operational Auditing. Scope. Audit Approach to Operational Audits. Resourcing the Internal Audit of Technical Activities. Productivity and Performance Measurement Systems. Value for Money (VFM) Auditing. Benchmarking. 2 Business Processes. Introduction. An Audit Universe of Business Processes. Self Assessment of Business Processes. A Hybrid Audit Universe. Reasons For Process Weaknesses. Identifying the Processes of an Organization. Why adopt a Cycle or Process Approach to Internal Control Design and Review? Business Processes in the Standard Audit Program Guides. The Hallmarks of a Good Business Process. Academic Cycles in a University. 3 Developing Operational Review Programs for Managerial and Audit Use. Scope. Practical Use of SAPGs. Format of SAPGs. Risk in Operational Auditing. 4 Governance Processes. Introduction. Internal Control Processes Being Part of Risk Management Processes. Risk Management Processes Being Part of Governance Processes. Objectives of Governance, Risk Management and Control Processes. The COSO View of Objectives. Should there be a Single Set of Objectives? The Internal Governance Processes. The Board and External Aspects of Corporate Governance. The Board's Assurance Vacuum. Risk and Control issues for Internal Governance Processes. Risk and Control issues for the Board. Risk and Control issues for External Governance Processes. 5 Risk Management Processes. Introduction. Objectives of Risk Management. Essential Components of Effective Risk Management. The Scope of Internal Audit's Role in Risk Management. Tools for Risk Management. The Risk Matrix. Risk Registers. Risk Management Challenges. Control issues for Risk Management Processes. 6 Internal Control Processes. Introduction. Paradigm 1: COSO on Internal Control. Paradigm 2: Turnbull on Internal Control. Paradigm 3: COCO on Internal Control. Paradigm 4: A Systems/Cybernetics Model of Internal Control. Paradigm 5: Control by Division with supervision. Paradigm 6: Control by Category. The Objectives of Internal Control. Determining Whether Internal Control is Effective. Control Cost-Effectiveness Considerations. Issues for Internal Control Processes. 7 Review of the Control Environment. Introduction. Control Objectives for a Review of the Control Environment. Risk and Control Issues for a Review of the Control Environment. Fraud. 8 Reviewing Internal Control Over Financial Reporting the Sarbanes-Oxley Approach. Introduction. Costs and Benefits. 2007 SOX-LITE. Revised Definitions of Significant Deficiency and Material Weakness. Using a Recognized Internal Control Framework for the Assessment. Risk and Control Issues for the Sarbanes-Oxley s. 302 and s.404 Compliance Process. 9 Business/Management Techniques and Their Impact on Control and Audit. Introduction. Business Process Re-Engineering. Total Quality Management. Delayering. Empowerment. Outsourcing. Just-In-Time Management (JIT). 10 Control Self Assessment. Introduction. Survey and Workshop Approaches to CSA. Selecting Workshop Participants. Where to Apply CSA. CSA Roles for Management and for Internal Audit. Avoiding Line Management Disillusionment. Encouragement from the Top. Facilitating CSA Workshops, and Training for CSA. Anonymous Voting Systems. Comparing CSA with Internal Audit. Control Self Assessment as Reassurance for Internal Audit. A Hybrid Approach-Integrating Internal Auditing Engagements with CSA Workshops. Workshop Formats. Utilizing CoCo in CSA. Readings. Control Self Assessment. 11 Evaluating the Internal Audit Activity. Introduction. Ongoing Monitoring. Periodic Internal Reviews. External Reviews. Common Weaknesses Noted by Quality Assurance Reviews. Internal Audit Maturity Models. Effective Measuring of Internal Auditing's Contribution to the Enterprise's Profitability. Control Objectives for the Internal Audit Activity. PART II AUDITING KEY FUNCTIONS. 12 Auditing the Finance and Accounting Functions. Introduction. System/Function Components of the Financial and Accounting Environment. Control Objectives and Risk and Control Issues. Treasury. Payroll. Accounts Payable. Accounts Receivable. General Ledger/Management Accounts. Fixed Assets (and Capital Charges). Budgeting and Monitoring. Bank Accounts and Banking Arrangements. Sales Tax (VAT) Accounting. Taxation. Inventories. Product/Project Accounting. Petty Cash and Expenses. Financial Information and Reporting. Investments. 13 Auditing Subsidiaries and Remote Operating Units. Introduction. Fact Finding. High Level Review Program. Joint Ventures. 14 Auditing Contracts and the Purchasing Function. Introduction. Control Objectives and Risk and Control Issues. Contracting. Contract Management Environment. Assessing the Viability and Competence of Contractors. Maintaining and Approved List of Contractors. Tendering Procedures. Contracting and Tendering Documentation. Selection and Letting of Contracts. Performance Monitoring. Valuing Work for Interim Payments. Contractor's Final Account. Review of Project Outturn and Performance. 