Spare part Inventory Audit

July 17th, 2011

Is your organization struggling with significant spare part inventory build-up?

When IA performs a spare part inventory audit it should go beyond verifying the accuracy and completeness of inventory, authorization of transactions etc.

A spare part inventory audit should also evaluate the following:
1, Are critical spare parts, which could cause operational interruptions and production downtime, specifically identified?
2, Are spare parts, coming from overseas with significant lead time, properly identified and their inventory level closely monitored?
3, Are EOCs (Economic Order Quantity) and automatic reorder points, well established and managed?
4, Is there a inventory level optimization among nearby plants with same or similar machine park?
5, Are spare parts related to impaired assets specifically identified and accounted for?
6, Are spare part inventory movements properly authorised and recorded?

These are some of the additional key questions that can uncover significant flaws and deficiencies in the spare part inventory management process.

Combining Internal Audit Observations

June 12th, 2011

Do you combine internal audit observations within your report?

We tend to combine internal audit observations, if they occurred within the same process like: procurement for example, and if they can be logically linked.
The advantages of combining audit observations are the following:
  • it makes the report shorter, more focused and gives more weight to the individual observations
  • it can present the specific risk exposures and potential impacts in a more concise and structured way
  • it can help to combine action plans together that can mitigate multiple risks with the same process
At times, certain audit observations stand alone are not significant but combined with other related observations/exposures within the same process, they represent a real risk with potentially significant impact.

Narrowing of audit scope during fieldwork

May 7th, 2011
  • How do you and your audit team go about narrowing the audit scope during fieldwork?

Let me introduce you an approach that worked well in the past.  Let say the initial scope of the internal audit project was to cover purchasing (procurement), receiving and the AP processe at a site.

As an initial step, we had a generic list of specific risks in each of the above mentioned three processes.  By initiating a detailed review of generic risks with the process owners, we could perform a risk assessment of each specific exposure.  By evaluating probability and impact of each specific risk, we could narrow down our audit scope to the key risk exposures in each process.

As an example, there were cases where the generic risk was not applicable at the specific site or the frequency and materiality of the transactions in the past 2 years did not support the need for detailed testing.  In my view, proper focusing on key site specific risk exposures within the pre-defined audit scope is critical to the success and value added of internal audits.

Risks of outsourced IT Services

April 13th, 2011

How concerned should IA be over outsourced IT services at organizations?

IA should definitely perform an initial review of the SLA (Service Level Agreement) established between the organization and the third-party IT service provider. 

As a bare minimum, IA should validate the following:

1, Does the content of the SLA follows certain established IT industry standards and practices?

2, What rights and responsibilities are given to the organization who engaged the third-party service provider?

3, Does the organization has the right to audit the internal controls and data security at the third-party IT service provider? If not, can the organization request an independent audit of the provider and how frequently this audit can take place?

4, If audit recommendations are made, how the organization can ensure that they will be implemented and enforced at the third-party?

5, In case of breach of data security at the service provider, what liabilities and potential punitive damages can the organization claim?

If the above mentioned high-level review of the SLA does raise certain concerns, IA should evaluate the need for a detailed audit of SLAs to highlight the risks associated these arrangements.

Change & Risks Go Hand in Hand

March 28th, 2011

Which factor should be an indispensable part of the annual audit risk assessment?

That factor is organizational Change

IA, as part of its annual risk assessment, should measure and evaluate:

1. To what extent the changes that occurred in the Business Groups, Business Units or Business Processes (operational, IT etc.) during the year will impact the risk profile of the organization? 

2. What are the changes that have not been completed but are currently taking place within the company? 

Examples of significant organizational changes
An entity transfers its transaction processing to Shared Service Centers for optimization and cost saving purposes 
Reorganization of logistical operations into fewer more concentrated hubs 
• Introduction of sole source supplier arrangements 
• Implementation of a new ERP system etc. 

All of the changes listed above bring along new risks and internal audit challenges that should be carefully analyzed and factored into the annual audit plan.

Delayed post acquisition restructuring is Costly

March 12th, 2011

Getting stuck with expensive labor force sounds scary for you?

That is exactly what tends to happen, if the acquirer does not have a detailed restructuring plan to roll out right after the transaction closes.

