|
CHAPTER II THEORETICAL
FOUNDATION
2.1 Definition of Operational Audit
Operational audit is
an
audit which
is commonly performed
in
a
company
in
order
to
ensure
the
effectiveness and
efficiency of
a
company’s operation. Operational audit
is
also
beneficial in
assessing
company’s
internal
control.
Inquiries
regarding the
accomplishment of company objectives and the compliance of company activities with
the laws and regulations could also be addressed by operational audit. As the result of an
operational
audit,
recommendations are
presented
in
purpose
of
resolving
company
problems.
According to The Institute of Internal Auditors (IIA) publication cited in Leung, Coram,
Cooper (2007:662), operational audit is defined as:
…a
systematic
process
of
evaluating
an
organization’s effectiveness,
efficiency,
and
economy of
operations
under
management’s
control, and
reporting
to
appropriate persons
the
results
of
the evaluation
along
with
recommendations for improvements.
Another
definition
is
also
provided
by
Arens,
Elder,
and
Beasley
(2003:13), which
describe operational audit as:
…a
review
on
any
part
of
an
organization’s
operating
procedures
and
method
for
the
purpose
of
evaluating efficiency and
effectiveness.
9
|
|
10
According to Gill (1999:718), operational audit should consist of:
1.Systematic process
Series of logical, structured and organized procedures involved in an operational audit.
Proper planning is very important in an audit in order to obtain and evaluate evidence
relating to the activity being audited.
2.Evaluating an organization’s operation
Every company’s management owns its performance standards which are expressed as
criteria. The degree of correspondence between actual performance and the criteria are
measured by an operational audit.
3.Effectiveness, efficiency, and economy of operations
The main purpose of an operational audit is to assist the client or the company audited
in improving the effectiveness, efficiency, and economy of its operations.
4.Reporting to appropriate persons
The appropriate recipient of the operational audit is the management or the
individual
agency that requested the audit
5.Recommendations for improvement
Recommendations are the result of the operational audit conducted by the auditor.
In
summary, operational audit is a systematic and objective evaluation of a company’s
activities,
with
the
purpose
of
providing
recommendations and
improving
the
effectiveness and efficiency of the company.
|
|
11
2.1.1 Purpose and Benefit of Operational Audit
There
is
major
distinction
between
financial
and
operational audit.
The
orientation
between these audits
is also dissimilar. Financial audit
is oriented
to
the past,
whereas
operational audit concerns for the future.
Purposes of an operational audit, according to Carmichael and Willingham (1987:544),
are:
1. Assess performance
In assessing company’ s performance, the auditor needs to compare the manner in which
an organization conducts its activities, in
accordance with
(1) objectives established by
management or the engaging party, such as organizational policies, standards, and goals,
and (2) other appropriate measurement criteria.
2. Identify opportunities for improvement
Several alternatives
for auditor to
identify specific opportunities for
improvements are
analysis
of
interviews
with
individuals,
observation
of
current
operations,
reviews
of
past
and
current
reports,
transaction studies,
comparisons
with
industry
standards,
exercise of professional judgment based on experience, or other appropriate means.
3. Develop recommendations for improvements of further actions
Recommendations could be made by the auditors. In certain cases, it is possible for the
auditor to conduct further study, not within the scope of the engagement, and the auditor
may simply refer to reasons why further study of a specific area may be appropriate.
|
|
12
Implementation
of
operational
audit
is
expected to
assist
the
companies
in
achieving
certain
benefits, such
as
generating progress
for
the
company performance, increasing
the management of company operations.
Companies
may have different purposes
in
conducting operational audit. Nevertheless,
the
main objective
is
improving effectiveness and
efficiency of
operations in
the
short
term and increasing company performance in the long term.
2.1.2 Types of Operational Audit
There are three
main categories of operational audit which auditors frequently perform.
In
every types of operational audit, the
main objectives are
evaluating
internal control
and assessing company’s efficiency and effectiveness.
Arens (2003:740) categorize three main types of operational audits:
1. Functional Audits
Functions are
a
means
of categorizing
the activities
of a business, such
as the
billing
function or production function. Various methods have been developed to categorize and
subdivide functions. Prior to the terms, a functional audit is conducted with one or more
functions
in
a
company.
