How to plan & run a smooth audit
Time is of the essence and when asked to conduct an audit, by management, our stress levels usually peak – where do I start? How much time have I got to do this? What do they want me to audit? Where do I need to go to do the audit? How do I decide who I have to interview? AND I have to plan all of this!!!
STEP 1 – Type of audit
As an internal auditor you will need to know what type of audit you are going to conduct as there are different types. For example:
- Audit of organisational processes
- Audit to determine compliance to Australian, international standards and / or regulatory compliance
- Audit own systems as part of business improvement
The amount of time required to plan and prepare will vary considerably depending on the audit type and its requirements.
STEP 2 – Timing of the audit
It is a good idea to find out what else is going on in the business for example when are external audits (certification / accreditation, regulatory, financial) being conducted? What are our peak times / shut downs for our business? Is December / January and end of financial year a good time to audit? All these points need to be considered to make sure you get staff attention and the best out of the audit.
STEP 3 – Where can I find out where to focus my audit?
This tends to be the most confusing part for any auditor. Most organisations have an ‘audit schedule' which shows, generally, over a 12-month period what is to be audited and where and is generally linked to Australian and / or international standards or regulatory compliance. However, how can we find out what is working well and areas where we can improve and possibly focus our audit? In other words what do we want to target?
In fact most organisations collect a lot of data, it just depends what you do with it and how useful it can be to you. For example:
- Customer feedback
- Information kept on suppliers/contractors
- IT helpdesk queries
- Risk registers
- Previous audit reportsNon-Conformance register
- Issues logs
- Project de-briefs
Finding out where this information is kept and speaking with the staff responsible for a process is a starting point in developing the auditor’s understanding of the ‘big picture’, that is, how the organisation operates, its risks and controls. This will also assist you in determining your objective for the audit.
STEP 4 – How do I decide who I need to speak to?
Unlike external audits where the auditors will walk around a particular area and may be guided by management on who to speak to internal auditors can select who they wish to talk to, which is generally a good cross section of staff involved in the process being audited. Speaking solely with management or solely with operational staff will not give the auditor a good perspective on what is happening.
So, the internal auditor should ensure the person they are speaking to works in the process and is reasonably familiar with it – remember it is a good idea to speak with newly recruited staff to get their view of ‘the world’ as well as staff who know the process really well and worked for the organisation for a long time.
An internal audit is used to ‘dig deep’ and ‘probe’ to make sure we are doing what we said we would do and getting the results expected.
STEP 5 – Putting a plan together
Wow if the above wasn’t enough to think about you as an auditor now has to put a plan together of your activities during the audit! This plan can be as simple or as complex as you and or your organisation requires. Remember auditors work in all types of industries, locations and sizes and you know what is best understood and the accepted norm for your organisation. With this in mind your plan of activities can be via an electronic appointment, email, formal document attached to an email etc. The main point is keep it simple and in a language the person being audited understands. Some points of information the person being audited will want to know is:
- Date of the audit
- Time of the audit (especially how long)
- What are you auditing them against (organisation procedures, part of a Standard etc.)
- Objective for the audit
- Who is the auditor
- Records, reports etc. you would like them to have available as evidence
STEP 6 – Conducting the audit
(for more information please refer to the article titled Carrying out an audit)
It is extremely important that an auditor does their homework and familiarises themselves as much as possible on the process they are auditing. From this questions will be formulated and asked in a way the person being audited will understand.
Apart from the excellent planning and research you have undertaken another really important point is ‘interpersonal skills’. Remember you are there to gather information and to engage staff.
STEP 7 – Audit Reports
(for more information please refer to article titled Constructing an audit report)
Once the audit has been completed it is a good idea to start writing your report or at least to put main points down, you can fine tune your language etc. at a later date. Most organisations have audit report templates in place with main categories of information required listed. A tip is to keep it simple (written for the end user) and easy to read remember it is not a test on how well you have grappled the English language but have you made it clear to the reader what is working well, what isn’t and what needs to be in place to ensure continuous improvement within your organisation.
Final words of support
As auditors we all need to start somewhere and as they say ‘practice makes (near) perfect’. If you are clear about what you are going to audit and why, have done your homework in understanding as much as possible the process, have a list of questions you need to ask, and then the result will be good evidence gathered to write your report assisting your organisation improve its practices.