Scribd Logo
Upload

Welcome to Scribd!

  • OpAudCh03 CBET 01 501E Toralde, Ma - Kristine E.

    Uploaded by

    Kristine Esplana Toralde
    61 views5 pages
    Internal auditors should consider risks related to outsourcing processes even if fully outsourced. Management must remain vigilant of third party risks like data breaches, supply chain disruptions, and differences in regulations or culture between organizations. Outsourcing increases risks that must be carefully managed through effective third party risk management and oversight by internal auditors.

    Original Description:

    Original Title

    OpAudCh03 CBET 01 501E Toralde,Ma.kristine E.

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Internal auditors should consider risks related to outsourcing processes even if fully outsourced. Management must remain vigilant of third party risks like data breaches, supply chain disruptions, and differences in regulations or culture between organizations. Outsourcing increases risks that must be carefully managed through effective third party risk management and oversight by internal auditors.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    61 views5 pages

    OpAudCh03 CBET 01 501E Toralde, Ma - Kristine E.

    Uploaded by

    Kristine Esplana Toralde
    Internal auditors should consider risks related to outsourcing processes even if fully outsourced. Management must remain vigilant of third party risks like data breaches, supply chain disruptions, and differences in regulations or culture between organizations. Outsourcing increases risks that must be carefully managed through effective third party risk management and oversight by internal auditors.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 5

    TORALDE, MA.KRISTINE E.

    CBET-01-501E

    1. What are the benefits of the internal audit function establishing a risk-based plan when
    identifying the priorities of the internal audit activity?

    Management must be aware, engaged, and knowledgeable to learn from


    history, understand the present, and prepare for the future. For when that risk
    occurs, at least the company has prepared and somehow reduced the damages.

    2. Describe three ways that internal auditors can better identify the risks related to the
    area under review.

    There are multiple templates and lists available, often organized by industry.
    COSO, ISO, Information Technology Infrastructure Library (ITIL), CVNET, and
    others have prepared lists that can help to identify some of the key risks that should
    be included in the assessment.

    Risk identification exercise people with an extensive knowledge of the


    program or process that will be analyzed.

    Some of the common risks that operational auditors should consider during
    their risk assessments. Not all risks are applicable to every organization because
    differences in industry, business activities, geographic location, and size of
    organization make a difference. In addition, when performing operational reviews,
    auditors must examine a wider assortment of risks, and not just financial ones.

    3. What are three internal and three external factors affecting a typical organization? How
    do these factors affect the future prospects of the organization?

    Internal
    Equipment.
    The types of equipment available and the ways they are used limit the ability
    of the process to produce more high quality goods and deliver services.

    People.
    Lack of skilled and motivated workers limits the productive capacity of any
    process. Attitudes and other mental models (e.g., feeling defeated,
    victimized, or hopeless) embraced by workers can lead to behaviors that
    become a constraint on the process.

    Policies.
    Written and unwritten policies can prevent the process from producing more
    of higher quality goods and services.

    External
    Economic.
    Natural environment.
    Technological factors.
    Management must look into the past and the future to identify trends,
    shifting demographics, new markets, and competitor activities, among others. In
    many cases, these events are influenced by technological changes, economic
    development, increases in literacy levels, higher education attainment, natural
    events (e.g., floods and hurricanes), and demographic changes.

    4. Describe an event that has transformed or disrupted an industry and include: (1) An
    example of an organization that benefited from that opportunity and (2) an example of
    another organization that mismanaged it and suffered losses as a result.

    Events can have either a positive or negative impact representing risks and
    opportunities. A warehouse without a fire sprinkler system could suffer a total loss,
    or at least far more extensive damage than a building with a fire sprinkler system
    that is professionally designed, installed, maintained, and inspected regularly.

    The occurrence of a risk event could have a negative effect on the


    relationships that the organization has with its customers, suppliers, the
    surrounding community, investors, and other stakeholders. The loss of confidence
    in the organization, its leadership, its products, and services can be severe.

    5. List three organizations that provide lists of common vulnerabilities useful during a risk
    assessment.

    The Federal Emergency Management Agency provides the Mapping


    Information Platform and the Risk MAP (Mapping, Assessment, and Planning) to
    help organizations by delivering data that increases public awareness and leads
    to action to reduce the risk to property and life.

    The US Geological Service (USGS) has a great deal of seismic information to


    help organizations identify their vulnerabilities from fault lines, and incident history
    as a possible gauge to future activity through probability analysis based on
    location, time span, and radius from a designated location. The USGS also
    provides information related to landslides, volcanic activity, while the Occupational
    Safety and Health Administration of the US Department of Labor,also provides
    information about workplace hazards.
    The National Weather Service provides rain, hurricane, air quality, winter
    storm, flood, and marine weather information, which can have a substantial impact
    on the health, safety, and operation of organizational process. Recall the impact
    that extreme cold and heavy snow fall had on the.