Specialization by
auditors
is permitted
in
this
type of audit.
This specialization has become the main advantage of functional audit.
|
|
13
2. Organizational Audits
Organizational audit deals with an entire organizational unit,
including all departments,
branches, and subsidiaries. The organization operation and also
methods are especially
important in this audit. Therefore, this audit is ideal in order to emphasize how
efficiently and effectively functions interact
3. Special Assignments
Management
usually
raises
the
request
of
special assignment.
Examples
of
this
audit
may
include
determining
the
cause
of
an
ineffective
IT
system,
investigating the
possibility of fraud in a division, and making recommendations for reducing the cost of
manufacture product.
Several
aspects
affecting
the
type
of
audit
performed are
the scope
permitted by
the
company, the benefits expected to be achieved, and request from the company.
2.1.3 Performance of Operational Audit
As in other kinds of audit types, it is crucial that operational audit is to be performed by
competent auditors.
|
|
14
As
stated
by
Arens
(2003:740-742), operational
audit
is
performed
mainly
by
three
professions:
1. Internal Auditors
Internal auditors could perform either operational or
financial audits. These auditors are
considered
to
be
effective
for the company
because
normally,
they
also work
for
the
company audited. However, in an audit performance, internal auditors are obliged to be
independent. The internal auditors should report to the board of directors or president.
2. Government Auditors
Government
auditors
usually
perform
financial
audit
and
also
operational audit.
In
Indonesia,
government auditors are
represented by Badan Pemeriksa Keuangan (BPK).
The result
of an
operational
audit
by
BPK
would be
presented
to Dewan Perwakilan
Rakyat (Legislative Council)
as
a
means
in
managing
Indonesia’s economic
activities
(Jusup, 2001:17).
In United
States,
General
Accounting
Office
(GAO) is the most
widely recognized
government auditor group. The
standard for
government auditors
in
United States
is
termed
‘The Yellow
Book’,
which defines
and
sets
standards
for
the
performance audits; which are considered essentially the same as operational audits. The
objectives of performance audit based on ‘The Yellow Book’ are economy and
efficiency audits and also program audits.
3. CPA Firms
CPA
firms perform their audit based on
their knowledge of client’s background. They
usually perform financial audit and could be widened into operational audit. The result
|
|
15
of the
audit
should
be
made
in
form of
management letter.
Operational audit
by CPA
firms commonly happen in a company which lack of internal audit staff or internal audit
staff lacks expertise in a certain area.
In general, auditors should possess their independence in performing operational audit or
other
types of audit. In the
performance of
any
type
of operational audit, auditors are
expected to resolve the
matters in an uncomplicated manner and presented the result
in
recommendations. These
recommendations should
be able
to
be
conducted effectively
and efficiently by the company.
2.1.4 Phases in Operational Audit
In
managing
their
working
schedule and also
services,
it
is
beneficial
for
auditors
to
have phases in operational audit.
The phases that need to be completed in an operational audit are (Gill, 1999:718-721):
1. Audit Planning
In
audit
planning,
auditors
should
determine
the
scope
of
the
engagement and
communicate it
to
the
company;
obtain
background
information
about
the
company,
comprehend internal control, and decide the appropriate evidence to accumulate. Audit
planning begins by developing an audit program. Audit program is composed based on
the
findings
by
the
auditor
in
the
preliminary study
phase.
Scheduling the
audit
performance is also included in audit planning. In operational audit, it is crucial to spend
more time with
interested parties regarding the terms of engagement and the criteria for
evaluation.
|
|
16
2. Audit Performance
In
acquiring relevant
data,
the
auditor
usually
conducts
inquiry
and
observation.
Questionnaire is
the
most
common
approach
used
by
the
auditor
as
a
basis
for
interviewing auditee personnel. The auditor expects to obtain opinions, comments, and
suggested solutions from the responses. Auditors can also conduct observation of
auditee personnel to detect inefficiencies and other weaknesses.
The next
phase
in
audit performance is analysis. Analysis
is also
important because
it
provides a
basis
for determining the
degree to
which
the auditee
is
meeting
specified
objectives. Analysis comprises of the study and
measurement of actual performance
in
relation to some criteria.
