This document discusses auditing and process monitoring. It begins by defining an audit as a formal, systematic examination to evaluate processes and controls against established standards. The key steps to implementing continuous auditing are established as identifying rules and parameters to routinely monitor processes. Process monitoring is described as an ongoing assessment of activities to ensure processes work as intended, looking at what is done rather than overall achievements. The document provides details on different types of auditing, attributes of audit findings, and characteristics of audits and monitoring.
Ten Organizational Design Models to align structure and operations to busines...
Continuous Process Monitoring and Auditing Guide
1. P R E PA R E D B Y:
S A D H A N A S I N G H
M . T E C H ( S . E . )
PROCESS MONITORING AND
AUDIT
2. CONTENTS
INTRODUCTION ABOUT AUDIT
ATTRIBUTES OF AN AUDIT FINDING
REASONS FOR AUDIT
CHARACTERISTICS OF AUDIT
KEY STEPS TO IMPLEMENTING CONTINUOUS
AUDITING
AUDIT PROCESS
TYPES OF AUDITING
INTRODUCTION ABOUT MONITORING
CHARACTERISTICS OF MONITORING
RESEARCH PAPER
2
Process Monitoring and Audit
3. INTRODUCTION ABOUT AUDIT
Provides the means to understand performance versus established
standards and identify areas for continued improvement.
Is a formal, systematic and disciplined approach designed to
evaluate and improve the effectiveness of processes and related
controls.
Is governed by professional standards, completed by individuals
independent of the process being audited, and normally
performed by individuals with one of several acknowledged
certifications.
3
Process Monitoring and Audit
4. ATTRIBUTES OF AN AUDIT FINDING
CRITERIA: What should be
CONDITION: What is
CAUSE: Why the condition happened
EFFECT: The difference and significance between what is and
what should be
RECOMMENDATION: Actions needed to correct the cause
4
Process Monitoring and Audit
5. REASONS FOR AUDIT
Verify processes
Assess successful process implementation
Judge effectiveness of target levels
Reduce and eliminate problem areas
Report non-conformance and corrections
Report good practices
Continual improvement
5
Process Monitoring and Audit
6. CHARACTERISTICS OF AUDIT
Formal review governed by professional standards
Completed by professionals independent of the operation
Formal, systematic and structured approach
Involves planning, sampling, testing, and validating
Formal communication with recommendations and corrective
action measures
Documented follow-up of corrective actions
Audit accountability is typically to the Chief Audit Executive and
the Audit Committee
Involves routine, formal communication to the Board and
Management
6
Process Monitoring and Audit
7. KEY STEPS TO IMPLEMENTING CONTINUOUS
AUDITING
Establishing priority areas.
Identifying monitoring and continuous audit rules.
Determining the process' frequency.
Configuring continuous audit parameters.
Following up.
Communicating results.
7
Process Monitoring and Audit
9. AUDIT PROCESS
Three elements:
Preaudit activities, those done in planning and preparing for the
audit.
Onsite audit activities by the audit team, from gathering for and
beginning the audit to reporting to management the results of the
audit.
Postaudit activities, which include documenting the audit in an
appropriate report format and then developing and executing a
corrective action plan to address the improvement opportunities
identified by the audit team.
9
Process Monitoring and Audit
10. TYPES OF AUDITING
INTERNAL AUDIT
Performed by trained employee
EXTERNAL AUDIT
Independent audit organization
Certification
10
Process Monitoring and Audit
11. INTRODUCTION ABOUT MONITORING
Is an on-going process usually directed by management to ensure
processes are working as intended.
Is an effective detective control within a process.
Is the routine, daily assessment of ongoing activities and
progress, while evaluation is the periodic assessment of
overall achievements.
Looks at what is being done, whereas evaluation examines
what has been achieved or what impact has been made.
11
Process Monitoring and Audit
12. CHARACTERISTICS OF MONITORING
Often less structured than auditing, though audit techniques may be
employed
Usually completed by operations or compliance personnel
Involves on-going checking and measuring
Can be periodic spot checks, daily/weekly/monthly tests
May identify the need for an audit
Accountability for monitoring is typically to operations leadership
Typically completed by department staff and communicated to
department management
If completed in relation to a compliance work plan, formal
communication to Chief Compliance Officer and Compliance
Committee
May involve internal audit or compliance
12
Process Monitoring and Audit
13. RESEARCH PAPER
SLO Auditing Task Analysis, Decomposition, and
Specification
-Hasan and Burkhard Stiller
13
Process Monitoring and Audit
15. INTRODUCTION
Is a widely applied concept for investigating the adequacy of a
system against a set of requirements.
