4 Audit Program Management and Business Applications

4
Audit Program A
Audit Program Management
Management and
Business B
Business and Financial Impact
Applications
01
Senior management support
02
Staffing and resource management
03
Auditor training and development
4A 04
Audit program evaluation
Audit Program 05
Internal audit program management
06
External audit program management
Management 07
Best practices
08
Organizational risk management
09
Management review input
10
Electronic record and computerized
system considerations
Audit Program
❖ Audit program could consist of multiple

locations and multiple management systems.
❖ Audit program is measured and monitored to
ensure that its objectives are achieved.
❖ Competent individuals should be assigned to
implement the audit program.
❖ Management support is the key to the success.
Senior
Management
Support
01
02
03
4A 04
Audit Program 05
06
Management 07
Best practices
08
09
10
Audit Budget
❖ Time value of auditing

❖ Time to plan, conduct and follow up activities
❖ Auditee time (for internal audits)
❖ Cost of work interruptions
❖ Cost of travelling, accommodation and other
arrangements
❖ Auditor training and development
Audit Staffing and

Resource
Management
Audit Budget
❖ Consider risks when outsourcing internal or

external audits to save money.
❖ Full time auditors vs part time auditors
❖ Audit budget will need to be adjusted on a
regular basis depending upon the results of
audits.
Audit Staffing and

Resource
Management
01
02
03
4A 04
Audit Program 05
06
Management 07
Best practices
08
09
10
Auditor Competence
❖ Generic Training – Auditing concepts
❖ Management system and sector specific
training
❖ Training on standards, regulations, legal
requirements, cultural diversity, and facilitation
techniques etc.
❖ Experience – decision making, problem solving,
and communicating
❖ Auditing experience under the guidance of an
experienced auditor. Auditor Training
and Development
Auditor Professional
Development - Considerations
❖ Changes in the needs of the individual and the

organization
❖ Technological changes
❖ Changes in the management system
❖ Changes in sector or disciplines.
Auditor Training
and Development
01
02
03
4A 04
Audit Program 05
06
Management 07
Best practices
08
09
10
Audit Program Objective
❖ Audit program objective needs to be aligned

with the audit client’s strategic direction.
❖ Examples of audit program objectives:
❖ Identifying opportunities for improvement
❖ Evaluate auditee’s (e.g. supplier) capabilities
❖ Compliance to statutory and regulatory requirements
❖ Determine the continuing suitability, adequacy and
effectiveness of the auditee’s management system
Audit Program
Evaluation
Audit Program Evaluation
❖ Audit program manager and the audit client

should review the audit program to assess
whether its objectives have been achieved.
❖ Review lessons learned for the improvement of
the program.
Audit Program
Evaluation
Audit Program Evaluation
❖ Analysis of audit findings: (example)

❖ Top five findings
❖ High risk audit findings
❖ Area with the greatest number of findings
❖ Improvement from last year
❖ Focus areas for the next year
❖ Trends : repair rate, customer complaints, delays and
cost data etc.
❖ Time: to complete the audit, to close the audit non-
conformities
Audit Program
Evaluation
01
02
03
4A 04
Audit Program 05
06
Management 07
Best practices
08
09
10
Internal Audit Program
1. Defining objective of the audit program

2. Developing policies and procedures
3. Audit program schedule
4. Training and selecting auditors
5. Review audit results / Management review
ISO 9001:2015 requirements related to internal

audits Internal Audit
Program
Management
1. Objective
❖ To maintain ISO 9001 or other Management

System certifications
❖ To check compliance with:
❖ Internal work processes
❖ Statutory and regulatory requirements
❖ Customer requirements
Internal Audit
Program
Management
2. Policies and Procedures
❖ Establish policies and procedures for:

