Audit: Difference between revisions

From CEOpedia | Management online
(LinkTitles)
m (Text cleaning)
 
(4 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{infobox4
|list1=
<ul>
<li>[[ISO 9001]]</li>
<li>[[Outsourcing agreement]]</li>
<li>[[Quality management system]]</li>
<li>[[ISO 9004]]</li>
<li>[[Risk management process]]</li>
<li>[[Business risk management]]</li>
<li>[[Emergence plan]]</li>
<li>[[Quality control plan]]</li>
<li>[[Strategic risk management]]</li>
</ul>
}}
'''Audit''' is a process of obtaining and evaluating data concerning operations and events in the [[organization]] to appraise the degree of relationship between claims and established standards, and communicating the issues to interested users. In other words, the aim of audit is to compare "what should be" (standards, regulations, plans) with "what actually is" (practice).  
'''Audit''' is a process of obtaining and evaluating data concerning operations and events in the [[organization]] to appraise the degree of relationship between claims and established standards, and communicating the issues to interested users. In other words, the aim of audit is to compare "what should be" (standards, regulations, plans) with "what actually is" (practice).  


Line 30: Line 13:


==Types of audit==
==Types of audit==
===First party audit (Internal audit)===
===First party audit (Internal audit)===
Internal or first party audit is the situation when [[enterprise]] employees that have necessary competences audit other employees. In order to keep independence of assessment, auditors cannot audit processes in which they [[work]]. To become internal auditor [[employee]] has to:
Internal or first party audit is the situation when [[enterprise]] employees that have necessary competences audit other employees. In order to keep independence of assessment, auditors cannot audit processes in which they [[work]]. To become [[internal auditor]] [[employee]] has to:
* be appointed for this function by [[top management]],
* be appointed for this function by [[top management]],
* have competences ([[training]]) necessary in audit.
* have competences ([[training]]) necessary in audit.
Line 55: Line 37:
* Management systems
* Management systems
** [[Quality management system]]
** [[Quality management system]]
** Environmental management system
** [[Environmental]] [[management system]]
** [[Health and safety management]] system
** [[Health and safety management]] system
** [[Information security management system]]
** [[Information security management system]]
Line 61: Line 43:
* [[:Category:Financial management|Financial management]]
* [[:Category:Financial management|Financial management]]
* [[:Category:Risk management|Risk management]]
* [[:Category:Risk management|Risk management]]
{{infobox5|list1={{i5link|a=[[Outsourcing agreement]]}} &mdash; {{i5link|a=[[Certification and accreditation]]}} &mdash; {{i5link|a=[[Non-conformity]]}} &mdash; {{i5link|a=[[Quality policy]]}} &mdash; {{i5link|a=[[Process analysis]]}} &mdash; {{i5link|a=[[Controlling variants]]}} &mdash; {{i5link|a=[[Internal benchmarking]]}} &mdash; {{i5link|a=[[Quality management system]]}} &mdash; {{i5link|a=[[ISO 9001]]}} }}


==References==
==References==
Line 68: Line 52:
* Meigs, Walter B., ''Principles of Auditing'', IRWIN, Boston 1989.
* Meigs, Walter B., ''Principles of Auditing'', IRWIN, Boston 1989.
* Taylor D. H., Glezen G. W., ''Auditing. An assertions approach'', John Wiley & Sons, New York 1997
* Taylor D. H., Glezen G. W., ''Auditing. An assertions approach'', John Wiley & Sons, New York 1997
[[Category:Financial management]]
[[Category:Financial management]]
[[Category:Risk management]]
[[Category:Risk management]]

Latest revision as of 16:55, 17 November 2023

Audit is a process of obtaining and evaluating data concerning operations and events in the organization to appraise the degree of relationship between claims and established standards, and communicating the issues to interested users. In other words, the aim of audit is to compare "what should be" (standards, regulations, plans) with "what actually is" (practice).

IAA defines audit as an independent and objective operation connected with consulting, and its main aim is implementation of value added to the company and improvement of the actions. Audit helps company to achieve established goals through the systematic, consequent action which helps to evaluate and improve the efficiency of risk management, control system and organization management processes.

Audit is an unversal method, used in quality management, financial management, risk management and other areas. In each area specific rules apply, however, the main idea of audit is common for all of them. Therefore, it is possible to join different areas in one audit (e.g. joint quality and finance audit). This requires much wider competences of auditors.

General rules of audit

Regardless of area and type, those rules apply to each audit:

  • Audit is not inspection - auditor looks after conformance, not defects.
  • Audit is not unexpected - audit should be planned and communicated in advance.
  • Audit is cooperation - audit should be a cooperation between auditor and audited in order to find solutions.
  • Audit is an opportunity to improve - no improvement ideas means that audit was only waste of time.

Types of audit

First party audit (Internal audit)

Internal or first party audit is the situation when enterprise employees that have necessary competences audit other employees. In order to keep independence of assessment, auditors cannot audit processes in which they work. To become internal auditor employee has to:

Rules for first party audit are specified by top management in procedures or other types of documents.

See also: internal audit.

Second party audit (External audit)

External or second party audit is the situation when auditors from one company audit other company. This happens usually when company acting as (future) customer audits its suppliers. Rules for second party audit should be specified in agreement between enterprises.

Third party audit (Certification audit)

Certification or third party audit is the situation when independent organization audits enterprise in order to confirm that certain requirements (standards, regulations) were met. Certification may be more convenient than external audit because:

  • Only one audit confirms meeting requirements. There is no need of multiple audits in case of multiple customers.
  • No sensitive data is transferred to the customer (e.g. pricing policy, technology).

On the downside, certification audit sometimes is not so independent as it looks. Due to the competition on certification market, some certification bodies lower their requirements to attract more customers. In long term this undermines the credibility of certificate.

Internal audit

The internal audit was described in detail in separate article.

Concepts using audit


Auditrecommended articles
Outsourcing agreementCertification and accreditationNon-conformityQuality policyProcess analysisControlling variantsInternal benchmarkingQuality management systemISO 9001

References

Author: Slawomir Wawak