15 Auditing Operations and Resource Management. Introduction. System/Function Components of a Production/Manufacturing Environment. Control Objectives and Risk and Control Issues. Planning and Production Control. Facilities, Plant and Equipment. Personnel. Materials and Energy. Quality Control. Safety. Environmental Issues. Law and Regulatory Compliance. Maintenance. 16 Auditing Marketing and Sales. Introduction. System/Function Components of the Marketing and Sales Functions. General Comments. Control Objectives and Risk and Control Issues. Product Development. Market Research. Promotion and Advertising. Pricing and Discount Policies. Sales Management. Sales Performance and Monitoring. Distributors. Relationship with the Parent Company. Agents. Order Processing. Warranty Arrangements. Maintenance and Servicing. Spare Parts and Supply. 17 Auditing Distribution. Introduction. System/Function Components of Distribution. Control Objectives and Risk and Control issues. Distribution, Transport and Logistics. Distributors. Stock Control. Warehousing and Storage. 18 Auditing Human Resources. Introduction. System/Function Components of the Personnel Function. Control objectives and Risk and Control Issues. Human Resources Department. Recruitment. Manpower and Succession Planning. Staff Training and Development. Welfare. Performance-Related Compensation, Pension Schemes (and other Benefits). Health Insurance. Staff Appraisal and Disciplinary Matters. Health and Safety. Labour Relations. Company Vehicles. 19 Auditing Research and Development. Introduction. System/Function Components of Research and Development. Control Objectives and Risk and Control Issues. Product Development. Project Appraisal and Monitoring. Plant and Equipment. Development Project Management. Legal and Regulatory Issues. 20 Auditing Security. Introduction. Control Objectives and Risk and Control Issues. Security. Health and Safety. Insurance. 21 Auditing Environmental Responsibility. Introduction. Environmental Auditing. The Emergence of Environmental Concerns. EMAS-The European Eco-Management and Audit Scheme. Linking Environmental Issues to Corporate Strategy and Securing Benefits. Environmental Assessment and Auditing System Considerations. The Role of Internal Audit. Example Programme. PART III AUDITING INFORMATION TECHNOLOGY. 22 Auditing Information Technology. Introduction. Introduction to Recognized Standards Related to Information Technology and Related Topics. System/Function Components of Information Technology and Management. Control Objectives and Risk and Control Issues. 23 IT Strategic Planning. 24 IT Organisation. 25 IT Policy Framework. 26 Information Asset Register. 27 Capacity Management 28 Information Management (IM). 29 Records Management (RM). 30 Knowledge Management (KM). 31 IT Sites and Infrastructure (Including Physical Security). 32 Processing Operations. 33 Back-up and Media Management. 34 Removable Media. 35 System and Operating Software (Including Patch Management). 36 System Access Control (or Logical Security). 37 Personal Computers (Including Laptops and PDAs). 38 Remote Working. 39 Email. 40 Internet Usage. 41 Software Maintenance (Including Change Management). 42 Networks. 43 Databases. 44 Data Protection. 45 Freedom of Information. 45 Data Transfer and Sharing (Standards and Protocol Guidelines). 47 Legal Responsibilities. 48 Facilities Management. 49 System Development. 50 Software Selection. 51 Contingency Planning. 52 Human Resources Information Security. 53 Monitoring and Logging. 54 Information Security Incidents. 55 Data Retention and Disposal. 56 Electronic Data Interchange (EDI). 57 Viruses. 58 User Support. 59 BACS. 60 Spreadsheet Design and Good Practice. 61 IT Health Checks. 62 IT Accounting. Appendix 1: Index to SAPGs on the Companion Website. Appendix 2: Standard Audit Program Guides. Appendix 3: International Data Protection Legislation. Appendix 4: International Freedom of Information Legislation. Appendix 5: Information Management Definitions. Appendix 6: IT and Information Management Policies. Bibliography. Index.
show more

About Andrew Chambers

Andrew Chambers is Professor of Internal Auditing at London South Bank University and Professor Emeritus of Cass Business School, London. He runs Management Audit LLP specializing in auditing and corporate governance work, and is a member of the international Internal Audit Standards Board. Graham Rand specializes in IT auditing, risk management and operational review. His career, in the UK and overseas, has featured involvement in a range of organizations, principally in the electrical retail, financial services and public sectors. Much of his current consultancy is on Information Management, Records Management, IT Security and providing support on the development of Risk Management and Information Security environments.
show more

Rating details

1 rating
5 out of 5 stars
5 100% (1)
4 0% (0)
3 0% (0)
2 0% (0)
1 0% (0)
Book ratings by Goodreads
Goodreads is the world's largest site for readers with over 50 million reviews. We're featuring millions of their reader ratings on our book pages to help you find your new favourite book. Close X