The Internal Auditing Pocket Guide: Preparing, Performing, Reporting and Follow-up

By J.P. Russell

This best-seller prepares auditors to conduct internal audits against quality, environmental, safety, and other audit criteria. This handy pocket guide covers all the steps necessary to complete an internal audit, from assignment to follow-up. New and updated chapters reflect new techniques to address vague requirements, more illustrations and examples, ISO 19011 thinking, and verification of auditee follow-up actions. This condensed, easy-to-read book is a valuable resource and great tool for training others on how to perform an internal audit. It is appropriate for those who have no prior knowledge of audit principles or techniques.

• Language: English
• Publisher: ASQ Quality Press
• Release date: Oct 2, 2006
• ISBN: 9781953079886

Book preview

The Internal Auditing Pocket Guide

Preparing, Performing, Reporting, and Follow-Up

Second Edition

J.P. Russell

ASQ Quality Press

Milwaukee, Wisconsin

American Society for Quality, Quality Press, Milwaukee 53203

© 2007 by J.P. Russell

All rights reserved. Published 2007

Library of Congress Cataloging-in-Publication Data

Russell, J. P. (James P.), 1945– 

The internal auditing pocket guide : preparing, performing, reporting, and follow-up/J.P. Russell.—2nd ed.

p. cm.

Includes bibliographical references and index.

ISBN 978-0-87389-710-5 (soft cover : alk. paper)

1. Auditing, Internal. I. Title.

HF5668.25.R877 2007

657'.458—dc22 2007004699

ISBN: 978-0-87389-710-5

No part of this book may be reproduced in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of the publisher.

Publisher: William A. Tony

Acquisitions Editor: Matt T. Meinholz

Project Editor: Paul O’Mara

Production Administrator: Randall Benson

ASQ Mission: The American Society for Quality advances individual, organizational, and community excellence worldwide through learning, quality improvement, and knowledge exchange.

Attention Bookstores, Wholesalers, Schools, and Corporations: ASQ Quality Press books, videotapes, audiotapes, and software are available at quantity discounts with bulk purchases for business, educational, or instructional use. For information, please contact ASQ Quality Press at 800-248-1946, or write to ASQ Quality Press, P.O. Box 3005, Milwaukee, WI 53201-3005.

To place orders or to request a free copy of the ASQ Quality Press Publications Catalog, including ASQ membership information, call 800-248-1946. Visit our Web site at www.asq.org or http://qualitypress.asq.org.

Quality Press

Call toll free 800-248-1946

Fax 414-272-1734

www.asq.org

http://qualitypress.asq.org

http://standardsgroup.asq.org

E-mail: authors@asq.org

600 N. Plankinton Avenue

Milwaukee, Wisconsin 53203

Table of Contents

Chapter 1: Welcome to Auditing

Chapter 2: Getting the Assignment

Chapter 3: Audit Process Inputs (Purpose and Scope)

