Process monitoring and_audit_sadhana
Transcript of Process monitoring and_audit_sadhana
P R E PA R E D B Y:
S A D H A N A S I N G H
M . T E C H ( S . E . )
PROCESS MONITORING AND AUDIT
Process Monitoring and Audit
2
CONTENTS
INTRODUCTION ABOUT AUDITATTRIBUTES OF AN AUDIT FINDINGREASONS FOR AUDITCHARACTERISTICS OF AUDITKEY STEPS TO IMPLEMENTING CONTINUOUS AUDITINGAUDIT PROCESSTYPES OF AUDITINGINTRODUCTION ABOUT MONITORINGCHARACTERISTICS OF MONITORINGRESEARCH PAPER
Process Monitoring and Audit
3
INTRODUCTION ABOUT AUDIT
Provides the means to understand performance versus established standards and identify areas for continued improvement.
Is a formal, systematic and disciplined approach designed to evaluate and improve the effectiveness of processes and related controls.
Is governed by professional standards, completed by individuals independent of the process being audited, and normally performed by individuals with one of several acknowledged certifications.
Process Monitoring and Audit
4
ATTRIBUTES OF AN AUDIT FINDING
CRITERIA: What should be
CONDITION: What is
CAUSE: Why the condition happened
EFFECT: The difference and significance between what is and what should be
RECOMMENDATION: Actions needed to correct the cause
Process Monitoring and Audit
5
REASONS FOR AUDIT
Verify processesAssess successful process implementationJudge effectiveness of target levelsReduce and eliminate problem areasReport non-conformance and correctionsReport good practicesContinual improvement
Process Monitoring and Audit
6
CHARACTERISTICS OF AUDIT
Formal review governed by professional standardsCompleted by professionals independent of the operationFormal, systematic and structured approachInvolves planning, sampling, testing, and validatingFormal communication with recommendations and corrective
action measuresDocumented follow-up of corrective actionsAudit accountability is typically to the Chief Audit Executive and
the Audit CommitteeInvolves routine, formal communication to the Board and
Management
Process Monitoring and Audit
7
KEY STEPS TO IMPLEMENTING CONTINUOUS AUDITING
Establishing priority areas.
Identifying monitoring and continuous audit rules.
Determining the process' frequency.
Configuring continuous audit parameters.
Following up.
Communicating results.
Process Monitoring and Audit
8
Process Monitoring and Audit
9
AUDIT PROCESS
Three elements:Preaudit activities, those done in planning and preparing for the
audit.Onsite audit activities by the audit team, from gathering for and
beginning the audit to reporting to management the results of the audit.
Postaudit activities, which include documenting the audit in an appropriate report format and then developing and executing a corrective action plan to address the improvement opportunities identified by the audit team.
Process Monitoring and Audit
10
TYPES OF AUDITING
INTERNAL AUDIT Performed by trained employee
EXTERNAL AUDITIndependent audit organization
Certification
Process Monitoring and Audit
11
INTRODUCTION ABOUT MONITORING
Is an on-going process usually directed by management to ensure processes are working as intended.
Is an effective detective control within a process.Is the routine, daily assessment of ongoing
activities and progress, while evaluation is the periodic assessment of overall achievements.
Looks at what is being done, whereas evaluation examines what has been achieved or what impact has been made.
Process Monitoring and Audit
12
CHARACTERISTICS OF MONITORING
Often less structured than auditing, though audit techniques may be employed
Usually completed by operations or compliance personnel Involves on-going checking and measuringCan be periodic spot checks, daily/weekly/monthly testsMay identify the need for an auditAccountability for monitoring is typically to operations leadershipTypically completed by department staff and communicated to
department management If completed in relation to a compliance work plan, formal
communication to Chief Compliance Officer and Compliance CommitteeMay involve internal audit or compliance
Process Monitoring and Audit
13
RESEARCH PAPER
SLO Auditing Task Analysis, Decomposition, and Specification
-Hasan and Burkhard Stiller
Process Monitoring and Audit
14
CONTENT
INTRODUCTIONAUDIT TASKAUDIT TASK DECOMPOSITIONAUDIT SPECIFICATION
Process Monitoring and Audit
15
INTRODUCTION
Is a widely applied concept for investigating the adequacy of a system against a set of requirements.
Traditional areas of auditing comprise financial auditing, compliance auditing with respect to governmental laws and regulations, and quality audits.
For Internet services two auditing areas are important: security and Service Level Management (SLM).
SLM deals with service levels as specified in an agreement between a customer and a service provider, termed Service Level Agreement (SLA).
Process Monitoring and Audit
16
AUDIT TASK
An audit is defined generally as a "systematic and independent examination of facts on system activities to determine the degree of compliance with a pre-defined set of specifications".
