Internal Audit

COURSE OBJECTIVES

On the completion of this training, participants

will be able to :
 Understand how to establish and maintain an internal
audit program meeting the requirements of ISO.
 Plan and organize internal audits
 Identify, record and follow-up on corrective actions
arising such audits
COURSE OUTLINE

MODULE 1 Basic concepts of internal audits

MODULE 2 Planning, Preparing and
Managing Audits
MODULE 3 Audit Processes and Techniques
MODULE 4 Writing audit reports and follow-
up audits
MODULE 5 Selection of Auditors and Special
Aspects of Internal Audits
 MODULE 1 :
BASIC CONCEPTS OF
INTERNAL AUDITS
  TERMINOLGY

AUDIT

Systematic, independent and documented process for

obtaining audit evidence and evaluating it objectively to
determine the extent to which audit criteria are fulfilled.

AUDIT CRITERIA

Set of policies, procedures or requirements.

  TERMINOLGY

AUDIT EVIDENCE

Records, statement of fact or other information which are

relevant to the audit criteria and are verifiable.

AUDIT FINDINGS

Results of evaluation of collected audit evidence against

audit criteria.
  TERMINOLGY

MANAGEMENT SYSTEMS

The quality, administrative and technical systems that govern

the operations of organization.

AUDITEE
An organization or area being audited.

AUDITOR
Person with the competence to conduct an audit.
  TYPES OF AUDITS

TYPES OF AUDITS
1] First Party Audits
2] Second Party Audits
3] Third Party Audits

FIRST PARTY AUDITS

• An employee of the organization acts as the auditor or an
outside commissioned by the organization.
• A self check of one’s own system, product quality, etc.
• Also known as “Internal Audit”
  TYPES OF AUDITS

SECOND PARTY AUDITS

• A representative of the customer conducts the audit.

• The quality of the product and the consistency of its
production are audited.

THIRD PARTY AUDITS

• Assessors or auditors are acting on behalf of an accreditation or
certification body.
• To confirm the management system meets the requirements of
the accreditation or certification body they represent.
  PRINCIPLES OF AUDITING

 Ethical conduct : the foundation of professionalism

(trust, integrity, confidentiality and discretion are essential for auditing)
 Fair presentation : the obligation to report truthfully and accurately
 Due professional care : the application of diligence and judgment in auditing
 Independence : the basis for the impartiality of the audit and objectivity of
the audit conclusions. (free of conflict of interest)
 Evidence-based approach : the rationale method of reaching reliable and
reproducible audit conclusions in a systematic audit process.
 MODULE 2 :
PLANNING, PREPARING AND
MANAGING AUDITS
  TERMINOLGY

AUDIT PROGRAM

Set of one or more audits planned for a specific time frame

and directed towards specific purpose.

AUDIT SCOPE

Extent and boundaries of an audit.

AUDIT PLAN

Description of the activities and arrangements for an audit.

  AUDIT PROGRAM

 ISO does not specify how frequently internal audit are required.
 “pre-determined schedule”
 The standard leaves it to the judgment of the organization how
frequent the audits should be conducted and how they should be
scheduled.
 Shows the areas, processes, functions to be audited.
 Time of Audit (month or date).
 All activities necessary for planning, organizing and conducting the
audits
  AUDIT FREQUENCY

Duration:

• Depends on the scope of audit

• Complexity of the process

• Number of auditors
 BRIEFING THE AUDITORS

 Define the scope of the audit

 What is to be audited
 Which part of the organization
 Against what criteria
 Establish the date, time and duration
 Provide audit briefing documents
 Current copies of all quality system documents
 Provide audit working documents
 Checklists
 Non-conformity reports
 Ensure correct understanding
 MODULE 3 :
AUDIT PROCESS AND
TECHNIQUES
 TYPICAL AUDIT SEQUENCE

 Entry or Opening Meeting

 Gathering the information and evidence
 Review and Summary
 Documenting and Compiling Report
 Exit or Closing Meeting
 TYPICAL AUDIT SEQUENCE

ENTRY OR OPENING MEETING

 Introduce the audit team members
 Confirm audit scope and objectives
 Confirm audit schedule and reporting procedure
 Explain audit methods
 Explain team member’s responsibilities
 Where applicable, ask for an escort
 Questions / Clarification
 TYPICAL AUDIT SEQUENCE

