Chapter 5 - Business Processes and Risks

Chapter 5

Business Processes and Risks

Learning Objective 1: Understand how organizations structure their activities to achieve their objectives

Learning Objective 1: Understand how organizations structure their activities to achieve their objectives

Business Process Business Process is the set of connected activities linked with each other for the purpose of achieving an objective  hree  hree types of business business activities! activities! Operating processes anage!ent and support processes Project

•

•

•

•

•

Business "ctivit#: Basic Operating Processes

"# Understand environment

$# %evelop &trategy

'# %esign Product or service

(# )arket * &ell

,# nvoice and .ollect

+# Produce and deliver Product or &ervices

Business "ctivit#: anage!ent $upport Processes )anage /uman 0esources

)anage Financial resources

)anage  resources

)anage Physical 0esources

)anage .ompliance with laws and 0egulations

)anage E1ternal 0elationships

Business "ctivit#: Projects Project Operate Project %e&iver

&couting and Assess &couting and Assess

.oncept developme nt

%esign * source

E1ecute 2 mpleme nt3

4perate

.oncept developme nt

%esign * source

E1ecute 2 mpleme nt3

/ando5 

/ando5  2abandon3

Learning Objective '': Obtain an understanding o( Business Process

Understanding Business Processes •

•

•

 o add value and improve an organi6ation7s operations8 nternal Auditor must 9rst understand the organi6ation7s business model Business model includes the objectives of the organi6ation and how its business processes are structured to achieve objectives Business model includes the organi6ation7s vision8 mission8 and values8 products or service8 customer or market8 supply and delivery channel :hat product or services it will deliver •

Understanding Business Processes :hile an organi6ation7s vision and mission8 values and objectives are relatively stable from year to year8 the internal audit function should still periodically update its understanding of the organi6ation7s strategy  wo common approaches that can help in understanding business processes!

•

•

•

•

)op down approach Botto! up approach

Understanding Business Processes •

)op down "pproach "# Understanding organi6ation7s objectives $# dentifying key process critical to the success of each objectives '# Breaking the process into levels of sub-processes and reaching the activity level

•

Botto! up "pproach "# $# '# (#

;ooking at all processes at the activity level dentifying the business process %etermine the key objectives of the process Understanding how inputs and activities combined to

Business Process Objective: *uestions 4nce business process is identi9ed8 A should get the answers of following ow

Understanding Business Process: *uestions to Process Owner "# :hy does this process e1ist? $# :hich of the organi6ation7s strategic objectives a5ect the process and how? '# :hat initiatives should the process undertake to help the organi6ation achieve its strategic objectives? (# :hat does the process provide the organi6ation8 without which organi6ation would have a di@cult time being successful? +# :hat gives employees involved in the process a sense of accomplishment with their jobs? ,# :hat accomplishment tend to get employees involved in the process recogni6ed by management or internal customers? # /ow are people who are involved with the process e1pected to act? :hat

Learning Objective ''':

Obtain understanding o( docu!enting Business Process

%ocumenting Business Process •

%ocu!enting business process is use(u& (or: •

•

•

•

•

•

4rienting new personnel %e9ning areas of responsibility Evaluating the e@ciency of processes %etermining areas of primary concern dentifying key risk controls

)wo co!!on !ethod o( docu!enting business process: •

•

Process )aps 2 /igh ;evel Activity and %etailed ;evel Activity3 Process narratives 2 %escription over /igh ;evel and %etail Activity

+igh Leve& "ctivit# Process ap: ,-a!p&e

%etai&ed Leve& "ctivit# Process ap: ,-a!p&e

Learning Objective '.:

Understanding basic t#pes o( business risks

Business 0isk! Understanding •

•

•

Understanding of the organi6ation7s business risk will determine the e1tent to which the internal audit function will be able to ful9ll its mission and add value to the organi6ation ts helpful to develop an overall risk pro9le of the organi6ation that identi9es the critical risks to achievement of each strategic objective nternal audit function can build its risk assessment from the organi6ation7s risk pro9le

