Embed Size (px)
Citation preview
12
CHAPTER 2
THEORITICAL FOUNDATION
2.1 Auditing
2.1.1. Nature of audit
Audit definition based on Arens, et al (2006):
“Auditing is the accumulation and evaluation of evidence about information to
determine and report on the degree of correspondence between the information
and establish criteria. Auditing should be done by a competent, independent
person.”
Audit definition based on Konrath (2002):
“Auditing defined as a systematic process of objectively obtaining and
evaluating evidence regarding assertions about economics actions and events to
ascertain the degree of correspondence between those assertions and established
criteria and communicating the results to interested users.”
Based on above statements, we can conclude that audit form of systematic process
implemented by competent and independent person, to gather and evaluate the evidence
objectively in order to determine the level of concordance between the information with
predetermined criteria, and report the results to the management.
13
2.1.2. Purpose of Audit
Purpose of audit listed on SAS 1 (AU 110) cited by Arens, et al (2006):
“The objective of the ordinary audit of financial statement by the independent
auditor is the expression of an opinion on the fairness with which they present
fairly, in all material aspects, financial position, results of operations, and its
cash flows in conformity with generally accepted accounting principles.”
On statement above, purpose of audit can be defined as an assessment in a form of audit
report. Purpose of audit used as standardized plan for auditor in gathering evidence to
state an adequate operation in Clients Company, then based on these evidence, auditor
can perform an audit report.
Purpose of audit set by an auditor expected to correspond with management assertions,
the management's statement regarding the type of transaction and associated estimation
in the financial statements. Auditing purposes become a basic framework for collecting
material of competent evidence.
According to Arens, et al (2006), there is some purpose of audit which have to be
completed before auditor conclude that several transaction or operation that have been
recorded correctly, this purpose called Transaction Related Audit Objectives (TRAO),
while purpose of audit which have to be completed for each account balance called
Balance Related Audit Objective (BRAO).
14
2.1.3. Types of Audit
Types of audit according to Arens,et al (2006)
1. Operational Auditing
Operational audit also known as management audit. Examination conducted to
evaluate the efficiency and effectiveness of procedures and methods of operation of
an organization. Operational audits more like management consulting. At the end of
the audit, the auditor will make recommendations to management to improve
operations.
2. Compliance Audit
Compliance audit is an examination conducted to determine whether the client has
followed the procedures and rules set by the authorities. Compliance audit results are
usually reported to a particular party in the company, to assess the extent to which
compliance has been made.
3. Financial Statement Audit
Financial statement audit is an examination of the financial statements of an
enterprise, to determine whether the financial statements have been prepared in
accordance with the criteria established. Criteria normally used are the Generally
Accepted Accounting Principles (GAAP), while in Indonesia the criteria used is the
Standar Akutansi keuangan (SAK).
15
Audit of financial statements includes the examination of the balance sheet, income
statement, statement of cash flows, and notes to financial statements. The results of
this examination are audit report, which contains the auditor's opinion regarding the
fairness of the financial statements.
2.1.4. Audit Evidence
According to arens, et al (2008) there is seven types of audit evidence:
1. Physical Examination
Physical examination is the inspection or count by the auditor of a tangible asset.
Count a sample of inventory and compare quantity and description to client’s counts.
2. Confirmation
Confirmation describes the receipt of a written or oral response from an independent
third party verifying the accuracy of information that was requested by the auditor.
3. Documentation
Documentation is the auditor’s inspection of the client’s documents and records to
substiante the information that is, or should be, included in the financial statements.
Compare quantity on client’s perpetual records to quantity on client’s counts.
4. Analytical procedures
Analytical procedures use comparisons and relationship to asses whether account
balances or other data appear reasonable compared to the auditor’s expectations.
16
5. Inquiries of the client
Inquiry is the obtaining of written or oral information from the client in response to
questions from the auditor.
6. Recalculation
Recalculation involves rechecking a sample of calculations made by the client.
Rechecking client calculations consists of testing the client’s arithmetical accuracy
and procedures.
7. Reperformance
Is the auditor’s independent tests of client accounting procedures or controls that
were originally done as part of the entity’s accounting and internal control system.
Whereas recalculation involves rechecking a computation, reperformance involves
checking other procedures.
8. Observation
Observation is the use of the senses to assess client activities. Throughout the
engagement with a client, auditors have many opportunities to use their senses.
