home / Mobile transfers / An example of internal audit in an enterprise. Auditing. Types and purpose of the audit
17.01.2022

An example of internal audit in an enterprise. Auditing. Types and purpose of the audit

The standard is intended to organize the planning and conduct of internal audits (inspections) at the enterprise and serves as a guide for their participants.

The standard was developed by the BUSK service.

During its development, the requirements of ISO / TS 16949 section 8.2.2 "Internal audits" were taken into account.

  1. Foreword
  2. Introduction
  3. Application area
  4. Normative references
  5. Terms and Definitions
  6. Designations and abbreviations
  7. General provisions
  8. Check objects
  9. Planning for internal audits
  10. The procedure for conducting, formalizing the results of audits and taking corrective actions
  • Annex A (mandatory) Internal Audit Checklist Form
  • Annex B (mandatory) Requirements for the qualifications, experience and personal qualities of auditors.
  • Annex B (mandatory) Form of the annual schedule of internal audits
  • Annex D (recommended) Form of the audit program
  • Appendix E (mandatory) Internal audit report form
  • Annex E (mandatory) Form of the internal audit log
  • Annex G (mandatory) Action plan form
  • Signatures
  • Reference list
  • Change Registration Sheet

INTRODUCTION

The Quality Management System of an enterprise must comply with:

  • ISO/TS 16949 requirements,
  • requirements for the QMS developed by the enterprise itself,
  • planned activities.

In order to confirm that the Quality Management System has been effectively implemented and maintained in working order, internal audits are carried out at the enterprise.

The main organizational principles of internal audit are:

  • The principle of uniformity: Each audit is carried out according to the established procedure, which ensures its orderliness, unambiguity and comparability.
  • The principle of consistency: Planning and conducting an audit for various processes and activities is carried out taking into account their established structural relationship in the management system;
  • Documentation principle: The conduct of each audit is documented in a certain way in order to ensure the safety and comparability of information about the actual state of the audited object.
  • Precautionary principle: Each audit is planned, and the personnel of the audited process or individual unit are notified in advance of the goals, object, criteria, time and methods of conducting an audit in order to provide the necessary level of confidence in the auditors and to exclude the possibility of personnel avoiding the presentation and demonstration of all required data.
  • The principle of regularity: Audits are carried out at regular intervals so that the management system is subject to constant review by the management of the organization.
  • The principle of openness: The results of each audit should be made public in order to ensure "transparency of the system" for its users, consumers and external auditors.

The purpose of this standard is to establish the main provisions regarding the development of a procedure for conducting internal audits.

1 area of ​​use

This standard regulates the procedure for conducting internal audits (inspections) in the organization's divisions.

This standard serves as a guide for specialists who carry out internal audits (inspections), and is mandatory for all structural divisions of the enterprise.

2 Normative references

  • Quality Management System.
  • ISO/TS Specific requirements for the application of ISO 9001:2008
  • STP Enterprise Standard. Quality Management System. Organization of control of technological discipline in production.
  • Enterprise standard. Quality Management System. Testing control. Periodic and type tests of products and their components. Organization of the holding and evaluation of the results.
  • organization standard. Quality Management System. Personnel training and development system.
  • Instruction. Quality Management System. Management responsibility. Analysis of the QMS by the Management
  • Instruction. Quality Management System. Nonconformity management. History of problem solving.

3 Terms and definitions

The following terms and definitions are used in this enterprise standard:

  • Audit (verification)— a systematic, independent and documented process for obtaining audit evidence (inspection) and its objective evaluation in order to establish the degree to which the agreed audit (inspection) criteria are met.
  • Auditor- a person with competence to conduct an audit (inspection)
  • Audit Team- one or more auditors conducting an audit (inspection), with the support of technical experts.

Note: One member of the audit team is appointed as the audit team leader.

  • Conclusion— audit output provided by the audit (review) team based on the results of the audit after considering the audit objectives and all observations.
  • Major discrepancy- the presence of any of the following options:

absence or complete non-compliance of the QMS with the established requirements. Several minor nonconformities for one requirement may be considered together as a major nonconformity;

any non-compliance that could result in the shipment of non-conforming products. A condition that could cause failure or significantly reduce the usefulness of a product or service for its intended use;

nonconformity that actually or potentially causes the quality system to fail or significantly reduce its ability to control processes and product quality.

  • Audit Criteria— A set of policies, procedures, or requirements.
  • Competence- a pronounced ability to apply their knowledge and skills.
  • Corrective action— The action taken to eliminate the cause of a detected nonconformity or other undesirable situation.

Note: There may be several reasons for the discrepancy. Corrective action is taken to prevent the reoccurrence of the event, while preventive action is taken to prevent the occurrence of the event.

  • Correction— The action taken to correct a detected nonconformity.

Note: Correction may be carried out in combination with corrective action. The correction may include, for example, reshaping or degrading.

  • Minor discrepancy— is a nonconformity to specified requirements that is unlikely to be realistically or documented to cause: a failure of the quality system, or — a reduction in its ability to provide process control or lead to the likely shipment of nonconforming product.

It can be:

  1. or a deficiency in some part of the documentation of the quality system,
  2. or one or more observed cases of non-compliance with the requirements of the enterprise's quality management system.
  • Audit Observations— the results of evaluating the collected audit evidence against the audit criteria (audit observations may indicate compliance or non-compliance with audit criteria or opportunities for improvement).
  • Mismatch- non-compliance with the requirement.
  • Preventive action— Action taken to eliminate the cause of a potential nonconformity or other undesirable situation.
  • Audit Program- a description of the activities and agreements for the audit.
  • Products is the result of the process.
  • Process- a set of interrelated and interacting activities that transforms inputs into outputs. The inputs to a process are usually the outputs of other processes. Processes in an organization are typically planned and executed under controlled conditions to add value.
  • Procedure— the established way in which an activity or process is carried out.
  • Audit evidence— Records, statements of fact or other information related to the audit criteria and which can be verified. Audit (inspection) evidence can be qualitative or quantitative.
  • Quality Management System— a management system for directing and controlling an organization with regard to quality.
  • technical expert— a person with specialized knowledge and skills who provides them to the audit team.

Note: Specialized knowledge and skills are related to the organization, processes and activities being audited. The technical expert is not an auditor in the audit team.

4 Symbols and abbreviations

  • BUSK– Quality System Management Bureau
  • MS- outline drawing
  • IIL– measuring and testing laboratories
  • KD- design documentation
  • LVK— incoming control laboratory
  • MS ISO- ISO international standard
  • JSC- public corporation
  • Ogmeter— department of the chief metrologist
  • OTK— department of technical control
  • PSI— acceptance tests
  • QMS- Quality Management System
  • STP— enterprise standard
  • THAT— technical conditions

5 General provisions

5.1 Internal audits (checks) allow you to solve the following tasks:

  • confirmation of the compliance of activities and their results in the QMS with the established requirements;
  • analysis and elimination of the causes of identified nonconformities;
  • confirmation that corrective actions have been taken;
  • evaluation of the effectiveness of a functioning quality system;
  • determining the degree of understanding by the staff of the goals, objectives and requirements established by the QMS documents;
  • identifying ways to further improve the QMS;
  • assessment of opportunities in relation to the quality of production processes;
  • assessment of product quality characteristics and confirmation of their compliance;
  • confirmation of the relevance and compliance with the requirements of the ND.

5.2 Internal audits (checks) are carried out at scheduled intervals in all work shifts. The purpose of the audits is to establish that the QMS of the enterprise complies with:

  • the requirements of ISO/TS 16949;
  • QMS requirements developed by the enterprise itself or established by consumers;
  • planned activities.

5.3 Internal audits (checks) are carried out:

  • in accordance with the schedule (scheduled inspection);
  • at the direction of the management of the enterprise (unscheduled inspection);
  • based on consumer requirements.

5.4 Conduct the following types of audits:

  • Audit of the system Management system Evaluation of the completeness and effectiveness of the quality of fulfillment of basic requirements
  • Process audit Creation process Evaluation of product/serial quality capabilities for special production of products/groups of products and their manufacturing processes
  • Assessment of quality characteristics

5.5 Internal audits are conducted using Checklists (Appendix A).

5.6 The person responsible for the functioning of the procedure "Internal audits" is the Representative of the management in the QMS.

Representative of the management in the QMS:

  • determines the special staff of the enterprise capable of carrying out internal audits;
  • organizes, together with the Directorate for Personnel, training of personnel in the field of methods and organization of internal audits and training;
  • manages the selection of inspection objects, development of the inspection schedule;
  • organizes the analysis of the results of inspections and informing the management of the enterprise about them.

5.7 Specialists are trained in accordance with STO on the basics of internal audit.

5.8 The Register of internal auditors and specialists involved in internal audits is compiled annually. The register is approved by the Management Representative in the JMC and updated as necessary.

The form of the Register and the list of requirements for qualifications, experience and personal qualities of auditors are given in Appendix 5.

5.9 When conducting an internal audit (inspection), the head of the audit team is appointed. The functions and powers of the head of the audit team are given in Appendix B.