    6. List three of the benefits of CSA programs.

    CSAs require managers to think about the design and condition of their areas
    of responsibility, and assess the presence and quality of the related controls.

    They consist of questionnaires and other forms that process owners complete
    that identify the major activities in their programs and processes, the objectives,
    risks and controls, the individuals that perform key tasks and controls, and the
    major challenges affecting these programs and processes.

    The information captured during the CSA process should also be subject to
    audit review and comparison between what the process owner indicated in the
    forms and what the internal audits identify in terms of risk and control effectiveness.
    Discrepancies should be analyzed and discussed with the corresponding manager
    and the initial assessment updated.

    7. Describe three risks that are unique to each of the following two manufacturing
    approaches: made to order (MTO) and made to stock (MTS).

    Make to Order (MTO) is manufacturing product after the order is received. The
    risk in this kind of manufacturing strategies is for example, there’s a lot of order
    and there is a bottleneck or a slowdown in the steps of manufacturing that result
    to inefficiency of production. Another risk is managers should have a reliable
    suppliers, because if the supplies is not present in the time there’s an order it will
    result to long cycle time and that decreases the customer satisfaction.
    Made to Stock (MTS) products are manufactured in advance. The risk in this
    kind of manufacturing strategies is for example, since the production is based on
    demand forecast, it should accurate there will be a problem if the forecast is not
    accurate. Another risk if for example you use past information to make forecast
    and you thought it was accurate but because of unpredictable nature of consumer
    trends it can be different.

    8. Explain why internal auditors should consider bottlenecks, long cycle times,
    redundancies, and reprocessing as operational risks.

    It is important for internal auditors to consider bottlenecks because it slow down


    or even stop the work. In other words it is the delay in the process they should
    consider it because if the slowdown is the problem for the longer term internal
    auditors should investigate further because the impact is more substantial.
    Long cycle times have an impact on customer satisfaction because if the
    product is made too long there may be a shortage of production, and if customers
    also need that kind of product they can use other products available in the market
    and if that product meets their needs, the customer will buy that product instead of
    waiting for that product to appear in market. Long cycle time make company spend
    more, because it needs to be stored for a long time and other cost it need.

    9. What are the risk implications of outsourcing? Explain why management must remain
    vigilant even if a process and related activities have been outsourced to another
    organization.

    Outsourcing firms carries risk and challenges, including different regulations,


    currency exchange exposure, language barriers, cultural differences, the risk of
    supply chain disruption, and poor quality. Management must remain vigilant
    because there are risk in the third party relationship. Since some of these third
    parties could have access to the organization’s computer systems, the risk of a
    data breach increases as was evident in the massive data breach at Target where
    hackers used stolen credentials from a refrigeration contractor to plant malware
    that collected customer data. Internal auditors should make sure their
    organizations are practicing effective risk management on their third party
    relationships.

    10. What are some of the practices expected of organizations to fight corruption and
    support efforts to decrease institutional corruption?

    Transparency International (TI) publishes the annual Corruption Perceptions


    Index (CPI), which measures the perceived levels of public sector corruption
    worldwide. Business leaders, policy makers, internal auditors, and other stakeholders
    use this and other reports from TI as a gauge and input when performing risk
    assessments. Internal auditors should examine where their organizations operate,
    where their suppliers operate and where their customers reside, and evaluate the
    implications of their unique geographical network to their risk profile.

    1. Hernan, M. Operational Auditing: Principles and Techniques for a Changing World.


    Risk Assessments. P.63 New York. CRC Press.
    2. Hernan, M. Operational Auditing: Principles and Techniques for a Changing World.
    Risk Assessments. P.64 New York. CRC Press.
    3. Hernan, M. Operational Auditing: Principles and Techniques for a Changing World.
    Risk Assessments. P.67-71 New York. CRC Press.
    4. Hernan, M. Operational Auditing: Principles and Techniques for a Changing World.
    Risk Assessments. P.70-71 New York. CRC Press.
    5. Hernan, M. Operational Auditing: Principles and Techniques for a Changing World.
    Risk Assessments. P.72 New York. CRC Press.
    6. Hernan, M. Operational Auditing: Principles and Techniques for a Changing World.
    Risk Assessments. P.75-76 New York. CRC Press.
    7. Hernan, M. Operational Auditing: Principles and Techniques for a Changing World.
    Risk Assessments. P.76--77 New York. CRC Press.
    8. Hernan, M. Operational Auditing: Principles and Techniques for a Changing World.
    Risk Assessments. P.77-78 New York. CRC Press.
    9. Hernan, M. Operational Auditing: Principles and Techniques for a Changing World.
    Risk Assessments. P.79-80 New York. CRC Press.
    10. Hernan, M. Operational Auditing: Principles and Techniques for a Changing World.
    Risk Assessments. P.83 New York. CRC Press.

    You might also like