Traditional areas of auditing comprise financial
auditing, compliance auditing with respect to governmental laws
and regulations, and quality audits.
For Internet services two auditing areas are important: security
and Service Level Management (SLM).
SLM deals with service levels as specified in an agreement
between a customer and a service provider, termed Service Level
Agreement (SLA).
15
Process Monitoring and Audit
16. AUDIT TASK
An audit is defined generally as a "systematic and independent
examination of facts on system activities to determine the degree
of compliance with a pre-defined set of specifications".
The pre-defined set of specifications is called a compliance
specification. Based on this compliance specification an audit is
applied to a set of related facts on a specific matter of interest.
The resulting degree of compliance constitutes the main part of
an audit report. An audit report can be seen as a "derived"
fact, which may or may not be used in the next audit depending
on the compliance specification.
16
Process Monitoring and Audit
17. COMPLIANCE SPECIFICATION: defines major
requirements for a particular subject matter of interest to be
audited.
An SLO is an example of a compliance specification.
Suppose is a QoS parameter to be audited and there are
properties 1 , 2 , ..., , which are needed to describe
, then, mathematically, a compliance condition for describes a
function , which transforms the values of the properties to a
number C representing the degree of compliance. This function is
called compliance function, where the properties are variables of
this function.
= ( 1 , 2 , ..., )
17
Process Monitoring and Audit
18. FACTS AND AUDIT REPORT: A fact is a piece of information
presented as having an objective reality, whereas an audit report
stores information that characterizes examined list of facts and
describes the outcome of the compliance examination.
A fact and an audit report is expressed using a list of Name-Value-
Pairs, so that a generic auditing system can correctly interpret
the values.
18
Process Monitoring and Audit
19. AUDIT FUNCTION: An audit can be seen mathematically as a
function with a compliance specification, facts, and previous
audit reports as its input parameters and new audit reports as its
results.
The function 0 is termed audit function and contains the
audit algorithm to perform an audit task.
= ( , , )
19
Process Monitoring and Audit
22. Facts filtering: In order to audit a specific QoS parameter, only its
related facts are required. The task to obtain these related facts is
called filtering.
Facts grouping: For each QoS parameter, auditing is applied to
each complete fact-list, e.g., facts associated to a PoP and a
stream type in a particular time interval are audited separately
from facts associated to other PoP, other stream types, or other
time intervals. The task to sort a list of related facts to obtain a
complete fact-list for each setting and time interval is called
grouping.
Property values calculation: This subtask determines the value of
each property of the QoS parameter from each complete fact-list.
22
Process Monitoring and Audit
23. Compliance calculation: For each complete fact-list, this subtask
calculates from the property values the degree of compliance
according to the compliance condition of the compliance
specification.
Report’s attributes calculation: If an audit report is to be
generated, this subtask determines the name and the value of each
attribute of the audit report. Some systems may want to generate
an audit report only if there is a violation to the compliance
specification. The inputs of this subtask may come from any
output of the previous subtasks: facts grouping, property values
calculation, and compliance calculation.
Report generation: This subtask generates a complete audit report
from report attributes.
23
Process Monitoring and Audit
24. AUDIT SPECIFICATION
Facts Filtering Function Specification (FFSpec): a specification
of a filter function to obtain a certain fact base from NewFacts.
Facts Grouping Function Specification (GFSpec): a specification
of a grouping function to obtain complete factlists from a fact
base.
Property Function Specification (PFSpec): a specification of a
property function.
Compliance Function Specification (CFSpec): a specification of
a compliance function.
Report’s Attribute Function Specification (AFSpec): a
specification of a function which returns a report’s attribute
value.
24
Process Monitoring and Audit
25. : Compliance Calculation Specification (CCSpec) for
Q, i.e., a specification to calculate the degree of compliance for
Q by defining which FFSpec, GFSpec, PFSpecs, and CFSpec to
be used.
: Report Composition Specification (RCSpec) for
Q, i.e., a specification that defines a list of attribute names which
compose an audit report, and assigns to each attribute a
specification which is used to generate the attribute values.
25
Process Monitoring and Audit
26. CONCLUSION
Auditing tasks is the determination of compliance of facts with
pre-defined specifications.
Auditing is the review of an organization’s quality system in
order to achieve quality throughout the process.
Audits are the most effective when performed by qualified
professionals who work together and are focussed on clear
objectives.
26
Process Monitoring and Audit