There are two types of criteria, which are criteria internally developed by the entity and
criteria
externally developed by
the
entity.
Internally
developed
criteria
could
be
described in productivity goals and budgets. Externally developed criteria could also be
found
in
information
on
industry
standards
or
derived
by
the
auditor
from
previous
audits
or
similar
activities.
After
the audit performance concluded,
the auditor
should
document the
findings and the recommendations in
working papers.
The senior auditor
usually
will
review
the
working
papers
to
monitor
progress
and
ensure
the
overall
quality of the work.
3. Report Findings
The
result
of
operational
audit
is
the
audit report.
In
operational audit,
the
report
is
usually sent only
to management, with a copy to the
unit being audited. The common
features of an operational audit report comprise of:
|
|
17
a. A statement of objectives and scope of the audit
In
this stage,
auditor
would
include
(1)
document, analysis, and
report
regarding
the
current operations (2)
identification of
areas that require attention (3) recommendations
for corrective action or improvements. The components of the scope are identification of
units being audited and the evaluation of specific financial and operational conditions.
b. A general description of the work done
In this
section the
auditor will
indicate
(1) the personnel
interviewed; (2) the
specific
documents, files, reports, and systems used in evaluation; (3) the analysis of data; (4) the
development
of
recommendations
for
improvement;
(5)
the
discussions with
management personnel.
c.
A summary of findings
For consideration purpose, all substantial findings are included in the report.
•
Recommendations for improvements
The aim of recommendations is to
increase the efficiency and effectiveness of
company’s operation.
•
Comments of the auditee
This
feature
is optional for
auditors. Auditors will include
this part only
when
there
is
disagreement with the auditee concerning findings and recommendations.
|
|
18
4. Follow-up Performance
The auditor
is required to
follow
up
on the auditee’s response to the audit report.
The
failure in receiving an appropriate response
must be reported to senior management by
the auditor.
Subsequently,
the
phases
in operational audit
is
required to
be
achieve several
goals
,
such as (1) to ensure the effectiveness and efficiency of company activity, (2) to assist
the company in improving its operations and developing the performance.
2.2 Definition of Internal Control
One of the purposes of operational audit
is also to evaluate efficiency and effectiveness
of internal control and eventually provide recommendations to the management.
In
accordance with
Agoes
(1999:180),
efficiency and
effectiveness
were
defined
as
follows:
a.Effective occurs when a company could accomplish its goal, objectives, or programs
in a targeted range of time, regardless of the cost.
b.Efficient occurs when a company could achieve bigger results (output) along with the
least amount of cost (input).
Accordingly, concise explanation of effectiveness and efficiency are:
a) Effectiveness - the assessment of
a
company in determining the extent the company
has been successful in realizing its goal, objectives, or programs.
|
|
19
b) Efficiency - correlation between the output results of the company’s activity and the
input consumed to generate the results (output).
Furthermore, Auditing and
Assurance
Handbook 2008 ( ASA 315: 218),
affirm
that,
‘obtaining
an
understanding of
the
entity
and
its
environment,
including
its
internal
control
is
a
continuous, dynamic
process
of
gathering,
updating,
and
analyzing
information throughout the audit.’
In accordance with The Committee of Sponsoring Organizations (COSO) of the
Treadway Commission, (Gill, 2004: 273), internal control can be defined as:
…a
process, affected by an entity’s board of directors, management, and
other
personnel, designed
to
provide
reasonable
assurance
regarding
the
achievement of
objectives
in
the
following
categories:
reliability
of
financial reporting, compliance with applicable
laws and regulations, and
effectiveness and efficiency of operations.
The definition of
internal control according to Ikatan Akuntan Indonesia (IAI),
published in Standar Profesional Akuntan Publik (IAI, 2001:319.2), is:
Internal control
is
the
process
carried
out
by
the
commissioner,
management, and
the
staffs
in
the
entity,
which
is
designed
to
provide
reasonable assurance in accomplishing three main purposes: (a) reliability
of
financial reporting (b) efficient and effective company’s operations (c)
compliance with the rules and regulations.
|
|
20
A
company’s size
has an essential effect on the
nature of internal control. However, if
the
various subcomponents of
internal
control
are
examined,
it becomes
obvious
that
most are applicable to both large and small companies.