EXIT OR CLOSING MEETING

 Informal discussion with the Department / Auditee
 Maybe waived, in lieu of reports
 If held:
- Present findings and conclusion
- Explain and discuss findings
 Present the audit findings
 Explanation of audit findings
 Conclusion on the status of the system
 Agree / confirm on the dates for completion of corrective action
 Confirm reporting and follow-up actions
  TYPICAL AUDIT SEQUENCE

AUDIT REVIEW
 Team meeting before closing meeting
 Review / complete checklists
 Discuss and compare evidence
 Decide and classify Non-Conformities (NCs)
 Document NCs
 TYPICAL AUDIT SEQUENCE

FORM OF OBJECTIVE EVIDENCE

 Paper / Documents, records, reports, data, etc. necessary in
managing an activity/process.
 Practice – physical activities necessary in managing an
activity/process, e.g. sample preparation, housekeeping
 People – levels of knowledge and understanding necessary in
managing an activity/process.
  EFFECTIVE AUDITING

An audit is a fact finding mission.

 Gather information about the process or management systems,
operating procedures, staff, equipment, process or test methods,
environment, handling of software, quality control and verification
activities, and recording and reporting practices.
 Evaluate this information against the documented quality system
and operating procedures.
 Identify, through objective evidence, any breakdowns in the quality
system or departures from these operating procedures.
 AUDIT TECHNIQUES

Five Basic Techniques

 Ask questions
 Listen to answers
 Observing activities
 Examination of facilities
 Reviewing documents and records

Even our senses of touch, taste and smell may be useful to

us in gathering information.
 AUDIT TECHNIQUES

 Establish audit trails and use checklist (if necessary)

 Select the sample you wish to see
 Select the auditee you want to interview
 Check systems / process top-down or bottom-up or
vertical-horizontal
 Manage time
 INTERVIEW TECHNIQUES

 Be courteous at all times (never act superior)

 Ask the auditee to explain what he does with respect to
selected situations.
 Listen carefully to what is said.
 Allow time for auditee to think.

“Show & Tell” Technique

Many auditors rely heavily on asking questions as the basis of
their information gathering.
 INTERVIEW TECHNIQUES

 Remember alternative situations (what happen if)

 Be systematic (summarize to show understanding)
 Ensure that both you and auditee understand each other
fully.
 Thank auditee for his cooperation and feedback results.
 INTERVIEW TECHNIQUES

Combination of observing and listening

technique.
 Less threatening
 Gathers more information
 Demands thorough preparation
 Requires attentive observation and listening.
 INTERVIEW TECHNIQUES

QUESTIONS TO ASK … OPEN QUESTIONS

 Who…..? What….?
 When….? How….?
 Where……? Why…..?
 They produce answers of substance
 They gather information efficiently
 They keep the dialogue flowing
 INTERVIEW TECHNIQUES

OTHER QUESTIONS TO ASK

 Direct question
 Requires a definite answer
 Established something factual
 Useful for clarifying details
 Can bring discussion back on track!
 Hypothetical question
 Poses the unusual
 What does the response indicate
 Clarifying question
 Prevents misunderstanding
 Gets more detail from the interviewee
 INTERVIEW TECHNIQUES

QUESTIONS TO AVOID
 Self-answering questions
 Leads to the expected answer
 Unnecessary pressure
 Trick questions
 Destroy credibility
 Create resentment
 Close off communication
 Ambiguous question
 Create confusion
 Phrase questions clearly
 INTERVIEW TECHNIQUES

QUESTIONS TO AVOID
 Compound questions
 Are usually directive
 Are not helpful
 Generate more confusion
 Irrelevant questions
 Waste Time
 Create diversions
 Questions to the wrong person
 Waste time
 Generate confusion, tension
 INTERVIEW TECHNIQUES

SUCCESSFUL QUESTIONING STRATEGIES

 Other techniques
 Talking through the evidence
 Silence can be useful
 Confirming answers
 Periodically summarize
 Vary your pattern
 Start with observation
 Fill in gaps with open questions
 Confirm with direct questions
 Explore with hypothetical/clarifying questions
 Provide periodic summaries
 INTERVIEW TECHNIQUES

