management consulting  

Management Auditing

management consulting
spanish change language
Consultants in management and strategic planning
   
management consulting home
management consulting our firm
management consulting services
  management consulting management services
  management consulting strategic planning
  management consulting business
  management consulting marketing & sales
  management consulting organization & processes
  management consulting consulting
management consulting   contact
     

 

 

 

 

 

 

 

 

 

 

 

 auditing

The most successful management auditing projects are those in which the client and Internal Audit have a constructive working relationship.

Our objective is to have your continued involvement at every stage, so that you, our client, understand what we are doing and why.

Your involvement is critical at each stage of the audit process. As in any special project, an audit results in a certain amount of time being diverted from your unit's usual routine. One of our key objectives is to minimize this time and avoid disrupting your ongoing activities.

Our Management Auditing Process:

Although every audit project is unique, the audit process is similar for most engagements and normally consists of four stages:

  • Preliminary Review

During the preliminary review portion of the audit, we notify you of the audit, discuss the scope and objectives of the examination in a formal meeting with your organization's management, gather information on your important processes, evaluate existing controls, and plan the remaining audit steps.

  • Fieldwork

The fieldwork concentrates on transaction testing and informal communications. It is during this phase that the auditor determines whether the controls identified during the preliminary review are operating properly and in the manner described by the client. The fieldwork stage concludes with a list of significant findings from which the auditor will prepare a draft of the audit report.

  • Audit Report

Our principal product is the final report in which we express our opinions, present the audit findings, and discuss recommendations for improvements. To facilitate communication and ensure that the recommendations presented in the final report are practical, Internal Audit discusses the rough draft with the client prior to issuing the final report.

  • Follow-up Review.

Within approximately one year of the final report, Internal Audit will perform a follow-up review to verify the resolution of the report findings.

A result-oriented audit can provide the impetus for positive change.

Three basic evaluation methods exist for any work activity:

  • Inspection
  • Compliance
  • Auditing - Management Auditing

The first method, inspection, measures a process's output against certain characteristics. These characteristics, generally identified as form, fit and function, are specified, and the process output either possesses those characteristics or it doesn't. As a result, an inspection's outcome is always binary: pass or fail.

In contrast, compliance audits check on the implementation of written manuals, procedures and work instructions. The compliance audit evolved in the 20th century as business practices became more complex. The first use of compliance auditing appeared in financial transactions, because tax collectors and bank examiners needed assurance that the financial data were correct. Compliance audits are still used in high-risk activities, where there is a desire to verify that the activities are being performed in strict compliance to approved requirements. Third-party registration audits, regulatory inspections and most supplier audits measure compliance. The application of a compliance audit results in stability and assurance that rules are being followed.

The management auditing is a more recent concept. It focuses on results, evaluating the effectiveness and suitability of controls by challenging underlying rules, procedures and methods. Management audits, which are generally performed internally, are compliance audits plus cause-and-effect analysis. When performed correctly, they are potentially the most useful of the evaluation methods, because they result in change.

Audits provides information. All affected parties need to know if product, process and system controls are present and being applied, and obviously it doesn't hurt to know whether these controls actually work. An auditor evaluates the controls against requirements and produces a report. If controls are present and working, all parties' confidence in the process is increased. If controls are missing or not working, then resources can be applied to fix the problems.

Auditors serve three customers: the auditee, the client and the organization. Auditees' primary goal may be to simply pass the audit, but auditees trying to derive the most benefit from the audit will also want to know whether the organization is functioning effectively. In this case, an auditor's outside perspective can be quite valuable. The client (the person who commissions the audit), in contrast to the auditee, is accountable for the auditors' actions and reports. Committees cannot generally perform this function; an audit boss should schedule the audits and make assignments. Finally, auditors must serve the organization's needs.

Business values are important and the auditors can assist by determining whether the enterprise is actually achieving its goals.

Our Auditors must be able to carry out their assignments in an impartial and objective fashion. This means that they cannot have a vested interest in the activity being audited. If they developed the rules, they cannot impartially evaluate the effectiveness and application of those rules. Although an auditor can never be totally independent of the auditee, some separation must be maintained. It's fine to audit within your group, but you can't audit your own job.

In addition to knowing how to conduct an audit, auditors must be familiar with the technical processes being examined. Finally, auditors need to be able to communicate well, both orally and in writing.

Auditors are not allowed to make up the rules they must audit against performance standards that are already in place and accepted by the auditee. The highest level of requirements includes corporate policies, management system standards and regulatory requirements. Usually originating from outside the auditee's organization, these requirements establish the goals and objectives to be achieved. National and international standards, such as QS-9000 and ISO 9001, fall into this highest category. Next comes the local approach, often called a quality manual or quality plan, for implementing these high-level requirements. It gives the framework for achieving the concepts and should be fairly compact. This document is then followed by a number of process-specific procedures.

One of an auditor's challenges is to obtain and become familiar with the many levels of requirements forming the basis for the audit.

Auditing is fact-based; conclusions are drawn from the data. Facts can be good (a requirement was met) or bad (a requirement wasn't met), but no judgment or opinion should taint them. These facts, also known as objective evidence, can come from five sources. They can be physical properties, such as flow rates and dimensions; sensory-derived input from seeing, hearing, smelling or tasting; documents or records; information drawn from interviews with auditee staff members; or patterns such as percentages or ratios. Auditors use checklists and other tools to determine the facts to be gathered, and then they perform the fieldwork to gather these facts.

The output of the audit process, be it a management or compliance audit, will be our final auditing report. To prepare this report, our auditors must take all of the positive and negative facts and make some sense of the data. In other words, the auditor must analyze the data.

The first step is to list all of the positive and negative observations, then sort those data into controls or problem areas. Generally, there will be a large number of negative observations associated with just a few control items. This natural chunking of the data allows our auditors to see the patterns, rather than the individual events. For a compliance audit, these patterns are then reported as either conformities or nonconformities.

Management auditing require some additional work. Our auditor needs to identify the pain associated with those groups of bad facts. It's important to identify business problems, such as scrap, rework and overtime, as pain. Then the auditors combines the missing control (the system error that's causing the problems and the business pain into one statement, called a finding. The finding will reveal cause-and-effect patterns occurring within processes.

By associating the negative facts with missing or weak controls, the auditors rises to the system level of analysis. This has lasting value, because the system affects the process, which affects the product or service.

By focusing on results, the management auditing can determine whether those plans and approaches are any good. If they aren't, the developers and users are compelled to improve their methods because they can see the adverse consequences of not doing so.

When employees and managers begin to see our audits as opportunities to improve, they begin to see auditors not as individuals outside the company but as productive members of the organization.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

contact
Can we help you?
   
© Vimay Group - All rights reserved - Legal Notice Privacy Policy