6 Objects of internal audit

6.1 The objects of internal audits (checks) are:

  • Quality Management System;
  • manufacturing process;
  • products.

6.2 Audit of the System is focused on the system as a whole; during its implementation, processes, procedures, and QMS requirements are assessed.

The purpose of system audits is to assess the precise implementation of established QMS procedures and to identify areas for improvement.

6.3 Audit of production processes is focused on the technological processes of manufacturing products. During its implementation, specific production processes are checked to determine their effectiveness (compliance with established requirements).

These audits are carried out according to the annual schedule by technologists of HSE and KTS of workshops and employees of the quality service.

6.4 Product audit focuses on the product itself. It is carried out on serial products during periodic tests in measuring and testing laboratories.

Periodic testing is scheduled annually. During the audit of products, their compliance with established requirements is checked, including geometric dimensions, functionality, packaging and labeling.

6.5 Audit principles

The audit is based on the following principles, which provide information that is used to improve existing performance:

6.5.1 Ethical behavior is the foundation of professionalism.

When conducting an audit, interested parties must be prudent, take responsibility for their actions and perform their duties honestly, incorruptibly, keeping the information obtained in the course of work confidential. In the case when the audited activity is of a confidential nature, the auditor should have permission to participate in this work.

6.5.2 Impartiality - the obligation to present truthful and accurate reports;

Audit findings, audit opinions and records should truthfully and accurately reflect the work performed. Unresolved conflicts between the audit team and the audited unit, uncertainties and/or any obstacles encountered during the audit that may reduce the reliability of the audit conclusions are indicated in the audit report.

6.5.3 Due diligence is diligence and the ability to make the right decisions when conducting an audit.

The selection of the audit team is carried out in such a way that the auditors have all the necessary knowledge and have the appropriate skills to conduct a particular audit. If all the knowledge and skills necessary for conducting an audit are not fully provided by the auditors, then the missing knowledge can be filled by the involvement of technical experts.

6.5.4 Independence is the basis for the impartiality and objectivity of the audit conclusions.

Auditors should not be interested in the results of the audit and should state the facts objectively and impartially. The selection of audit teams is carried out in such a way that their members do not audit their own activities and are independent of those responsible for conducting the audited activities.

6.5.5 An evidence-based approach is the basis for reaching reliable and reproducible audit conclusions in a systematic audit process.

Due to the fact that the audit is carried out in a limited period of time and with limited resources, the audit evidence is based on samples of the information analyzed, therefore, the auditor must have statistical thinking skills in order to be able to present the seen picture as a whole, and then evaluate it and provide an opinion. based on the results of the audit.

7 Planning for internal audits

7.1 The draft schedule for conducting internal audits (inspections) is developed by the head of the BUSK in the form of Appendix B.

7.2 When forming the schedule, the factors set out in sections 5.2, 6.2-6.4, proposals received by BUSK before December 1 from interested parties, and data on inconsistencies in products, processes and QMS, including those established by the results of previous inspections, are taken into account. Be sure to take into account the number of work shifts in the enterprise. At the same time, each QMS process is subject to verification at least once a year.

Unscheduled internal audits (inspections) are entered in free columns indicating the date and reason for the conduct.

7.3 The schedule for conducting internal audits is agreed with the Representative of the Management and approved by the General Director of the enterprise no later than December 25 of the current year for the coming year.

7.4 Managers of processes (services, divisions) are notified of the timing of scheduled internal audits in accordance with the approved schedule by e-mail and telephone three days before the audit. Along with the notification, checklists with control questions are transmitted.

7.5 There may be a deviation in the objects of checks associated with the need to conduct unscheduled audits. They are carried out in cases of deviations, mass production of defective products, changes in the manufacturing technology of products, development of new products, significant changes in the organizational structure of the enterprise management.

Upon receipt of proposals, requirements from; Consumers, the decision to conduct an unscheduled audit is made by the General Director on the proposal of the Consumer's Representative and is issued by order for the enterprise.

In this case, notification of an unscheduled audit is carried out similarly to clause 7.4.

7.6 Based on the schedule of internal audits, if necessary, draw up an audit program.

The audit program (Appendix D) contains: the time of the audit, the distribution of responsibilities among the members of the audit team, the audit schedule, the list of objects and elements of the audit.

The need to draw up an audit program depends on its scope and is determined by the head of the audit team.

It is possible that the information listed above should be indicated directly in the checklists.

8.2 Comments on scheme 1.

Checklists (Checklists) are compiled taking into account the specifics of the audit. When compiling, the List “Quality Management System. Internal audits. List of checklists used in internal audits”. The control questions of the checklists are entered in the Journal of internal audits (Appendix E) columns 1,3‚4,5,6,7,8.