SUCCESSFUL QUESTIONING STRATEGIES

 Develop unit concept
 Plan your approach
 Divide topic into units
 Explore each unit thoroughly
 Summarize, move to next unit
 Listening skills
 Focus on speaker
 Avoid physical, mental distractions
 Reassure verbally, visually
 Maintain appropriate eye contact
 Project appropriate body language
 CONTROLLING THE AUDIT

 Remain assertive
 Avoid lengthy discussion or observation
 Not to be led or misled
 Keep track of schedule
 Be thorough and efficient
 Avoid becoming “bogged down”
 Not antagonize or dictate
 Time wasting
 The waffle
 The Would-be politician
 Repeated interruptions
 CONTROLLING THE AUDIT
 Leading the Auditor
 Pre-prepared evidence
 Chosen auditee
 Auditee own plan/program
 The unusual situation
 Testing the auditors strength and character
 Establish the relevant documents are of correct issue
 Do not let only one person do all the talking
 Observe work progression when necessary
 Evaluate physical evidence
 Examine input, output and controls
 Make comprehensive notes
 Seek verification
 Do not assume people will lie but seek to verify statements, if
necessary
 POINTERS TO AUDITORS

 Be a good listener – empathize

 Get interested but do not get involved
 Know what and when to say
 Be sensitive to auditees’ nervousness or defensiveness
 Look at the person speaking to you. Do not turn around
or talk down
 Be flexible
 Be assertive
 Do not appear impatient
 Do not be lazy
 MODULE 4 :
WRITING AUDIT REPORTS AND
FOLLOW-UP AUDITS
 WHEN SOMETHING SEEMS WRONG

 Find out the facts….. Is it wrong?

 If so, do they know it is wrong?
 Can they give (or can you find) an explanation for it
happening?
 Is this an isolated event or is it occurring elsewhere as
well?
 Is it an aberration or is it a symptom of a deeper
problem?
 Why didn’t the management system detect this?
 Why is the management system allowing this to happen?
 BASIC RULE OF AUDITING

“IF YOU CANNOT EXPRESS A NON-CONFORMITY IN

THE WORDS OF THE MANAGEMENT SYSTEM
STANDARD OR A MANAGEMENT SYSTEM
PROCEDURE, THEN YOU DO NOT HAVE A NON-
CONFORMITY.”
 IDENTIFYING NON-CONFORMITIES

Non-Conformities can be:

 Related to the management system
 Related to technical activities
 Failure to do something required
 Difference between work practices and documented
instructions
 EXPRESSING NON-CONFORMITIES

Statement of Non-Conformities must be :

 Non-blaming statements of facts
 Based on recorded objective evidence
 Directly related to specific documented requirement
 MODULE 5 :
SELECTION OF AUDITORS
&
SPECIAL ASPECTS OF INTERNAL
AUDITS
 CHARACTERISTICS OF AUDITORS

 An understanding of management system concepts.

 Knowledge of the management system itself.
 Sufficient knowledge of the technology.
 Ability to probe and analyze situations.
 Good judgment and communication skills.
 Positive attitude towards the management system.
 PERSONAL ATTRIBUTES

 Ethical, i.e. fair, truthful, sincere, honest and discreet;

 Open-minded, i.e. willing to consider alternative ideas or points
of view;
 Diplomatic; i.e. tactful in dealing with people;
 Observant; i.e. actively aware of physical surroundings and
activities;
 Perceptive; i.e. instinctively aware of and able to understand
situations;
 Versatile; i.e. adjusts readily to different situations;
 Tenacious; i.e. persistent, focused on achieving objectives;
 Decisive; i.e. reaches timely conclusions based on logical
reasoning and analysis; and
 Self-reliant; i.e. acts and functions independently while
interacting effectively with others.
 SPECIAL ASPECTS OF INTERNAL
AUDITS
 Corporate Culture
 Internal Politics
 Dangers of Familiarity
 Risk of missing the obvious things that an outsider auditor
would challenge
 Securing Commitment
 Regarded audits as of lower importance than external
audits and will not be given the attention and priority they
deserve
 Seen as an interruption to the normal flow of work
 Third Party Interest
 Important activity in any audit
 Effectiveness of the organization’s internal audit
“How come we found that and they didn’t?”
Q &A