17
2.1.5. Audit Phase
According to Arens, et al (2006), there are four phase in audit process:
1. Plan and design audit approach
Information obtained during client acceptance and initial planning; understand the
business and clients industry, client’s business risk assessments and early
implementation of analytical procedures to determine the inherent risk and
acceptable audit risk. Assessment of materiality, acceptable audit risk, inherent risk,
and control risk is used to develop a plan and audit program as a whole.
2. Perform test of control and substantive test of transaction
Purpose of this phase are (1) to obtain material evidence supporting the procedures
and control policies that contribute to the risk controls that have been set by the
auditor (with a test of control) and (2) to obtain material evidence supporting the
truth of the monetary and the number of transactions (by performing substantive
tests of transactions).
3. Perform analytical procedures and test of detail of balances.
The purpose of this phase is to get additional evidence, analytical procedure is a
procedure used to qualify overall operation of transaction and account balance. Test
of detail balances is specific procedure which used to qualify account balance in
financial statement.
18
4. Complete the audit and issue an audit report.
Next step after finishing all the procedure of each purpose of audit and each account
in financial statement, auditor needs to combine information that used for prepare
audit report 1) reviewing contingent liabilities 2) over viewing subsequent event 3)
gathering evidence 4) publish audit report 5) communicate the result with audit
committee and management.
2.1.6. Audit Risk
Auditor gives reasonable assurance, which means there are risks that related to audited
subjects.
Definition of audit risk according to Arens, et al (2006):
“The risk that auditor will conclude that the financial statements are fairly stated
and on unqualified opinion can be issued when, in fact, they are materially
misstated.”
2.1.7. Audit Program
The audit program is bridge between preliminary survey and the field work. In the
preliminary survey internal auditor identify operating objectives, risks, operating
conditions, and controls. In the field work, auditor should gather evidence according to
effectiveness of control system, the efficiency of operations, the accomplishment of
objectives, and the effects of risks on the enterprise.
19
According to sawyer (1996) criteria of audit programs are identified as follows:
• The objectives of the operation under review should be stated carefully and
agreed to by the auditee.
• Programs should be tailor made to the audit assignment unless compelling
reasons dictate otherwise.
• Each programmed work step should show the reason behind it, i.e., the objective
of the operation and the controls to be tested.
• Work steps should include positive instructions.
• Whenever practicable, the audit program should indicate the relative priority of
the work steps.
• Audit programs should be flexible and permit the use of initiative and sound
judgment in deviating from prescribed procedures or extending the work done.
• Programs should not be cluttered with material from sources readily available to
the staff.
• Unnecessary information should be avoided.
• Audit programs should bear evidence of supervisory approval before they are
carried out.
• When the auditee management asks the auditor to perform certain tests, these
should be included in the audit program if the audit budgets permits.
20
This data will be gathered in the form of Standard Audit Programme Guides
(SAPG). SAPG provide detailed guidance and direction during projects and field
visits. SAPG define the key and essential knowledge about a given subject used in
audit documentation.
According to chambers (1997), SAPG divided to three distinctions:
• A title page
• The risk/ control issues
• System interfaces
To calculate the effectiveness of the activity, the auditor use standard formula from
Badan Pengawasan Keuangan dan Pembangunan (BPKP) (2001)
2.2. Internal Auditing
2.2.1. The nature of internal auditing
Modern internal auditing evolved from essentially accounting oriented craft to a
management oriented profession. Before, internal auditing assessing more on financial
matters, but today auditing provides series that include examination and appraisal of
both control and performance issue of private or public organization. Internal auditor’s
across the world practicing different auditing work differently, based on audit scope they
21
are try to reach or what they rely in to. Is it true that different names have been given to
the function of internal auditing, for example; operational auditing, performance
auditing, program auditing, results auditing, comprehensive auditing, and management
oriented auditing.
Yet, when all is said and done, the forms of audits practiced today fall into three
fundamental approaches. Based on Lawrence B. Sawyer (1996) internal auditing
practices, they are:
• Financial. The analysis of the economic activity of an entity as measured and
reported by accounting methods
• Compliance. The review of both financial and operating controls and
transactions to see how well they conform with established laws, standards,
regulations, and procedures.
• Operational. The comprehensive review of the varied functions within the
enterprise to appraise the efficiency and economy of operations and the
effectiveness with which those functions achieve their objectives.
2.2.2. Internal auditor and External auditor
• Internal auditor and external auditor represent two distinct professions.
