Difference between revisions of "Internal audit"

(Infobox update)
 
Line 112: Line 112:
 
* Management systems
 
* Management systems
 
** [[Quality management system]]
 
** [[Quality management system]]
** [[Environmental management system]]
+
** Environmental management [[system]]
** [[Health and safety management system]]
+
** [[Health and safety management]] system
 
** [[Information security management system]]
 
** [[Information security management system]]
 
** others
 
** others

Latest revision as of 15:45, 13 July 2019

Internal audit
See also


Internal audit is a process of obtaining and evaluating data and appraisal of requirements fulfilment level. It's the first party audit. The internal audit should be run on the same principles as other types of audit. However, it doesn't require external auditors.

It is important, that audit is "searching for conformity", and non-conformity should be only the side effect. Finding non-conformity is not an objective of the auditor. However, if he spots one, he's required to describe it in the report.

Internal auditors[edit]

Internal auditor is usually an employee. There is however possible to hire external consultant as internal auditor. To become auditor, the person has to fulfil following requirements:

  • to have enough training and expertise in the area being audited,
  • to be trained in audit process,
  • to be appointed by top management.

Internal auditors are responsible to perform audits according to internal procedures and external legislation.

Internal audit procedure[edit]

Internal audit procedure should include several elements:

  • programming audits,
  • planning audit,
  • performing audit,
  • reporting audit,
  • analysing series of audits.

ISO 19011 standard can be a good guide for internal auditors. Sections below discuss listed elements.

Internal audits program[edit]

Manager responsible for audits (e.g. Quality manager) should prepare program of audits which covers all requirements, e.g. all chapters of standard, all processes, etc. The program should be prepared for a longer period, usually a year. Certification bodies often require to cover with internal audit all requirements during time between supervision audits (third party).

Internal audit planning[edit]

Appointed auditor should prepare for the audit:

  • establish date of audit,
  • become acquainted with documentation,
  • prepare list of questions or issues (check-list).

Plan / Charter[edit]

The plan/charter includes usually:

  • date of the audit
  • purpose
  • scope
  • information about independence of auditor, accountability and responsibility
  • access and authority
  • relationship with other functions not being audited
  • the basis of the audit (procedures, regulations, operating standards, etc.)
  • requirements regarding reporting and publication

Auditor's check-list[edit]

Auditor's check-list (List of audit questions) is a set of audit questions and required checks. Using the audit check-list allows:

  • Maintain the logical order of research,
  • Remind not to miss an item,
  • Facilitate the preparation of report,
  • Evidence of the audit - is part of the documentation.

There is no standard list of questions, each auditor makes himself his own (customized to his needs) depending on experience and scope of the audit. The list must be kept updated on changing regulations and adapt to the situation.

Questions on the list can be divided into ten groups:

  1. Decision about starting audit (e.g. Do I know who is my customer?)
  2. Getting information from person requesting audit (e.g. Did the customer described the purpose of the audit?)
  3. The first contact with the audited entity (e.g. Do I know how to behave in relation to the auditee?)
  4. Preparation of the audit (e.g. Had I set the term of the audit?)
  5. Meeting beginning the audit (e.g. Do I know what I want to pass on the opening meeting?)
  6. The visit in the audited company (e.g. Does the caller answers about?)
  7. Meeting auditors (e.g. Do I have all the information we need?)
  8. The meeting ending audit (e.g. Do you all understand my speech?)
  9. The audit report (e.g. Are the conclusions of the audit not superficial?)
  10. After the audit (e.g. Am I satisfied with the audit?)

The list of audit questions should be treated as a set of guidelines to facilitate the work of the auditor, and not as a rigid frame. The auditor has to use it intelligently, maintaining professionalism and flexibility to signals from the outside.

Performing internal audit[edit]

Performing audit consists of following steps:

  • opening meeting - presentation of audit aims and plan.
  • research
    • interviews with audited managers and employees,
    • analysis of documents,
    • observation of processes,
    • experiments,
    • other methods,
  • closing meeting - summary, presentation of results.

Sampling[edit]

During the audit, auditor should avoid checking all the data. That behaviour is typical to inspection. In case of audit, auditor should take a sample and judge on basis of its evaluation. The sample usually doesn't exceed 10% of the population. There are several methods of sampling, e.g.:

  • pick newest data
  • pick one from each month
  • pick one every 10 records
  • pick randomly

The auditor should avoid letting the employee to pick the sample, as he/she can pick only proper records.

Internal audit report[edit]

After performing audit, auditor should prepare written report. The scope of report depends on enterprise requirements. Report should be accepted by manager responsible for audits and then sent to units that were audited. Usually report consists of:

  • data from audit plan
  • check-list
  • information about conformity
  • information about non-conformity
  • possibility of improvement

Analysis of series of internal audits[edit]

After each programming period, manager responsible for audits should perform analysis and present its results to top managers. The results should be also an input for next programming period.

Concepts using internal audit[edit]

See also:

References[edit]

Author: Slawomir Wawak