Process monitoring and_audit_sadhana

P R E PA R E D B Y:

S A D H A N A S I N G H

M . T E C H ( S . E . )

PROCESS MONITORING AND AUDIT

Process Monitoring and Audit

2

CONTENTS

INTRODUCTION ABOUT AUDITATTRIBUTES OF AN AUDIT FINDINGREASONS FOR AUDITCHARACTERISTICS OF AUDITKEY STEPS TO IMPLEMENTING CONTINUOUS AUDITINGAUDIT PROCESSTYPES OF AUDITINGINTRODUCTION ABOUT MONITORINGCHARACTERISTICS OF MONITORINGRESEARCH PAPER


3

INTRODUCTION ABOUT AUDIT

Provides the means to understand performance versus established standards and identify areas for continued improvement.

Is a formal, systematic and disciplined approach designed to evaluate and improve the effectiveness of processes and related controls.

Is governed by professional standards, completed by individuals independent of the process being audited, and normally performed by individuals with one of several acknowledged certifications.


4

ATTRIBUTES OF AN AUDIT FINDING

CRITERIA: What should be

CONDITION: What is

CAUSE: Why the condition happened

EFFECT: The difference and significance between what is and what should be

RECOMMENDATION: Actions needed to correct the cause


5

REASONS FOR AUDIT

Verify processesAssess successful process implementationJudge effectiveness of target levelsReduce and eliminate problem areasReport non-conformance and correctionsReport good practicesContinual improvement


6

CHARACTERISTICS OF AUDIT

Formal review governed by professional standardsCompleted by professionals independent of the operationFormal, systematic and structured approachInvolves planning, sampling, testing, and validatingFormal communication with recommendations and corrective

action measuresDocumented follow-up of corrective actionsAudit accountability is typically to the Chief Audit Executive and

the Audit CommitteeInvolves routine, formal communication to the Board and

Management


7

KEY STEPS TO IMPLEMENTING CONTINUOUS AUDITING

Establishing priority areas.

Identifying monitoring and continuous audit rules.

Determining the process' frequency.

Configuring continuous audit parameters.

Following up.

Communicating results.


8


9

AUDIT PROCESS

Three elements:Preaudit activities, those done in planning and preparing for the

audit.Onsite audit activities by the audit team, from gathering for and

beginning the audit to reporting to management the results of the audit.

Postaudit activities, which include documenting the audit in an appropriate report format and then developing and executing a corrective action plan to address the improvement opportunities identified by the audit team.


10

TYPES OF AUDITING

INTERNAL AUDIT Performed by trained employee

EXTERNAL AUDITIndependent audit organization

Certification


11

INTRODUCTION ABOUT MONITORING

Is an on-going process usually directed by management to ensure processes are working as intended.

Is an effective detective control within a process.Is the routine, daily assessment of ongoing

activities and progress, while evaluation is the periodic assessment of overall achievements.

Looks at what is being done, whereas evaluation examines what has been achieved or what impact has been made.


12

CHARACTERISTICS OF MONITORING

Often less structured than auditing, though audit techniques may be employed

Usually completed by operations or compliance personnel Involves on-going checking and measuringCan be periodic spot checks, daily/weekly/monthly testsMay identify the need for an auditAccountability for monitoring is typically to operations leadershipTypically completed by department staff and communicated to

department management If completed in relation to a compliance work plan, formal

communication to Chief Compliance Officer and Compliance CommitteeMay involve internal audit or compliance


13

RESEARCH PAPER

SLO Auditing Task Analysis, Decomposition, and Specification

-Hasan and Burkhard Stiller


14

CONTENT

INTRODUCTIONAUDIT TASKAUDIT TASK DECOMPOSITIONAUDIT SPECIFICATION


15

INTRODUCTION

Is a widely applied concept for investigating the adequacy of a system against a set of requirements.

Traditional areas of auditing comprise financial auditing, compliance auditing with respect to governmental laws and regulations, and quality audits.

For Internet services two auditing areas are important: security and Service Level Management (SLM).

SLM deals with service levels as specified in an agreement between a customer and a service provider, termed Service Level Agreement (SLA).


16

AUDIT TASK

An audit is defined generally as a "systematic and independent examination of facts on system activities to determine the degree of compliance with a pre-defined set of specifications".

The pre-defined set of specifications is called a compliance specification. Based on this compliance specification an audit is applied to a set of related facts on a specific matter of interest.

