Internal audits and why they are so important (Part 5 of 5)
In the first four parts of this series we discussed the following:
- What are internal audits?
- What are the benefits of conducting internal audits?
- What is an audit scope?
- What is usually included in an RTO internal audit?
- Who can be an internal auditor?
- Compliance costs and risks in terms of “risk management.”
- The effective internal audit function
- The requirement of conducting internal audits
- The quality system of an RTO
- Planning for internal audit and consideration
In this part, we will cover the following areas:
- Part 5: Conducting and recording an actual internal audit
Conducting and recording an internal audit
Internal audits are a key management control activity that ensures a consistent internal business process. It also enables the RTO to identify deficiencies in business processes and improvement opportunities. An internal audit is not carried out to identify defects, issues and problems in the processes, but to highlight areas of improvement that can improve the overall performance of the organisation. The main aim of an internal audit is to verify and ensure that the policies and practices of the organisation are implemented and followed and to inform senior management of any gaps in compliance.
If the organisation does not have staff that have the necessary skills and experience from having been part of recent audits, the organisation should involve an external party to provide audit services. One advantage of doing this is that you will receive an unbiased report as the auditor will look at your procedures with fresh eyes.
The aim of the internal audit is to assess the difference between what the quality system aims to achieve and what takes place in practice in an organisation.
For an effective audit you need to ensure that:
- The internal audit is conducted according to an internal audit schedule and/or audit plan
- The internal audit charter is prepared and details the purpose, authority, what and when to audit, understand the scope and objectives of the audit activities, and the responsibility of the internal audit function at the organisation.
- Internal audits can be conducted by using different methods such as documentation reviews, interviews and observations. Based on the scope and objective of the auditor, the audit can include any methodology or combination of all.
- The auditor should sight and examine sufficient hard-copy or electronic records to verify; evidence of compliance with management system procedures; and effective implementation of processes and internal controls.
- The audit needs to be conducted in a fair and unbiased manner.
- The audit involves obtaining audit evidence and evaluating the evidence objectively
- The audit should focus on identifying common causes and factors of non-compliance and give advice on how to eliminate them
- Identify barriers to effective communication
- All findings should be recorded using compliant audit tools and documents
- An audit report needs to be completed, detailing the findings and submitted to the stakeholders
Planning and considerations after the audit activity:
- You must ensure that the organisation maintains a quality system, where the RTO:
- Follows policies and procedures
- Compliant records are kept
- Documents are controlled
- Continuous improvement is implemented
- Ensure the organisation meets compliance and regulatory requirements
- You must prepare an action plan and complete each action item listed in the audit report
- You must review and update your action plan on an ongoing basis
- You must involve the auditor or independent consultant to review and assist you with completing the action items to ensure compliance has been met
- Creating checklists for each process and procedure to follow makes it easy to maintain and review compliance and quality assurance
Stay tuned for more. Our next newsletters will cover the following topic:
- Special edition on frequently asked questions and answers on internal audits.
Send us your questions regarding internal audit practices and procedures to be included and answered in our next special edition.
Our email address is email@example.com.