Consultant Management Guide to Performing Audits



Let's begin by looking at quality audits. This type of audit involves a process of looking at a quality system. An internal or external auditor or team can conduct such an audit.

A quality audit is a part of the quality management system for an organization. It is also an element of ISO 9001 - an ISO quality system standard.

Information that a consultant can provide to their client includes that quality audits:

1.    Are usually completed during a specific time period

2.    Look at how an organization links actions with a system for monitoring procedures

3.    Can help see if an organization complies with processes of a quality system

4.    Can involve procedural criteria

5.    Can have a focus on effectiveness of a quality management system

Additional information a consultant can provide about audits is that audits:

1.    Are a management tool

2.    Can verify information about processes

3.    Can assess the success of implementation of processes

4.    Can assess achievement of a target

5.    Can document elimination of a problem

An organization can benefit from a quality audit as an organization gets information about:

1.    Non conformance

2.    Corrective action

3.    Good practice

Departments can share information and adjust their work processes and practices accordingly. This can contribute to continuous improvement.

Consultants can also let clients know that audits can be a regulatory or compliance requirement. As an example the FDA requires that an organization complete a quality audit as part of the quality system regulation for medical devices. This is according to Title 21 of the US Code of Federal Regulations, part 820[1].

Education systems can also be audited for compliance with various standards. Countries such as the US, Australia, Sweden, and Finland use quality auditing in their higher education system.

A consultant can also explain that an organization can use an audit to look at safety issues. An audit of this type can help monitor safety and keep conditions safe. The audit can look at issues such as effectiveness and compliance.

The use of software and other tools can help with auditing. Here are some factors to consider.

1.    Software can help with documenting tasks and processes.

2.    Software can look at conformance to standards.

3.    Software can look at quality costs as well as the costs of poor quality.

4.    Software can look at fitness of purpose.

5.    Software can help evaluate costs for production, assembly, and other elements in an organization.


In addition to helping with a quality audit a consultant can help with other audits. These audits can involve independent examination of:

1.    Accounts

2.    Books

3.    Regulatory and statutory records

4.    Any documents and elements relating to how the organization is run

5.    Adherence to laws

6.    Any subject matter

During an audit a third party looks for errors and other areas for improvement in an organization. Areas for auditing can include:

1.    Energy conservation

2.    Water management

3.    Financial information

4.    Compliance

5.    Project management

6.    Safety

7.    Efficiency

8.    Software

Interested in learning more? Why not take an online Management Consultant course?


To get a better idea of what is involved in an audit, a consultant can explain about what it is like to work with an auditor. This can better prepare an organization. We can classified auditors as:

1.    Consultant auditors

2.    Internal auditors

3.    External auditors

Let's look more closely at each type.

Consultant auditors

If you are hired in this capacity you are typically contracted to complete an audit according to a standard specified by the organization. This is unlike an external auditor who provides the standard to follow and use during the audit.

You can be hired in this capacity when an organization does not have enough staff to complete an audit. You could be hired also because the staff does not have the expertise to complete such an audit.

An organization can expect that if you are a consultant auditor you could work independently or with internal auditors. The level of independence can be between that of an external and internal auditor.

Internal auditors

These auditors work for the organization they audit. They can work for:

1.    Publicly traded companies

2.    Government agencies at the local, state, or federal level

3.    Non profit companies

These internal auditors can be professionals who follow the rules of the Institute of Internal Auditors. This institute is internationally recognized as a standards setting organization. Here are some of the guidelines internal auditors can follow:

1.    Keep internal auditing independent

2.    Make internal auditing a consulting activity

3.    Keep internal auditing an objective assurance

Internal auditing should add value to the operation of an organization and help improve it. It should help an organization achieve its objectives. Internal auditing should be disciplined and systematic. It should improve risk management. Here are more guidelines on what an internal auditor can do for an organization.

1.    Provide an independent and objective audit

2.    Provide a consulting service

3.    Look at functions provided by executives, stakeholders, shareholders, and a board of directors

4.    Look at risk management, processes, and governance of an organization

You can expect if you work with a Certified Internal Auditor that the auditor:

1.    Is governed by international professional standards

2.    Follows the code of conduct of the Institute of Internal Auditors

3.    Is independent and objective but still employed by the organization that it audits

How can a professional internal auditor be independent of their employer? Here are some of the ways.

1.    Organizational placement makes them independent

2.    Reporting lines go through an internal audit department

3.    IIA standards require these auditors be independent of the activities they audit

A requirement for a publicly traded company in the United States is that an internal auditor report:

  • To a board of directors or subcommittee of this board as, for example, to an audit subcommittee

  • Not to management

This is how an internal auditor can be independent and properly conduct audits for the groups where they work.

