Professional Documents
Culture Documents
Audit ProcessAudit Process: How To Successfully Plan Audit
Audit ProcessAudit Process: How To Successfully Plan Audit
Audit ProcessAudit Process: How To Successfully Plan Audit
Plan Audit
Types of Audits
First-Party Audits: These are performed within an organization to measure its
strengths and weaknesses against its own procedures or methods and/or
external standards. Internal audits are first-party audits and are conducted by
auditors who are employed by the company being audited, but have no vested
interest in the audit results of the area(s) being audited.
Second-Party Audits: These are external audits performed on a supplier by a
customer or by a contracted firm (consulting firm) on behalf of a customer.
Third-Party Audits: These are external audit performed on a supplier or
regulated entity by an external participant other than a customer. They are
conducted for recognition or registration purposes are performed either by
Extrinsic Regulatory (FDA, FAA, NRC, USDA) or Registrars (ISO9001, AIB, JCAHCO
).
Do
Check
Act
Improvement
Improving the Audit Program
Identifying needs for continual improvement
Audit Objectives
An audit of a GRC program should have the following objectives:
Evaluate the tone at the top Is it proper and effective in promoting a culture that
is ethical and compliant?
Check if the program provides reasonable assurance of compliance with
organizational policies and all applicable laws and regulations.
Determine if the motivation/incentive/reward system is well planned and structured.
Determine if the GRC program has a robust management framework that is well
documented and has enough resources to carry out its tasks.
Check whether the GRC program has been implemented and if the programs
performance reporting system accurately represented the end results of the
programs efforts.
Conduct a cost-benefit analysis of the GRC program.
Determine whether the program is up-to-date with prevailing industry practices and
is adequate for the size and complexity of the organization.
Include other audit objectives that the board or management has requested.