Process Flow Auditing

Process Flow Auditing
Event on 2013-03-14 08:30:00

Dates: March 14 and 15

Time: 8:30am to 4:30pm (Thursday and Frinday)

Location: HCA Building 2 – Parthenon I & II Conference Room

Cost: 9 for ISACA members and 9 for non-members

CPE: 16 hours – NASBA Certified (Sponsor ID#: 103321, Field of Study: Auditing)

Meals: Lunch will be provided each day

Parking: Attendees should park in the Charlotte Avenue parking lot (i.e., across the railroad tracks behind HCA). Shuttles will be available from 8:00am to 8:30am and 4:30pm to 5:00pm.

Cancellations/Substitutions: Cancellations will be refunded less a processing fee. Cancellations must be made via email to by the close of business March 12th. Substitutions are welcome. See the Chapter website for complete details on the Chapter's event policies.


Instructor: Dr.Hernan Murdock, CIA – Senior Instructor, MIS Training Institute


Seminar Description:

In this two-day seminar you will learn how to use process flow auditing (PFA) to analyze and breakdown a business into its core processes and to identify high-payback areas. You will focus on operational auditing and its interaction with IT auditing to arrive at an integrated approach to audits that will help control costs, minimize risks and exposures, assist you in your SOX compliance efforts, and maximize your understanding of the business. You will explore the critical role of data in process reviews and analysis, determining how to apply business-oriented risks assessment techniques to the key processes of your organization. You will also learn alternative audit tools and methodologies you can use to make your engagements highly effective, boost productivity, and maximize payback.



1. Process Flow Auditing: Primary Function

2. Understanding the Business

  • primary interdependencies
  • core structure analysis and why it is important
  • understanding the structure: Sarbanes-Oxley and COSO-ERM analysis 

3. Tools, Techniques, and Approaches for  Maximizing Efficiency

  • traditional tools and techniques: are they applicable to process-based  auditing
  • one-on-one interviewing
  • narratives
  • flowcharting
  • group-based audit methodology 
  • top-down flowchart
  • data flow diagrams
  • cause-and-effect diagrams
  • generalized audit software 

4. Risk-Intense/Value-Added Processes

  • focusing on business risks
  • identifying key processes and what makes them critical
  • using data to determine risk
  • using risk to establish primary control points
  • maximizing returns

5. Applying PFA to Operational Areas

  • key operational areas, how they link to primary financial processes, and the  relationship to Sarbanes-Oxley
  • correlating costs to risk assessment
  • process chains: what the auditor needs to know
  • identifying key performance indicators
  • operational risks in the context of your business
  • creating ongoing management oversight vs. crisis management
  • linking operations to the corporate strategic mission
  • critical questions to ask process owners in order to evaluate risk oversight  effectiveness

6. Applying PFA to IS/IT

  • identifying the organization's core systems
  • five critical risk/control zones
  • impact of IS/IT on the primary business operations
  • understanding data flow
  • relating systems to the process flow review
  • key risk points and challenges surrounding IS/IT 

7. PFA Case Study

8. IA's Role and Identity

Instructor Biography:

Hernan Murdock is a Senior Consultant for MIS Training Institute. Before joining MIS he was the Director of Training at Altran Control Solutions International, where he oversaw the company’s training and employee development program. Prior to that, he was a Senior Project Manager, leading audit and consulting projects for clients in the manufacturing, transportation, high-tech, education, insurance and power generation industries. Dr. Murdock also worked at Arthur Andersen, Liberty Mutual and KeyCorp and has completed projects in North America, Latin America, Europe and Asia. Dr. Murdock is a senior lecturer at Northeastern University where he teaches management, international business and ethics. He is the author of the IIA Research Foundation’s Using Surveys in Internal Audits. He has also written articles and book chapters on whistleblowing programs, international business, internal auditing, fraud, corporate social responsibility, deception and behavioral profiling. He has delivered numerous invited talks and presentations at internal audit, academic and government functions in the United States, Canada, Europe, Africa and Latin America.

at Building 2 – Parthenon I
2515 Park Plaza
Nashville, United States

Leave a Reply