An internal quality audit provides an unbiased view of the processes that directly impact the products and services of an organization. One of the most important objectives of an internal quality audit is measuring the effectiveness of an organization's quality management system. For this to happen, executive management must first meet its overriding responsibility of establishing and maintaining a system regarding quality policy, goals, resources, processes and effective performance--including monitoring and measuring the system's effectiveness and efficiency.
With respect to quality, an organization's fundamental responsibility is to define the management system used to ensure and safeguard quality. This task begins by identifying the process applications that will be part of the quality system. These should be integrated and coordinated to achieve system objectives; i.e., the processes must be organized in a process approach and supported with necessary resources. Also, the quality system's performance must be continually measured for effectiveness and efficiency, and active improvement structures must be developed.
Audit planning is a vital area of the audit primarily conducted at the beginning of audit process to ensure that appropriate attention is devoted to important areas, potential problems are promptly identified, work is completed expeditiously and work is properly coordinated.
Quality audit planning phase consists of mainly three distinct but overlapping activities i.e. gaining an understanding of the nature of the program, activity, organization or initiative being audited, determining and assessing risks, and determining the most appropriate audit objectives, scope and criteria to be employed to achieve the desired result.
Some of the key documents and information that the audit manager can use to plan the audit are:
What are the objectives of the work center, area, process, activity or product?
How do these relate to the overall objectives of the organization?
Does everyone involved know the customer requirements, as appropriate (both internal and external)?
Is there an understanding of what is necessary to meet (or exceed) customer requirements?
Are the individuals performing work correctly? Do they know what to do and have the means to do it, including documentation, time and tools? Are applicable procedures available?
How do individuals know that they have performed work to requirements?
How is continual improvement addressed?
Policy, procedures and standards manuals and directives
Organization charts
Job descriptions and delegation instruments
Process and system maps or flowcharts
Operational and financial data and reports
Management studies or reports
The risk assessment process provides a structured means of evaluating information and applying professional judgment as to the most important areas for audit examination.
A detailed risk assessment is undertaken during the planning phase of the engagement to confirm that the lines of inquiry and the initial objectives have indeed focused on the most important risks associated with the program or activity being audited.
Internal audit program also called an audit plan, is an action plan that documents what procedures an auditor will follow to validate that an organization is in conformance with compliance regulations. The goal of an audit program is to create a framework that is detailed enough for any outside auditor to understand what official examinations have been completed, what conclusions have been reached and what the reasoning is behind each conclusion. The framework should explain the compliance audit's objectives, its scope, and its timeline. The audit program should also describe how working papers, the documented evidence of the audit, will be collected, reviewed and reported. The audit process begins with planning the audit. During this phase, the audit team will perform the following:
Distribute Audit Notification
Conduct Pre-Audit Meeting
Interview Department Personnel
Review Policies and Procedures
Understand and Document the Business Processes
Perform Risk Assessment
Prepare a Detailed Audit Program
Prepare audit budget (in hours)
Select items to be Audited (samples, not 100%)
The second phase of the audit is called fieldwork. During this phase, the audit team will physically be on site at the audit client’s location performing the audit. The following are some of the procedures generally performed during fieldwork.
Review Supporting Documentation
Interview department personnel
Perform analyses
Identify Exceptions
Identify Recommendations for Improvement
Prepare Written Audit Comments (i.e., findings)
Department Provides Written Response and Corrective Action Plan for findings
The third phase of the audit is reporting. During this phase, the auditor in charge will prepare the written audit report which summarizes and communicates the audit results.
Issue a draft report
Discuss draft report with unit management
Issue final report
Report is factual, clear, concise, and appropriate tone
Report distribution:
President
Executive Vice President
External Auditors
Chief Financial Officer
Controller
Audit Subcommittee
Division Vice President or Senior Vice President
Department Head