The pre-defined set of specifications is called a compliance specification. Based on this compliance specification an audit is applied to a set of related facts on a specific matter of interest.
The resulting degree of compliance constitutes the main part of an audit report. An audit report can be seen as a "derived" fact, which may or may not be used in the next audit depending on the compliance specification.
Process Monitoring and Audit
17
COMPLIANCE SPECIFICATION: defines major requirements for a particular subject matter of interest to be audited.
An SLO is an example of a compliance specification.Suppose is a QoS parameter to be audited and there are 𝑄𝑚properties 1 , 2 , ..., , which are needed to 𝑃 𝑄 𝑃 𝑄 𝑃𝑚𝑄describe , 𝑄 then, mathematically, a compliance condition for 𝑄describes a function , which transforms the values of the 𝑐𝑝𝑄properties to a number C representing the degree of compliance. This function is called compliance function, where the properties are variables of this function.
𝐶 = ( 1 , 2 , ..., )𝑐𝑝𝑄 𝑃 𝑄 𝑃 𝑄 𝑃𝑚𝑄
Process Monitoring and Audit
18
FACTS AND AUDIT REPORT: A fact is a piece of information presented as having an objective reality, whereas an audit report stores information that characterizes examined list of facts and describes the outcome of the compliance examination.
A fact and an audit report is expressed using a list of Name-Value-Pairs, so that a generic auditing system can correctly interpret the values.
Process Monitoring and Audit
19
AUDIT FUNCTION: An audit can be seen mathematically as a function with a compliance specification, facts, and previous audit reports as its input parameters and new audit reports as its results.
The function 0 is termed audit function and contains the 𝑎𝑢𝑑𝑖𝑡audit algorithm to perform an audit task.
𝑁𝑒𝑤𝑅𝑒𝑝𝑜𝑟𝑡𝑠 = ( , , 𝑎𝑢𝑑𝑖𝑡𝑔 𝐶𝑜𝑚𝑝𝑙𝑆𝑝𝑒𝑐 𝑁𝑒𝑤𝐹𝑎𝑐𝑡𝑠)𝑃𝑟𝑒𝑣𝑅𝑒𝑝𝑜𝑟𝑡𝑠
Process Monitoring and Audit
20
Process Monitoring and Audit
21
AUDIT TASK DECOMPOSITION
Process Monitoring and Audit
22
Facts filtering: In order to audit a specific QoS parameter, only its related facts are required. The task to obtain these related facts is called filtering.
Facts grouping: For each QoS parameter, auditing is applied to each complete fact-list, e.g., facts associated to a PoP and a stream type in a particular time interval are audited separately from facts associated to other PoP, other stream types, or other time intervals. The task to sort a list of related facts to obtain a complete fact-list for each setting and time interval is called grouping.
Property values calculation: This subtask determines the value of each property of the QoS parameter from each complete fact-list.
Process Monitoring and Audit
23
Compliance calculation: For each complete fact-list, this subtask calculates from the property values the degree of compliance according to the compliance condition of the compliance specification.
Report’s attributes calculation: If an audit report is to be generated, this subtask determines the name and the value of each attribute of the audit report. Some systems may want to generate an audit report only if there is a violation to the compliance specification. The inputs of this subtask may come from any output of the previous subtasks: facts grouping, property values calculation, and compliance calculation.
Report generation: This subtask generates a complete audit report from report attributes.
Process Monitoring and Audit
24
AUDIT SPECIFICATION
Facts Filtering Function Specification (FFSpec): a specification of a filter function to obtain a certain fact base from NewFacts.
Facts Grouping Function Specification (GFSpec): a specification of a grouping function to obtain complete factlists from a fact base.
Property Function Specification (PFSpec): a specification of a property function.
Compliance Function Specification (CFSpec): a specification of a compliance function.
Report’s Attribute Function Specification (AFSpec): a specification of a function which returns a report’s attribute value.
Process Monitoring and Audit
25
𝐶𝐶𝑆𝑝𝑒𝑐𝑄: Compliance Calculation Specification (CCSpec) for Q, i.e., a specification to calculate the degree of compliance for Q by defining which FFSpec, GFSpec, PFSpecs, and CFSpec to be used.
𝑅𝐶𝑆𝑝𝑒𝑐𝑄: Report Composition Specification (RCSpec) for Q, i.e., a specification that defines a list of attribute names which compose an audit report, and assigns to each attribute a specification which is used to generate the attribute values.
Process Monitoring and Audit
26
CONCLUSION
Auditing tasks is the determination of compliance of facts with pre-defined specifications.
Auditing is the review of an organization’s quality system in order to achieve quality throughout the process.
Audits are the most effective when performed by qualified professionals who work together and are focussed on clear objectives.
Process Monitoring and Audit
27
THANK YOU