The operational audit function can be considered an extension of internal audit, where auditors focus on issues that may not have a direct impact on financial reporting such as compliance with company operating policies and procedures or safety, labor or health regulations. The various operational audit programs within an organization establish performance objectives, determine criteria and assessment methods, and then repeatedly measure the controls against objectives.

Often times, specific responsibility for the controls that are put in place to manage those diverse risks fall under the domain of a functional area rather than internal audit, leading to a decentralized approach. As each department pursues its own set of goals in managing risk and measuring compliance, walls are often erected unintentionally. These artificial information barriers impede the organization and hinder performance.  The challenge is particularly acute for those organizations with multiple locations spread over a large geography.

Break Down Barriers: A New Way of Thinking
For best-in-class organizations, the entire operational audit process is seen as a collaborative effort designed not just to ensure compliance to one of a myriad of mandates, government regulations or internal processes but to further enhance and improve operations and the bottom line.

The shift from a compliance-driven functional responsibility to a collaborative intra-organizational business function starts at the top. Senior management sets the overall tone for the operational audit program. The scope and structure of the assessment, risk scoring models, training strategies and action planning must all work in unison to reinforce the culture of the organization through a consultative approach. 

An integrated approach to managing operational risk can be achieved through three critical components:

1. Common control framework – This represents the methodology for measuring compliance and business performance across the enterprise. Determining questions and scoring models in collaboration with other business units and functional areas is one way to introduce consistency to the framework. 
2. Control measurement teams – A key driver within an integrated approach is that the control measurement teams, or auditors, shift to play a coaching role within the individual locations. The average audit time allocated increases to reflect the coaching mentality, auditors are recruited from store operations so their know-how transcends both financial and internal controls and the training curriculum is weighted more heavily towards business and scenario analysis, as opposed to simply uncovering violations or citing errors in internal controls.
3. Shared information system –The hallmark of the integrated approach is that a shared information system provides one platform for automating the measurement of internal controls across all business processes. It removes geographical and organizational obstacles facilitating comparison of specific metrics, opening up the opportunity for collaboration for issues affecting multiple locations, divisions or departments, and providing a complete perspective on operational performance.

A Retailer’s Approach: Intra-Organizational Collaboration
Corporations that want to maintain visibility and control of operating standards at each of their locations have traditionally relied on detailed audit templates to keep their houses in order. Since 2004, a large North American department store has utilized the Compas Mobile Audit Software (Compas) platform to make the process friendly, uniform and more efficient.

Originally, this department store retailer wanted to reduce the amount of administrative time required by the loss prevention function’s partially automated operational assessment. The company chose to migrate to the Compas platform to improve the efficiency and effectiveness of their assessment process, including independent store visits and store manager self-assessments.

With the success of the loss prevention implementation, the company moved to address key operational disciplines, which are required to be maintained on a day-to-day basis. To that end, they automated an audit, which validated the quality of execution at the store level in terms of presentation, selling, shipping and receiving to ensure that the operations of the stores were consistent with the standards they expected. After expanding into the store operations network, a senior management member reported that, “in six months, we have seen a 22 percent improvement in operational compliance.” The organization also saw marked improvement in key selling measures and in action plan execution by keeping audit teams accountable. At present, the organization is managing over 6,000 users and over 50 unique assessment types, leveraging a shared information system that allows for unlimited users and audits – and they are reaping the benefits.

Powered by Technology
Technology is the enabler of this change. Auditors and management need technology to examine performance data. Being able to compare an individual site’s performance with other sites, regions and the corporation as a whole provides a context that informs the entire audit process.

The traditional audit collection method has been a clipboard and paper-based process. The transfer of this hand-collected data into a database may result in a substantial lag time between the audit and findings that slow down the process, and results in a missed opportunity to implement timely corrective action. Utilizing electronic data collection speeds up the process, and enables the auditor to quickly review results with store managers and key stakeholders.

There are several ways technology can help in compiling data from store audits and supporting a more consultative approach: 

1. Using a smartphone, Blackberry device, laptop, Tablet PC, or simply a web browser, the auditor can enter data into the data collection system quickly and get results in real time. Handheld technology offers mobility and flexibility for conducting audits and providing real time instruction onsite. 
2. Laptops are best for semi-stationary audits that require significant data entry and analysis. They also equip auditors with the ability to access more in-depth information during the consultation – from additional files and records, training materials and other information resources.
3. Web entry is ideal for self-assessments, enabling store managers to continuously monitor their performance compared to the rest of the organization – a critical element in driving continuous improvement.

In the end, technology allows operational auditors to focus on balancing business improvement opportunities with the necessary controls, independent of any specific functional area, while adding value and at the same time reducing costs and risk. It is the integrated approach to managing operational risk.

Exclusive Free 30-Day Trial Offer for KL Members!
Automate your operational audit process with a free 30-day trial of Protiviti's Compas software
This mobile audit software application automates the operational audit function and helps decentralized, multi-location organizations collect assessment data and create instantaneous, web-based, enterprise-wide reports to identify breakdowns in internal controls. Click on the link above to find out more about Compas Mobile Audit Software, or email Stephen Rahal at stephen.rahal@protiviti.com to begin your 30-day trial today.