Understanding the Process of Internal Audit

Types of audits

There are many different types of internal audits, each focused on targeting different aspects of a management system and the organisation. As an internal auditor, it is expected that you are able to choose the right type for the right situation:

1. Quality system audit
2. process audit
3. System audit
4. Procedural
5. Management

What is the purpose of an audit?

The main reason for conducting an audit is to allow the organisation to evaluate the quality management systems and their related process. Used to measure the organisation’s ability to achieve the goals that they have set for themselves.

Internal audits

Usually, Internal quality audits are prepared and instituted by the quality manager, who will then communicate the status and the importance of conducting the internal audit. Depending on the scale of the audit the quality manager may choose to do it himself and can assign a team to complete certain tasks if the scope is too large for him to handle alone.

The quality manager or lead auditor is then responsible for organising an agenda that will include the:

• Scope and objectives of the audit
• People having direct responsibilities for the procedures to be audited
• Reference documents
• Name of the lead auditor and names of assigned auditors
• Date when the audit is to be concluded

Following a review of earlier audit reports on the same section or subject, the assigned auditors will prepare an audit checklist containing all the items to be covered, together with an audit program.

The type of any internal audit will vary depending on the size of the organisation and as mentioned above it is done to identify the deficiencies within the already implemented quality management system and if found implement corrective action to improve the system.

To meet the aims, the internal auditor must prepare pre-planned steps to assess the effectiveness of the quality management system. This plan is called an internal audit plan. It is advised to create a plan based on ISO 9001 standard, outlining all the internal audit requirements for ISO 9001.

Furthermore, the procedures used to perform audits must be documented and all relevant quality control staff should be involved.
The plan should:

• Make sure the specified area for conducting the audit is covered
• Provide a reason for conducting the audit
• Delegate and specify the task to select employees
• Describe the layout and final form of the internal audit report.

When and if a deficiency is found, it is crucial that management take corrective action as soon as possible, and at times this could mean that certain methods have to be reviewed. Additionally, any follow-up action taken in response to the deficiency must be reported and verified. In line with ISO 9001, all organisation needs to document the procedures used to conduct the internal audit. This is done in order to assist the internal auditor in identifying whether it was a standard internal audit or a procedures internal audit. A standard internal audit is used to evaluate the effectiveness of the implemented ISO while the procedures internal audit evaluates the methods used to implement ISO 9001 or any ISO system.

Once all the appropriate observations have been made the auditors will meet to acknowledge the deficiencies and will write up a formal report which needs to be signed by all members of the internal audit team. This report will outline the problems identified and the suggested methods to fix said problems. this will then be sent to the auditees and the company management.

Once the meeting has ended a request to take corrective action will be prepared, outlining what will be fixed and who will fix it. Once approved, the company being audited must make sure that corrective actions are implemented.