The need for an audit program depends on its scope (for example, the audit is carried out in several departments).

During the inspection of the object:

  • The head of the audited unit is obliged to ensure the conduct of the audit and provide all the necessary information, determine the responsible employees of the unit to work with auditors.
  • The auditor must examine the audited object, get acquainted with the actual state of affairs, study the documentation, check the relevance and compliance with the requirements of the RD, references to which are given in the documentation under study, talk with the employees of the audited unit in order to be able to draw reasonable conclusions. In the Journal, Appendix E is filled in column 9.10.

At each internal audit in the unit, the auditor must ask questions regarding the general requirements for the QMS to employees whose scope of activity is subject to internal audit:

  • Are employees familiar with the plant's quality policy?
  • Do employees know which QMS processes they participate in, who is the process owner and process manager?
  • Do employees know what QMS documentation has been developed at the plant?

During the audit, the implementation of measures developed based on the results of the previous audit is checked.

Discussion of the results of the audit is carried out jointly with the Head and representatives of the audited unit. The head of the audit team reports and explains the results of the audit, which will be included in the report.

The final report is drawn up in the form of Appendix D within three days from the end of the audit. When summing up the results of the audit, the yes/no method (OK/NOK) is used. To formulate a conclusion on the report, the following gradation of assessment is applied:

“unsatisfactory”, “satisfactory”, “corresponds, improvement is possible”.

If one significant discrepancy is revealed during the audit, the general conclusion is made - “unsatisfactory”, and the timing of an unscheduled audit is determined.

If one or more minor nonconformities were identified during the audit, the overall conclusion is “satisfactory”.

If no discrepancies were found during the audit, a general conclusion is made - “corresponds” or “corresponds”, an improvement is possible in the report, the implementation / non-compliance of the previous audit activities is noted, they are also indicated whether they are repeated or not.

BUSK registers a report in the journal (Appendix E column 2). The report is sent to the head of the audited unit, the Representative of the Management (Director for Quality) and the representative of the Quality Control Department of the shop (during the audit of the production unit).

Heads of other departments related to the elimination of inconsistencies identified during the audit receive information in the water of e-mails marked “based on the results of the internal audit

The report with the attached documents (checklists, action plans, audit program, etc. records) are stored in BUSK for three years.

Based on the results of the audit, the head of the audited unit analyzes the causes of inconsistencies with filling out forms 5

Develops an Action Plan (Appendix G) to eliminate the identified nonconformities and their causes, indicating the timing and responsibility, agrees and submits the Action Plan and analysis forms 5 why to BUSK.

BUSK transfers activities to the electronic Journal (Appendix E columns 11,12,1З,14)‚ monitors implementation (column 15). Evidence of completion (column 17) is provided by those responsible for the implementation of activities.

The auditor evaluates the effectiveness of the measures during the next audit (column 16).

Based on the results of the development of corrective actions, the audit manager decides on the need to extend corrective actions to other processes / departments, if the identified discrepancy can also be detected during the functioning of these processes / departments. Columns 18.19.20 of the Journal are filled. Information is sent to the heads of these processes / departments in the form of e-mails, with the mark “following the results of internal audit

If necessary, the events are put on the electronic plant-wide accounting "Card for recording events". Evaluation of performance occurs monthly while supervising the passage of these cards.

If the discrepancy is not eliminated, BUSK informs the Representative of the Management for a decision.

The head of the audited facility must give a written explanation of the reasons for not eliminating the non-compliance and agree on the postponed deadline for elimination with the Representative of the Management.

8.3. Based on the results of audits, the head of BUSK provides information:

  • 1 time per month to the Quality Director for a report at the factory Quality Dnepropetrovsk;
  • 1 time per year to the General Director for the analysis of the QMS of the enterprise

Audit checklist, form

APPENDIX B

(mandatory)

