Internal Audit of a Management System: Role of the Audit Team

An internal audit is a process of verification and/or validation of compliance with an activity according to the plan and stipulated guidelines. The purpose of an audit is to diagnose; identify which activities are carried out as expected/defined or to identify the degree of compliance according to the criteria of the standards in which a company may be certified or in which it intends to be certified in the future

An internal auditor must take charge of several functions. We can distinguish two types of functions within the audit process: prior to the audit and during the audit.

Before the audit is carried out, a plan will be developed, which will document what procedures the auditor will follow to validate that the organization complies with the reference standards. The framework should explain the objectives of the audit, its scope, and its timeline. The audit plan should contain at least the following information:

• Audit objectives.
• Reference documents and criteria.
• Scope.
• Points to be audited
• Places where the audit is carried out.
• Dates, time, and duration of activities.
• Responsibilities and functions of the audit team members.
• Resources used.

In case the audit is carried out by more than one person, the lead auditor will be responsible for coordinating all activities carried out during the Management System audit. The rest of the auditors will be in charge of following the methodology defined by the lead auditor, will verify that the Management System is in line with the requirements established in the reference standards, and will write down the non-conformity findings, communicating them to the auditee.

First, they should communicate with the auditees in order to confirm their availability to carry out the audit. Once the date(s) on which the audit will be carried out is confirmed, a presentation meeting would take place, in which the audit plan, schedule, and objectives would be confirmed.

Subsequently, the audit would take place, analyzing whether the requirements of the reference standard are met based on a sampling of evidence. This sampling will be based on a selection of random evidence, which will allow the auditor to reach conclusions about the degree of compliance with respect to the audited issue. The auditor can gather the information needed through various means such as reviewing previous records, talking to employees themselves, analyzing data extracted from the process, or through direct observation of the process in operation.

Once the process of reviewing and collecting information about the audited process is completed, its results will be presented through a report that will be written in a logical, objective, impartial, and constructive manner, highlighting the deviations found. The facts or situations detected will be described in such a way that observations and/or findings are presented, in accordance with the objectives set out in the audit.

The follow-up of the problems found, as well as the possible suggested improvements, will be vital to ensure the success of the audit carried out and, ultimately, the continuous improvement of the process in question.

For the proper functioning of a company, personnel is needed to act to meet the objectives of an organization; however, it is also important to create a body responsible for verifying compliance with operations (Internal Audit) and the performance of the personnel themselves.

For this reason, the task of surveillance within organizations is becoming increasingly important, given the need to protect organizations from malpractice that could be committed in the administration of the company.

Consequently, if our organization is certified in any ISO standard, the role of internal audit in our organization will become very important. It is important that auditors have certain qualities and technical skills, as well as adequate training. The internal auditor will provide the necessary knowledge to achieve success in the audit through familiarity with the reference standard, knowledge of the organization’s documentation, and a new and impartial perspective on the processes. The auditee will also contribute their experience, contributing to the identification of opportunities for improvement in the system.

Therefore, we could conclude that the main objectives of the internal audit would be three:

• Verify compliance with applicable standards.
• Verify compliance with documented processes and procedures.
• Identify opportunities to improve Management Systems.

At GlobalSuite Solutions we have the GlobalSuite® software that guarantees time and cost savings in carrying out audit work in a collaborative environment with complete monitoring. In addition, we have a team of expert consultants in implementing, auditing, training, advising to certify and accredit all types of companies and organizations in legal compliance and other certifications such as ISO 27001, ISO 14001, ISO 3100, and ISO 22301.