A good Quality Management System such as one that would need to be in place to achieve ISO 9001:2015, will provide a structure that outlines what a business should be doing to provide sustainable quality and meet the needs of its customer. ISO 9001:2015 is based on the Plan, Do, Check, Act (PDCA cycle and can be adapted to businesses of all sizes and all industries. The internal audit forms an essential part of the ‘Check’ component of the cycle. Any business that is looking to be successful in the long-term must aim for continuous improvement and this is where having the systems and checkpoints (or audits) in place will help a business be better placed to achieve their goals.
That said, there are a few who still see internal audit as a tick box exercise and a resource-draining waste of time and do little in way to support them. This could be, however, more to do with the way the audit process is approached. As with any other process auditing requires definition, planning, consistent implementation and control to be effective. With ‘Risk Management’ high on the agenda for many companies today, especially when planning a major new project, it seems counter-intuitive not to properly plan (and value) the internal audit process. If risk in key areas can be clearly identified through internal audit(s), and the findings are acting upon, this should feed into action plans and management strategies for both current and future projects.
The merit of the Internal Audit will therefore depend on how seriously a business is willing to undertake the process. There should be no doubt that when used correctly, the internal audit process can provide the pathway for moving forward and for removing the problems of the past for any business or industry. If done well it should lead to increased customer satisfaction and profitability, which is surely what all businesses are looking for. So how can you make sure that your audit process works for you? Below we look at some points for consideration when planning your internal audit process.
1. Top management should always support the auditing program for it to work. Not only can the internal audit generate information that can be used for top level strategic planning, but the involvement will simultaneously enhance the credibility of the system. Management that provides their auditors with all the support and access they need, and acts upon any findings, will find that internal auditing can add a great deal of value to their business.
2. Make sure that your audits and audit schedule is relevant to your business. Make sure that key and specialist areas are covered properly and prioritise therein.
3. Keep your audits and audit schedule up to date. Although it is useful to have the previous audit to hand to make sure that any corrective action has been followed up, keep in mind that businesses and their operations do change. Remember, the audit process should be aiming to help in the drive for continuous improvement.
4. Always alert people before you audit. This could save you time and effort; you do not want to have to search for ‘missing’ data/information or not be able to access it if the right person(s) are unavailable at the time. It could also lead to resentment if it is ‘sprung’ upon them; this should not be an exercise designed to catch them out.
5. Stick to scheduled dates. By not doing so you risk de-valuing the whole process.
6. Have a checklist. Although useful to move away from the ‘tick-box’ mentality, having a checklist will be useful to keep focus, but rather than simply having ‘yes’ or ‘no’ answers make sure the information collected actually adds value.
7. Make sure your audit reports get written up properly and in a timely manner with all relevant findings and don’t forget to look at the success (or failure) of audited processes. Try not to simply state what the process is, make sure you observe and evaluate.
8. Consider using Management System Software that is specifically designed to complement the ISO certification process. Our cloud-based paperless software, Titan, is one such system that has developed to support organisations in this process and has proven to be one of the most effective ways of achieving UKAS accredited ISO certification.
Here at Mark 1 our experienced consultants aim to simplify the audit process for you. We can generate and manage your audit schedule and undertake your internal audits, specifically in line with your company’s objectives and strategic direction. Furthermore, our paperless management system software, Titan, allows us to easily look at interactions between different areas of your business. The existing modular framework for example, means that ‘Risk Management’ is automatically linked to both the ‘Companies’ Objectives’ and ‘Legal Compliance’ enabling a more thorough and valuable examination of your system as a whole.