❖ Planning audits
❖ Conducting audits
❖ Reporting
❖ Follow-up
❖ Summarizing results
❖ Lessons learned and record retention
❖ Standardize forms and report formats
❖
❖
Audit plan
Agenda
Internal Audit
❖ Audit report Program
❖ NCR and Corrective Action form
Management
3. Audit Program Schedule
❖ Generally an annual audit program schedule is

established.
❖ For audit frequency and scope take into
consideration
❖ the importance of the processes concerned,
❖ changes affecting the organization,
❖ the results of previous audits
❖ Share the audit program schedule with auditee
Internal Audit
Program
Management
4. Auditor Training and
Selection
❖ Internal training vs external training for
auditors
❖ Auditor certifications such as CQA, IRCA or
Exemplar Global (formerly RABQSA)
❖ Select auditors and conduct audits to ensure
objectivity and the impartiality of the audit
process
Internal Audit
Program
Management
5. Review Audit Results
❖ Typically annual analysis of audit results is

done.
❖ Trends in audit results form a part of the
Management Review inputs.
Internal Audit
Program
Management
9.2.2 The organization shall:
❖ a) plan, establish, implement and maintain an audit programme(s) including the
frequency, methods, responsibilities, planning requirements and reporting, which
shall take into consideration the importance of the processes concerned, changes
affecting the organization, and the results of previous audits;
❖ b) define the audit criteria and scope for each audit;
❖ c) select auditors and conduct audits to ensure objectivity and the impartiality of
the audit process;
❖ d) ensure that the results of the audits are reported to relevant management;
❖ e) take appropriate correction and corrective actions without undue delay;
ISO 9001:2015 Requirements Slide 21

01
02
03
4A 04
Audit Program 05
06
Management 07
Best practices
08
09
10
External Audit Program
❖ Defining objective of the audit program

❖ Audit program schedule
❖ ISO 9001:2015 requirements related to
supplier audits
External Audit
Program
Management
1. Objective (Supplier
Audits)
❖ Supplier selection
❖ Supplier monitoring (surveillance)
❖ Supplier development/improvement
External Audit
Program
Management
❖ Procurement department is generally the

Client for supplier audits.
❖ The audit program manager need to work with
procurement to schedule audits.
❖ Audit frequency depends upon the suppliers
past performance and the risk level.
External Audit
Program
Management
Risk Level: High value, high risk good and services

will require more frequent audits.
Typical Performance Parameters:

❖ Cost
❖ Under/over budget, cost savings
❖ Quality
❖ Defect rate, returns, failures, damages
❖ Schedule
❖ On time delivery, shortages
External Audit
❖ Responsiveness
❖ Willingness to change the order details (quantity,
Program
design etc.)
Management
ISO 9001:2015
Requirements
In ISO 9001:2015 Suppliers are called
“External providers”
❖ The organization shall ensure that externally

provided processes, products and services do
not adversely affect the organization’s ability to
consistently deliver conforming products and
services to its customers. (8.4.2)
External Audit
Program
Management
ISO 9001:2015
Requirements
❖ The organization shall determine and apply
criteria for the evaluation, selection,
monitoring of performance, and re-evaluation
of external providers, based on their ability to
provide processes or products and services in
accordance with requirements. (8.4.1)
External Audit
Program
Management
01
02
03
4A 04
Audit Program 05
06
Management 07
Best practices
08
09
10
ISO 19011:2018
❖ The individual managing the audit

program should consider, where
appropriate:
❖ communicating audit results and best
practices to other areas of the organization,
and
❖ the implications for other processes.
Best Practices
Best Practices
❖ Best practices are methods which

produce superior results.
❖ Just complying with the requirements
does not mean that it is a best practice.
❖ Also called: Strengths
❖ Associated with the term
“benchmarking”
Best Practices
01
02
03
4A 04
Audit Program 05
06
Management 07
Best practices
08
09
10
Risk: Definition
❖ Effect of uncertainties on objectives (ISO

31000:2018)
❖ Effect of uncertainty (ISO 9000:2015)
❖ An effect is a deviation from the expected
— positive or negative.
❖ Risk is often expressed in terms of a
combination of the consequences of an
event and the associated likelihood of
occurrence. Organizational
Risk Management
Risk:
❖ Out of 7 principles of auditing in ISO