Basic Business Risks &trategic 0isks

.ompliance 0isks

0eporting 0isks

4peration 0isks

Basic Business Risk  $trategic Risk ,-terna&

Co!p&iance risk

'nterna&

,-terna&

.hanges in law and regulations

0eputation

.ontractual

Ethics

Accounting and 9nancial reporting

Budgeting

.ompetition

&trategic focus

0egulatory

policies

a1ation

Performance measures

.hange in market dynamics

.ustomer satisfaction

;itigation

Fraud and illegal acts

ndustry

governance

permits

technology

'nterna&

Reporting Risks ,-terna&

'nterna&

nternal control and regulatory reporting

Basic Business Risk  Operationa& Risks Process

Peop&e

/inancia&

&upply chain capacity

)anpower supply

nterest rates

Process e1ecution

;eadership

Foreign currency e1change

/ealth and human safety

Performance incentives

.apacity

Business continuity

Empowerment

.oncentration

.ycle time

.hange readiness

.apital availability

.atastrophic events

communications

.ash management

;ack of product innovation

.ommodity pricing

Learning Objective .:

Understand Risk "ssess!ent ode&

R'$0 "$$,$$,) O%,L

'P"C )

,-tre!e

"+

"D

$$

$(

$+

+igh

"

"(

"

$"

$'

ediu!

,

D

"'

"

$

Low

'

+



"$

",

eg&igib& e

"

$

(



""

Re!ote 2341346

Un&ike&# 2134 7546

Possib&e 2754 5346

Probab&e 2534 8346

Certain 2834 13346

'P"C)

L'0,L'+OO%

,-tre!e

 " )illion8 hreatens ongoing e1istence

+igh

G$+ - G" )illion8 di@cult to achieve business 4bjectives

ediu!

G+ - G$+ )illion8 achieving some business objectives challenging

Critica& Risks +igh Risks oderate Risks Low Risks

'%,)'/'C")'O O/ CR')'C"L R'$0$ ,-tre!e .atastrophic events governance

'P "C)

+igh

.hanges in laws and regulations industry strategic focus

ediu!

concentration

Low

/ealth and safety Permits

Availability Economics Business .ontinuity 0eputation8 technology8 competition8 customer satisfaction8 cash management

 a1ation8 .ommodity Pricing

Privacy

Foreign currency8 supply chain

eg&igib &e Re!ote 2341346

Un&ike&# 21347546

Possib&e 2754 5346

Probab&

Certain 2834

OB9,C)'.,$ "% CR')'C"L R'$0 ")R' ission! Jain the necessary knowledge and skills to be successful in an entry level internal audit position

OB  9, C) '. ,$

CR')'C"L R'$0  CR1 Beco!es i&&

CR7 /orgets dead&ine

CR; overs&eep

"# Attend all class





$# Be on time for each class





'# %o assigned reading prior to the class (# .omplete all assignments



CR< %oes not have course !ateria&s

CR5 %oes not have ti!e to co!p&ete a&& work 

CR= Unab&e to understa nd !ateria&

CR> ,-perienc e socia& distractio n





















R'$0 B? PROC,$$ ")R' 0 @ 0e# $ $econdar#

Risk 1

Risk 7

Process 1 Process 7

0

Risk 5

AA

0

0

$

Risk !   0

$

Process <

$ $

Process A Process n

Risk <

0

Process ; Process 5

Risk ;

0  

0

$

$

$

$

0

$

 

 

R'$0 /"C)OR "PPRO"C+ 0isk Factor

%escription

&ore 2"-'3

L :eight

'),R"L /"C)OR$ 1 "ssets at Risk 

1 M less than G+# 7 M from G+# - G+ million ; M Jreater than G+ million

"

7 .isibi&it#

1 M 4perating unit N direct customer 7 M %ivisional N limited set of customers ; M 4rgani6ational N national press

"

; Co!p&e-it#

1- simple8 routine assignments 7 M re