Gap Analysis, Implementation and Audit in an Organization - Essay Example

Name: Course: Tutor: Date: Gap Analysis, Implementation and Audit in an Organization Introduction Gap analysis involves a logical follow-up to an assessment of a threat (Newman 250). This involves making an assurance that all problems have been identified, and whether suggested solutions as well as countermeasures have been identified or not. Conducting regular reviews of day-to-day practices in an organization and comparing them with threat assessment documentation can help reveal gaps in the normal operations of an organization and thus identification of the measures that need to be implemented to deal with the situation. Closely related to this is the term auditing, which refers to the independent examination of financial information of any organization, be it profit oriented or not, and regardless of its size or legal form, when such assessment is carried out with an objective to express an opinion about the organization (Kumar and Sharma 3). In view of the information above, this paper discusses the procedures involved in a pre-assessment audit, identifies the steps involved in an internal audit, and discusses the benefit that accrue to an organization when it conducts an internal audit. Procedures involved in a Pre-Assessment Audit Before an organization undergoes a full certification audit, it is recommended that the organization conduct a pre-assessment audit. The purpose of conducting the pre-assessment audit is to ensure that the organization is ready to proceed with the full certification audit (NIOSH Certification). On the day of doing the pre-assessment, the certification body will come to the organization and conduct a detailed review of compliance with each element of the required standards (NIOSH Certification). The pre-assessment audit process involves some pre-audit planning and an agenda, an opening meeting, a site tour, a document review process, conducting of employee interviews, a closing meeting and production of non-conformity reports (Woodside and Aurrichio 134). The analytical procedures involved during the pre-audit phase usually focus on (i) enhancing an understanding of the entity’s business as well as the transactions and events that have occurred since the last audit date and (ii) identifying areas that may pose specific risks to the audit process. In particular, the preliminary analytical procedures help to identify unusual transactions or events; significant audit areas that require special audit consideration; and unusual or unexpected relationships involving revenue or other accounts that may highlight a material misstatement due to fraud (Puncel 5-4). Any non-conformities or observations are provided to the organization in writing in the pre-assessment audit report. As the pre-assessment audit is not formally part of the audit process, the organization is not required to make any corrective and preventive steps to counter the nonconformances identified. However, most organizations will of course want to correct any nonconformance that is found (Woodside and Aurrichio 134). Steps involved in an Internal Audit The internal audit process should address at least the following issues: Define the purpose of the overall internal audit program Make a schedule of the audits to be conducted Disseminate an annual plan of what to audit Select auditors and address restrictions on who can audit what Identify responsibilities for planning and conducting audits and reporting results Ensure that corrective actions and follow-up methods are well defined (Arter, Cianfrani and West 53). The following steps are involved in an internal audit process according to Puncel, p. 1-23. (i) Engagement letter Prior to starting an audit, the auditor or controller treasurer of tax collector will send a letter of engagement to the department director. The purpose of the engagement letter is to create an understanding between the two parties with regard to the engagement. The letter specifies the terms and conditions of the engagement, highlights the scope of work, and states the responsibilities of the client. (ii) Entrance conference At the start of the audit, the auditor will set a meeting with the department. Department management is asked to participate in this entrance meeting to discuss the scope as well as purpose of the audit, and the steps involved. They are required to assign a contact person who may serve as a go-between in helping the auditor to obtain information, and documentation, and to whom the auditor should communicate the findings of the audit process. (iii) Planning and preliminary review During the planning stage of the engagement, the auditor reviews the aspects of the department, program, grant, system or fund being audited. The review may encompass an assessment of the internal control structure, and a financial and operational analysis to evaluate audit and risk and thus determine the appropriate audit procedures to be performed. The review may also include an assessment of organizational charts, policies and procedures, state statutes, management directives, agreements, and any other kind of information or documentation that may be helpful to the auditor in the process of obtaining a good understanding of the organization or department being audited. This stage may also involve obtaining information from the organization through enquiries or interviews of personnel in the organization. (iv) Field