Requirements for qualifications, experience and personal qualities of auditors
Qualification (knowledge):
  • the presence of higher or secondary specialized education;
  • knowledge of fundamental regulatory documents (including lSO / TS 16949-2009);
  • knowledge of enterprise QMS documentation;
  • special knowledge of the technique of preparing and conducting audits;
  • knowledge of statistical methods of quality management;
  • knowledge of the principles of functioning of the organization (size, structure, functions);
  • basic knowledge of production processes and products (terminology, requirements, critical characteristics).
Experience:
  • At least 1 year experience in the company;
  • ability to work with documents;
  • participation in at least two internal audits conducted by specialists admitted to work (during the first year of the implementation of the QMS, it is allowed to participate in audits of auditors without practical experience in audits).
Personal qualities:
  • ability to listen to the interlocutor, sociability;
  • objectivity and realism;
  • ability to think analytically and flexibly;
  • commitment to quality improvement;
  • the ability to express one's thoughts orally and in writing;
  • tact, loyalty;
  • non-disclosure of confidential information obtained during internal audits
Functions and powers of the Audit Team Leader
Functions:
  • formation of the composition of the audit team and organization of its work;
  • establishing and explaining the object and objectives of the audit to auditors and the management of the audited unit;
  • presentation of the group to the management of the audited unit;
  • resolving disputes at their level and presenting unresolved disputes to a management representative;
  • preparation of reporting documents based on the results of the audit;
  • control over the implementation of corrective actions;
  • checking the effectiveness of corrective actions;
  • holding a final meeting;
  • transfer (distribution) of documents on internal audit;
  • storage and maintenance of audit documentation until delivery to BUSK.
Powers:
  • receive all the information necessary for the audit;
  • make decisions on the organization of the audit and evaluation of its results;
  • monitor the implementation of corrective actions;
  • appoint an additional audit to verify the effectiveness of corrective actions to eliminate deviations identified during the audit.

The success of the company, the level of its profitability, the quality of its assets largely depend on the presence of a management system in the company. An important and necessary element of the management system is the day-to-day internal control. One form of such control is internal audit.

Documents regulating internal audit

The activity within the organization of special employees, aimed primarily at monitoring various aspects of the company's activities in order to provide further complete and reliable information to the management bodies (general meeting of participants, board of directors, executive body) based on the results of control, is the essence of the internal audit activity.

There are no documents strictly regulating the audit at the enterprise. However, it is necessary to focus on the following prescriptive documents. First of all, the activities of internal auditors, the order of work, goals and objectives are described in the international standards of internal auditors, as well as in national auditing standards. In addition, it is necessary to focus on the Federal Law of December 30, 2008 No. 307-FZ “On Auditing Activities”. The peculiarity of this procedure is that the procedure for its organization, verification processes, methodology should be determined by the regulations of the organization itself. It is the internal regulation that will determine the specific objectives of the audit for a particular company. Personal intra-company standards for internal auditing can be detailed and differ greatly from the rules of generally accepted standards, but should not contradict them.

Principles of internal audit

The main principles of internal audit include:

  • consistency;
  • objectivity;
  • independence;
  • open and complete documentation;
  • courtesy.

Let's take a closer look at these principles. Consistency involves the organization and conduct of internal audit in a comprehensive and systematic manner throughout the company. The principle of objectivity means that the requirements of internal audit are the same and apply to all departments of the organization without exception. The principle of independence of the internal auditor means, first of all, the exclusion of a conflict of interest when he makes a decision regarding the conclusions within the framework of his activities. The Internal Auditor is an independent position. The principle of independence is closely related to the principle of objectivity. Only an independent internal auditor can draw objective conclusions about the state of affairs within the company. The openness of internal audit implies that the information received by the auditor during the audit is not hidden from the management bodies and is fully provided to them for analysis and management decision-making. Documentation means that each revealed fact of violation or remark must be supported by documents. Well, the principle of precaution means that the auditor must offer ways and methods to eliminate identified violations.

Advantages and disadvantages of internal audit

The advantages of internal audit can clearly be attributed to:

  • the possibility of conducting an audit of all internal control systems of the organization in a continuous mode;
  • the possibility of a deeper and more detailed immersion of the auditor into the problems and essence of the audited areas, since he works within the organization and knows all the weaknesses and strengths.

Disadvantages of internal audit include:

  • the principle of independence of the internal auditor can always be called into question, since in any case he is an employee of the company;
  • a one-time external audit can be cheaper than the ongoing cost of hiring an internal auditor.

The internal audit of the company is capable of identifying shortcomings and assessing the overall performance of the company. The functions and types of internal audit may vary depending on the size of the company, its type of activity, but they are all aimed at one thing - reducing the risks of activities and increasing the efficiency of a particular organization.

The need for internal audits has already become commonplace for medium and large organizations. Smaller companies don't always audit because of their smaller workflows, but some of them could benefit from such an audit. Read about improving the process of conducting, planning and preparing it in this article. Here you will also find information on the conduct of internal audit in the enterprise on an example.

Program and schedule of internal audit

Planning an inspection is one of the very important stages of preparation. At this time, it is necessary to evaluate the total amount of work, determine the schedule and timing of the audit, draw up a control program, select an appropriate methodology and first identify the most disadvantaged units. Also at the planning stage, it is desirable to try to take into account potential external factors of influence.