19011:2018, the last principle is the Risk-
based approach.
❖ Risk-based approach:
❖ an audit approach that considers risks and
opportunities
❖ The risk-based approach should substantively
influence the planning, conducting and
reporting of audits in order to ensure that
audits are focused on matters that are
Organizational
significant for the audit client, and for Risk Management
achieving the audit program objectives.
Risk:
❖ Risk Management and related tools will be

covered in the section 5H of the course.
❖ Focus of this section:
❖ How the audit program affects the
organization's risk level?
❖ How the risk level affects the audit program
(number and frequency of audits)?
❖ Risks associated with the audit program
Organizational
Risk Management
❖ Monitors the key/critical processes to check
How the audit if these are being performed as planned.
program affects ❖ Identifies gaps – Statutory and regulatory
requirements
(reduces) the ❖ Identifies gaps – Customer/contract
organization's requirements
risk level? ❖ Creates the culture of conformance
Organizational Risk Management Slide 36

❖ The extent of an audit program should be
based on the size and nature of the
How the risk auditee, as well as on the nature,
level affects the functionality, complexity, the type of risks
audit program? and opportunities, and the level of maturity
of the management system(s) to be
audited. (Clause 5.1 of ISO 19011)

❖ During planning – Failure to set the audit
objective
❖ Resources – insufficient time or training
Risks associated ❖ Communication – ineffective channels
with the audit ❖ Security and confidentiality failures
program ❖ Ineffective program monitoring
❖ Lack of cooperation from auditee
❖ Not controlling audit costs
(Clause 5.3 of ISO 19011:2018)

01
02
03
4A 04
Audit Program 05
06
Management 07
Best practices
08
09
10
ISO 9001:2015
❖ Top management shall review the

organization’s quality management
system, at planned intervals, to ensure
its continuing suitability, adequacy,
effectiveness and alignment with the
strategic direction of the organization.
(Clause 9.3.1)
Management
Review Input
❖ (Clause 9.3.2) Management Review Inputs
The management review shall be planned and carried out taking into consideration:
a) the status of actions from previous management reviews;
b) changes in external and internal issues that are relevant to the quality management system;
c) information on the performance and effectiveness of the quality management system,
including trends in:
1) customer satisfaction and feedback from relevant interested parties;
2) the extent to which quality objectives have been met;
3) process performance and conformity of products and services;
4) nonconformities and corrective actions;
5) monitoring and measurement results;
6) audit results;
7) the performance of external providers;
d) the adequacy of resources;
e) the effectiveness of actions taken to address risks and opportunities;
f) opportunities for improvement.
Management Review Inputs Slide 41

01
02
03
4A 04
Audit Program 05
06
Management 07
Best practices
08
09
10
Opportunities
Opportunities related to auditing systems that

include electronic records and/or computerized
systems:
❖ The scope of audits can be increased
❖ Auditors can directly access the data in internal audits
❖ Trend analysis can be performed directly by auditors
❖ Auditors can analyze all (or significantly large) data
points rather than taking limited samples
❖ In addition to ad-hoc audit of a process, the Considerations
organization could consider periodic (weekly) or
continuous monitoring of a process. Related to
Electronic Data
Challenges
Challenges related to auditing systems that include

electronic records and/or computerized systems:
❖ Auditors need to enhance their skills related to
electronic records and analytical tools.
❖ Data integrity
❖ Cybersecurity issues and Frauds
Considerations
Related to
Electronic Data
Data Integrity
❖ Data integrity refers to the reliability and

trustworthiness of data throughout its lifecycle.
❖ Techniques to maintain data integrity:
❖ Input Validation
❖ Remove duplicates
❖ Access Control
❖ Maintain audit trail
❖ Backup Data
Considerations
Related to
Electronic Data
Cybersecurity Issues and
Frauds
Most common cybersecurity issue:
❖ Hacking
❖ Ransomware
❖ Denial-of-service attack
❖ Phishing
❖ Social Engineering
Considerations
Related to
Electronic Data
4
Audit Program A
Audit Program Management
Management and
Business B
Business and Financial Impact
Applications
4B 01
Auditing as a management tool
Audit Program 02
Interrelationships of business processes
Management 03
Cost of quality (COQ) principles
Auditing Benefits
Auditing can improve a company’s efficiency and

profitability by helping the management better
understand the working of the organization and by
identifying opportunities of improvement.
Auditing as a
Management Tool
Auditing Benefits
Auditing supports Management by:
❖ Improved internal controls
❖ Reducing possibilities of frauds
❖ Improving processes
❖ Reducing the cost of quality
❖ Meeting customer requirements
❖ Improving customer satisfaction
❖ Managing suppliers
❖ Managing risks Auditing as a
❖ Provides independent view (e.g. of strategic plan
implementation) Management Tool
4B 01
Audit Program 02
Management 03
System vs Process Audit
System
Audit
Process
Audit
Product
Audit
Interrelationship
of Business
Processes
System
A system is a group or combination of things or

parts forming a complex or unitary whole.
❖ Focus on the bigger picture.