According to Sawyer (1996) internal auditing practices, the difference between
internal and external auditor are:
22
INTERNAL AUDITOR EXTERNAL AUDITOR
• Is an organizations employee.
• Serves needs of the
organization.
• Focuses on future events by
evaluating controls designed to
assure the accomplishment of
entity goals and objectives
• Is directly concerned with the
prevention of fraud in any form
or extent in any activity
reviewed.
• Is independent of the activities
audited, but is ready to respond
to the needs and desires of all
elements of management
• Reviews activities continually.
• Is an independent contractor.
• Serves third parties who need reliable
financial information.
• Focuses on the accuracy and
understandability of historical events
as expressed in financial statements.
• Is incidentally concerned with the
prevention and detection of fraud in
general, but is directly concerned
when financial statements may be
materially affected.
• Independent of management and the
board of directors both in fact and in
mental attitude.
• Reviews records supporting financial
statements periodically usually once a
year.
23
2.2.3. Fraud risk assessment by internal auditing
According to Schneider (2010) noted by the Treadway Commission (1987), internal
auditor can easily detect fraud with process and procedure of internal auditing, these
enable them to access organizational fraud effectively. This claim has been supported by
several KPMG surveys which indicate that internal auditors are more likely to uncover
fraud than external auditors (KPMG, 2003). Whereas 65% of frauds were discovered in
2003 by internal auditors, only 12% were discovered by external auditors (KPMG,
2003). This is because internal auditors may give greater exposure to the operation
inside the company or internal auditing work typically over external audit work.
(Church, McMillan, & Schneider, 1998). SAS No. 99, Consideration of Fraud in a
Financial Statement Audit, acknowledges the important role of internal auditors by
requiring external auditors to: ‘‘inquire of appropriate internal audit personnel about
their views about the risks of fraud, whether they have performed any procedures to
identify or detect fraud during the year, whether management has satisfactorily
responded to any findings resulting from these procedures, and whether the internal
auditors have knowledge of any fraud or suspected fraud (AICPA, 2002, AU § 316.23).”
This SAS No. 99 requirement
24
2.3. Operational Audit
2.3.1. Definitions of operational audit
Term “operational auditing” may reflect to several pictures for internal auditing. Audit
of operating units such as factories, subsidiary companies, overseas operations. Which
make it limited for some accounting or financial controls or it may give bigger picture.
Institute of internal auditors’ publication defines operational auditing as:
“A systematic process of evaluating an organization’s effectiveness, effeciency, and
economy of operations under management’s control and reporting to appropriate
persons the results of the evaluation along with recommendations for improvement”
(Gill and Cosserat 1996, P.809)
Audit of accounting and financial perspective in the functional areas of the business, it is
different from audit in financial and accounting area, these functional area might be
marketing, sales, distribution, production, and etc, which based on the business nature
itself. Operational audit stressed on the internal audit that reviews all the operating area
in the business.
Bussiness audit such as operating, functional, department of accounting, treasury, etc.
The objective of the activity is to review the effectiveness and efficiency also the
economical way to achieve the management objectives. The operational auditing may go
over the internal control issues.
25
The categorization of operational audit in the business sector may fall to these areas:
1. Management and administration
2. Financial and accounting
3. Personnel
4. Procurement
5. Stock and materials handlings
6. Production and manufacturing
7. Marketing and sales
8. After sales support
9. Research and development
10. Information technology
26
2.3.2. Objectives of operational audit
Pany and whittington (1997, p.770) states several objectives of operational audit:
1. To assess the unit’s performance in relation to management’s objectives or other
appropriate criteria.
2. To assure that its plan (as described in statements of objectives, programs,
budgets, and defectiveness) are comprehensive, reliable, and understandable at
the operating levels.
3. To provide information on weaknesses in operating controls, principally as to
possible sources of waste.
4. To reassure that all operating reports can be relied on as basis for action.
2.3.3. Differences between operational auditing and financial auditing
According to D. C. Lane (1983), the main differences between financial audit and
internal audit, the operational audit has a much wider time horizon. Financial audit
focused on historical data, operational audit looks at the present and medium term-
future. Operational audit provide reliable forecasts and judgments about changes and
developments in industrial and technological environments. The operational auditors
verify the validity of forecasting and planning.
27
Arens et al. (2003, p738) states three main differences between operational and financial
audit.
1. Purpose of audit
Financial audit underlines the fair presentation of financial statement, whereas
operational audit underlines on effectiveness and efficiency. In addition, financial
audit concern with historical financial information, whereas operational audit
concern with operating performance for the future.
