“I am here to audit you.” That phrase can strike fear in most of us, thanks in part to our good friends at the IRS. In the business world as well, those five words can send a chill down the spine of everyone from the Finance VP to the shipping department clerk. But it shouldn’t if you have a well run system for Internal Audits. If your organization has an aggressive and well run Internal Audit system, when an external auditor shows up (whether from a customer, a regulator, or third party registrar), then nothing they do or find will be a surprise to you. In fact, if the Internal Audit system has already identified areas for improvement, and plans and activities for improvement are in place, including Corrective Actions, then most external auditors will view your proactive management very positively.
Preparing for external audits is just one reason to have a proper Internal Auditing program. Another good reason is that it is frequently a requirement. Section 8.2.2 of ISO 9001:2008, for example, clearly states that the organization shall conduct Internal Audits at planned intervals. A similar provision exists in many other standards and regulations as well.
As noted above, Internal Audits can also ensure your policies, procedures and processes comply with all the required standards and regulations. Do you really want to wait for external auditors to show up in order to know how your organization’s internal control or Quality Management System is doing?
If compliance, however, is your only goal in creating and maintaining a system of internal control, or for instituting a Quality Management System like ISO 9000, (and its associated Internal Audits), then you may be missing a great opportunity.
If your business or organization is taking the trouble to institute internal control and management systems, shouldn’t you use the system to continually monitor and improve performance? And Internal Auditing has an important role in the continual improvement mindset. Using control and management simply for compliance is just doing the bare minimum. Few businesses truly succeed with that philosophy.
Putting an Internal Auditing program in place isn’t difficult or expensive. The key to an internal auditing program is just a commitment to applying a small amount of resources in assembling and training an Internal Audit team, and then scheduling Internal Audits according to your organizational needs. For example, a pharmaceutical company complying with FDA regulations will probably want to have a more aggressive Internal Audit schedule than, say, a tool company that is ISO 9001 registered.
Besides committing the appropriate resources (personnel, budget, and time), training and clear communication are the most important elements of an Internal Audit program. The Internal Audit teams should be trained on the audit process as well as the standard or regulation to which audits are being conducted. Audits, whether internal or external, should always be conducted to a specific standard, regulation, or internal control system (policies and procedures). This allows auditors to base objective findings on very specific requirements.
Communicating the objectives of the Internal Audit program throughout the organization is also important. If everyone in the organization understands that auditing is always about improving the system, and never about catching someone doing something wrong, this knowledge goes a long way to alleviate the fear and dread. This can be especially true if they understand that the audit will provide meaningful information for continual improvement and effective management as well as preparation for external audits.
Bizmanualz can help with your Internal Auditing program. We have recently redesigned and improved our Internal Auditor Training class. The two day course covers key areas on which all Internal Audit team members should be trained, such as audit techniques, the importance of clear communication, appropriate auditor behavior, how to conduct audits that stay within scope and schedule, and audits that provide meaningful information for compliance and continual improvement.
While the Bizmanualz Internal Auditor class uses the ISO 9001 standard, the techniques and information can be applied while auditing to any standard or regulation including:
Bizmanualz Managing Director Chris Anderson developed and teaches the course. Chris has years of auditing experience across numerous fields and industries, including AS 9100 Aerospace, ISO 9001 manufacturing, ISO/TS 16949 Automotive, FDA/ISO 13485 medical device, Sarbanes-Oxley Accounting, and ITIL Information Technology compliance. Chris also holds certifications involving quality management and auditing from the American Society for Quality (ASQ).
So the next time someone says, “I am here to audit you,” instead of reacting with fear and dread, think of it as what it really is: an opportunity to improve your department and your organization. Bizmanualz is here to help you make auditing a pleasure, not a pain.