2.2.1 Purpose of Internal Control
Three purposes of applying internal control in a company are (1) Reliability of financial
reporting,
(2) Compliance
with
rules
and
regulations, and
(3) Efficiency
and
effectiveness in company activities.
Standar Profesional Akuntan Publik (IAI, 2001:319.2) identifies the purpose of
internal
control as follows:
1. Reliability of financial reporting
Management has
the
obligation
of
establishing
and
maintaining
entity’s
controls.
Therefore,
the
management
should
ensure
that
the
financial
report
has
been prepared
according to reporting standard.
2. Effectiveness and efficiency of the company’s operations
By applying good internal control, it is anticipated that ineffective and inefficient use of
resources could be diminished.
3. Compliance with the law and regulations
The company’s operations should be complied with rules and regulations, which could
affect the company directly or indirectly.
|
|
21
As
a
conclusion, by applying the
appropriate degree of
internal control
in a
company,
the company could achieve its short term and long term goal in an efficient and effective
way.
2.2.2 Components of Internal Control
Internal
control
includes
five
significant
categories
that
management designs
and
implements to provide reasonable assurance that management’s control objectives will
be met. These are called the components of internal control (Arens, 2003:274-281)
1. The control environment
Control
environment consists of
the
actions,
policies,
and
procedures
that
reflect
the
overall attitudes of top
management, directors,
and
owners of an entity
about
internal
control and its importance to the entity.
In
understanding and assessing control environment, auditors should also consider other
subcomponents such as integrity and ethical
values, commitment to competence, board
of
directors
or
audit committee participation,
management’s philosophy and
operating
style, organizational structure,
assignment
of
authority
and
responsibility,
and
human
resource policies and practices.
2. Risk Assessment
Risk
assessment
for
financial reporting
includes
identifying and analyzing risks
which
are
relevant
to
the
preparation
of
financial
statements
in
conformity with
Generally
Accepted Accounting Principles (GAAP).
|
|
22
In order to understand more about risk assessment in a company, auditors usually could
use
control risk matrix
which described control which
needed
for certain
function in a
company, perform questionnaires and discussion with management. Relevant transaction
class
audit
objective
in
control
risk
matrix
consist
of
completeness, existence
and
occurrence, allocation and
valuation, and presentation and disclosure.
The
more
effective
the
internal
controls, the
lower
the
control
risk
and
inherent risk.
The
relationship between control risk and detection risk is inversed, whereas the relationship
between control
risk
and
substantive test
is
direct.
Thus,
when
the
control risk
and
inherent
risk
are
high, substantive test is
needed. And when
the
detection risk
is
high,
test of control is needed.
3. Control Activities
Control
activities are
the
policies and
procedures,
which
help
ensure
that
necessary
actions are taken to address risks in the achievement of the company’s objectives.
Statements on Auditing Standards (SAS) 94 and COSO Report note that control
activities
are
generally
related to
policies
and
procedures
that
affect
segregation
of
duties,
information processing, physical
controls, and performance reviews.
There are
five types of specific control activities, which are adequate segregation of duties, proper
authorization of
transactions and
activities,
adequate
document
and
records,
physical
control over assets and records, and independent checks on performance.
|
|
23
4. Information and Communication
The
role
of
information
and
communication system
within
a
company
is
to
initiate,
record, process, and report the entity’s transactions; and
maintain accountability for the
related
assets. To
understand
the
design
of the
accounting
information system,
the
auditor
(1)
determines
the
major
classes of
transactions of
the
entity, (2)
how
those
transactions
are
initiated
and
recorded,
(3)
what
accounting
records
exist
and
their
nature,
(4)
how
the
system captures other
events
that are
significant to
the
financial
statements, and (5) the nature and details of the financial reporting process followed.
5. Monitoring
Monitoring activities
deal
with
the
ongoing
or
periodic
assessment
of
the
quality
of
internal control performance by
management to determine that controls are operating as
intended and that they are modified as appropriate for changes in conditions.
