Internal auditing, it isn't a fresh term for the world of business. The concept of inner audit is old like 5000 years, at that time people of civilized communities that have been economically and politically secure used this approach to check performance with their taxes and businesses so they can check errors and safe their state property from dishonest taxpayers.
In modern world especially in the United States this approach rise following the Second World Warfare and steadily growing. Internal audit has much similarity with financial auditing and lots of theories are derived from management consulting and general population accounting.
"Internal auditing can be an independent, objective confidence and consulting activity made to add value and improve an organization's operations. It helps an organization accomplish its objectives by delivering a systematic, disciplined method of evaluate and improve the effectiveness of risk management, control, and governance procedures. "
Internal audit is a preventive action of your company and it is done by the professionals or experts of that company. These pros called inner auditor plus they evaluate internal control system of the business. This review or audit report is submitted to management and out of this report they may take steps for improvements. In need part of ISO 9001:2000 it is situated in the monitoring and dimension section which gives proven fact that it can be an activity that measures execution of quality management system.
The main objective of an internal audit in the company is to boost quality and reduce risk by evaluating the effectiveness of process. Apart from this inner audit is performed for checking financial and functioning information's trustworthiness, to safe belongings from loss, resource management, founded process or program me is after its objective and compliance with policies, laws and regulations, identification which area needed improvement, verification of cGMP compliance.
Internal audit's main range is ensuring quality in well known area which is under the audit technique. Design, agreement and evaluation of product should comply with GMP. Ensure quality in GMP implementation, performance of personnel, feedbacks. Include documents, education and files and covering all elements of GMP.
Principles and Requirements of inner audit:
As per ISO 9000 benchmarks require maintenance of document evidence for inner audit process. Document research must include: who is executing the inner audit, which team is under the audit, describing whole process, supervision after inner audit plan and where in fact the results are noted.
These are the some common principles that applied at the time of internal audit execution.
Internal audit is independent and evidence centered approach.
All activities of interior audit should be researched by independent party, have a sampling and monitoring line and they are available and constructive.
Insure all resources can be found before starting audit.
Auditor is a employee of the company with sufficient experience and track record who conduct the inner audit. Though he's an employee of the organization he must audit his fellow workers and their performance and because of this he has some capabilities that audit email address details are not affected by his personal relationship. Because of this he needs to be ethical, open up minded, diplomatic, observer, versatile, persistence, decisive and indie.
Patience is necessary in auditing and so the auditor must be cool and need to see what the actual situation in the business. Generally people don't like to be audited and for this he makes whole lot of effort psychologically to get the true answer and prevent the conflict. In the audit period he has main one aim - put the real status of the organization to top management.
Internal Audit process:
For successful audit it is required effective communication between management and auditor. To obtain effectiveness and with time audit it's important that auditor do not go depth in every item and have a quick summary and give attention to the parts which do not adhere to the company guidelines.
Every audit is unique; the audit process is filled with these four levels which are commonly within every audit:
Planning of audit ( review and preliminary phase)
Performing an audit ( field work phase)
Audit statement ( documentation stage)
Change implementation ( follow-up phase)
1. Planning of an audit (review and initial phase)
In the stating of your audit management do a reaching to plan about auditor that who'll take care of the audit, goals and scopes of an audit, which area should be cover under the audit, which requirements is highly recommended, collect information about important procedures, prepare newspaper work and syndication of audit plan.
2. Carrying out an audit (field work stage)
After planning now it's time to implement audit method but there is no common way that auditor perform the audit. An auditor should looking what is need, which way the procedure can be better, gathering and studying information and making best finish on his work.
Keep in mind that interior audit is not always done for the improvement or find out defects, it also discover people who are adding their outstanding efforts.
The following process is generally adopted in each audit:
In starting of audit process the auditor first make a gathering with the top of area which is likely to be audited, explaining him scope and objective of the work and making him relax for the audit.