The internal audit program is drawn up together with the plan. Most often, the program has a personalized form that takes into account the most important aspects that are subject to control in a particular company. This document describes all the nuances of the auditor's activities and includes the following items:

  1. The main purpose of the internal audit.
  2. Application area.
  3. Definitions and abbreviations.
  4. Information about additional documents.
  5. List of responsible for the application.
  6. Description of the audit process.
  7. Schedule and frequency of control checks.
  8. Preparation of a detailed audit plan.
  9. Preparation of necessary documents.
  10. Sequence of information collection.
  11. Nuances of preparation of the final reporting.

Order on internal audit (sample)

Internal audit order - 1

Internal audit order - 2

When an internal audit is carried out by a third-party company, an agreement must be added to the order. Only on the basis of this document is it possible to sign an agreement on conducting VA.

The rules and procedure for conducting internal audit are described below.

Conducting an internal audit of the QMS in order to comply with ISO 9001 is shown in this video:

Rules

There are certain international and Russian standards for conducting internal audit. At the same time, it is not prohibited by law to develop your own intra-company IA rules. The bulk of federal standards relate to the activities of third-party auditors, regulating their work to ensure the quality of services provided.

At the same time, internal audit standards created by a particular company cannot contradict federal and international rules. Regardless of the level of rules, they are all divided into several blocks. Of these, 3 are required:

  1. Block #1 reflects the nuances of the organizational and economic activities of auditors.
  2. Block #2 indicates the responsibility of the auditors, the methods of obtaining control evidence and the procedure for drawing conclusions.
  3. Block #3 contains rules for the choice of methods, documentation, work instructions.

It is important to understand that in order to obtain reliable data from the results of the audit, it is necessary to have an audit structure with clear rules. Only systematized activity according to certain standards is capable of demonstrating a clear result.

step by step

At first glance, conducting an internal audit is quite simple. This procedure includes only 3 steps:

  1. Preliminary preparation.
  2. Collection of audit evidence.
  3. Formulation of test results.

Often these stages are called so: preparatory, working and final. The abolition or neglect of any of the stages deprives internal listening of any meaning.

  • At the preparation stage, it is necessary to plan and collect the necessary data, documents and various information about the object of control.
  • The working stage involves the direct application of the selected control methods, the conduct of tests, the search for evidence and the documentation of the activities carried out.
  • At the final stage, the results of the audit are summed up, the analysis of the conducted audit is performed and the preparation of documentation is completed.

Implementation Results

  • All IA results must be documented for further study. Most often, documents mean either its smaller forms. It indicates not only information about the detected shortcomings, but also the proposed ways to eliminate them. Also, the results of the internal audit necessarily reflect potential ways to improve the efficiency of work processes.
  • In addition to the preparation of reports and other audit documentation, one more procedure is necessary. It is important to clarify in advance the criteria for the effectiveness of the work of inspectors and, upon completion of the internal audit, to analyze the quality of the control carried out.
  • Often such criteria are compliance with the stated time limits for verification, the presence of complete and intelligible comments on all the points studied, and an indication of potential problems in the future. It is also necessary to analyze the activities of auditors for compliance with the regulations of inspections and the correct use of various control methods. Another criterion is the availability, completeness and timeliness of the provision of documentation on the audit.

When conducting an internal audit, a large role is given to its preparation (and do not forget about it!). Without a properly conducted preparatory part, the quality work of the inspectors is impossible. There is no single audit system, each company independently combines control methods, so it is worth paying special attention to the preparation, the audit itself, and the analysis of performance.

Conducting an internal audit of the management system is described in this video:

In order for an organization to function normally, three major processes must take place in it: accounting, analysis and audit. In the framework of the article, we will consider the meaning of the terminology of the last definition.

Definition 1

Audit or audits- this is a type of work in which company documents are checked to identify inconsistencies or deliberate misrepresentation of information. That is, audits include not only accounting, but also other activities. They are carried out either by the tax service or state bodies.

There are two types of audit:

  • external;
  • interior.

Let's stop with you on the internal type of activity.

The essence of internal audit

Every country in the world is different. Each country has its own models of work of various activity structures. For example, the internal audit of the Russian model differs significantly from the Western one. Today, this process in Russia includes two directions:

  • audit, or total control (responsible for checking the integrity of assets, efficiency of use, for identifying and eliminating debts / shortfalls);
  • internal audit (ensures the authenticity of the accounting report, minimum taxation, the integrity of the company's assets. These functions are similar to the failure of external audit tasks, which undoubtedly reduces the effectiveness of internal audit functions. But with the rapid development of the economy, Russian auditors are beginning to focus on the goals and objectives of internal audit used by Western auditors, so internal audit covers the functions of all enterprise systems).