The
major
types
of
monitoring activities a company
uses and how
these
activities are
used
to
modify
internal
controls
when
necessary
are
the
most
important
things
the
auditor
needs
to
know
about
monitoring. The
most
common
way
to
obtain
this
understanding is by discussion with management. In addition, an adequate internal audit
staff
can
reduce
external
audit
costs
by
providing direct
assistance
to
the
external
auditors.
Each
component of
internal
control
comprises of
policies and procedures
which
are
considered necessary in attaining the purposes of internal control.
|
|
24
2.2.3 Relation between Operational Audit and Internal Control
Analyzing and
evaluating
internal control of a company is
required
for an auditor,
as
stated
by Standar Profesional Akuntan Publik (IAI,2001:319.02), ‘Reasonable
knowledge of internal control should be acquired with the aim of planning the audit and
determining the nature, timing, and extent of the audit’.
Ratliff (1996:753) defines the relation between internal control and operational audit as
follows,
‘Operational audits examine and
evaluate systems of
internal
control
and
the
quality of performance in carrying out assigned responsibilities’.
He
further
states
that
the
key
to
understanding operational
auditing
is
to
understand
internal control. All operational audit tests
generally are
linked directly to some aspect
of
organizational operations
(Ratliff,
1996:753-757).
Therefore,
it
is
certain
that
operational
audits
are conducted
to enhance
and
support
internal
control
as
means
in
achieving company’s goals.
Weaknesses in company’s internal control, such as errors, inaccuracy and fraud, indicate
greater risk
for
the company. If
the
auditor assumes
the company’s internal control as
ineffective, the
auditor
should
expand
the
audit
scope
and
perform
substantive
test
in
preventing
greater
risk to
occur. On
the
contrary,
if
the auditor
presumes the
internal
control of the company as effective, the auditor could simply complete test of control or
reduce the scope of the audit when performing substantive test.
|
|
25
2.2.4 Definition of Accounting Information System
In
performing
operational
audit,
particularly in
describing
the
flow
of
company’s
operation
and
also
its
organizational structure,
the
audit
is
supported
by
accounting
information system.
According to Hall, information system could be defined as:
‘Specialized subset of
information system that processes financial transactions
(Hall, 2007:9).’
Hall
also
stated several
documentation techniques which
support the
performance of
operational audit, such as (2007: 58-62):
1. Data Flow diagrams
In
this
method, symbols
are
representing
the entities, processes,
data
flows,
and data
stores that pertain to a system.
2. Entity Relationship Diagrams
This
method
applies
documentation
technique
to
represent
the
relationship
between
entities.
3. Flowcharts
A flowchart is a graphical representation of a system that describes the physical
relationship between key entities.
Components
in
accounting
information
system
maintain
a
proper
performance of an
operational audit.
|
|
26
2.2.5 Relation between Operational Audit and Accounting Information System
In Operational audit the main purpose is to assess the internal control of the company in
order to evaluate the company’s performance. In assessing the internal control, there are
methods applied.
This method applied is frequently related to accounting information system. Accounting
information system
could
provide the
written description
of
a
system
which could be
wordy
and
difficult
to
follow.
By
using
documentation techniques,
the
auditors could
capture visual image which could convey vital system information more effectively and
efficiently than words do. For example, the auditor needs to evaluate the internal control
and
procedures of
purchasing
department in
the
company;
the
auditor
could
use
a
flowchart
to
describe
this
situation. The auditor
will
begin
by
interviewing individuals
involved in the purchase order process to determine what they do. Based on the findings
and
facts,
the
auditor could
create a
flowchart of
this
system.
This
flowchart would
clearly identify the system that it represents.
2.3 Definition of Purchase
Within a company, there are areas which possess high risk factors. One of these areas is
the purchasing area. In a company, purchase is the main function in maximizing
company’s production activity. Purchase volume depends on the size of the company.
There are several definitions of sales, including:
1. According to Ebert and Griffin ‘Purchasing is the acquisition of all the raw materials
and services that a company needs to produce its products’ ( Ebbert and Griffin, 2005:
210).
|
|
27
2. In accordance with Soemarso, ‘ Purchasing activity could
include, purchasing
goods
in cash
or credit,
purchasing goods
for the
purpose of production activity
and
other
company activities’ (Soemarso, 1999:208).