If the acquirer does not exploit swiftly the organizational synergies the following tends to happen:

1, Employees of the acquired company, who were either underpaid or have better career options elsewhere, tend to quit first.

2, Cautious employees, who do not want to conduct a job search following a lay-off, tend to earch while they are still employed and also jump ship.

3, Risk averse, expensive, overpaid and/or less marketable labor force tend to stick around for severance or for the possibility of survival.

If the three points listed above occur, the acquirer will end up with a smaller but more expensive labor force (per FTE ), which will be indispensable to ensure continuity of operations.

The Cost of Empire Building (Part Two)

March 6th, 2011

In part one of my Blog, I have pointed out potential Empire building motivational factors for management and senior executives.

Now, I would like to pinpoint the top down and bottom up indicators that could help IA to detect Empire building tendencies within certain departments. 

Top down (high-level) empire building indicators:
1, Major deviations from competitors

  • IA could benchmark the department sizes and hiring tendencies to those of direct competitors and highlight departments with significant deviations.

2, Department growth contrary to the overall organizational trend

  • IA could look for departments that are actively hiring in spite of lackluster top line growth and without changes in regulatory requirements that would directly impact the department.

Bottom up (low-level) empire building indicators:
1, Dept. Head and Staff is constantly “looking” for work

  • Empire building at departmental level proliferates in departments with excessive staff levels where both the department head and staff are looking to find work. So, these departments simply replicate a subset of other departments’ activities or try to imitate some kind of review function of other departments’ work.

The Cost of Empire Building (Part One)

February 21st, 2011

Empires were not built overnight but boy they were costly.

Potential cost savings could be achieved by identifying individuals with empire building tendencies within organizations.   First, IA would want to detect the motivational factors behind empire building and its warning signs.

Why certain managers or directors want to grow their department in all economic climates?

They are seeking one or more of the following:

–        Power

–        Higher Budgets

–        Excessive concentration of resources i.e. capital, human etc.

Ultimately, all of the above will lead to higher managerial compensation as their “side effect”.

Thus, by detecting unnecessary and excessive expansion of departments, IA could identify savings as of today and avoid the costly future liabilities in the form of severance payments.

My next blog will address how IA could specifically pinpoint the potential empire builders within organizations.

Faking is costly, don’t you think?

January 29th, 2011

What do I mean by a “fake activity”?

An activity or part of an activity that does not add value to the organization, it actually results in wasting of corporate resources.

A typical “fake activity” is a half complete no value added process or an outsourced activity that defers accountability.

Let me give you two HR based examples:

1, Half complete no value added process
As we know, HR regularly performs exit interviews to understand the reasons for the employee’s departure, his or her opinion about the supervisor, the company in general etc.

If HR collects this data but does not analyse and present it to senior management it defeats its whole purpose.  In this case, performing an exit interview becomes a “fake activity” and does not add value to the organization.

2, Wasteful outsourcing to defer accountability
In another scenario, HR is involved to evaluate a potential internal candidate, working for the company for many years, for an expatriate assignment.  HR decides to conduct its regular evaluation interview for the assignment but does not want to be accountable, if something goes wrong.  HR defers accountability by using an outside recruiter to also evaluate the candidate for the post.

Thus, the internal interview was only a “fake activity” and resulted in wasteful outsourcing and an unnecessary cost to the company.

Value added Internal Audits – Cost Savings by detection of wasteful outsourcing

January 20th, 2011

Traditionally, the objective of outsourcing is to:

1, Acquire specialized expertise by using SMEs (subject matter experts)

2, Boost productivity by using competitively priced overseas resources

3, Ramp up capacity due to sudden increase in demand

4, Fill in temporary resource gaps due to sudden departures, maternity leave etc.

One of the way, IA could perform value added operational audits is by looking at the unnecessary/wasteful outsourcing.

What do I mean by this?

If we look at job descriptions, they typically include a list of tasks as part of someone’s roles and responsibilities.

Let say the list of tasks as part of someone’s  job is 10.  If that individual outsources, let say 3 tasks and only perform the rest (7 tasks), he or she has outsourced part of his/her own work while wasted company resources.

By mapping tasks defined in individuals’ job descriptions to the tasks contracted out, IA could detect potentially wasteful outsourcing and identify cost saving opportunities.