Auditor will review all processes carefully and their end result, here auditor looking at that techniques is working in conformance of company's quality management system.
He gathers information by requesting open-ended question about process and personal competence.
Auditor make notes about data he acquired through the various point of audit process.
Auditor analyzes all the data he found and ask himself that is process working in compliance with company's coverage? Or process needs improvement.
Before reaching the finish he take all the aspects of audit in consideration, is there any failing event came out, any area must be looked at improvement? Are there any individuals or departments viewed uncommon behavior?
In the finish of his fieldwork the auditor, hold the closing ending up in head of the area in existence of plant director. Explain him positive and negative outcome of his study and corrective activities for that. He tries to solve any disagreement on his summary in this meeting.
3. Audit record (documentation period)
It is most challenging part of the process. An auditor should write brief and clear summery of his finding, which include both positive and negative final results of his analysis. These positive effects may help company for improvement.
The data or conclusions must be truthful, opportunity and objective focused, and written in manner that management can simply understand that and can take corrective action from that. Audit report is a official record which should contain: scope, criteria and objective of audit, Auditor's information, time and area where auditing done, outcomes of audit (positive and negative), a shutting statement.
4. Change implementation (follow-up period)
During this phase the non compliance is submitted to quality committee. The product quality committee studies the survey submitted by an Auditor and checking all the non compliances are actually differ from the company's quality management system. Upon agreement that process or item is none of them conforming, the product quality committee needs action to correct it and provides responsibility because of this correction to ideal person with time limit.
During correction quality committee take notice of the process of correction and after change is executed and process or item employed in compliance with company's policy, committee ask the same person for follow up inspection. The Auditor check in same manner as he done before and check the difference in result, if it's conformity with quality management system of company than he give the satisfactory are accountable to the management. The complete process is documented that it could be great for future study.
Fig. 1. Process stream diagram of internal auditing
Internal control is a major part of an interior auditing and evaluation of internal adjustments is one of the primaries targets of inside auditing.
In auditing inner controls can be explained as process damaged by organization's framework, employee and management information system, expert and work move, designed to fulfill organization's scope and objectives. These are common targets for internal control: effective and productive operations, reliable financial records, compliance with laws and policies, protecting assets of company.
Internal settings are divided in main two categories preventive control buttons (designated to avoid errors and irregularities from occurring) and detective adjustments (designed to learn errors and irregularities once they have took place). The types of inside control activities are separation of duties, authorization, proper documentation, control over possessions, variance evaluation, monitoring operations.
A question arise that who take the duty for internal settings, it is not only a job of internal auditor. Every worker of the business is responsible for maintenance of inner settings. Internal audit assist management to judge and promote inner control system.
Internal audit play an important role in risk analysis and evaluation of processes which have significant hazards. Risk management is process that where way organizations sets its aims and then evaluates and analyzes the risks which can produce impact to understand its objective.
In regular basis company applied strategic, marketing or capital planning, budgeting, and hedging to evaluate the chance. Internal audit evaluate all of this activities and techniques applied by the management to article and monitor potential risk identified.
These are some core assignments of inner audit in risk management: ensuring risk management process, assuring evaluation of dangers and evaluation of risk management process, key dangers evaluation and researching those to the management, supporting management in responding of risks, expanding risk management framework and coordinating all activities.
Internal audit vs. Exterior audit:
In Exterior audit organization contact person (auditor) outside of the firm who audits organization's financial record and submit a written report to the management. Exterior auditor differs from internal auditor mainly in two ways: (1) internal auditor mainly focuses on risk management and internal control construction, (2) interior auditor do not form an opinion on organization's financial statements.
Some similarities also there between inner and external auditor:
Both interior and external auditor examines and evaluates many deals.
Both statement if the strategies are poor and ignorance in adhering them.
They both deeply involved in information system and based on discipline and use profession requirements.
Both are worried for event of errors and they are tied with inside control system of group.
Both give formal record of their activities.