External auditors

These auditors come from an independent firm. They are contracted by a client to complete an audit and provide an opinion. This can include an opinion on the financial statements of an organization with regard to fraud and errors. Let's look more closely now at these auditors, their function, and what an organization can expect when working with an external auditor.

  • Cost auditor (also called a statutory cost auditor)

These auditors come from an independent firm that an organization hires to complete a cost audit. The auditors express an opinion on errors and fraud in costs statements and cost sheets.

  • Government auditors

These auditors work with federal agencies and review the practices and finances of those agencies. The auditors report findings to the U.S. Congress. Report findings help the U.S. Congress manage budgets and policies.

The U.S. Government Accountability Office employs government auditors. State governments can have a similar office to conduct audits on the state level. 

  • Secretarial auditors

These auditors come from an independent firm. An organization employs this auditor if, for example, a law requires such an audit. Laws can require an opinion from such an auditor about the lack of fraud and errors on the secretarial records of a organization. Fines and penalties can result due to non compliance with laws.


The consultant can help prepare an organization for an audit as well as help during an audit. Let's look more closely at types of audits.

Integrated audits 

These audits are of publicly traded companies in the United States. The Sarbanes-Oxley Act of 2002 established the need for these audits. When completing such an audit, auditors provide an opinion on financial statements and the effectiveness of the control an organization has over financial reporting.

Information technology and software audits

An information technology audit, or information systems audit, is an examination of the management controls within an Information technology (IT) infrastructure. The evaluation of obtained evidence determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization's goals or objectives. These reviews may be performed in conjunction with a financial statement audit, internal audit, or other form of attestation engagement.

Energy audits

During this type of audit an auditor looks at buildings, systems, and processes. Auditors evaluate, inspect, and survey energy flow for energy conservation. The auditor looks at how to handle energy without hurting the output of the organization.

Operations audits

During this type of audit an auditor looks at the operations of an organization's business. The auditor can look at efficiency, effectiveness, and economy. The goal is to see if the organization is doing the right things without wasting resources and completing work in a timely way. Benefits and costs are also evaluated.

Forensic audits

During this type of audit an auditor completes an investigation concerning negligence, fraud, and missing money. Typically the auditor is an accountant who specializes in investigations and accounting practices.

HIPAA audits

Health care facilities must comply with the audit requirement in the United States related to the HIPAA Privacy, Security, and Breach Notification Audit program. This can include an audit of policies and procedures at an organization and subsequent compliance. The U.S. Department of Health and Human Services can be involved.

IRS audits

Audits conducted by the U.S. Internal Revenue Service involve a review of accounts and financial information related to tax returns. A consultant can help prepare an organization for such an audit and assist during the audit. The reason for an audit can be that the information provided by an organization does not match the information provided by an employee or contractor. An organization can also be chosen at random for an audit.

Performance audits

With this type of audit an auditor looks at issues such as the environment, safety, security, and information systems of an organization. Security audits can be a major focus. A look at the success in meeting mission objectives can also be part of this audit.

Quality audits

These audits concern conformance to standards. They also look at objective evidence to show conformance. It can be part of certification such as ISO 9001. Auditors can look at:

1.    Conformance to required processes

2.    Assessment of process implementation

3.    Effectiveness of achieving targets

4.    Elimination of problems

5.    Continual improvement

6.    Good practices

Project management audits

These audits relate to a project and its lifecycle, concerns, challenges, and potential problems. The audit typically happens at the midway point in a project. A team, manager, and sponsor can see after such an audit what has gone well and what needs to be improved. Project audits can be a:

  • regular health check audit with an aim of understanding the current state of the project

  • regulatory audit with an aim of verifying compliance with standards and regulations

  • formal audits where a project could be in trouble and must be evaluated with a formal report

  • informal audits where the project typically is not in trouble and reporting can be less detailed

Accounting and financial audits

These audits can take place due to legal requirements related to taxation, fraud, and the possibility that someone could gain personally. They typically involve an auditor looking at information about financial systems and records for an organization. The aims of this type of audit is to:

1.    look at reliability of information

2.    get an assessment of the internal control in an organization

3.    provide an opinion about financial statements from a third party

To prepare an organization for this type of audit a consultant can explain that:

1.    auditors will look at statements to make sure there are no errors

2.    auditors can take statistical samples

3.    auditors can use cost accounting

With cost accounting, an auditor verifies the cost of manufacturing a product. The auditor looks at the costs of labor and material. The auditor must follow applicable standards and regulations that could vary from country to country.


We have now looked at audits and the role a consultant can play in helping an organization prepare for an audit and complete it. Some of the topics we covered include an overview on auditing and the consult, quality audits, working with auditors who are internal and external, working with consultant auditors, and types of audits that include accounting, finance, energy, HIPPA, quality, and performance.