What are the 5 stages of an audit?

Many companies see the required process for Internal Audit as a form of necessary evil that they need to endure in order to maintain ISO 9001 registration. At best, they think it is a duplicate effort of the registrar, not realizing that the Internal Audit can be much more effective because it looks at the processes more often and more thoroughly than the registrar has time for. At worst, the Internal Auditors are seen as some sort of internal police force that it is best to protect yourself against by hiding essential data or outright misleading with false information.

Steps in ISO 9001 Internal Audit

1) Planning the Audit Schedule 2) Planning the Process Audit 3) Conducting the Audit 4) Reporting on the Audit

5) Follow-up on Issues or Improvements Found

Steps in the internal audit

In fact, as a process owner, the ISO 9001 Internal Audit process can be the best way to have an outside set of eyes take a close look at your process. They can help identify areas for improvement, or possibly complacency, which can help your process to run better, faster or more efficiently. Below are five main steps that explain how to conduct an internal audit according to ISO 9001, and how they can best be used to focus the internal process owners on improvement of those processes.

3) Conducting the Audit. An audit should start with a meeting of the process owner to make sure that the audit plan is complete and ready. Then there are many avenues for the auditor to gather information during the audit: reviewing records, talking to employees, analyzing key process data or even observing the process in action. The focus of this activity is to gather evidence that the process is functioning as planned in the QMS, and is effective in producing the required results. One of the most valuable things that an auditor can do for a process owner is not only to identify areas that do not have evidence that they are functioning properly, but also to point out areas of a process that may function better if changes are made.

4) Reporting on the Audit. A closing meeting with the process owner is a necessity to ensure that the flow of information is not delayed. The process owner will want to know if there are any areas of weakness that need to be addressed, but will also be interested in knowing if any areas exist that might be improved. This should be followed with a written record as soon as possible to provide the information in a more permanent format to enable follow-up of the information. By identifying not only the non-conforming areas of the process, but also the positive areas and potential improvement areas, the process owner will get a better value from the Internal Audit, which will allow for process improvements.

5) Follow-up on Issues or Improvements Found. As with many areas of the standard, follow-up is a critical step. If problems have been found and corrective actions taken, making sure that the problem is actually fixed is a key part of fixing it. If improvement projects have been completed from opportunities identified in the audit, then seeing how much the process has improved is a great motivator for future improvements.

Focus on process improvement to get the most out of an Internal Audit

By using the Internal Audit process to focus on helping to improve the processes, and not just to maintain compliance, the company can see more value out of the audits. Process improvement is one of the key elements of an ISO9001 Quality Management System, and should be one of the main motivators of a company that wants to implement and maintain a good QMS. Process improvement not only helps with efficiency, but saves time and money in the process. If used properly, the Internal Audit, instead of being a “necessary evil,” can be one of the biggest contributors toward process improvement in the QMS.

To learn how to perform these steps, see this free online training: ISO 9001 Internal Auditor Course.

That was the cost of the financial crisis to the U.S. economy. This created a less than ideal environment for any business to survive in. The period saw 200,000 small businesses vanish into a black hole of recession, engulfing 3 million jobs down with them.

I have said it before, and I will say it again: The 2008 U.S. financial crisis and the devastation it brought was the result of audit process failures. This has been concluded by The Financial Crisis Inquiry Commission (FCIC).

Like the FCIC, we at Process Street understand the importance of following a set audit process. Not doing so can bring devastating consequences on all scales. To country economics, right down to small businesses.

In this article, we will:

• Define the term audit process
• Explain why it is important to follow a set audit process
• Outline an audit process followed by professional auditors
• Show how you can implement this set audit process into your business for free

Read this article and action the advice we give. By doing so you will be protected from common audit process pitfalls and the resulting cataclysmic consequences. You can click on the relevant links below to jump the section of your choosing:

Alternatively, take the time to read all we, at Process Street, have to say.

Shall we get started?

A definition for the audit process

Before delving into the details, the first part of this article defines the term audit process.

I always find grasping a definition is easier when you break it down. Let us do just that.

Audit process: What is an audit?

An audit is a report given from the analysis of particular business operations. Business operations are scrutinized alongside set standards. These standards are either set by governmental, regulatory bodies, or the audited business itself.

An audit can cover any business operation or subject matter, such as:

• Financial
• Project management
• Energy conservation
• Quality management

Did you know that the term audit is derived from Latin? Audire means to hear. In the past, books would be read out aurally and the auditor would listen for fraudulent and negligent behavior.

Understanding the term audit means we can move onto our next question: What is a process? 🤔

Audit process: What is a process?

A process is a series of tasks, combined to deliver the required result.

We at Process Street ❤love❤ processes. Did you know that companies with documented processes have a 280% higher success rate than those that don’t? Increased quality output is one of the many benefits documented processes bring.

You can use Process Street to document your audit processes for free. But more on that later. For now, let us combine our two definitions – for audit and process – to elucidate what we mean by audit process:

An audit process is a series of steps, taken to analyze particular business operations. The end product is a final report detailing aptitude against set standards.

Audit process: Internal vs external audits

There are two types of audits: internal and external.

• Internal audit: Conducted within an organization, they are voluntary. To be used as quality control checks, scrutinizing business operations against set standards. These standards can be governmentally set, set by regulatory bodies, or by the organization itself.
• External audit: Conducted externally to a business, by an independent, qualified auditor. These are NOT voluntary. They aim to make sure records kept by a business are complete, accurate and adhere to legal standards.

The above information is a recap for you from my previous articles, detailed below:

In the article Audit Procedures: A Quick Tour With 19 (Free) Templates, I give examples of what happens when audit processes are neglected. Recounting what happens when audit processes are neglected brings an emphasis on why audit processes are needed. To follow a set audit process means to conduct an audit properly. Degradation of the audit process can lead to the following repercussions.

To help you out further with the distinction, here’s a working (and free) example of an internal and external audit:

• Internal audit – ISO 9001 Internal Audit Checklist for Quality Management Systems
• External audit – ISO 19011 Management Systems Audit Checklist

ISO 9001 Internal Audit Checklist for Quality Management Systems

ISO 19011 Management Systems Audit Checklist

Audit process: Why are audit processes needed?

In Audit Procedures: A Quick Tour With 19 (Free) Templates, we saw how:

• Financial audit neglect has been attributed as a cause of the U.S. 2008 financial crisis.
• London’s Grenfell Tower disaster was the result of regulatory breaches. Breaches that would have been avoided with thorough audit processes.

Other examples of auditing gone wrong are – worryingly – widespread.

• In the UK audit failures caused 30,000 Maxwell pensioners to suffer major financial loss through no fault of their own.
• By not following audit processes exactly, auditors failed to note fraud. This lead to the conviction of five officials in the Baptise Foundation of Arizona. There were 32 accounts of fraud. 11,000 investors lost £400 million.
• The collapse of the energy, commodity and service company Enron, has been associated with audit failure. This has been described as the world’s largest bankruptcy.

It is clear, from these above examples, that failure to abide by an audit process results in costly and devastating consequences.

Audits are important.

Following the correct audit process is vital.

Audit process: The audit process done right

Most of the time, audits are done correctly. By correctly, I mean they follow the correct process. When done correctly, audits will have profound business benefits. Take my own experience as an example.

Audit process: Audit process done right

Before starting at Process Street as a content writer, I worked for an environmental laboratory. The laboratory conducted tests on soil and water samples. Metals, hydrocarbons, and chemical pesticide contamination levels were measured. Companies across the U.K would send in their samples to obtain ISO accredited results.

To obtain ISO accreditation, tests had to be conducted as per internationally set standards. Any deviation, even the slightest, would mean accreditation loss. Clients didn’t want results without accreditation. Non-accredited results are not recognized as valid, and carry little legal/regulatory weight.

Internal audit checks are of paramount importance. Every year, external bodies would drop in and assess the laboratory’s testing procedures. If an external body found the laboratory was claiming accreditation, when in-fact the testing processes deviated from requirements, the consequences would have been harmful to business.

Accreditation would have been stripped. Business reputation stained. Clients would take their business to competitors.

Internal audit checks acted as a form of quality control. Procedures are tested to ensure they remained on track following ISO standards.

Whilst I was working at the laboratory, one of the metal tests breached ISO requirements. This was identified almost immediately with an internal audit check. The laboratory temporarily removed test specific ISO accreditation until the necessary corrections. Not identifying such a breach, internally and early on, meant the laboratory avoided fines and legal implications.

Audit process: What do auditors do?

An auditor is a professional who prepares and examines business operations, to make sure set standards are abided to. These set standards can be set by the audited company itself, or by regulatory or governmental organizations.

So far we have seen what happens when an audit process is carried out unsuccessfully, comparable to when an audit process is carried just right. Our next task is to try and separate the two.

By separating the two, I mean to decipher what it takes to conduct a successful audit. For this, we turn to the professionals. We ask: What process are professional auditors following for successful audit procedures?

That is, what do auditors do?

Audit process: The professional auditing process

I set out to determine what auditors do, and how they successfully perform an audit. Below is what I found:

• One: Professional auditors were following a process
• Two: The fundamentals of this process were consistent across the specialty

Jumping on the latter point, regardless of the audit type the same fundamental structure applies.

This fundamental backbone of the audit process is given below, defined by the University of Kansas. In this article, we will name this the professional auditing process.

Audit process: Step 1, the selection phase

A risk assessment is carried out to develop an audit plan. This stage may require the auditors to look through relevant business documents and previous audit results.

