Material Adopted From: “The Internal Auditing Pocket Guide” --- J.P. Russell
So, you think you might want to be an internal auditor… Principles for conducting an Internal Assessment ContractorSelf-Assessment(CSA) THIRTEENTWENTY
Initiating or Even updating A CSA process At your Facility
Can Generate A whole host Of different Responses
13
CONTRACTOR FOR CONDUCTING CLASS WORLD 13 SELF-ASSESSMENT
BE HONEST And IMPARTIAL CONFLICTS of BY AVOIDING INTEREST
Due to the Inherent NatureOf AUDITS Internal
IT IS Nearly Impossible All To eliminate Conflicts of interest
ASK Yourself: Are You Potential Interest? Free Of Any Conflict Of
You should be On guard Potential BIASES forAny That could cloud your judgment
Potential Conflicts of interest BAD Blood with personnel in the area being audited Doing work for the area you are auditing Close Friend works in the area Lack of Budget/ High Cost Time Restraints Previously worked in the area Auditing your Past work
WHEN an UNETHICAL Activity is observed, VERIFY IT, RECORD IT, AND REPORT IT 2
CHECKING PERFORMANCE Records is one WAY TO VERIFY
PEOPLE DON’T FALSIFY NORMALLY RECORDS
Ensure Resources Are available And Auditors are SUFFICIENT Assigned, 3 Competent & Qualified
Does your Auditing group? Company Have an internal
Are you A New CSA Standing up Team at your site?
Are you Available For the audit? (Yes or No)
Are you ANY CONFLICT Free of Of interest? (YES or NO)
Do you feel COMPETENT You can do a Job? YES or NO
AuditPlan AuditReports Meetings
The GOAL Internal Audits Is to ensure Are Objective & Impartial
Agreed upon Information To auditee 4 Communicate
Such as: 1)Audit time 2)Purpose 3)Area of Audit 4)Scope
There should be an Audit Plan FOR EVERY AUDIT
Follow up with The Auditee BY Issuing: 1)The Audit Plan 2)Notification
THINK Of THIS AS A Contract With the auditee It Spells out the parameters for the audit being performed
The level of formality DEPENDS Upon Your organization’s situation and Culture
MAKE A LIST BEFORE You start Auditing 1)Documents 2)Records 3)Procedures etc. Of items you will need.
Verify CONFORMANCE to agreed upon Verify CONFORMANCE to agreed upon Requirements (THE RULES) 5
DETERMINE AUDITORS DON’T AUDITEEREQUIREMENTS
Two Primary Objectives Audit
1) Are the controls ADEQUATE To meet Requirements?
Requirements Many different Come from Sources
Has the auditee addressed External Requirements?
2) Are the controls Effectively Implemented And Maintained?
An Auditor Never Should Make up the rules
All Audit Requirements to a source Must be traceable
EnsureSUFFICIENT (Records, Interviews etc.) To MATCH the audits Are Conducted Purpose and Scope 6
You should During the audit Determine what You need to see
A Checklist will Accurately Greatly Enhance Your ability to Gather Data
Checklist: 1. Prepare… 2. Link… 3. Leave…
A Checklist: 1. Provides… 2. Assures… 3. Provides… 4. Is a place Is a time…
A Checklist: Needs to be Maintained on File as objective Evidence
A Sampling What Samples Plan specifies how Many and To look at
Stay Within the AGREED UPON Unless the degree of SCOPE Risk Necessitates other actions 7
Once the SCOPE of The Audit Has been set YOU SHOULD STAY WITHIN THE SCOPE
USE YOUR JUDGEMENT When problems ARE FOUND OUTSIDE THE SCOPE
Finding issues OUTSIDE THE SCOPE That requires your immediate attention is unusual
SAMPLES MUST BE And representative RANDOM Unless SPECIFIED OBJECTIVES require otherwise 8
Auditors must RANDOMLY select their Samples—Unless
The rationale for your sample Size should be Documented
RESULTS Must be AND VERIFIABLE TRACEABLE 9 To requirements
There should Evidence to be VERIFY Compliance or noncompliance
4 types of Evidence
2) Interviews 3) Physical 4) Observations 1) Documents & Records
Datum is Objective Considered Evidence if:
It can be TRUE and Proven Is free of BIAS
Matchwith Audit evidence Requirements
COMPLY With RULES AUDITEE e.g. Safety, Health 10 Environment etc.
NormallyAccessibility IS NOT AN Issue with Internal Audits
SAFETY Restrictions ARE Common
Personal Protective Equipment (PPE) Check for signs in the area that define what is required: –Safety glasses –Ear Plugs –Steel toed boots –Etc.
Keep the INFORMED AUDITEE OF THE AUDIT 11 PROGRESS
At the end of MEETING The Opening
The Auditor QUESTIONS Should ask if There are any
IF THE AUDIT THAN ONE LASTS MORE DAY
REPORT Truthfully RESULTS CLEARLY 12 CONCISELY Correctly and Completely and Completely
ReportingSERIOUS Results is always Business
It is good INFORMED Practice to keep The Auditee
Of any PROBLEM Significant Areas
So that the Will not be AUDIT Conclusion A surprise
BLAH
Put the Noncompliance's importance In order of
Communicate Importance of Noncompliance's The
ThingsAVOID To
EmotionalWordsOR Phrases
Using words Appearance Of Bias That create the
ReportingImperfections Minor
ReportingNames Of Individuals
DO NOT Take Ownership Of the 13 Problems Found Found
What about Making Recommendations? Suggestions or
MAKINGRecommendations The following: Can result in
MaliciousCompliance
Auditor’sKnowledge Lack of process May become an issue
Auditeedefensive May become
AuditorBias
CompromisedObjectivity
AUDITING Can be hard work In summary,
WhenRIGHT Done
WhenWRONG Done
1.Be honest and impartial; avoid conflicts of interest 2.When an unethical activity is observed, verify it, record it and report it 3.Resources-Available, Assigned, Competent and Qualified 4.Communicate to the auditee 5.Verify conformance to the requirements 6.Ensure data review is sufficient to cover the scope and purpose of the audit 7.Stay within the scope 8.Random samples 9.Verifiable and traceable results 10.Comply with auditee rules 11.Keep auditee informed of the progress 12.Report results 13.Do not take ownership of the problems
CSA Development In order to bring lasting change, we must first prioritize the things that will bring about the maximum impact Then we must organize schedules and resources that will support the priorities Finally, we need to mobilize people to be able to take action and bring about that change
CSA maximum impact support the priorities Development In order to bring lastingchange, we must firstprioritize the things that will bring about the Then we mustorganizeschedules and resources that will about that change Finally, we need tomobilizepeople to be able to takeaction and bring
mobilize support the priorities Then we mustschedules and resources that will organize prioritizeorganize CSA maximum impact Development In order to bring lastingchange, we must first the things that will bring about the about that change Finally, we need topeople to be able to takeaction and bring prioritize
mobilizeprioritizeorganize
ITSDUA UDITSUDITSUDITSUDITS NCOVERNCOVERNCOVERNCOVER EFECTSEFECTSEFECTSEFECTSN HEHEHEHE YSTEMYSTEMYSTEMYSTEM
Contact Information: