Internal audit of an organization’s management system is a complex process that requires a lot of effort from employees. Based on the results of internal audits, managers receive information about the strengths and weaknesses of the organization’s MS (Management Systems) and about the possibilities of improving the system, processes and services [1].
Internal audit is a first party audit performed by the organization for its own needs [3]. We distinguish the following types of internal audits:
-Adequacy audit(documentation review);
the documents are compared against the requirements of the standard.
Benefits:
- allows the auditor to get acquainted with the MS in the organization,
- enables better planning of the compliance audit and determines the probability of its success.
-Compliance or implementation audit;
assessment of the extent to which the system is understandable, implemented and followed by the employees of the organization.
– Vertical (product) process audit;
assessment of the process related to the production of a specific product (service). It may also concern the assessment of a specific project (undertaking).
– Horizontal audit;
assessment of compliance with the selected requirement, e.g. supervision over the documentation of the management system in the entire enterprise.
The purpose of internal audits is to find and solve problems, identify and use the potential for standardization and implementation of improvements. Internal audit is one of the main tools for the effective functioning of the MS, the key to its successful development into a spiral of continuous improvement [2].
After the implementation of the management system, the management of the organization should be interested in how it functions, where there are inconsistencies in the system and assess its effectiveness. Master data at specified intervals are to be communicated to the management by the quality management officer for system analysis and evaluation, such data includes information on: quality policy and objectives; structure and degree of implementation of the system; product and / or service quality; the state of production processes; the results of the economic analysis. Summarizing the above-mentioned data, the management decides to introduce changes and / or improve the quality management system.
Internal audit is necessary to conclude that all the required elements of the MS: are established, implemented and functioning, meet the requirements of the standards, are effective in achieving the goals. Carrying out audits of the MS is a very responsible activity. The purpose of conducting internal audits of the management system is to confirm that:
- The management system complies with the planned activities, the requirements of a specific standard, eg ISO 9001, ISO 14001, ISO / IEC 27001, ISO 37001 and internal regulatory documents.
- MS is implemented, operates efficiently and maintained.
In addition to achieving these goals, internal audits enable the identification of areas and opportunities for improving the system, verifying the implementation of corrective actions based on the results of internal audits and more, and verification of the system effectiveness analysis by senior management. [1]
The audit methodology should be performance-driven and continuous improvement. One of the main tasks of internal audit is to identify the causes of non-conformities or inconsistencies in the system, and as WE Deming [2] claimed, 96% of problems are due to an incorrect management system and only 4% are due to errors by contractors. If you penalize all contractors’ non-conformities or problems, we will never know 96% of the causes of the problems.
The effectiveness of internal audits is very important due to the high responsibility and role of the auditor in the organization. The following factors influencing the effectiveness of internal audits were distinguished: affiliation to the public or private sector, quality of audit services according to international standards, professionalism of the audit team (experience, training, certificates, professional qualifications), independence in performing the audit, the possibility of personal development and career of an auditor, the level of support in auditing work by the management board of the organization.
The effectiveness of an audit is closely related to several features:
- regularity – an audit is not a one-time action, it must be organized cyclically, min. once a year. The results of previous audits should be taken into account, areas more prone to non-compliance should be audited more often;
- independence (we do not audit our own work) the auditor cannot be audited;
- documentation – records of planning the preparation and conduct of the audit should be kept;
- focusing on audit evidence – we have to collect evidence, i.e. confirmations in the form of: documents, forms, interviews, methods of performing activities – answering the questions whether the activities in the audited area comply with the audit criterion.
Internal audits can be carried out by external companies, which will allow you to be completely impartial and / or help teach selected personnel of the organization to audit.
IKMJ has many years of experience in conducting first party (internal) audits and second party audits, please contact us.
Sources used:
- Czerwiński K .: Internal Audit – Second Edition, Extended Edition, InfoAudit Publishing House, Warsaw 2005
- Robert Karaszewski – Modern Concepts of Quality Management, Publishing House of the Scientific Society of Organization and Management House of the Organizer, Toruń 2009
- PN-EN ISO 19011: 2018 – 08: Guidelines for auditing management systems, Polish version, PKN