The responsibility to conduct an audit will typically be delegated by a member of the organisational leadership team. This individual will have a greater oversight of the organisational ‘landscape’ and should provide the Scope and Criteria for the audit. Armed with this, the auditor can then begin to plan the structure of the audit. Typical considerations would be as follows:
- How long have I been allocated to conduct the audit?
- Who would be the best representative to speak to regarding the audit I have been asked to conduct?
- How can I plan my audit with the department to maximise the available time?
- From the Criteria (the ‘what should be’), how can I extract questions that will enable me to investigate to the extent necessary to confirm that this requirement is being met?
- What evidence should I expected to be see, or be presented in support of this investigation (the ‘what is’)?Once you have decided upon a plan for your audit, it is good practice to forward this to the auditee, to enable them to arrange for the relevant people to be available.
Once these (and any other questions) have been answered, the auditor should arrange an opening meeting with the auditee(s). For an internal audit this is likely to be a relatively informal affair, consisting of introductions and confirmation of, or changes to, the audit arrangements.
At the conclusion of this meeting, the audit can begin. Individual staff should be interviewed, processes observed and documentation that has been produced in support of business activities should be reviewed. Auditors should follow an approach of ‘ask, check, verify and record’:
- Ask - ask open questions to begin conversations about the process or system. Listen to the answers provided, as these may lead to further ‘probing’ questions to illicit more detail. If a potential trail appears, providing it does not lead the auditor outside the Scope of the audit, further investigations may be required.
- Check - use additional questions to verify the facts of the auditees comments.
- Verify - look for supporting evidence of what the auditee has said.
- Record - make a note of the evidence of what you have been told, either positive or negative findings, ensure you record as much detail as necessary in the event of a finding, so that your report will lead the auditee precisely to where the problem has been identified.
For more detailed insight and advice on preparing for and conducting internal audits, refer to URM’s webinar recordings.
related BLog
No items found.
No items found.
"
I found the course very informative, and the trainer was communicative, supportive and engaging. He is very skilled at adapting to the different types of people and transferring knowledge in a way that sticks with attendees; he delivered the same training over 2 years ago and I still remember the things he taught us. We will definitely be recommending him to other businesses that want to learn about ISO standards. Definitely a great asset to the company.
contact US
Let us help you
Let us help you in your compliance journey by completing the form and letting us know how we can best support you.