Of the two types of audits, auditors single out more internal for the main method of receiving. Since it is reliable, and the methods and opportunities that open up help organizations avoid bankruptcy. The importance of this issue is increasing every year. After all, it is no coincidence that many books have been created on the study of this problem. Here is an example of the recommendation of Beijing Toyens, who argued for the need to systematically maintain internal audit:

Quote 1

“Just as a person needs regular medical check-ups to maintain their health, the internal audit service needs to evaluate its performance.”

The book also talks about the role of internal audit and fraud detection:

Quote 2

“Fraud, whether relating to financial reporting or misappropriation of assets, should be the focus of any internal audit function.”

In Russia, for the purpose of control and reliability, a system of bodies has been formed:

  • audit commission (is an elector. Composition: auditors for periodic review. They are responsible for checking the existence and integrity of assets and liabilities);
  • supervisory board (electoral body. Performs the functions of management, management audit, that is, exercises control);
  • internal audit service;
  • departments and services that control within the department (important: control in this case is carried out in the form of self-control of the subject. It cannot be carried out by other departments, for example, double entry is an element of self-control).

Organizational forms of internal control are due to:

  • problem solving;
  • the nature of the addiction;
  • different organization of work.
Conclusion 1

Internal audit is an independent assessment of all areas of the organization's activities, which gives confidence in the control system of reliability and efficiency.

What are the objectives of an internal audit?

The objectives of the audit have already been written above, but we repeat: assistance in effective control over the activities of the entire organization, including its various divisions.

In order to achieve the goals, it is necessary to take into account:

  • regulation of internal audit. It should not be normatively regulated by Russian law, but this does not mean exceptions to the rules;
  • lack of understanding of the subject's managers about the significance of goals, objectives, methods of internal audit;
  • understanding that internal audit is a continuation of external audit;
  • convergence, for example with consulting.

What are the benefits of internal audits?

The practice of using internal audits is common, but the practical significance in enterprises is different. Positive sides:

  • assistance of auditors to managers. This practice greatly facilitates the work of managers in terms of the effectiveness of the performance of duties. It also gives confidence in the rational use of assets to achieve goals and objectives;
  • a deep check of the monetary and investment aspects of the activity of the subject and its divisions;
  • identification and compilation of ways to improve production efficiency, determine the priority aspects of the enterprise;
  • control over costs and increase profits;
  • management consulting;
  • warning, monitoring the quality of performance of control functions of managers, specialists, accounting workers, etc., who perform self-control;
  • experience and qualification of internal auditors in order to reduce the cost of statutory audit;
  • the use of tax internal audit, speaks of the authenticity and correct functioning of the tax, the application of benefits, the preparation of correspondence, taking into account the compliance of accounting and tax accounting;
  • the internal audit department receives its own assessments of the organization's activities;
  • and etc.

Tasks and functions of internal audits

In order to expand the objectives of the audit, it is necessary to take into account the data of the audits already carried out, for example, adjusting the frequency of internal audits and providing it with resources. Tasks: completeness, reliability, rating tracking; methods of managing credit, operational and other audits, tracking the expenditure of funds, analyzing the report of monetary and management activities, evaluating contracts. Most importantly: identifying possible external and internal risks in the development and implementation of new projects. Systematizing everything that has been said about tasks, we can highlight the functions:

  • coordination;
  • consulting;
  • controlling;
  • evaluating;
  • analytical;
  • warning;
  • informational.

The quality of the functioning of internal audits is affected by:

  • inaccurate reports;
  • unreliability of the revealed signs of bankruptcy;
  • violation of the rules of accounting and tax accounting;
  • violation of the law that regulates certain areas of the organization's activities;
  • creditors' claims are not satisfied.

If you notice a mistake in the text, please highlight it and press Ctrl+Enter

The concept of internal audit has already firmly entered the activities of many companies, although there are still organizations that do not use control in their activities. They limit themselves to a formal audit, without thinking about how effective the systematic work of internal auditors can be.

What is internal audit

Let's first understand the difference between external and internal audit. Under internal audit, it is customary to understand control activities organized at a specific economic entity, carried out in the interests of the owner and regulated by its documents. In fact, IA is a kind of control method that allows you to check and analyze the activities of individual management processes and departments of the company.

The main goal of IA is to ensure the efficient operation of the company. This includes identifying gaps and suggestions for correcting errors, as well as monitoring the correct functioning of individual work processes and departments of the organization.

About the state internal financial control and internal financial audit, labor protection audit at the enterprise, improvement of the QMS at the defense industry enterprise and other types of audits, read below.

