Download presentation
Presentation is loading. Please wait.
Published byAlannah Casey Modified over 5 years ago
1
Audit Principles Kevin Alder Agenda 8.2 ET-WISC-DC2019
12-15 March 2019, Beijing
2
Why Audit? Audit is a core part of managing business processes undertaken by organisations. It closes the loop on planned activities that are undertaken by organisations. The audit is an independent check that what has been planned is being done. The audit provides findings upon which the organisation can take action to improve the performance of the system
3
AUDITING PRINCIPLES These auditing principles are based upon
ISO 19011:2011 Integrity Fair presentation Due Professional Care Confidentiality Independence Evidence-based Risk-based Prudence with gifts and any other services or benefits which may make you feeling liable They are differences between countries! In some countries you can “buy” a certificate (some cases in India for ex. – examples of tee boxes or ISO TS certificate in hotel) Demonstrate competence with a certificate (not mandatory, but better appreciated)
4
AUDITING PRINCIPLES 1. Integrity
Perform work with honesty, diligence and responsibility Observe and comply with legal requirements Demonstrate competence Be impartial and sensitive to any influence on judgement Prudence with gifts and any other services or benefits which may make you feeling liable They are differences between countries! In some countries you can “buy” a certificate (some cases in India for ex. – examples of tee boxes or ISO TS certificate in hotel) Demonstrate competence with a certificate (not mandatory, but better appreciated)
5
AUDITING PRINCIPLES 2. Fair presentation
Report truthfully and accurately Communicate objectively, timely, clearly and completely Respect the auditees: In time keeping – if extension is needed, ask for permission In note taking – look to the auditees, listen (2 auditors/team are recommended approaches) Open communication with emphasis on listening and understanding Accept if the auditees propose another contact person to interview Don’t focus on finding non conformities; confirming a conformity status is also a potential audit outcome (and even more courage is needed)
6
AUDITING PRINCIPLES 3. Due professional care
Apply diligence and judgement Deserve confidence placed in you Make reasoned judgements in all audit situations Explain to the auditees the process in an opening meeting (again), even if they know; and stick to the process Make efforts for understanding – the auditees has to answer and explain, but the auditor has to understand before making any judgement Stick to the audit criteria, auditing standard ( ISO 9001, ISO or other), don’t ask more
7
AUDITING PRINCIPLES 4. Confidentiality
Exercise with discretion and ensure security of information Don’t use audit information outside of the given auditing activity Give back to the auditees all collected information / documentation during the audit
8
AUDITING PRINCIPLES 5. Independence
Ensure impartiality and objectivity of audit conclusions Be independent of the activity being audited Avoid conflict of interest Base audit findings only on the audit evidence Report on audit: Accurately With useful details for the reader On time! Independence from the auditing activity (some flexibility “wherever practicable”; small companies)
9
AUDITING PRINCIPLES 6. Evidence-based approach
Use rational methods for reaching conclusions Conclude reliably and reproducibly (verifiably) Use systematic audit process Use appropriate sampling Audit techniques: Be prepared for the audit! Questioning and listening Asking for examples No exhaustive checking! (be clear on that with the auditees in the opening meeting) Collect evidence! Take notes on evidence
10
AUDITING PRINCIPLES 7. Risk based approach Part of ISO 19011:2018
Using ICT evidence to facilitate audit process Emphasis on professional judgement Risk based thinking is now incorporated to all management system standards (as ex. ISO 9001, ISO 27001) 3 types of actions – corrective, preventative, detective. Whn you start to thinkabout risks, you can then take action before an incident occurs. (preventative) If you have no risk-awareness, you generally fix problems when tey occur – corrective acations In an organisation with very mature risk based thinking, you would expect to see detective actions, where leading indicators are used to take action
11
Thank you Merci
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.