work During this stage of an audit, the audit team inspects, analyses and tests transactions to reasonable assurance that the purpose of the audit is attained. Depending on the prevailing circumstances, the information and documentation obtained from the department may be verified by a third party. Any potential findings or significant issues during this stage will typically be conveyed to the department’s liaison to ensure proper communication and forestall surprises when the draft audit report is produced. (v) Draft report and exist conference The audit report includes the auditor’s summary with reference to the audit. It may also contain a management letter that describes the audit findings as well as recommendations. The auditor then schedules a meeting with management to deliberate on the draft report, including its findings and recommendations. At the same time, management may produce additional evidence or new information that may alter a given finding or cause an adjustment to the report. Management is required to prepare written responses to each of the findings, which are included in the final management letter. (vi) Final report and presentation of the report to audit committee Once approved, the final report is presented to the audit committee. During presentation, management has the opportunity to respond to the questions asked by the audit committee regarding the audit findings presented in the final report. Benefits of Internal Audit There are many benefits of conducting an internal audit. First is that in line with gap analysis, internal audit can help to identify risks that may lead to the failure of an organization to achieve its performance and profitability targets. Along the same line, internal audits also help to prevent loss of assets and resources by ensuring reliable financial reporting as well as complying with laws and regulations (Lehman Brown International Accountants). Internal audit also defines the policies and procedures of an organization and ensures that the same are complied with in the day-to-day functioning of the enterprise. It thus draws the management’s attention to inconsistencies, if any, in the defined procedures and polices. In addition, the process helps in planning business activities, defining the procedures so that they are oriented towards the objectives of the organization, and helping the overall control of the business (Sharma 51). As there is continuous checking as a result of internal audit, the prospect of any error or fraud in the books of accounts of an organization is greatly minimized. This is because those involved are aware that they will be held liable for their actions. Further, internal audit helps to control capital erosion because the internal audit department of an organization keeps a constant watch on the factors that lead to capital erosion (Sharma 51). Another benefit is that internal audit makes internal control of an organization easier and more effective. Moreover, it offers the necessary and useful information to standardize the functions of the organization’s employees by implementing such functions and making suggestions periodically so that the performance of employees is improved (Sharma 51). Conclusion In conclusion, gaps analysis is important to an organization as it helps the organization to identify the potential threats facing it as well as areas of operation that require change. From this, the organization can identify the measures it should implement to ensure success. Identifying risks and evaluating the performance of an organization can be done through an internal audit process. An internal audit should be preceded by a pre-assessment audit to prepare the organization for the actual audit process. The objective of conducting the pre-assessment audit is to make certain that the organization is ready to proceed with the full certification audit. The audit process involves a number of stages from planning to conducting the review to drafting the audit report and presentation. From this, the organization can check for areas of nonconformance and decide the necessary corrective measures. The paper has also discussed the benefits of internal audit, key of which include the ability to identify risks and hence define counter-measures to deal with the risks. Internal audit also increases accountability within the organization because it leads to setting of operating standards that the organization has to comply with. Essentially, this reduces cases of fraud as everyone in the organization becomes aware that they are liable for their actions as regards their role in the organization. Works Cited Arter, Dennis R., Charles A. Cianfrani and Jack West. How to Audit the Process-Based QMS. New York: ASQ Quality Press, 2003. Kumar, Ravinder and Virender Sharma. Auditing: Principles and Practice. New York: PHI Learning Pvt. Ltd., 2005. Lehman Brown International Accountants. “The Objectives and Benefits of an Internal Audit” [13 March, 2009 Issues 5]. 4 June 2011. Newman, Robert C. Computer Security: Protecting Digital Resources. New York: Jones & Bartlett Learning, 2009. NIOSH Certification. “Pre-assessment audit” 2011. 4 June 2011. http://www.ncsb.com.my/?page_id=215 Puncel, Luis. Audit Procedures 2008. New York: CCH, 2007. Sharma, Ashok, Auditing, New Delhi: FK Publications (not dated). Woodside, Gayle and Patrick Aurrichio. ISO 14001 Auditing Manual. New York: McGraw-Hill Professional, 2000. Read More