Let's begin by looking at quality audits. This type of audit involves a process of looking at a quality system. An internal or external auditor or team can conduct such an audit.
A quality audit is a part of the quality management system for an organization. It is also an element of ISO 9001 - an ISO quality system standard.
Information that a consultant can provide to their client includes that quality audits:
1. Are usually completed during a specific time period
2. Look at how an organization links actions with a system for monitoring procedures
3. Can help see if an organization complies with processes of a quality system
4. Can involve procedural criteria
5. Can have a focus on effectiveness of a quality management system
Additional information a consultant can provide about audits is that audits:
1. Are a management tool
2. Can verify information about processes
3. Can assess the success of implementation of processes
4. Can assess achievement of a target
5. Can document elimination of a problem
An organization can benefit from a quality audit as an organization gets information about:
1. Non conformance
2. Corrective action
3. Good practice
Departments can share information and adjust their work processes and practices accordingly. This can contribute to continuous improvement.
Consultants can also let clients know that audits can be a regulatory or compliance requirement. As an example the FDA requires that an organization complete a quality audit as part of the quality system regulation for medical devices. This is according to Title 21 of the US Code of Federal Regulations, part 820.
Education systems can also be audited for compliance with various standards. Countries such as the US, Australia, Sweden, and Finland use quality auditing in their higher education system.
A consultant can also explain that an organization can use an audit to look at safety issues. An audit of this type can help monitor safety and keep conditions safe. The audit can look at issues such as effectiveness and compliance.
The use of software and other tools can help with auditing. Here are some factors to consider.
1. Software can help with documenting tasks and processes.
2. Software can look at conformance to standards.
3. Software can look at quality costs as well as the costs of poor quality.
4. Software can look at fitness of purpose.
5. Software can help evaluate costs for production, assembly, and other elements in an organization.
AUDITING AND THE CONSULTANT OVERVIEW AND HOW TO
In addition to helping with a quality audit a consultant can help with other audits. These audits can involve independent examination of:
3. Regulatory and statutory records
4. Any documents and elements relating to how the organization is run
5. Adherence to laws
6. Any subject matter
During an audit a third party looks for errors and other areas for improvement in an organization. Areas for auditing can include:
1. Energy conservation
2. Water management
3. Financial information
5. Project management
WORKING WITH INTERNAL, EXTERNAL, AND CONSULTANT AUDITORS
To get a better idea of what is involved in an audit, a consultant can explain about what it is like to work with an auditor. This can better prepare an organization. We can classified auditors as:
1. Consultant auditors
2. Internal auditors
3. External auditors
Let's look more closely at each type.
If you are hired in this capacity you are typically contracted to complete an audit according to a standard specified by the organization. This is unlike an external auditor who provides the standard to follow and use during the audit.
You can be hired in this capacity when an organization does not have enough staff to complete an audit. You could be hired also because the staff does not have the expertise to complete such an audit.
An organization can expect that if you are a consultant auditor you could work independently or with internal auditors. The level of independence can be between that of an external and internal auditor.
These auditors work for the organization they audit. They can work for:
1. Publicly traded companies
2. Government agencies at the local, state, or federal level
3. Non profit companies
These internal auditors can be professionals who follow the rules of the Institute of Internal Auditors. This institute is internationally recognized as a standards setting organization. Here are some of the guidelines internal auditors can follow:
1. Keep internal auditing independent
2. Make internal auditing a consulting activity
3. Keep internal auditing an objective assurance
Internal auditing should add value to the operation of an organization and help improve it. It should help an organization achieve its objectives. Internal auditing should be disciplined and systematic. It should improve risk management. Here are more guidelines on what an internal auditor can do for an organization.
1. Provide an independent and objective audit
2. Provide a consulting service
3. Look at functions provided by executives, stakeholders, shareholders, and a board of directors
4. Look at risk management, processes, and governance of an organization
You can expect if you work with a Certified Internal Auditor that the auditor:
1. Is governed by international professional standards
2. Follows the code of conduct of the Institute of Internal Auditors
3. Is independent and objective but still employed by the organization that it audits
How can a professional internal auditor be independent of their employer? Here are some of the ways.
1. Organizational placement makes them independent
2. Reporting lines go through an internal audit department
3. IIA standards require these auditors be independent of the activities they audit
A requirement for a publicly traded company in the United States is that an internal auditor report:
To a board of directors or subcommittee of this board as, for example, to an audit subcommittee
Not to management
This is how an internal auditor can be independent and properly conduct audits for the groups where they work.