❖ Making one process efficient at the cost of
other does not help in achieving the overall
objective.
❖ Examples: Designing product without considering
supplier capabilities, production issues, the price Interrelationship
and field support issues. (see next slide)
of Business
Processes
Field
Designing Purchasing Production Sales
Support
Interrelationship of Business Processes Slide 54

4B 01
Audit Program 02
Management 03
Cost of Poor Quality Slide 56
Cost of Quality
Prevention
Appraisal
Internal
Failure
External
Cost of Quality Slide 57

Prevention Cost
❖ Quality planning
❖ Education and training
❖ Conducting design reviews
❖ Supplier reviews and selection
❖ Quality system audits
❖ Process planning and control
Cost of Quality
Appraisal Cost
❖ Test and inspection (receiving, in-process and

final)
❖ Supplier acceptance sampling
❖ Product Audits
❖ Calibration
Cost of Quality
Internal Failure Cost
❖ In-process scrap and rework

❖ Troubleshooting and repairing
❖ Design changes
❖ Additional inventory required to support poor
process yields and rejected lots
❖ Re-inspection and retest of reworked items
❖ Downgrading
Cost of Quality
External Failure Cost
❖ Sales returns and allowances

❖ Service level agreement penalties
❖ Complaint handling
❖ Field service labor and parts costs incurred due
to warranty obligations
❖ Recall
❖ Legal claims
❖ Lost customers and opportunities
Cost of Quality
Optimum Quality Cost
❖ Initial model assumed that improving

quality beyond a certain level leads to
increased cost.
❖ The later model emphasizes that the
quality improvement leads to cost
reduction.

Audit program’s ❖ Prevention costs
effect on the ❖ Appraisal costs
Cost of Quality ❖ Internal failure costs
❖ External failure costs

4 Audit Program Management and Business Applications

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

4 Audit Program Management and Business Applications

Uploaded by

Copyright:

Available Formats

4

❖ Audit program could consist of multiple

❖ Time value of auditing

Audit Staffing and

❖ Consider risks when outsourcing internal or

Audit Staffing and

❖ Changes in the needs of the individual and the

❖ Audit program objective needs to be aligned

❖ Audit program manager and the audit client

❖ Analysis of audit findings: (example)

1. Defining objective of the audit program

ISO 9001:2015 requirements related to internal

❖ To maintain ISO 9001 or other Management

❖ Establish policies and procedures for:

❖ Generally an annual audit program schedule is

❖ Typically annual analysis of audit results is

ISO 9001:2015 Requirements Slide 21

❖ Defining objective of the audit program

❖ Procurement department is generally the

Risk Level: High value, high risk good and services

Typical Performance Parameters:

❖ The organization shall ensure that externally

❖ The individual managing the audit

❖ Best practices are methods which

❖ Effect of uncertainties on objectives (ISO

❖ Out of 7 principles of auditing in ISO

❖ Risk Management and related tools will be

Organizational Risk Management Slide 36

Organizational Risk Management Slide 37

(Clause 5.3 of ISO 19011:2018)

Organizational Risk Management Slide 38

❖ Top management shall review the

Management Review Inputs Slide 41

Opportunities related to auditing systems that

Challenges related to auditing systems that include

❖ Data integrity refers to the reliability and

Auditing can improve a company’s efficiency and

A system is a group or combination of things or

❖ Focus on the bigger picture.

Interrelationship of Business Processes Slide 54

Cost of Quality Slide 57

❖ Test and inspection (receiving, in-process and

❖ In-process scrap and rework

❖ Sales returns and allowances

❖ Initial model assumed that improving

Cost of Quality Slide 62

Cost of Quality Slide 63

You might also like