Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Module 5 - Carrying out Internal Audits
Transcript of Module 5 - Carrying out Internal Audits
The methods you use to gather audit evidence aren’t one-size-fits-all. Part of your obligation to exercise professional care is to select the most appropriate method(s) for the type of department and auditing task at hand.
Analytical procedures: Comparing what’s on the client’s records to what’s expected to be on there.
Confirmations: Asking for verification supporting management assertions.
Inspection of records: Asking the department for relevant documents in support of work instructions.
Observation: Watching employees do their jobs to obtain an understanding of how each task is done.
Recalculation: Verifying the mathematical accuracy of employees computations.
Reperformance: Doing the procedure to make sure the work instruction and process works and are following the rules.
Scanning: Looking over various entries on general reports or records.
Evidence includes company documents like photocopies of Invoices, print screens of computer use, copies of spreadsheet pages and minutes of meetings, so that auditors can trace all actions to the original source. Re - Audits are usually scheduled when a high amount of instances of non conformance and/or negative observations happen.
This can be for many reasons - new departmental procedures, new management, or a drastic change in workload.
All we would do is write up the reports and non conformance reports, then set an agreed deadline for issues to be resolved by. (The time scale for this is dependent on the severity of the non conformances)
The after the agreed deadline date, we would repeat the audit, focusing on the non confomances found previously.
If issues are still found to be present after the deadline and there is no substantial business related reason for this, then we would escalate the severity of said non conformances, and set relevant deadline dates, escalate to senior management and set another audit date. Module 5 : Carrying out Internal Audits Optional Training Modules : Quality Management Module Overview Internal Audit Procedure
Non Conformance Forms
Follow up and Close Out
Re- Audits Any audit report must have valid information.
How we can validate our findings is with supporting documentation and evidence.
We have the Audit Checklist CD003v2 which helps us to construct a plan of action and our Audit schedule by prompting you to audit certain topics and discuss specific tasks/roles.
We also have the Audit Record CD001v2 which allows us to notate our findings in a structured and uniformed format.
With supporting documents, we need to gather evidence from employees and managers, which helps prove how a certain task or work procedure is followed and how the department as a whole is working together.
Where possible we try to follow the evidence from start to finish, so tracing a booking through Ops, onto Toc's through Admin then onto Accounts.
The auditor works through the agreed processes according to the arrangements confirmed in the opening meeting.
They request the auditee display or provide them with copies of any specific supporting evidence required and make notes as they work.
When the auditor has finished reviewing a process with the auditee they provide a brief summary of what they will be doing with their findings. Voyage One : Internal Procedure Audit Records When the audit is complete the auditor stores the formal reports electronically on the company network.
A paper copy is also stored in the locked cupboards in Room 20 of the Egerton House premises in the event that there are any issues with the company network and access.
All handwritten notes are kept as a ‘pack’ in the ISO Audit folder in the locked cupboard in Room 20 of the Egerton House premises.
Non conformity reports are stored in the same way. Voyage Four : Closing Meetings Once you have completed your Audit, you will need to have a closing meeting with the departmental manager to discuss what your findings will show.
You start by explaining what processes you have audited and who you sat with.
At this point you ask for any further insight into how things are done and any queries or concerns you have about working practices you have witnessed during the audit.
You can show them what evidence collected, and verify what it shows.
Discuss any non conformances and possible options for resolving the issue, correcting the actions and preventing it from happening again.
You can also mention any observations found.
Overall you just need to have a catch up and inform the manager of what your results will show. Voyage Five : Audit Reports The formal audit report is written up by the auditor and forwarded to the department manager within 2 working days of the audit taking place.
Nothing appears on the report that hasn’t already been discussed with the manager in the closing meeting.
The auditors make sure that the audit report is as clear and precise as possible to aid the managers in their reading of it.
The written report is accompanied by the non-conformances. Each non-conformance has its own non-conformance form, clearly laying out what the non-conformance is so that the manager can easily identify the issue and implement corrections.
The manager then uses this to record their responses to all non-conformances and actions taken to correct and prevent future occurrence. Evidence gathering
The auditor works through the agreed processes according to the arrangements confirmed in the opening meeting. They request the auditee display or provide them with copies of any specific supporting evidence required and make notes as they work.
The auditor looks to create an ‘audit trail’ to build up the whole picture of a process through its documentation and interface with other processes in order to avoid viewing them in isolation. This will highlight any potential areas where control is lost or gaps occur.
When the auditor has finished reviewing a process with the auditee they provide a brief summary of what they will be doing with their findings. Recording Findings
All notes are made using the audit checklist and audit form as the auditor carries out their work.
These notes form the basis of the formal audit report issued to the departmental manager after the audit. Therefore, they must be legible, precise and clear.
Any evidence gathered is stored alongside these notes to create ‘evidence bundles’. This allows the managers and the auditor to know the exact findings and be clear on what the auditor’s findings relate to precisely. Written Report
The formal audit report is written up by the auditor and forwarded to the department manager within 2 working days of the audit taking place.
Nothing appears on the report that hasn’t already been discussed with the manager in the closing meeting. The auditors make sure that the audit report is as clear and precise as possible to aid the managers in their reading of it.
The written report is accompanied by the non-conformances. Each non-conformance has its own non-conformance form, clearly laying out what the non-conformance is so that the manager can easily identify the issue and implement corrections. The manager then uses this to record their responses to all non-conformances and actions taken to correct and prevent future occurrence. Auditor behaviour
The auditor is there to assess processes not people or their functions/job roles and does so using objective evidence based approach.
Personal opinions and conjecture are not acceptable findings for an internal audit. The auditor always looks to gather evidence for their findings so may ask for access to or copies of the auditee’s records, procedures and work instructions.
All audits to start with a short meeting to confirm scope and objectives, carry out introductions and confirm arrangements for the day as well as the closing meeting. Audit Checklist
The Internal Auditor team then produces an audit checklist to ensure that all necessary documentation has been gathered and it is clear what they intend to audit and what resources are required on the day of audit. Information Gathering
The audit team make themselves familiar with the department they are to audit, taking note of size, complexity, documented procedures and key processes and their operation before the audit takes place.
The team, with the assistance of department managers, gather all necessary documentation, including, but not limited to: process documentation, procedures and work instructions. Preparation of findings
When the auditor has completed their observations and is happy they have completed the audit they then go away and gather together their notes and findings and review ready to discuss with department manager.
This is to make sure that they are clear on what they need to discuss with the manager and what priority they have for that teams processes. Closing Meeting
Once their notes are in order the auditor meets with the departmental manager to go over the day.
The auditor goes through all observations and non-conformances they have recorded, showing supporting evidence. This gives the manager an opportunity to point out if there have been any misunderstandings on the auditors part before the official report is issued.
This is also when the auditors highlight any positive observations they’ve made relating to good practices or proper procedure.
Pre Audit Meeting -
The audit team arrange a Pre-Audit meeting with departmental managers the week before the audit is scheduled to take place.
The Pre-Audit meeting reviews previous audit results and corrective actions and sets the scope and objectives for the upcoming internal audit.
The audit team use this meeting to request any necessary documentation in preparation for the audit. Planning and Preparation Conducting the Audit Audit Reporting
The results of the internal audits and any corrective actions are reviewed at the Management System review to check that progress is satisfactory for the senior management team.
Agreed corrective actions are followed up on the next round of internal audits after 6 months to check and verify the impact the solution has had on the specific non-conformance noted. Voyage Eight : Re - Audits Ahoy Matey!!
Yer Treasure be a chest full of Knowledge! Aye Aye!! Keep a weathered eye open matey! LAND HO!!! No Prey, No Pay Me Hearty's Shiver Me Timbers! Savvy...? Strike Your Colurs!!!!!! YO HO HO.... Avast Ye! No Quarter Given !!!!! X Mark the spot Voyage Seven : Follow up and Close Out Voyage Two : Supporting Documentation Closing Meetings Non-conformity is simply a note of any instance the auditor has found where documented process was not followed or the agreed procedure was unknown or unclear. These can be both positive and negative e.g. if auditor notices an improvement to practice, the procedure may just need updating.
All non-conformities are raised at time of noticing them with the auditee and then again with the department manager in the closing meeting.Basically, you need to speak with the person you are auditing at the time, and question why the issue is there, and whether they are aware this is against procedure/not good practice.
The auditor also reports any observations they have made, these are not necessarily non-conformities but may indicate a situation where improvements are possible to prevent the possibility of future non-conformities.