Internal Audit

Q: I am in charge of the internal audit program at my company and am wondering if you have any suggestions on how I can make this activity more valuable for my company?

 

A:  Internal audits are part of management responsibilities (1–3) and can provide valuable information and offer many benefits to an organization. The information obtained during the audit can be used in many ways to help your organization grow and continually improve its operations. How you approach the internal audit function will help the organization understand the advantages of supporting an effective, well-run internal audit program.

 

Internal Audit Design

 

If designed and implemented appropriately, internal audits can provide valuable information that can be used to prevent issues before they become compliance concerns during a regulatory inspection.

 

Issues can be identified and corrected before the regulatory authorities or current/potential clients identify them. If these issues can’t be completely remediated before an external audit, a plan to correct them can be established and action taken to mitigate them.

 

Corrective Action

 

Having corrective actions in place before others identify the issue may lessen the impact of the observation and instill confidence that your quality system is under control and there is a process in place for continuous improvement. In addition, the internal audit can be used for training staff and communicating valuable information to the organization.

 

Internal Audit Strategy

 

The strategy behind an internal audit is not to pretend to be the regulatory authority and show up unannounced but rather to work in cooperation with your colleagues to identify and solve potential issues. An effective program establishes a partnership between the audit function and the departments being audited. The ideal tone for an internal audit should be a team-oriented activity that is instructive, informative, open, honest, and inclusive.

 

Audit Schedule

 

There are several factors that help contribute to establishing this tone. One way to set the proper tone is to publish the audit schedule in advance and make sure the functional areas are informed of the schedule. The audit itself should be forward thinking and unlimited in scope. The auditors should work with the functional area and talk with as many employees as possible to identify the issues of concern.

 

Internal Audit Process

 

Individuals who are responsible for performing the day-to-day activities often have the best insight as to what is working and what needs to be improved. Excluding them from participating in the audit process might result in overlooking a serious issue that could come up during a regulatory inspection. To be able to get the most valuable information about the potential compliance issues facing the organization, internal audits should not be judgmental or antagonistic, or have a ‘check the box’ mentality in execution. They should also avoid looking retrospectively in lieu of looking forward.

 

Certified Lead Auditor

 

The behavior of the auditors during the audit is also important to obtaining valuable information. Auditors should be direct and avoid asking questions designed to stump people. The auditors should take this opportunity to teach by explaining why they are asking particular questions and providing the regulatory citation for the inquiry.

 

Audit Procedures

 

One of the most important audit procedures must be followed by the mock inspector. It is important their behavior includes the ability to listen to the answers to the questions and refrain from judging. The auditor should adopt a proactive approach to the audit and look at items that are infrequently assessed. Above all else, the auditor needs to be friendly.

 

Internal Auditor

 

The exact same behavior defined for the auditor should also be the exact same behavior displayed by the auditees. Auditees should be direct and avoid deflecting or obfuscating answers. They also need to be instructive and take the time to explain why they do things the way they do them.

 

Audit Committees

 

Leadership needs to listen to the auditor’s concerns and not overreact to the question being asked. They should be proactive and point out things of concern and seek advice on how to remediate them. Both parties need to remember they are not the enemies, rather they are the partners.

 

Audit Control

 

Internal audits are a valuable tool for identifying issues before others identify them. The information obtained during the audit can be used to improve your processes, and the audit process itself can be another tool to help train employees.

 

If you consider the internal audit as a gap analysis for your processes and set a tone of partnership and cooperation, you will find that the audit program and the information obtained from it will become a valuable resource for the organization rather than an unwanted intrusion into operations.

 

 

 

To begin the Regulatory Compliance Associates scoping process today, please enter your information in the blue form below and click the submit button at the bottom of the webpage. You may also email us at [email protected].