2. Distribution of the report
Financial audit report is normally intended for public use, such as shareholders,
investors, creditors, bank, governments, etc. Operational audit report, on the other
hand, is primarily intended for internal user, which is management.
3. Inclusion of non-financial areas
Operational audit covers any aspect of efficiency and effectiveness in an
organization. Hence, operational audit can involve a wide variety of activities. On
the contrary, financial audit are limited to materials that directly affect the fairness of
financial statement presentations.
28
Differences between financial audit and operational audit can be summarized as follows:
Characteristic Financial audit Operational audit
1. purpose To give a true and fair opinion of financial statements.
To improve internal control efficiency and effectiveness
2. scope Accounting records Business operations
3. orientation Historical financial information
Historical, current, and future operations
4. assessment criteria
Generally Accepted Accounting Principle (GAAP)
Management operation principles and procedures
5. method Generally Accepted Management operation techniques
6. precision Auditing Standard (GAAS) Absolute
Relative
7. recipient Outside party, such as
shareholders, governments, banks
Internal party, such as management, divisions
8. realization Actual Potential
9. frequency Regular, at least once a year
Periodic, often on an uncertain basis
10. obligation Compulsory Optional
11. focus Financial statements Operation positive improvements
12. viewpoint presented fairly Management
13. success financial Unqualified opinion
Management adoption of recommendations
29
2.3.4. Scope of operational auditing
The breakdown of the organization into set of separate audit reviews could be said to
form the audit universe of potential audit projects. The activities require coordination
between number of department or function. For example, the development of new
product may involve the marketing, accounting and research function. Each organization
may differ in audit function. According to chambers (1997) operational auditing
handbook scope of operational auditing divide as follows:
Management and administration:
• the control environment
• organization (i.e. structure)
• management information
• planning
• risk management
• legal department
• quality management
• estates management and facilities
• environmental issues
• insurance
• security
30
• capital projects
• industry regulation and compliance
• media, public and external relations
• company secretarial department
Financial and accounting:
• treasury
• payroll
• accounts payable
• accounts receivable
• general ledger/ management accounts
• fixed asset (and capital charges)
• budgeting and monitoring
• bank accounts and banking arrangements
• sales tax (i.e. VAT) accounting
• taxation
• inventories
• product/project accounting
• petty cash and expenses
• financial information and reporting
• investment
31
Personnel:
• human resources department (including policies)
• recruitment
• manpower and succession planning
• staff training and development
• welfare
• pension scheme (and other benefits)
• health insurance
• staff appraisal and disciplinary matters
• health and safety
• labor relations
• company vehicles
Procurement:
• purchasing
• contracting
Stock and materials handling:
• stock control
• warehousing and storage
• distribution, transport and logistics
32
Production/manufacturing:
• planning and production control
• facilities, plant, and equipment
• personnel
• materials and energy
• quality control
• safety
• environmental issues
• law and regulatory compliance
• maintenance
Marketing and sales:
• product development
• market research
• promotion and advertising
• pricing and discount policies
• sales management
• sales performance and monitoring
• distribution
• relationship with parent company (for overseas of subsidiary operations)
• agents
• order processing
33
After sales support:
• warranty arrangements
• maintenance and servicing
• spare parts and supply
Research and Development:
• product development
• project appraisal and monitoring
• plant and equipment
• development project management
• legal and regulatory issues
Information Technology:
• IT strategic planning
• IT organization
• IT sites
• Processing operations
• Back-up and media
• Systems/operating software
• System access control
• Personal computers
• Software maintenance
• Local area networks
• Databases
34
• Data protection
• Facilities management
• System development
• Software selection
• Contingency planning
• Electronic data interchange
• Viruses
• Electronic office
• User support
• Spreadsheet design
• Expert system
• IT accounting
2.3.5. Operational audit variables (6 E’s)
In operational auditing according to Andrew Chambers and Graham Rand (1997), auditor must consider 3 primary variables and 3 further audit interest. These are:
• Effectiveness: “doing the right things” which is achieving entity objectives.
• Efficiency: “doing them well” choosing the appropriate system to avoid waste of input and rework.
• Economy: “doing them cheap” for instance, unit costs for labor, materials, etc. Being under control.
35
The further E’s that maters the audit interests are:
• Equity: avoidance of discrimination and unfairness.
• Environment: acting in an environmentally responsible way.
