In order to achieve business success, continuous improvement is essential. Internal auditing provides a vital way to do this. Whether you choose to have an in-house internal auditor or hire a third-party auditor, the process can help to highlight flaws in your business approach.
The benefits include:
- Risks occur during these processes
- Processes are being followed
- Processes are still effective/relevant
- Output is of a consistently high standard
The frequency of the audit will depend on your business.
Step 1: audit planning
Firstly, you need a list of areas you wish to audit. This may include:
- Purchase invoice process
- Purchase order process
- Sales invoice process
- Sales order process
- Sales quote process
- Preparation of Item A
- Production of Item A
- Finish/Quality Control process
- Stock process
- Shipping process
- IT and Security
- Human Resources
- Payroll process
- Expenses process
You can then assign the frequency of these audits using this list. With this information, you can create an Internal Auditing Calendar for the year.
Form an internal audit calendar
It should be a considered a main priority and responsibility your business shares when conducting the process of an audit. Drawing up a calendar ensures that the audits will be completed on time and frequently. Your internal auditing calendar doesn’t need to be anything fancy. A simple template to follow could be:
Any documents that have been prepped and contain must-know information for audits can be shared on the calendar. It also gives the internal auditor a chance to locate the process documents and review how the process should be followed and write up relevant questions, before they observe it in action.
Processes involved in internal auditing
Interview and observation
Interviewing the employee is the first part of the auditing process. With questions in hand, the internal auditor should then monitor the employee performing a given process, preferably in a natural scenario (i.e. the task needed doing that day). Asking the employee questions about the process they are performing will give the auditor insight as to whether or not the member of staff is, a) following the process properly, and, b) understands the process and the risks it is designed to mitigate. Depending on the answers, the auditor can make note of areas that may need refresher sessions, or aspects of the process that may not have aged well (such as inefficient practices compared to technology that has been brought into the workplace).
In order to highlight any findings or issues, the internal auditor has the responsibility of writing up the report. Again, the report document can be as simple or as detailed as you require, so long as the findings are recorded. In the event of a process found to be non-compliant, the auditor will need to recommend further measures in an action plan. They may also need to raise a Non-Compliance Report, depending on your company and its quality compliance measures and recognitions:
|Process 1||Procedure completed in accordance to outline of Process 1. No risks found.||✔|
|Process 2||Equipment used as part of Process 2 suffering notable wear and tear. Product quality affected by this.||✘|
|Process 3||Data is stored accurately and safely in accordance to outline of Process 3. No risks found.||✔|
Drawing up an action plan
After an action plan is created helping address these losses, they can be presented to the appropriate heads of departments. This should include the finding, the corrective action, who will take ownership of implementing the corrective action, and the deadline for doing so. There should also be a follow-up date to ensure the corrective action has been applied:
The table below uses hydraulic cutters supplier HTL Group as an example:
|Finding||Corrective action recommended||Non-compliance report number||Owner||Deadline for implementation||Review|
|Process 2||Replace bolt tensioner.||NCR4||George||01/12/19||01/01/19|
With the help of an action plan, improved and more efficient processes can be conducted! The process of internal auditing is a benefit to any business, and it should be implemented as a critical procedure, and not simply as something to tick off in the books!