Chapter 4: Preparing for the Audit

Chapter 5: Identifying Requirements and Planning

Chapter 6: Desk Audit and Audit Strategies

Chapter 7: Beginning the Audit

Chapter 8: Data Collection

Chapter 9: Techniques to Improve Effectiveness and Address Vague Requirements

Chapter 10: Analyzing the Results

Chapter 11: Reporting

Chapter 12: Audit Follow-Up, Corrective Action, and Closure

Appendix A: Example Audit Plan

Appendix B: Example Work Order

Appendix C: Example Meeting Agenda and Record

Appendix D: Example Interview Schedule

Appendix E: Example Checklist Page

Appendix F: Audit Time Considerations

Appendix G: Example Notification Letter

Appendix H: Popular Performance Standards

Appendix I: Example Audit Nonconformities

Appendix J: Auditor Code of Conduct

Appendix K: Example Corrective/Preventive Action Request

Appendix L: Corrective Action Checklist

Appendix M: 20 Basic Audit Principles

Glossary

References

Chapter 1

Welcome to Auditing

The Internal Auditing Pocket Guide prepares those new to auditing to conduct internal audits against quality, environmental, safety, and other specified criteria. You may be learning the basic auditing conventions to qualify as an internal auditor or for self-improvement. In either case, both you and your organization will benefit from your new skills. Your organization will benefit because you will be a more effective auditor and you will benefit because you will gain knowledge and learn new skills. Not only will you be learning new skills in auditing, you can also use these skills in other job responsibilities, be able to link requirements to your job, and improve your everyday communication skills by practicing interviewing techniques. After you learn the basics of internal auditing, you may seek more advanced study to qualify as an ASQ Certified Quality Auditor (CQA). The scope of work for an internal auditor assignment can vary from simple verification of compliance to identification of performance-improvement opportunities. Your organization has objectives that the internal audit program can help achieve.

An audit is some type of formal independent examination of products, services, work processes, departments, or organizations. Conducting an audit is a process, work practice, or service. Some organizations prefer the word evaluation, survey, review, or assessment instead of the word audit. I will use the word audit when I reference the process because it is universally accepted and, to experts, it means a certain type of investigation or examination as described in this guidebook.

The audit process steps (Figure 1.1) are to:

• Identify plans (what people are supposed to do)

• Make observations (what people are actually doing)

• Evaluate the facts collected (sort the evidence)

• Report the results (conformance or noncompliance)

• Follow up (ensure that problems are corrected)

Figure 1.1 The audit process.

© 2006 J.P. Russell.

No matter what name is used for the audit process, auditors are entrusted with confidential information. Auditors must be ethical in their dealings with the organizations they audit as well as with the general public. People have various feelings about auditors that may include fear as well as respect, but there is also a sense that auditors hold a public trust of honesty and conduct their affairs in an ethical manner. When this public trust is broken (for example, in the Arthur Anderson–Enron case) the public is outraged. At the time of the Enron incident, Arthur Anderson was one of the top five accounting firms in the United States and now, because of the misconduct of a few auditors, they are out of business.

From time to time throughout this guide I will highlight one of the 20 Basic Audit Principles to emphasize its importance. All 20 audit principles are listed in Appendix M. The first audit principle concerns the public trust.

Audit Principle

Use knowledge and skills for the advancement of public welfare.

Terminology

This chapter is about the terminology of auditing to help you communicate effectively. Your organization may have its own names for things that are different from standard audit terms or even different from the dictionary. If the terminology in the text starts to get confusing, consider starting your own cross-reference showing the word you are familiar with compared to the more generic terminology. You can start with the examples shown in Table 1.1.

Table 1.1 Example terminology cross-reference table.

Controls to Examine

An audit is a process of investigating and examining evidence to determine whether agreed-upon requirements are being met. An effective audit depends on how information is gathered, analyzed, and reported. The results may verify conformance or indicate noncompliance with rules, standards, or regulations. A quality audit is linked to quality requirements, environmental audits to environmental requirements, financial audits to financial statements, and safety audits to safety rules and regulations. One of the things that makes an audit different from an inspection is that individuals performing an audit must be able to do so impartially and objectively. This means that the person performing the audit must be independent of or have no vested interest in the area being audited. The level of independence necessary to ensure impartiality and objectivity will vary by industry, type of organization, risks involved, and organizational culture.

Internal and External Audits

All audits are either internal audits or external audits. Figure 1.2 shows how audits are classified as first (internal), second (external), and third (external) party.

Figure 1.2 Audit classifications.

Think of your organization as the circle in the figure. Internal or first-party audits are conducted inside the circle. You must go outside the circle to conduct external or second-party audits (audit your suppliers).

On the right-hand side of the figure is an area designated for third-party audits. Third-party audits are independent of the customer–supplier relationship. Third-party audits may result in certification, license, or approval of a product, process, or