These auditors come from an independent firm. They are contracted by a client to complete an audit and provide an opinion. This can include an opinion on the financial statements of an organization with regard to fraud and errors. Let's look more closely now at these auditors, their function, and what an organization can expect when working with an external auditor.
Cost auditor (also called a statutory cost auditor)
These auditors come from an independent firm that an organization hires to complete a cost audit. The auditors express an opinion on errors and fraud in costs statements and cost sheets.
These auditors work with federal agencies and review the practices and finances of those agencies. The auditors report findings to the U.S. Congress. Report findings help the U.S. Congress manage budgets and policies.
The U.S. Government Accountability Office employs government auditors. State governments can have a similar office to conduct audits on the state level.
These auditors come from an independent firm. An organization employs this auditor if, for example, a law requires such an audit. Laws can require an opinion from such an auditor about the lack of fraud and errors on the secretarial records of a organization. Fines and penalties can result due to non compliance with laws.
A CLOSER LOOK AT TYPES OF AUDITS
The consultant can help prepare an organization for an audit as well as help during an audit. Let's look more closely at types of audits.
These audits are of publicly traded companies in the United States. The Sarbanes-Oxley Act of 2002 established the need for these audits. When completing such an audit, auditors provide an opinion on financial statements and the effectiveness of the control an organization has over financial reporting.
Information technology and software audits
An information technology audit, or information systems audit, is an examination of the management controls within an Information technology (IT) infrastructure. The evaluation of obtained evidence determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization's goals or objectives. These reviews may be performed in conjunction with a financial statement audit, internal audit, or other form of attestation engagement.
During this type of audit an auditor looks at buildings, systems, and processes. Auditors evaluate, inspect, and survey energy flow for energy conservation. The auditor looks at how to handle energy without hurting the output of the organization.
During this type of audit an auditor looks at the operations of an organization's business. The auditor can look at efficiency, effectiveness, and economy. The goal is to see if the organization is doing the right things without wasting resources and completing work in a timely way. Benefits and costs are also evaluated.
During this type of audit an auditor completes an investigation concerning negligence, fraud, and missing money. Typically the auditor is an accountant who specializes in investigations and accounting practices.
Health care facilities must comply with the audit requirement in the United States related to the HIPAA Privacy, Security, and Breach Notification Audit program. This can include an audit of policies and procedures at an organization and subsequent compliance. The U.S. Department of Health and Human Services can be involved.
Audits conducted by the U.S. Internal Revenue Service involve a review of accounts and financial information related to tax returns. A consultant can help prepare an organization for such an audit and assist during the audit. The reason for an audit can be that the information provided by an organization does not match the information provided by an employee or contractor. An organization can also be chosen at random for an audit.
With this type of audit an auditor looks at issues such as the environment, safety, security, and information systems of an organization. Security audits can be a major focus. A look at the success in meeting mission objectives can also be part of this audit.
These audits concern conformance to standards. They also look at objective evidence to show conformance. It can be part of certification such as ISO 9001. Auditors can look at:
1. Conformance to required processes
2. Assessment of process implementation
3. Effectiveness of achieving targets
4. Elimination of problems
5. Continual improvement
6. Good practices
Project management audits
These audits relate to a project and its lifecycle, concerns, challenges, and potential problems. The audit typically happens at the midway point in a project. A team, manager, and sponsor can see after such an audit what has gone well and what needs to be improved. Project audits can be a:
regular health check audit with an aim of understanding the current state of the project
regulatory audit with an aim of verifying compliance with standards and regulations
formal audits where a project could be in trouble and must be evaluated with a formal report
informal audits where the project typically is not in trouble and reporting can be less detailed
Accounting and financial audits
These audits can take place due to legal requirements related to taxation, fraud, and the possibility that someone could gain personally. They typically involve an auditor looking at information about financial systems and records for an organization. The aims of this type of audit is to:
1. look at reliability of information
2. get an assessment of the internal control in an organization
3. provide an opinion about financial statements from a third party
To prepare an organization for this type of audit a consultant can explain that:
1. auditors will look at statements to make sure there are no errors
2. auditors can take statistical samples
3. auditors can use cost accounting
With cost accounting, an auditor verifies the cost of manufacturing a product. The auditor looks at the costs of labor and material. The auditor must follow applicable standards and regulations that could vary from country to country.
We have now looked at audits and the role a consultant can play in helping an organization prepare for an audit and complete it. Some of the topics we covered include an overview on auditing and the consult, quality audits, working with auditors who are internal and external, working with consultant auditors, and types of audits that include accounting, finance, energy, HIPPA, quality, and performance.