• Ethics: legal and moral conduct by management and staff
The figure below represent connection between each variable
ACTUAL ACTUAL
INPUTS [Efficiency] OUTPUTS
[Economy] [Effectiveness]
PLANNED PLANNED INPUTS OUTPUTS
(objectives)
36
2.3.6. Audit performance measure
According to Andrew Chambers and Graham Rand (1997) operational auditing
handbook, Audit performance measure categorized as follows:
• Workload/demand performance measures:
This measurement indicates the output volume, the quality and quantity of the
service or product. Such as number of users, number of units produced, percentage,
etc.
• Economy performance measures:
These may highlight waste in the provision of resources indicating that the same
resources may be provided more cheaply. Such as; cleaning cost per hour worked,
maintenance cost, cost of finance function, etc.
• Efficiency performance measures:
These may highlight potential opportunities to convert given resources to end
product with less waste. Many performance measures will point to either
uneconomic or inefficient practices. Such as; breakdown per production day, ratio of
actual input and actual output, accidents at work per 1000 personnel, etc.
37
• Effectiveness performance measures:
These performance measure reviews about how to achieve entity’s objectives
regardless of economy, efficiency, or equity except if they are correlated.
Effectiveness performance measuring things such as; actual output in comparison to
planned output, ration of customer complain compare to the sales, etc.
• Equity performance measures:
These performance measures draw attention to unfairness or social irresponsibility in
terms of corporate policy and practice. Such as; departmental grant per member or
staff, proportion of female employees, etc.
2.3.7. Phases of operational audit
According to Arens et al (2003) pg. 743-745, phases of operational audit are as follow:
1. Planning
Operational audit planning phase is quite similar to financial audit planning. It
involves determining the scope of the engagement, assigning proper staff to the
engagement, obtain proper understanding of the client’s business industry, obtain
information of internal control and decide on proper evidence to accumulate.
38
2. Evidence accumulation and evaluation
Operational auditors must accumulate applicable and related evidence for a
reasonable basis result in making a conclusion about the objective being tested. The
following activities involved in evidence collections are:
o Reviewing operating policies and documentation
o Confirming procedures with management and operating personnel
o Observing operating functions and activities
o Examining financial and operating plans and reports
o Testing the accuracy of operating information
o Testing controls (romney and steinbart 2003, p.342).
3. Reporting and follow up
Operational audit report is prepared for internal management, which make a
standardized wording is less necessary. However, operational audit report needs
tailor-made report addressing the scope of audit, findings, and recommendation are
made to the management. This is to determine whether recommendation is
applicable or not.
39
2.3.8. Types of operational audit
1. Functional auditing
Functional audit deals with one or more functions in an organization, for example
effectivness and efficiency of payroll department for the company as a whole.
2. Organizational audit
An operational audit of an organization deals with an entire organizational unit, such
as department, branch or subsdiary. An organizational audit emphasizes on how
efficiently and effectively functions interact.
3. Special assignments
Special assignments in operational audit depend on the request of management for
kinds of audit, such as determining the ineffectiveness of the IT system, etc.
2.3.9. Relation of internal auditing and operational auditing
According to Mark Penno (1990) the scope of internal audit department typically
extends beyond financial reporting. The internal audit also performs operational (or
management) auditing. Operational auditing is not constrained by the limited
informational requirements of financial reporting and considers a much wider variety
of information than does a financial audit. The operational audit fills the gap
between the economic organizations informational requirements. Operational audit
40
or management audit fulfill the gap between financial requirements needed by
internal auditing. Operational auditing also eliminates data manipulation which
becomes important requirements in internal auditing.
2.3.10. Auditing operations and resource management.
Auditing operations and resource management is the operational auditing dimensions of
production and manufacturing as being representative of operations in general.
According to Andrew Chambers and Graham Rand (1997) operational auditing
handbook, they normally involve the following aspects:
• Identifying an underlying requirement and endeavoring to cost effectively exploit
it
• Ensuring that suitable and adequate resources (human and material) are brought
together at the right time and place to fulfill the identified requirements.
• Ensuring that the operation is conducted safely, economically, efficiently,
effectively, to the required standard, and in accordance with any prevailing
regulations and laws; and so on.
41
System/function components of a production/manufacturing environment:
• planning and production control
• facilities, plant, and equipment
• personnel
• materials and energy
• quality control
• safety
• environmental issues
• law and regulatory compliance
• maintenance
2.4 Internal Control
2.4.1. Definition of internal control
According to Arens et al (2003, p.274) , a system of internal control consist of policies
and procedures designed to provide management with reasonable assurance that the
company achieves its objectives and goals.
