How to plan & run a smooth audit
Time is of the essence and when asked to conduct an audit by management, stress levels usually peak – Where do I start? How much time have I got to do this? What do they want me to audit? Where do I need to go to do the audit? How do I decide whom to interview? AND I have to plan all of this!!!
Following a step-by-step process goes a long way to alleviating this stress.
STEP 1 – Type of audit
As an internal auditor you will need to know what type of audit you are going to conduct. For example:
- Audit of organisational processes
- Audit to determine compliance to Australian, international standards and / or regulatory compliance
- Audit own systems as part of business improvement
The amount of time required to plan and prepare will vary considerably depending on the audit type and its requirements.
STEP 2 – Timing of the audit
It is a good idea to find out what else is going on in the business, for example: When are external audits (certification/accreditation, regulatory, financial) being conducted? What are our peak times/shut downs for our business? Is December/January and end of financial year a good time to audit?
All these points need to be considered to make sure you get staff attention and the best out of the audit.
STEP 3 – Where can I find out where to focus my audit?
This tends to be the most confusing part for any auditor. Most organisations have an ‘audit schedule' which shows, generally over a 12-month period, what is to be audited and where. This is generally linked to Australian and/or international standards or regulatory compliance. But how can we find out what is working well and what areas need improvement in order to focus our audit? In other words, what do we want to target?
In fact most organisations collect a lot of data, it just depends what you do with it and how useful it can be to you. For example:
- Customer feedback
- Information kept on suppliers/contractors
- IT helpdesk queries
- Risk registers
- Previous audit reports
- Non-Conformance register
- Issues logs
- Project de-briefs
Finding out where this information is kept and speaking with the staff responsible for a process is a starting point in developing the auditor’s understanding of the ‘big picture’ - that is, how the organisation operates, its risks and controls. This will also assist you in determining your objective for the audit.
STEP 4 – How do I decide who I need to speak to?
Unlike external audits where the auditors will walk around a particular area and may be guided by management on who to speak to, internal auditors can select who they wish to talk to, which is generally a good cross-section of staff involved in the process being audited. Speaking solely with management or solely with operational staff will not give the auditor a good perspective on what is happening.
An internal audit is used to ‘dig deep’ and ‘probe’ to make sure we are doing what we said we would do and getting the results expected.
STEP 5 – Putting a plan together
As if the above wasn’t enough to think about, you as an auditor now have to put a plan together of your activities during the audit! This plan can be as simple or as complex as you and/or your organisation requires. Remember, auditors work in all types of industries, locations and sizes and you know what is best understood and the accepted norm for your organisation. With this in mind, your plan of activities can be via an electronic appointment, email, formal document attached to an email etc. The main point is keep it simple and in a language the person being audited understands.
Some points of information the person being audited will want to know is:
- Date of the audit
- Time of the audit (especially how long)
- What are you auditing them against (organisation procedures, part of a Standard etc.)
- Objective for the audit
- Who is the auditor
- Records, reports etc. you would like them to have available as evidence
STEP 6 – Conducting the audit
It is extremely important that an auditor does their homework and becomes familiar with as much as possible on the process they are auditing. From this understanding, questions will be asked in a way that will make sense to the person being audited.
Apart from the excellent planning and research you have undertaken, another really important point is ‘interpersonal skills’. Remember you are there to gather information and to engage staff.
STEP 7 – Audit Reports
Once the audit has been completed it is a good idea to start writing your report or at least to put main points down right away. Most organisations have audit report templates in place with main categories of information required listed. A tip is to keep it simple (written for the end user) and easy to read. Simply make it clear to the reader what is working well, what isn’t and what needs to be in place to ensure continuous improvement within the organisation.
Final words of support
As auditors we all need to start somewhere and as they say ‘practice makes (near) perfect’. If you are clear about what you are going to audit and why, have done your homework in understanding as much as possible about the process, and have a list of tailored questions you need to ask, then the result will be good evidence gathered to write your report assisting the organisation to improve its practices.
Christine Brown is founder and managing director of Potential Unlocked, a market leader in the design of management systems that meet compliance and business requirements. She holds a Bachelor of Arts (double major in Political Science and Public Sector Management); RABQSA Lead Auditor, DiSC 5 Behaviours of a Cohesive Team accreditation; Everything DiSC accreditation, TAE 40110 Cert IV Training & Assessment & TAELLN 411.
Due to her extensive knowledge and experience, Christine is trusted by her clients for her patience, understanding and her ability to interpret compliance requirements in a straightforward, uncomplicated way. She regularly facilitates in-house and public workshops, sharing her knowledge of designing simple processes and systems, communicating effectively as an auditor, building and leading teams, and risk management.
Christine’s clients range from small business and start-ups to large organisations and government departments. Covering a broad range of industries, her clients include Boral, BAE Aerospace, Geobrugg, Tenix, West Australian Police, and the Victorian Ambulance Service.
Christine’s new initiative, The Business Performance Program, assists businesses with all major areas of business that are essential for success
For any further information on contracting in an internal auditor to conduct your audits or auditor training please refer to more Audit Tips.