What is an internal audit?
Internal auditing is a way of evaluating the compliance of a business process with the objective of improving it. In addition to verifying the need for changes in the organization’s processes, the audit is necessary to verify the adequacy of processes to standards, legislation or even internal regulations. In addition, internal auditing is a normative requirement of ISO standards. In other words, it is a process that must be performed periodically by companies that seek certification. The standard does not establish a periodicity, which usually occurs according to the needs of each company, but ideally it should be carried out at least annually.
Who does the internal audit?
Internal audits can be carried out by both internal employees and external bodies, such as management systems consultants. That decision rests with the organization. Therefore, it is good practice that the internal audit is carried out by impartial auditors who are aware of the standard, legislation or regiment to be audited.
In this article, we will talk about good practices for conducting the Internal Audit and control system reviews in Dubai, summarizing in 04 steps:
- Planning – Audit Plan;
- Preparation – Audit Schedule;
- Execution – Process Evaluation;
- Closing and follow up – Preparation and Presentation of the Final Audit Report.
Step 1 (Planning):
The actions taken prior to the performance of the audit are decisive for the success of the activities. Planning begins with the development of a plan that will guide the execution of the audit. This plan should present all activities on a timeline, in addition to the scope, with processes or departments that will be audited.
At this stage, all related documentation, such as management system policies or procedures, and a preliminary list of people who will be interviewed should also be identified.
Step 2 (Preparation):
At this point, the auditors should know a little more about the company’s management system, analysing the documentation in depth, as well as the company to be audited and its processes. It is suggested that a preliminary report be prepared regarding the evaluated documentation, and a schedule should be forwarded to the organization for approval, with the names of the auditors, processes that each auditor will verify, curricula, and expected dates for carrying out the audit of each process. .
Step 3 (Execution):
The execution of the audits must be carried out formally through the collection of information, which will determine whether the processes in question are following the normative items or not, as well as the established standards and procedures.
At this stage, the auditor should interview people, asking questions and taking note of the findings. It is at this point that “conformities”, opportunities for improvement, and non-conformities (if identified) will be recorded. That is, all situations that occurred in disagreement with the normative items, laws, processes and standardized procedures must be recorded.
Step 4 (Closing):
After completing the audit, the team of auditors must meet to review all data generated, opportunities for improvement and non-conformities. This information should compose the “Final Auditors in Dubai”.
This report is an important input for strategic meetings held by leaders. It helps to evaluate the results and define how to implement the improvement actions suggested by the audit team. It is also suggestive that the team of auditors help the company with an “Action Plan” for the notes and non-conformities identified.