“Audit is a systematic, independent, and documented assessment to determine whether agreed upon requirements are being met and will continue to be met”. In the present article we shall be able to understand the Basics of audits and Key Roles of participants while performing/facing an audit. Audits are considered an integral part of an organization success.

As explained above there, are three intrinsic and fundamental requirements of transparent audits:

  1. Systematic
  2. Independent
  3. Well documented

In addition to the above, the other requirements are:

  1. Confidentiality
  2. Integrity
  3. Objectivity
  4. Planned

The scope of an audit can be as extensive as including the entire organization, or a site including associated functions and organizations or can be limited to a specific function, or an unit operation, product etc.

Audits are generally categorized in to three types:

  • First party Audits (Internal): This is also known as internal audits and being performed within organization to have an assessment on its own procedural controls, methods, and systems. Internal audits can be done voluntarily or as a part of regulatory requirements. Many regulatory agencies worldwide emphasize on having an internal independent and transparent system of self-inspection. Although principally Internal audit and self-inspection are considered as synonyms, however, there is a basic difference w.r.t. selection of the audit team. Read more about the difference in our article Self-Inspection – Expressway to Compliance.
  • Second party Audits (External): Second party audits are usually external audits performed on a supplier (to an organization) and by a customer (On organization- Their suppliers). These audits conducted against the criteria of documented contracts agreed between both parties to deliver certain standard of products. These audits are generally more formal as the outcome directly impact the financial and purchase relations between organization and suppliers/customers.
  • Third party audits (External): In this category of audit, there is no relation between customer and suppliers i.e. they are independent of customer-supplier relationship. These audits are being performed by authorities/organization which are independent and free of any conflict of interest. For example, audit of organization by government bodies, registration/accreditation bodies, licensing bodies, independent freelance auditors etc. to ensure organizations are meeting certain set of standards to operate which ensure public safety.

 

The audits can be sub-categorized into various other types depending upon the objective and scope of the audit viz.:

  1. Product/service audits: The product or service audits are more related to the auditing of products being manufactured and services being provided by any manufacturer. The audits are concerned w.r.t. the compliance of products and services to assess their level of compliance with the specifications, performance standards and customer requirements.
  2. Process audits: The audits of the processes being employed by manufacturer to assess whether they are meeting all the predefined Critical Process parameters (CPPs) and are able to deliver the Critical Quality Attributes (CQAs). The process audit includes assessment of resources available for carrying out a process viz. material, machine, manpower or instructions (SOPs, flowcharts, STPs etc.) or all the other related factors impacting the process.
  3. System audits: System audits are the assessment of the overall systems existing in a firm viz. Quality Management System, Safety Systems etc. The systems available in the firm shall be able to meet the desired objectives as set by the management in their policies and the resources available shall be adequate to meet the desired requirements.

In order to understand the insights of audit process, knowing about terminologies plays very important role. Generally, audit process involves key participants such as Client, Auditor (Includes lead auditor) and Auditee.

  1. Client: Client is usually an organization/person/committee who request and arrange for the audit.
  2. Auditor: Personnel who take part to plan and perform an audit. Auditing organization also employs auditors to carry out audits (Internal/External audits)
  3. Auditee: Its simply the organization to be audited.

To understand relationship between above three terminologies by an example, Let’s say internal audit is being planned within organization, then client is the top management who is requesting an audit, auditors are set of internal qualified people who need to perform audit (Not in their job role to avoid conflict of interest) and Auditee is the respective function/department/area which is to be audited for assessment of deficiencies and scope of improvements.

Responsibilities of Client during audits:

  • As a very first step, Client determines purpose and need for an audit. Client also need to determine the scope to keep the audit in specified focused frame.
  • Client determine source of auditors and hence decide which auditing firm to be employed. In case of internal audits, auditors from own organization can be used and if required support from external organization can be sought. However, in this case assessment is limited to internal audit and using external organization does not mean it is a second or third-party audit.
  • Client identifies lead auditor. In certain cases, audit program manager take responsibility to identify lead auditor in consultation with client.
  • Generally, attend opening and closing meetings to make sure overall audit objectives are met. Also, it receives the outcome in the form of an audit report.
  • Plan budget required to carry out audits.
  • Keep right for distribution of audit report to defined and required stake holders.
  • Ensure the follow up actions are planned (if required) after successful completion of audit.

 Responsibilities of Auditor during audits:

  • It is very important for auditor to act within the scope of audit criteria being audited against.
  • Proactive preparation such as planning, collection of requisite data and information.
  • Perform audits unbiased and shall remain free of any conflict of interest.
  • Collect evidence to determine organization state of compliance against set standards.
  • Fill checklists if applicable to record areas investigated/audited.
  • Conduct opening and closing meetings.
  • Perform under the guidance and plan of lead auditor.
  • Gather information/evidence to write formal report.
  • If any conflict of interest arises before or during audit, it needs to be communicated to lead auditor/ management of auditing organization.
  • Maintain confidentiality.
  • Lead auditor shall manage audit, communicate with client and auditee representatives about the detailed plan.
  • Lead auditor shall ensure that the audit team is capable to perform the required roles and have enough resources. It shall direct the team towards the successful outcome of an audit. Lead auditor shall resolve any conflict or conflict of interest or any activity which shall impact overall outcome of the audit.
  • Lead auditor shall compile final report with inputs of the team.
  • Team shall maintain professionalism and ethics.

Responsibilities of Auditee during audits:

  • Auditee shall support and coordinate with auditing team to provide the required information in a transparent manner.
  • It shall define and communicate the finalized audit scope within the organization.
  • Auditee shall maintain professionalism and moral ethics.
  • Shall attend opening and closing meeting with auditors. Shall provide privacy and area to auditing team in case required.
  • Provide the authorization to access areas comes under scope of audit.
  • Shall receive final report and provide adequate response.
  • In case of non-conformances, take necessary corrective and preventive action.

 

Guest Author:

Mr. Davender Pal Singh,

Senior Manager,

Quality Assurance and Validations,

NOVUGEN, Malaysia