Audit: Difference between revisions

From CEOpedia | Management online
(The LinkTitles extension automatically added links to existing pages (<a target="_blank" rel="noreferrer noopener" class="external free" href="https://github.com/bovender/LinkTitles">https://github.com/bovender/LinkTitles</a>).)
(The LinkTitles extension automatically added links to existing pages (<a target="_blank" rel="noreferrer noopener" class="external free" href="https://github.com/bovender/LinkTitles">https://github.com/bovender/LinkTitles</a>).)
Line 32: Line 32:


===First party audit (Internal audit)===
===First party audit (Internal audit)===
Internal or first party audit is the situation when [[enterprise]] employees that have necessary competences audit other employees. In order to keep independence of assessment, auditors cannot audit processes in which they [[work]]. To become internal auditor [[employee]] has to:
Internal or first party audit is the situation when [[enterprise]] employees that have necessary competences audit other employees. In order to keep independence of assessment, auditors cannot audit processes in which they [[work]]. To become [[internal auditor]] [[employee]] has to:
* be appointed for this function by [[top management]],
* be appointed for this function by [[top management]],
* have competences ([[training]]) necessary in audit.
* have competences ([[training]]) necessary in audit.
Line 55: Line 55:
* Management systems
* Management systems
** [[Quality management system]]
** [[Quality management system]]
** Environmental [[management system]]
** [[Environmental]] [[management system]]
** [[Health and safety management]] system
** [[Health and safety management]] system
** [[Information security management system]]
** [[Information security management system]]

Revision as of 09:14, 19 March 2023

Audit
See also


Audit is a process of obtaining and evaluating data concerning operations and events in the organization to appraise the degree of relationship between claims and established standards, and communicating the issues to interested users. In other words, the aim of audit is to compare "what should be" (standards, regulations, plans) with "what actually is" (practice).

IAA defines audit as an independent and objective operation connected with consulting, and its main aim is implementation of value added to the company and improvement of the actions. Audit helps company to achieve established goals through the systematic, consequent action which helps to evaluate and improve the efficiency of risk management, control system and organization management processes.

Audit is an unversal method, used in quality management, financial management, risk management and other areas. In each area specific rules apply, however, the main idea of audit is common for all of them. Therefore, it is possible to join different areas in one audit (e.g. joint quality and finance audit). This requires much wider competences of auditors.

General rules of audit

Regardless of area and type, those rules apply to each audit:

  • Audit is not inspection - auditor looks after conformance, not defects.
  • Audit is not unexpected - audit should be planned and communicated in advance.
  • Audit is cooperation - audit should be a cooperation between auditor and audited in order to find solutions.
  • Audit is an opportunity to improve - no improvement ideas means that audit was only waste of time.

Types of audit

First party audit (Internal audit)

Internal or first party audit is the situation when enterprise employees that have necessary competences audit other employees. In order to keep independence of assessment, auditors cannot audit processes in which they work. To become internal auditor employee has to:

Rules for first party audit are specified by top management in procedures or other types of documents.

See also: internal audit.

Second party audit (External audit)

External or second party audit is the situation when auditors from one company audit other company. This happens usually when company acting as (future) customer audits its suppliers. Rules for second party audit should be specified in agreement between enterprises.

Third party audit (Certification audit)

Certification or third party audit is the situation when independent organization audits enterprise in order to confirm that certain requirements (standards, regulations) were met. Certification may be more convenient than external audit because:

  • Only one audit confirms meeting requirements. There is no need of multiple audits in case of multiple customers.
  • No sensitive data is transferred to the customer (e.g. pricing policy, technology).

On the downside, certification audit sometimes is not so independent as it looks. Due to the competition on certification market, some certification bodies lower their requirements to attract more customers. In long term this undermines the credibility of certificate.

Internal audit

The internal audit was described in detail in separate article.

Concepts using audit

References

Author: Slawomir Wawak