8 Steps To Performing An Internal Audit
Estimated reading time: 4 minutes
Internal audits help organizations achieve corporate objectives by keeping a pulse on the consistency of internal business practices.
The goal of an internal audit is to ensure organizational policies and procedures are followed and to alert the management of gaps in policy compliance.
The internal audit process can be done with internal resources or can be outsourced to an external third-party vendor.
There are advantages and disadvantages to outsourcing the function.
However, making sure that the audit practice is done consistently can help organizations manage performance and ensure consistent product quality.
Performing an internal audit can be time-consuming, and resources need to be allocated to the process.
An audit can be done daily, weekly, monthly, or annually. Some departments may need to be audited more often than others.
8 Steps to Performing an Internal Audit
1. Identify Areas that Need Auditing
Identify departments that operate by using policies and procedures written by the organization or by regulatory agencies.
This can include areas as complex as manufacturing processes or as simplistic as accounting procedures.
Make a list of each area and the functions of the area that require review.
2. Determine How Often Auditing Needs to be Done
Some areas may only need to be audited annually, while some departments may require more frequent audits.
For example, a manufacturing process may require daily audits for quality control purposes, while the HR function may only require an annual audit of records and processes.
3. Create An Audit Calendar
A structured and systematic approach to the auditing process can help ensure the function gets completed.
And, like any other business goal, audits should be integrated into corporate objectives.
Scheduling audits on the business calendar ensures that it is done consistently.
4. Alert Departments of Scheduled Audits
It is simply a common courtesy to give departments notice of an audit so they can have the necessary documents and materials ready and available for the reviewer.
A surprise audit should only be done if there is suspicion of unethical or illegal activity.
Department managers should not feel threatened by an auditor but view them as a valued resource to help them better manage their area.
5. Be Prepared
The auditor should come prepared with an understanding of policies and procedures and a list of items to review.
For example, an HR audit may focus on employee files and I-9 compliance.
The more prepared the auditor is, the more efficient the process will be, and the less downtime there will be for the area being reviewed.
6. Interview Users
The auditor should interview employees and ask them to explain their work process.
Compare the process, as the employee explained it, to what the written policy says.
This step is to gain an understanding of employee competence and identify areas that need additional training.
7. Document Results
Document the results and any differences in practice to how the policies are written, when policies are complied with, and when they are not.
This may also include other information that is gathered from the interview process. Again, the goal is to identify gaps in compliance and to figure out a way to bridge that gap.
8. Report Findings
Create an easy-to-read audit report. These reports should be reviewed with senior management, and an improvement plan should be developed for areas that have gaps in practice compliance.
Using a FOCUS PDCA model can help facilitate a structured process for implementing this type of improvement.
Other things to think about
- When reviewing policies and procedures, it is essential to think about whether written policies are meeting the needs of customers and adding value to the organization.
- Policies and procedures should focus on continuous improvement as it relates to how work is performed.
- Is there a healthy team environment that supports compliance with policies and procedures? A dysfunctional team can impact procedural compliance.
- Policies and procedures should be reviewed on an annual basis to ensure policies reflect the changing business environment.
Businesses are only as successful as their ability to create products and services that meet the needs of their customers and to deliver these products and services accurately, seamlessly, and without error.
Policies and procedures are how organizations maintain efficient and effective practices that support quality products and services. Internal audits are one tool that organizations use to ensure that their products and services are delivered the right way, the first time and every time.
How often do you audit your internal business practices?