Internal audit and internal control system are described in this video:

Different kinds

Depending on the tasks to be solved, internal audit can be of different types. Such checks can be carried out all at the enterprise or limited to only one variety.

The following types are often distinguished:

  1. Functional control of control systems.
  2. Organizational and technical audit of the operation of management systems.
  3. Control check of types of activity.
  4. Audit for compliance with mandatory regulations.
  5. Checking officials for compliance with the expediency of their activities.

These types of controls are optional activities.

There is another type - its implementation is imputed to all organizations without exception at the legislative level. This is a financial audit that checks the activities of the accounting department and all aspects related to the movement of funds.

We will talk about the need to organize an internal personnel (or other type) audit at the enterprise below.

Main functions

Depending on the specific tasks of the organized audit, its functions may also differ. The most commonly defined VA functions are:

  • Monitoring, verification and analysis of accounting systems. Study of financial documentation, its classification and evaluation
  • Study of laws and changes in regulations to verify their compliance, as well as the analysis of instructions, orders and other internal company documentation for compliance
  • Evaluation of the effectiveness and verification of the mechanisms for the quality of work of individual links and divisions of the organization
  • Checking the condition and safety of the company's property, assessing the availability of everything necessary for efficient operation, checking the quality of software and its functionality
  • Development and provision of recommendations for the elimination of identified errors and shortcomings. General analysis of activities and its verification for compliance with the company's strategy.

Internal audit is able to take various forms necessary for a particular company. Sometimes this changes both the tasks and functions of the reviewers. Basically, these are various control, information, analytical and consulting functions of various directions. In particular cases, the function of VA can even be to control the activities of one employee or a small work process.

Regulatory regulation

  • The activities of internal auditors are defined by international (MSVA) and national standards (FSAD). On the territory of the Russian Federation, Law No. 307-FZ “On Auditing Activities” is in force, which considers the main aspects of the work of inspectors.
  • Also, auditors must adhere to other laws. The following documents are relevant to their work - Federal Law No. 115 of 08/07/01 "On counteracting the legalization (laundering) of proceeds from crime and the financing of terrorism", Federal Law No. 273 of 12/25/08 "On combating corruption". Also in the field of financial audit, there is another document - the "Code of Ethics for Professional Accountants".
  • In addition, the development and implementation of personal intra-company standards is allowed. They can be detailed and very different from federal and international rules, but they should not contradict them.

Conducting an internal audit is the topic of the following video:

Objects and subjects

  • Under object internal audit is understood as an administrative link, a specific work process or an integral element of the activity that has undergone control. The choice of an object is always based on the purpose and type of audit, therefore, it can relate to any area of ​​the company's activities.
  • Subjects IAs are specialists providing control activities. The quality of control directly depends on their level of competence, therefore, even in small enterprises, the work of only one auditor is usually formed, and not organized.

The Internal Audit Service consists of direct subjects and their head. The branching structure of the IA service depends on the size and number of activities. For many effective organizations, IAS activities are indispensable, thanks to its well-coordinated work, shortcomings are regularly identified and effective ways of doing work are proposed, which significantly increases overall efficiency.

Now we will learn how to conduct an internal audit in an enterprise, and the details with examples of such a procedure.

Conducting an audit

The organization and conduct of internal audit always begins with the order of the management. Often, VA is planned and is carried out at a certain time. Conducting a control check always has 3 stages:

  1. Preliminary.
  2. Worker.
  3. Final.

These stages cannot be changed - the exclusion or neglect of one of them deprives internal audit of the opportunity to achieve its goal. Each stage solves its own tasks, they cannot be included in another item or abolished.

At the preliminary stage, all preparatory work is carried out (including). Terms are determined, documents are said and control methods are selected. Further, the audit is carried out directly according to the selected methods. After its implementation, it is necessary to sum up, analyze the results obtained, and perform other final operations.

Important information

Not everyone has yet appreciated the positive effect of systematic internal audits of various types. The state has obliged organizations to carry out control only in the field of financial activities, but does not force inspections in other areas of the company's work. The presence of regular internal audits significantly increases the efficiency of work processes, which is why more and more companies are trying to organize IAS.

Audit is indeed a powerful link in the correction of the activities of all work processes. He is able to identify shortcomings and evaluate the overall strategy of the company. Its functions and types are different, but they are all aimed at one thing - increasing the efficiency of a particular organization.

The video below will tell about internal audit and the ICS system (IAAP):

Popular
Categories

2022
mamipizza.ru - Banks. Contributions and deposits. Money transfers. Loans and taxes. money and state