An Introduction to Company Audit
Why Company Audit?
Here are some of the main reasons why organizations engage in auditing.
• To check compliance with a standard or with regulatory guidelines
• To provide a vigilance system
• To emphasise and maintain compliance as an everyday work function
• To identify opportunities for improvement
What is an Company Audit?
Although auditing can mean many things to different individuals or organizations it is essential that we start with a definition of auditing. We believe that the definition below represents a comprehensive definition that isolates all of the important aspects of a quality-driven and evidence-based audit system.
“A systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled.” [ISO 9000:2000]
As you begin to understand the complex nature of audits further you may develop your own definition of what matches your organizations needs. We would however recommend that you take some time to learn the above definition.
Types of Audit
There are three primary types of audit within organizations regardless of sector or size.
First Party – Company Audit
• Self or internal audit
• Process focus
• Internal audit team appointed & trained
• Required activity for compliance
Second Party – Company Audit
• Audit by a customer
• Focused according to customer requirements
• May be undertaken by consultants retained by the customer
• May be a contractual obligation
Third Party – Company Audit
• Audit by an independent, usually for certification purposes
• May not be scheduled
• Poor performance can result in loss of certification or quality standard accreditation
• Usually an in-depth audit of a particular aspect of the operations, although sometimes it may involve an in depth assessment of the performance of the entire operation
Further Types of Audit
Internal audits represent an additional type of audit within organizations. The following are important lessons that can assist you in developing an excellent audit system.
• Internal auditors must be drawn from a cross-functional pool
• Internal auditors must have the respect of their peers
• Internal audits must be seen to have the power to enforce corrective actions and be properly resourced
• Internal auditors must be trained in audit technique
• Internal audits form part of the overall vigilance process and as such must be documented
• Internal audits must be scheduled
Typical information recorded for internal audits are:
• Audit number / subject – this allows traceability in the audit schedule
• Auditor(s) involved
• Dates (scheduled and completed)
• Revision date / status
• Current status of non-compliances
For some organizations there may be a requirement to engage in external audits. The following represent the key characteristics of these audits:
• Independent third parties carry out external audits
• Auditors involved in third party audits tend to be professionals trained in audit techniques
• External audits are imposed on the organization
• External auditors may in some cases have a high level of power that can be used to enforce compliance to standards
• A certain ‘fear factor’ may come to bear on the external audit due to the power of the auditor
• External audits have defined standards to assess compliance against
• Interaction with an external auditor tends to be limited to professional matters only to maintain independence
Focus of an Audit
Having learnt the main types of audits that exists it is now important to turn our attention to the focus audits
• Product Audit – looking at one product as it flows through the systems of an organization
• Process Audit – looking at the effectiveness of a process to identify where improvements can be made
• Regulatory Audit – looking at compliance with a set of regulatory guidelines such as those imposed upon the Pharmaceutical industry by the FDA
Traditional View of Audits
Audits have traditionally been viewed with a degree of suspicion in that the auditor’s role is perceived to be one of ‘catching organizations out’ as opposed to helping organizations to improve. However, the role of the auditor is much more than this.
• Auditors emerge from the quality function
• Documentation review is the main aim
• Auditors seen as being policemen
• Negatives and trivia are the main highlights!
• Emphasis form the organization’s viewpoint is to ‘evade or minimise detection of non compliances’
Perception of Audits
As indicated above traditional views of auditing have seen audits as:
• Negative and nit-picking
• Not focused on key business activities
• A game that can be played and won
• Paper chase
• Limited or zero use / value to those being audited
This perception has in the past led to audits being seen as impediments to business as opposed to enhancing or improving business activities. In addition such perceptions have negatively impacted the value which auditing can bring to the organization.
‘New View’ of Audits
Every day organizations are adopting a ‘new view’ on auditing and accepting the key benefits that auditing can deliver. This new appreciation of auditing has also shaped how audits are delivered.
• Auditors emerge from all departments and functions within the business
• Knowledge of the business is important
• Move from ‘paper’ to ‘process’
• Seen as an advantage in terms of assisting in continuous improvement
• Integral part of business activity
This new view of auditing has advantages for both the auditor (in that the level of co-operation and transparency is increased) and for the auditee (in that the fear factor is removed and constructive criticism can be expected).
The traditional view of auditing and the perceptions attached to it were due in part to the auditors using only a criteria-based approach as opposed to a whole business model approach to quality standards as evidenced by people, process and product aspects of the organization.
• Criteria-based auditing made the assumption that adherence to procedures meant conformity of output
• Effectiveness can be doubtful
• Very much documentation based
• Removed from the actual process
There are five potential objectives for an audit and they may appear by themselves or as combinations when an audit is being planned. These objectives are:
Although it may seem an obvious point the audit team and the auditee must be very clear from the beginning as to what exactly the objectives are for the audit in order that the audit will be successful.