Does your internal audit programme produce outcome-driven results that offer strategic and operational value to the business? When was the last time you reviewed the value your internal audits bring to your organisation?
Most organisations tend to view internal audits as a checkbox activity to verify the organisation’s management systems, processes and/or procedures meet requirements. Internal auditors often focus on auditing conformance to the system and NOT whether the activities carried out are done effectively and efficiently. This is a flawed approach as it makes one huge assumption – your organisation has designed the right processes or procedures in the first place.
Instead, auditors should focus on incorporating a risk-based approach throughout the entire audit process, including the planning, conducting and reporting. For every audit scheduled, auditors need to define the objective, scope and criteria to ensure the organisation realises the maximum return on the time invested.
The frequency and structure of the audit schedule should be reviewed and adjusted as results come in. The audit programme should be responsive to changes in organisational needs. This allows the audit programme to accommodate planned or unplanned changes, new or emerging issues, risks and opportunities.
Internal auditors are often instructed to audit the system without considering the effectiveness of management operations. Auditors need to be able to converse and challenge managers effectively as they are the ones who direct, resource and co-ordinate the performance within functions and processes. Failing to challenge managers during audits limits the true value the internal audit can identify for process improvement.
Similarly, the top leadership team are also often excluded from internal audit programmes, because it is not perceived to be required or valuable. Instead, auditors should audit the deployment of organisational goals and the governance of the system and its processes to verify alignment with the organisation’s strategic direction.
All the above issues, should they exist in your organisation, will seriously hinder the perceived and realised value of internal audits, and therefore, the whole management system. They will also hinder the management of organisational and system level risks and constrain the effectiveness of your company’s continual improvement objectives and overall performance outcomes, whether relating to business, quality, environmental or health and safety objectives for example.
Read "6 Simple Steps on Management an Effective Internal Audit" here.
Learn more about the current version of the Standard ISO 9001:2015.
View our full list of Auditor Training Courses here.
About the AuthorMore Content by David White