Internal auditing, in the past several years, has been going through a transformation. Financial accountants and certified public accountants (CPAs) are being asked to probe and analyze not just records and receipts, but truly significant management issues. In many aspects, internal auditing and quality auditing are being combined to achieve a common goal. There are many lessons learned to be shared.
Definition of an AuditThere are essentially four types of audits: financial, product, process and systems. The definitions, applications and requirements of each are described as follows.
A financial audit is conducted by personnel trained in business accounting processes. Its primary purpose is to verify that the accounting methods within an organization are giving the organization and its shareholders a true representation of the organization’s financial health.
The term product audit is somewhat of a misnomer. Actually, a product audit is a detailed inspection of a finished product performed prior to delivering the product to the customer. Product audits are typically customer-oriented and focus on elements of product specifications to estimate the outgoing quality level of the product.
A process audit in general is narrowly focused. It examines an activity to verify that the inputs, processing and outputs are being done according to defined requirements. This type of audit is a verification of the manner in which people, material and machines mesh together to produce a product. It examines the adequacy and effectiveness of the process controls over the equipment and operators as established by procedures, work instructions and process sheets. Process audits are appraisal and analytical in nature.
A systems audit is known by several other names. Among these are quality system audit, management audit, quality program audit, and systems and procedures audit. Its objective is to examine the entire organizational system.
The two basic forms of this type of audit are internal and external. The former examines the management methods within a company or agency, while the latter includes a review of contractors and suppliers.
CommonalityFor our purposes, the definition of an audit is a “formal evaluation of performance to predetermined standards and using that evaluation to stimulate improved performance.” It is a structured means of measuring the conformance of actions to promises. Despite the differences in application for these four forms of an audit, they all have several things in common.
First, they are performed on a selected segment of something larger. One does not audit every financial transaction, every automotive engine cylinder block characteristic, every soda can filled to capacity or every management action. An audit randomly selects a portion of the available population and then draws on the data to make conclusions on the whole.
Second, all audits require some type of requirement, specification or other such measuring criteria from which to base the audit conclusion. Audits need some sort of performance. Audits are generally about effectiveness, whether it be financial records or a manufacturing process. An audit is not about efficiency but goodness of the output.
Finally, all audits are performed by someone who is independent and not involved in the activity under review. This gives the audit freedom from bias, independence and respect in the eyes of the subject of the audit report.
BasicsAccording to Dennis Arter, an American Society for Quality (ASQ) Fellow and author of Quality Audits for Improved Performance, there are four fundamental rules for performance improvement audits:
Define the audit purpose and scope. When deciding on the purpose of an audit, the needs of the customer must be considered. Like many other service groups, auditors have a variety of product users. The ASQ’s standard for auditing, ANSI/ISO 19011 refers to the customer of the audit as the client. The client is the person or organization requesting an audit. Many times the client is a manager who is responsible for the production of marketable goods or services. The client makes the final decision on the scope of an audit.
The audit scope establishes a perimeter around the area to be audited and prevents the team from moving into areas that are not relevant to the purpose of the audit. The scope must be established prior to the audit so that both the auditor and auditee know what to expect. The scope of an audit greatly influences the number of auditors, its duration and ultimately its cost.
Audits provide management with valuable data and information but careful planning is needed so that disruption to the organization during the audit can be minimized. Remember, little productive work is accomplished in the environment of a typical audit.
Identify performance standards. Standards are the criteria against which the performance of an activity is measured. Requirements to audit against can be very formal, such as government regulations. Formal requirements or contractual standards are normally written using the words shall, must or will to designate a mandatory requirement.
An industry association might develop standards as rules for belonging, such as hospital accreditation. Usually standards come from within, such as the company policy and procedures manual or the process instructions for a section of a manufacturing line. Regardless of the source, standards represent proven methods of achieving the control desired.
As the eminent Dr. Joseph M. Juran, one of the greatest quality giants of modern times, was reported to have said, “without a standard there is no logical basis for making a decision or taking action.”
Therefore, without performance standards, there can be no meaningful measurement. In addition, without measurement, audits become conjecture and not fact.
Develop a plan to address areas of examination. It is important that all selected requirements of the performance standard be addressed during the audit. Also, a method is needed for organizing all the documents and working papers that form the final record of the audit.
An effective audit checklist will enable both of these to be achieved. Not only is a checklist highly recommended, it is typically required by most audit program standards. Some organizations like to use generic-sometimes called canned-checklists, but there are several reasons why they not be used.
Report audit results. The final product of an audit is the report. The purpose of the audit report is to communicate the results of the investigation. All of the auditor’s scraps of paper, notes and objective evidence are reduced to a written report.
The audit process may end when the report is issued by the lead auditor or after follow-up actions have been completed and verified. This depends on the needs expressed by the client.
Shift from Compliance to PerformanceThe concept of the ownership of quality is most important to the success of the organization. Managers are paid to provide the resources for the development and manufacture of quality products and services; therefore, they must be held accountable for the resulting work.
The role of an auditor is to conduct an objective assessment and provide analyzed information to management. They are an independent set of eyes and ears for management. An auditor can find, analyze and report the true impediments to quality and then let affected managers correct those problems. However, the key phrase is true impediments.
The old school of auditing focused on finding noncompliances and nonconformances. This meant digging until something wrong is found. Any auditor can find areas of weaknesses or errors if they dig deep enough. The challenge is to uncover the vital few issues that hinder the organization from performing more efficiently or effectively. Nitpicking to report minutia-the trivial many-adds frustration, little value and added cost to the organization.
The new audit philosophy is to focus more on effectiveness and continual improvement as organizations become more performance based. Rather than focusing just on adherence or compliance to a certain standard, organizations are assessing their operations against best practices.
As there is a shift from compliance to performance, organizations will see the viability of using process and system audits as a management oversight tool to monitor, promote and sustain continual improvement.