The resulting degree of compliance constitutes the main part of an audit report. An audit report can be seen as a "derived" fact, which may or may not be used in the next audit depending on the compliance specification.


17

COMPLIANCE SPECIFICATION: defines major requirements for a particular subject matter of interest to be audited.

An SLO is an example of a compliance specification.Suppose is a QoS parameter to be audited and there are 𝑄𝑚properties 1 , 2 , ..., , which are needed to 𝑃 𝑄 𝑃 𝑄 𝑃𝑚𝑄describe , 𝑄 then, mathematically, a compliance condition for 𝑄describes a function , which transforms the values of the 𝑐𝑝𝑄properties to a number C representing the degree of compliance. This function is called compliance function, where the properties are variables of this function.

𝐶 = ( 1 , 2 , ..., )𝑐𝑝𝑄 𝑃 𝑄 𝑃 𝑄 𝑃𝑚𝑄


18

FACTS AND AUDIT REPORT: A fact is a piece of information presented as having an objective reality, whereas an audit report stores information that characterizes examined list of facts and describes the outcome of the compliance examination.

A fact and an audit report is expressed using a list of Name-Value-Pairs, so that a generic auditing system can correctly interpret the values.


19

AUDIT FUNCTION: An audit can be seen mathematically as a function with a compliance specification, facts, and previous audit reports as its input parameters and new audit reports as its results.

The function 0 is termed audit function and contains the 𝑎𝑢𝑑𝑖𝑡audit algorithm to perform an audit task.

𝑁𝑒𝑤𝑅𝑒𝑝𝑜𝑟𝑡𝑠 = ( , , 𝑎𝑢𝑑𝑖𝑡𝑔 𝐶𝑜𝑚𝑝𝑙𝑆𝑝𝑒𝑐 𝑁𝑒𝑤𝐹𝑎𝑐𝑡𝑠)𝑃𝑟𝑒𝑣𝑅𝑒𝑝𝑜𝑟𝑡𝑠


20


21

AUDIT TASK DECOMPOSITION


22

Facts filtering: In order to audit a specific QoS parameter, only its related facts are required. The task to obtain these related facts is called filtering.

Facts grouping: For each QoS parameter, auditing is applied to each complete fact-list, e.g., facts associated to a PoP and a stream type in a particular time interval are audited separately from facts associated to other PoP, other stream types, or other time intervals. The task to sort a list of related facts to obtain a complete fact-list for each setting and time interval is called grouping.

Property values calculation: This subtask determines the value of each property of the QoS parameter from each complete fact-list.


23

Compliance calculation: For each complete fact-list, this subtask calculates from the property values the degree of compliance according to the compliance condition of the compliance specification.

Report’s attributes calculation: If an audit report is to be generated, this subtask determines the name and the value of each attribute of the audit report. Some systems may want to generate an audit report only if there is a violation to the compliance specification. The inputs of this subtask may come from any output of the previous subtasks: facts grouping, property values calculation, and compliance calculation.

Report generation: This subtask generates a complete audit report from report attributes.


24

AUDIT SPECIFICATION

Facts Filtering Function Specification (FFSpec): a specification of a filter function to obtain a certain fact base from NewFacts.

Facts Grouping Function Specification (GFSpec): a specification of a grouping function to obtain complete factlists from a fact base.

Property Function Specification (PFSpec): a specification of a property function.

Compliance Function Specification (CFSpec): a specification of a compliance function.

Report’s Attribute Function Specification (AFSpec): a specification of a function which returns a report’s attribute value.


25

𝐶𝐶𝑆𝑝𝑒𝑐𝑄: Compliance Calculation Specification (CCSpec) for Q, i.e., a specification to calculate the degree of compliance for Q by defining which FFSpec, GFSpec, PFSpecs, and CFSpec to be used.

𝑅𝐶𝑆𝑝𝑒𝑐𝑄: Report Composition Specification (RCSpec) for Q, i.e., a specification that defines a list of attribute names which compose an audit report, and assigns to each attribute a specification which is used to generate the attribute values.


26

CONCLUSION

Auditing tasks is the determination of compliance of facts with pre-defined specifications.

Auditing is the review of an organization’s quality system in order to achieve quality throughout the process.

Audits are the most effective when performed by qualified professionals who work together and are focussed on clear objectives.


27

THANK YOU

Process monitoring and_audit_sadhana

Business

Transcript of Process monitoring and_audit_sadhana