Audit process: Step 2, the planning phase

Relevant background information is gathered. Contact is initiated with the client. Audit objectives and scope are determined, in addition to timings of fieldwork and report distribution. An open meeting may be performed during this phase, to present the audit plan to key staff members.

Audit process: Step 3, the execution phase

Fieldwork is executed by the internal audit staff. Fieldwork could include interviews with relevant employees from the auditee. Regular status meetings are performed. This maintains communication with the client regarding audit progress. Audit observations, potential findings, and recommendations are discussed with the client when identified.

Audit process: Step 4, the reporting phase

Audit findings, conclusions, and specific recommendations are summarized. This summary is then communicated to the client in a report draft. From this draft, the client is granted to opportunity to respond to the report and submit an action plan and time frame. Client responses and action plans are added to the final report copy.

Audit process: Step 5, the follow-up

A subsequent audit is conducted. This succeeding audit is used to follow up on the previous audit findings. Following-up on external audits via a voluntary internal audit is best practice. Follow up is recommended to occur within at least one year from the issue of the first audit report.

Audit process: Why do auditors follow a set process?

Having a set audit process, such as the above, means to standardize operations. Standardized audit processes incorporate the best practices ensuring audits do not go awry.

Following a documented, standardized audit process will:

In short, following a set audit process safeguards against audit error. We have witnessed the sometimes fatal consequences that come from this error above.

Preserve your audit process using Process Street

My previous posts, which to iterate are:

draw attention to three important points.

• Point one: Processes are subject to human error. This causes process degradation and decreases audit quality.
• Point two: Checklists are an effective tool to remove human error. Therefore, checklists preserve processes and maximize audit assurance.
• Point three: Internal audit checks are a vital part of your business processes, and should be prioritized and held with esteem.

Continuing on from this last bullet point…

We have already seen from my first-hand account that internal audits act as your in-house quality control checks. Internal audits safeguard your business processes. By using Process Street’s checklists you can enforce the 5-step audit process for your internal audits.

How?

Following a checklist will preserve the audit process to one that abides by the 5-step professional audit process. You will never deviate from requirements. Maximal assurance will be attained, and the benefits of a thorough, accurate, faultless process will be realized.

Create an audit checklist to preserve your audit process

An audit checklist details the steps necessary to conduct an audit of a particular business operation.

Process Street is superpowered checklists. Creating an audit checklist in Process Street is quick, easy and free. With Process Street you can transfer your auditing processes into a checklist format. These checklists will:

• Document your processes, bringing forth the benefits of process documentation – listed above ⬆
• Maximize audit assurance
• Reduce error preserving your audit processes

To exemplify how you can create an audit process in Process Street, I have detailed our Financial Audit Checklist below.

Click here to access our financial audit checklist

In our Financial Audit Checklist, you can see that every step of the auditing process is recorded. It is impossible to miss the necessary stages because, well, that would mean consciously jumping through the process. This Financial Audit Checklist uses the professional auditing process as the structural backbone.

Scan through this Financial Audit Checklist. Have you noticed our approvals feature?

Scroll down to task 36, under the header Reporting.

When it comes to conducting audits, this feature is ingenious 🧞‍♀️.

Check out our Approvals: How to Streamline Decisions-Making in Process Street article to find out more. In this article, you will learn exactly what approvals are, why they are incredibly useful, and how to use them.

To summarize, approvals streamline your audit processes. Tasks can be signed off within your team, saving you heaps of time.

To add an approval task, click on the approvals button. This is located on the bottom of the left-hand bar within the template editor, where tasks and task headers can be added.

Once you have added tasks subject for approval, these tasks can be assessed by the relevant team member/s. The assigned approver can easily open the checklist. Information from the tasks is then used to either approve or reject, or reject with a comment.

It is with features, such as the approvals features, that Process Street checklists are considered to be 🙌superpowered🙌. Other features include:

By using Process Street’s checklists, you can increase the efficiency, productivity, and effectiveness of your auditing processes. For those of you that are unfamiliar with Process Street and our offerings, check out our Monthly Webinar: An Introduction to Process Street below, for further insight.

Once you have grasped the Process Street fundamentals, hop into our library of pre-made templates – free and ready for you to use right away. Within this library, you will find audit checklists just like the Financial Audit Checklist above. Every audit checklist is structured as per the professional audit process, and given below:

Audit process: Use the professional audit process and get your audits right

The consequences of performing inadequate audit processes must be avoided. Avoid common audit process pitfalls. Incorporate a checklist approach and document the 5-step audit process for the best results. Process Street, as a tool, can help you with this.

What are you waiting for?

Sign up for a free trial today and get your auditing processes right.

How do you conduct your internal audit checks? Do you use a checklist? Do you document your audit processes? Are you following the audit process structure used by the professionals? If you have any questions, or if there is anything you would like to know not mentioned in this article, please comment below.