In summary, purchase could be defined as the result of company’s activity in acquiring
production goods within a period of time. Purchase is performed in two ways:
1. Cash purchase
In
this type
of
purchase,
the company
is
obliged
to
make the
payment
alongside
the
acceptance of merchandises ( Arens, 2003:542).
2. Credit purchase
This
type
of
sales
enables
the
company
to
receive
the
merchandises and
make
the
payment afterwards, within an agreed upon of time and terms. Accounts payable occur
as the result of credit purchase ( Arens. 2003:543).
2.4 Definition of Account Payable
Lenience
in terms of payment
may be provided for the company by
the seller, such as
permitting the
company
to
make
payment
within
an
agreed
period of
time
and
terms.
Lenience in payment only occurs in credit purchase.
Account payable in credit purchase is regarded as a
liability due to the obligation that a
company
expects
to
fulfill
in
the
future.
In
accounting manner,
account
payable
is
considered as current liabilities. Current liabilities are obligations which fall due before
one year from the balance sheet date.
|
|
28
There are several definitions for account payable, such as:
1. Horngren (2002:329) defines account payable as ‘Amounts owed to suppliers.’
2.According
to Nickels,
McHugh, McHugh, accounts
payable
could
be
defined
as,
‘Money owed to others for merchandise and services purchased on credit but not yet
paid ‘(Nickels: 558).
3.Arens, Alder and Beasley defined accounts payable as:
Unpaid obligations for goods and services received in the ordinary course of business
(Arens, 2003: 552).
2.5 Summary of Theoretical Foundation
Operational audit
is
conducted
as
a
review
of
company’s activities.
The
benefits
of
operational
audit
are
assessing
the
company
performance, identifying
weaknesses
in
company functions, increasing efficiency and effectiveness of company operations, and
providing recommendations for the development of the company. There are three types
of
operational audit
which
are
commonly
performed
by
auditors;
they
are
functional
audit, organizational audit,
and also
special
assignment.
The
stages
usually pursued
in
operational audit are audit planning, audit performance,
report findings, and audit
follow-up.
Enhancing
efficiency
and
effectiveness of
company
operations
has
become
the
main
purpose
of
operational
audit.
Effectiveness and
efficiency
are
crucial
in
a
company
because
by enhancing both
of
them; a
company can
easily
manage
its operations and
accomplish its objectives.
|
|
29
Internal control should also be reviewed by auditors in conducting operational audit. In
performing internal control, management should also consider the components of
internal
control,
such
as
control
environment, risk
assessment,
control
activities,
information and communication, and monitoring.
Proper
application
of
internal
control could
ensure
the
reliability
and compliance of
financial
reporting,
and
also
increase
the
level
of
effectiveness and
efficiency
of
the
operations.
In
providing
the
visual
description of
the
internal
control of the
company,
the auditor
would
apply
the
documentation techniques
in
accounting
information
system.
These
documentation techniques
would
provide
great amount
of
assistance
in
understanding
more about the company’s operation and relation between entities audited.
Credit
purchase could
be
considered as
an
obligation
which
must be
fulfilled
by
the
company. Account payable
is also crucial because
if the company could not pay
their
account
or could
not
be
resolved, the
amount
in
the
account
payable
could
affect
the
company performance in negative way.
The
objective
of
this
thesis
is
to
perform
operational
audit
on
credit
purchase
and
account payable functions on fabric at PT. Henrydew Putra Sanjaya. Prior to the
situation
in PT
Henrydew
Putra Sanjaya,
the
type
of
operational
audit
which will be
conducted is the functional audit. By conducting operational audit, it is expected that the
|
|
30
auditor
could
identify
the
weaknesses
of
the
company
in
both
functions and
subsequently provide recommendations to prevent future
losses
and risks. This audit
performance is also conducted to evaluate the level of
internal control in the company.
Eventually, this audit could increase in effectiveness and efficiency of company activity
especially in
credit purchase and account payable on
fabrics. This audit would also be
performed based on the proper audit phases.
|