Internal Audit

Download as ppt, pdf, or txt
Download as ppt, pdf, or txt
You are on page 1of 39

Internal Audit Program

Presentation topics
 What is an audit?
 Making it work
 Who audits?
 Selling to management
 Communicating results
What is a quality audit?
What is a quality audit?
 Objective assessment, performed at defined
intervals and at sufficient frequency, of a
company’s quality system to operate against a
given criteria
 Systematic

 Independent

 Documented
What is a quality audit?
 Provide factual, unfiltered information to
manage the quality system
 A tool for use by management
 Regulatory requirement (ISO, etc.)
 Help minimize risk
 Detect program defects and through isolation of
unsatisfactory trends and correction of factors
that cause defective products, prevent the
production of unsafe or nonconforming.
 Assure the production is consistently in a state-
of-control.
What is a quality audit?
 Audits are not a quick look
 Audits are preventive, not detective
 Audits are planned, organized, and coordinated
 Audits are carried out for the benefit of the
company, not the auditor
 A single audit will not find all noncompliant
issues or potential problems
Audit Program Phase 0
Definition

Overall Planning Audit Management’s


Schedule Responsibility

Preparation
Phase 1

Opening Meeting Audit Closing Meeting


Phase 2 Phase 3 Phase 4

Closeout Management Reporting


Phase 6 Review Phase 5
Essential program elements
Authority for the audit
program

Establishing the audit program


· objectives & extent
· responsibilities PLAN
· resources
· procedures

Implementing the audit program Competence and evaluation


· scheduling of auditors
Improving the audit · evaluating auditors
ACT DO
program · selecting audit team
· directing audit activities
· maintaining records Audit activities

Monitoring and reviewing the audit


program
· monitor and reviewing
· identifying needs for corrective and CHECK
preventive actions
· Identifying opportunities for
improvement
Making it work
Making it work

Comply? 2 3
Making it work
 Step 1 – Comply
 Conforming to requirements; as to a
regulation and/or to another's rules required.
 Regulatory / standard compliance
 Do we have the systems and procedures we are
supposed to have and do they meet the
regulatory / standard requirements?
Making it work

1 Effective? 3
Making it work
 Step 2 – Effective
 Producing or capable of producing an
intended result
 Collection of and review of objective evidence
 Do we follow our procedures and maintain the
required records?
Making it work

1 2 Efficient?
Making it work
 Step 3 – Efficient
 Acting or producing effectively with a
minimum of waste, expense, or unnecessary
effort
 Exhibiting a high ratio of output to input
 Eliminate / reduce redundancy between systems
 Are our systems working in the best interest of
our business / customer?
What’s the difference?
 Think preventive costs
 Internal audits are the “downstream”
assessment
 ISO / customers are the “upstream”
assessment
How do you score?
 Quantify Efforts vs. Benefits
 How much time / resources you are spending
on auditing
 How you do it
 What the outcomes are
 What is being done with the outcomes

 Effort (<) (=) (>) Benefit?


How do you score?
 Finding significant non-compliant issues
during internal audits?
 Stick with the fundamentals for now
(compliant / effective)
 Understand why they are happening and
address the root cause
How do you score?
 Finding minor non-compliances and
repeat observations?
 System may be compliant but too
complicated (i.e., inefficient) and therefore
prone to error and ineffectiveness
Who audits?
Who audits?
 Dedicated internal auditors
 “Part-time” internal auditors
 Auditors from sister or parent company
 Outsource auditing
 Combination of above
 If using a third party
 Schedule enough time
 Continue to conduct internal audits with
employees
Audit frequency?
 Series of internal audits addressing all quality
subsystems and interactions?
 Complies, may be effective, not efficient
 One comprehensive audit?
 Complies, may not be effective, but efficient
 Combination of both of the above!
Auditor qualifications
The success of the auditing program depends significantly upon the
selection of the right people for the task
Not everyone can be a good auditor
Good Communication and Interpersonal Skills
Interviewing Skills
 Intelligent and pertinent questions
 Listen attentively
Analytical Skills
 Ability to assimilate data and determine how it relates to the audit
criteria
 Analyze information and report results
Training and Experience
 Standards, regulations, auditing techniques, and audit management
skills
Ability to think inside and outside the box
Auditor qualifications
 Understanding of the business operating
structure
 Inputs / Outputs of various systems
 Interactions of departments
 Rotation throughout various job functions
upon hire (even with prior experience)
Auditor effectiveness
 Do not measure an efficient auditor by the
number of observations recorded / not
recorded
 The ability to identify non-compliances and
provide recommendations on ways to
improve the process should be viewed as a
positive
Auditor effectiveness
 Right personnel from cross-functional
groups
 Document training
 Perform audits on a regular basis
 Responsibility becomes part of job
description
 Must be taken seriously by employee and
manager
 Part of performance review
Selling to management
Selling to management
 Compliance is a regulatory
requirement for our industry!
 Make it work for you, not against you
Selling to management
 Efficient auditing can identify
redundancies in systems
 To eliminate or reduce is an obvious cost
savings
 For example, redundant manual system
and electronic system to avoid validation
of electronic system
Selling to management
 Efficient auditing can identify those
areas where the company has added
more requirements than needed from
both a regulatory and business
perspective
 Complicated system uses resources and
is prone to error (i.e., non-compliance)
 Too many records being completed,
more signatures than necessary
Selling to management
 Efficient auditing can identify inadequate /
ineffective / inefficient collection of data &
measurements
 Data not being used, not being used efficiently,
wrong data being measure or being measure at
wrong point in process
 For example, data being collected regarding
scrap rate, but the data is never presented to
anyone OR data has consistently shown a high
rate and no action has ever been taken or
discussed
Communicating results
Communicating results
 Good auditing cannot be reflected in a
poorly documented report
 Issue TIMELY
 Write to your “customer”
 Write for impact
 Make the report talk
 Recognize their priorities
 Lead (don’t lose) the “customer”
Communicating results
 Utilize standard format for consistency
 Audit scope, purpose, references, standards, procedures
 Executive summary
 Highlight hot issues (positive and negative)
 Audit summary and specific non-conformances
 Identify high risk areas
 Audit recommendations for improvement and / or
potential issues
 Part of report or separate document?
Act on results
Occurrence

Safety

Assess
Risk!
Severity

Quality

Business
Regulatory
Act on results
 Requires management support to fix root
cause of identified non-compliances
 Not all observations will require a corrective
action
 Correction or other remediation may be appropriate
 Triage / prioritize based on risk
 Safety
 Regulatory
 Quality
 Business
 Re-evaluate during management review
 Risks may change
Act on results
 Monitor efficiency of closure / CAPA
process – adequacy and timeliness of:
 Response / Investigation
 Implementation
 Closure / Follow-up
 Re-assess
Summary

Look at internal auditing not only as a


regulatory compliance check, but as a
necessary means to continuously improve
the efficiency of business practices and
product quality.
Thank You...!

Questions
Feel free to call or email with any questions concerning our presentation

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy