02 Sep How to conduct an internal audit
Internal audits help organisations achieve corporate objectives by keeping a pulse on the consistency of internal business practices.
The goal of an internal audit is to ensure organisational policies and procedures are followed and to alert the management of gaps in policy compliance.
The internal audit process can be done with internal resources or can be outsourced to an external third-party consultant.
There are advantages and disadvantages to outsourcing the function.
However, making sure that the audit practice is done consistently can help organisations manage performance and ensure consistent product quality.
Performing an internal audit can be time-consuming, and resources need to be allocated to the process.
An audit can be done daily, weekly, monthly, or annually. Some departments may need to be audited more often than others.
- Identify Areas that Need Auditing
Identify departments that operate by using policies and procedures written by the organisation or by regulatory agencies.
This can include areas as complex as manufacturing processes or as simplistic as accounting procedures.
Make a list of each area and the functions of the area that require review.
2. Determine How Often Auditing Needs to be Done
Some areas may only need to be audited annually, while some departments may require more frequent audits.
For example, a manufacturing process may require daily audits for quality control purposes, while the HR function may only require an annual audit of records and processes.
3. Create An Audit Calendar
A structured and systematic approach to the auditing process can help ensure the function gets completed.
And, like any other business goal, audits should be integrated into corporate objectives.
Scheduling audits on the business calendar ensures that it is done consistently.
4. Alert Departments of Scheduled Audits
It is simply common courtesy to give departments notice of an audit so they can have the necessary documents and materials ready and available for the reviewer.
A surprise audit should only be done if there is suspicion of unethical or illegal activity.
Department managers should not feel threatened by an auditor but view them as a valued resource to help them better manage their area.
5. Be Prepared
The auditor should come prepared with an understanding of policies and procedures and a list of items that will be reviewed.
The more prepared the auditor is, the more efficient the process will be, and the less downtime there will be for the area being reviewed.
6. Interview Users
The auditor should interview employees and ask them to explain their work process.
Compare the process, as the employee explained it, to what the written policy says.
This step is to gain an understanding of employee competence and identify areas that need additional training.
7. Document Results
Document the results and any differences in practice to how the policies are written, when policies are complied with and when they are not.
This may also include other information that is gathered from the interview process. Again, the goal is to identify gaps in compliance and to figure out a way to bridge that gap.
8. Report Findings
Create an easy to read audit report. These reports should be reviewed with senior management, and an improvement plan should be developed for areas that have gaps in practice compliance.
Other things to think about
- When reviewing policies and procedures, it is essential to think about whether written policies are meeting the needs of customers and adding value to the organisation.
- Policies and procedures should focus on continuous improvement as it relates to how work is performed.
- Is there a healthy team environmentthat supports compliance with policies and procedures? A dysfunctional team can impact procedural compliance.
- Policies and procedures should be reviewed on an annual basis to ensure policies reflect the changing business environment.
Businesses are only as successful as their ability to create products and services that meet the needs of their customers and to deliver these products and services accurately, seamlessly, and without error.
Policies and procedures are how organisations maintain efficient and effective practices that support quality products and services. Internal audits are one tool that organisations use to ensure that their products and services are delivered the right way, the first time and every time.
How often do you audit your internal business? Do you need help conducting internal audits? If so, please do get in touch and we can arrange this to suit your organisation. Our team are fully trained and qualified bsi Lead Auditors.