Konyika Nealy, Vice President of QA and Validation, Pilgrim Quality Solutions
As an experienced member of your organization you may at some time be called upon to conduct an internal audit. This is a good thing. Internal audits are intended to preempt issues that can arise during a second or third party audit. This type of peer review though, if not managed correctly, can have negative consequences that undermine its value.
Key Aspects of an Effective Audit Program
Two key aspects of an effective audit program are a clear documented audit policy and adequate training. The organization’s audit policy (or audit committee charter) is the official guidebook for the audit program. The audit policy sets the expectation for the objectives, responsibilities and boundaries of the audit role. This document should state management’s commitment to continuous improvement and risk management through systematic self-inspection.
The audit policy should further set expectations for the function as an independent, unbiased review with the purpose to observe and report to management the state of compliance to the policies, procedures and regulations that govern the organization’s business operations. The authority and protection afforded the auditor by management thus guards against situations where deficiencies may be left purposefully unaddressed in order to avoid conflict with a senior ranking process owner. It must be made clear that the auditor is responsible for assessing compliance alone. Management must then follow up on the findings and correct whatever problems are found in practices or processes that put the company at risk.
The Importance of Training
Training is also critically important. All auditors should have procedural and experiential training in audit techniques. Beyond familiarizing themselves with the industry standards and company SOPs, auditors should review previous audit reports, work flows and department metrics to glean information on potential failure points within the process area. Mock audits or role playing could help trainees develop a solid audit methodology and cultivate a collaborative rather than adversarial attitude.
Once trained, auditors should be evaluated for competency and assigned to an audit team prior to assuming the role of lead auditor. As a team member they could participate in a limited capacity under the guidance of the more experienced lead auditor. Remember, a novice auditor can easily damage the credibility of the program by being uninformed (with respect to how the audited area fits into the strategic goals of the company), inflexible (contrary to belief, there is more than one way to satisfy a requirement), or unrealistic (change requires time and resources). It is therefore necessary to thoughtfully choose and qualify persons for this role.
The Result – Audit Program Evolution
Coupled together, a strong policy statement and substantial training program adds rigor to the audit program. With time it will evolve from a process for solely detecting nonconformities to a platform for acknowledging good practices and recommending process efficiencies. So while in no way is the auditor responsible for correcting any deficiencies themselves, by objectively presenting both the good and bad, the auditor then becomes less of an enemy and more of a partner.
Download our “3 Steps to Internal Audit Success” webinar to learn more.