The Auditing Methods Committee of the American Institute of Certified Public
Accountants (AICPA) defined the internal control as being involve the organizational
plan, coordination methods, measures followed to protect the assts, checking, and
reviewing accounting data check their accuracy, dependability, increase productive
efficiency, and encourage employee's adoption of established management policies.
42
According to Al-Qudah(2011), The essential goals of internal control that can be
deduced from the earlier definitions include :
• First: authorities, powers and responsibilities of an organization, clearly state the
existence of organizational structure in the organization which important for
achieving internal control that supported by structured organizational
components.
• Second: provide protection of company’s assets from fraudulent manipulations.
• Third: accurate accounting information needed for overall company’s operations
and processes that become a subject of internal control.
• Fourth: Encouraging compliance with policies, regulations, and administrative
instructions in organization.
2.4.2. Internal control components
The COSO concept of internal control includes five components of internal control.
They are:
1. The control environment
The control environment consists of actions, policies, and procedures that expose the
overall position of top management concerning the extent of internal control importance.
Several factors that contribute to the control environment are:
o Integrity and ethical values
o Commitment to competence
43
o Board of directors or audit committee participation
o Management’s philosophy and operating style
o Organizational structure
o Assignment of authority and responsibility
o Human resources policies and practices
2. Risk assessment
Risk assessment is management’s identification and analysis of risks in relation to
the preparation of financial statements in conformity with GAAP. Factors that may
increase risk include failure to meet prior objectives, quality of personnel, company
operations, geographic scatter, significance and complexity of core business
processes, introduction of new system, and entrance of new competitors.
3. Control activities
Control activities are policies and procedures that are intended to ensure that actions
are taken to address risks in an attempt to achieve the entity’s objectives. Control
activities closely relate to policies and procedures that concern:
o Adequate segregation of duties
o Proper authorization of transactions and activities
o Adequate documents and records
44
o Physical control over assets and records
o Independent checks on performance
4. Information and communication
The rationale behind information and communication is to initiate, record, process, and
report the entity’s transactions as well as to preserve accountability for the related assets.
This is typically achieved and documented by narrative description of the system or by a
flowchart.
5. Monitoring
Monitoring activity cope with continuing or regular assessment of the quality of internal
control by management in an attempt to determine that controls are operating as
intended. Information for assessment and modification comes from a range of sources,
including internal auditor reports, evaluation of the current internal control, feedback
from operating personnel, reports by regulators and complaints from customers.
2.4.3. General characteristic of good internal control structure
Gay and Simnett (2000, p.305) present general characteristics of a good internal control
structure:
1. There should be proper segregation of duties. There should be no incompatible
functions, so that no person has a chance to commit or cover irregularities in the
normal course of duties.
45
2. The internal control structure should have a system of authorization, recording,
and custodianship procedures sufficient enough to provide accounting control of
assets, liabilities, revenues and expenses.
3. There should be reliable business practices in performance of duties and
functions by each department.
4. Internal control should ensure that persons have qualifications corresponding to
their responsibilities.
2.4.4. Relationship between internal control and operational auditing
Fadzil et al. (2005) as cited by Agbejule (2007) state that the primary concern of
organization internal control system are providing administrative management along
with reasonable assurances that financial information is accurate and reliable:
organization must concern about plans, procedures, policies, laws, regulation and
contract; assets are safeguarded against loss and theft; resources are used economically
and efficiently; and established objectives and goals for operations or programs can be
met. The following three internal control objectives can be found in the COSO
framework:
(1) Effectiveness and efficiency of activities;
(2) Reliability of financial information; and
(3) Compliance with applicable laws and regulations.
Obviously, the first of these three clients concerns directly relate to operational auditing,
but the other two also effect the efficiency and effectiveness.
46
Purpose of operational auditing of internal control is to evaluate efficiency and
effectiveness and to make recommendations to management. In contrast, internal control
evaluation for financial auditing has two primary purposes: to determine the extent of
substantive audit testing required and to report on the effectiveness of internal control
over financial reporting for public companies.
The scope of operational auditing concerns any control that related to efficiency
and effectiveness, while the scope of internal control evaluation for financial audit is
restricted to the effectiveness of internal control over financial reporting and its effect in
the fair presentation of financial statements.
