News
Internal Auditing Best Practices
 |
|
Prasanth Ramakrishnan, Accreditation Officer for IAS, responds to some commonly asked questions that arise before, during and after an internal audit, and offers some thoughts on industry best practices for success. |
It’s commonly understood that an internal audit is an effective tool to monitor an organization’s Quality Management System (QMS). Typically, these audits include the evaluation of technical and quality systems.
Following are some commonly asked questions that arise before, during and after an internal audit as well as some thoughts on industry best practices for success.
Q: What are the requirements for an internal audit?
Ramakrishnan: The requirements for an internal audit are based on the quality policy, procedures and the standards under which the organization operates. Several standards exist internationally. Some are generic and some are specifically tailored to address the requirements of a specific industry. Compliance with the quality policy, procedures and, more importantly, the international standards, provides recognition to the organization in corporate circles.
Q: Who should perform the audit?
Ramakrishnan: The personnel performing internal audits must be appropriately qualified. Namely, the audit team must be trained and operate independent of the functions to be audited. They must also be knowledgeable in the standards, criteria and guidelines used for the audit; be free of internal and/or external pressures; avoid conflicts of interest; and understand the need for confidentiality. It is important that all parties sign a confidentiality agreement prior to performing the internal audit.
Q: How frequently must internal audits be performed?
Ramakrishnan: Audits can be performed as often as necessary depending on various aspects: 1) nature of business involved; 2) complexity of the operations involved; and/or 3) level of quality standards in the organization. IAS recommends that an organization perform an internal audit at least once a year.
It’s also worth noting that just performing an internal audit is not sufficient. An organization must review any non-conformances resulting from the audit with the management and staff, and take appropriate action to correct them.
Q: What is the best way to resolve a non-conformance?
Ramakrishnan:
Step 1: Conduct a root cause analysis and analyze the potential causes for the occurrence.
Step 2: Brainstorm the possible corrective actions and their effects on the quality system.
Step 3: Select appropriate corrective action.
Step 4: Assign the appropriate personnel to implement the corrective action.
Step 5: Follow-up after implementation of corrective action; measuring its effectiveness is critical to maintaining an effective quality system.
Q: Is periodic monitoring after an internal audit necessary?
Ramakrishnan: Yes, periodic monitoring is necessary. It is important to keep the non-conformances from recurring. “Cost of quality” should be kept low and focus should be on “return on investment”.
Effective monitoring techniques require that an organization define the appropriate metrics as applicable to the operations involved and strategic business goals. Then, measure the metrics against the target values and perform a gap analysis to visualize the offset from the target objectives.
If you have any questions about internal audit processes, techniques or industry best practices, contact Prasanth Ramakrishnan.