1 / 31

Determining Effectiveness of Internal Audits Presented by: Tony Gutierrez R. Darrell Taylor

Determining Effectiveness of Internal Audits Presented by: Tony Gutierrez R. Darrell Taylor. Minneapolis, MN July 19 & 20, 2012. Purpose. To discuss how an auditor audits the Internal Audit Process and determine how effective is the process. Definition.

tamma
Download Presentation

Determining Effectiveness of Internal Audits Presented by: Tony Gutierrez R. Darrell Taylor

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Determining Effectiveness of Internal AuditsPresented by: Tony Gutierrez R. Darrell Taylor Minneapolis, MN July 19 & 20, 2012

  2. Purpose To discuss how an auditor audits the Internal Audit Process and determine how effective is the process

  3. Definition • Effective - producing a decided, decisive, or desired effect. (Merriam- Webster) • In addition to establishing conformance with a set of rules, quality audits may measure the adequacy of procedures and the effectiveness of implementation to which those rules assist in achieving basic goals. (JP Russell, The Quality Audit Handbook)

  4. History Lesson Risk Metrics Infrastructure Issues Output Input Process Risk Based Auditing Method People Process Based Auditing Document Control Record Control Purchasing Production Calibration Internal Audit Corrective Action Effectiveness Compliance Auditing Value Added

  5. The Requirement - AS9100C • 8.2.2 Internal Audit • The organization shall conduct internal audits at planned intervals to determine whether the quality management system • a) conforms to the planned arrangements (see 7.1), to the requirements of this International Standard and to the quality management system requirements established by the organization, and • NOTE: Planned arrangements include customer contractual requirements.

  6. The Requirement AS9100C (cont.) • b) is effectively implemented and maintained. • An audit program shall be planned, taking into consideration the status and importance of the processes and areas to be audited, as well as the results of previous audits. The audit criteria, scope, frequency and methods shall be defined. • The selection of auditors and conduct of audits shall ensure objectivity and impartiality of the audit process. Auditors shall not audit their own work.

  7. The Requirement AS9100C (cont.) • A documented procedure shall be established to define the responsibilities and requirements for planning and conducting audits, establishing records and reporting results. • Records of the audits and their results shall be maintained (see 4.2.4).

  8. The Requirement AS9100C (cont.) • The management responsible for the area being audited shall ensure that any necessary corrections and corrective actions are taken without undue delay to eliminate detected nonconformities and their causes. • Follow-up activities shall • include the verification of the actions taken and the reporting of verification results (see 8.5.2).

  9. The Internal Audit System Is a Process Method Metrics INPUT OUTPUT PROCESS Infrastructure People

  10. Audit Process/Plan Diagram Purpose: Identify the elements of the standard applicable to and reviewed during this audit

  11. DISCUSSION

  12. Discussion - Example

  13. Audit Process/Plan DiagramExpectations

  14. DISCUSSION

  15. Example Preparation Performance Reporting Follow-up

  16. Case Study

  17. Objective Evidence Record

  18. DISCUSSION

  19. Effectiveness – Top Five How does the Internal Audit Team Define Effectiveness? AS9101 D Block 11 Organization’s method for determining process effectiveness:

  20. Effectiveness – Top FIVE How does the Internal Audit Team Measure Effectiveness?

  21. Effectiveness – Top FIVE How did the Internal Audit Team Perform?

  22. Effectiveness – Top FIVE How did the Inputs match up to the Outputs?

  23. Effectiveness – Top FIVE Did the Internal Audit Plan For Effectiveness ? Preparation Performance PRE – Planning Reporting Follow Up

  24. Mirror • WE are auditors – time to look in the mirror!! • How do you - • DEFINE EFFECTIVENESS • MEASURE EFFECTIVENESS • PERFORM • DESCRIBE INPUTS – OUTPUTS • PLAN

  25. COMPARE Your Program Their Program

  26. Preparation • How do you prepare for audit performance verification • Describe inputs and outputs in the planning stages (objectives, scope…) • What do you expect to review and the depth to which auditing will be performed • How do you plan to gather objective evidence?

  27. Effective Approach • From the auditor’s point of view – what would be an effective approach? • What records will be evaluated in order to adequately verify the process or system? • Should you verify system documentation in an “inch wide and a mile deep” mode or the inverse “a mile wide and an inch deep”? • What would be your approach to generate desirable outcomes? (Good planning is important.)

  28. Expectations • What should be the auditor’s expectation? • Did the auditor take the appropriate consideration related to but not limited to company size, system documentation and data gathering, time frame to complete the audit, and auditee controls and diverting tactics ? • Did self verification result in process improvement upon effective implementation of C/A? • What would be considered an adequate verification of an audit performance process?

  29. Outcome • Outcomes and results • Do evaluated results meet the audit performance expectation? • Is the audit performance an effective one? • Is the auditor satisfied with the results? • What would be considered an adequate verification of an audit performance process? • Was the audit report thorough, citing all pertinent information?

  30. Corrective Action • Follow up • How well was C/A written? • Was C/A implemented timely and effectively? • Did it yield adequate improvements to the process or system ? • Will implemented changes ultimately make a more efficient QMS system, is it more robust?

  31. Discussion Points • At what point do you audit the internal audit program? • Beginning, Middle or End? • If the audit program is compliant, but you are writing majors for system breakdowns, how do you handle this? • What action do you take ifthe Internal audit team can not define effectiveness? • How would you communicate and/or recommend process/system effectiveness of self verification?

More Related