Ring us on 0411 692 247

growth through managed change

About Internal Auditing

Click here to download the PDF version

System auditing is a requirement of management systems based on external standards such as ISO 9000; SafetyMap; QS-9000; ISO 14000; HACCP; VicRoads VASS; etc.

It is unfortunate that the internal auditing process is often seen as a burdensome requirement rather then an opportunity to improve the business. During my work with many small and large organisations I have found that internal audits are often not considered to be important and that audits are not performed at useful intervals.

The common remarks I hear are: “We just have no time to do these audits.” or “Audits are a pain, let’s get someone from outside to do them’ and “Why do we have to audit anyway?”

As internal system auditing is a requirement of most certified management systems they must be done in order to comply with the relevant standard. Management systems are essentially just frameworks that assist to facilitate, document and measure organisational performance. Auditing is a tool to help monitor and improve an organisation‟s performance.

Rather than looking at audits as a way to finding non-conformances and a way to allocating blame let’s look at auditing as an ‘opportunity’ to highlight inefficient processes and ineffective work methods. There
is strong argument that internal audits should be performed by people that are working within the organisation, rather that by external auditors / consultants.

There are opportunities for the three key stakeholders of an internal audit:

  • The Auditee (the person(s) being audited).
  • The Auditor (the person(s) auditing). and
  • The organisation as a whole.

Opportunities for Auditees include:

Having a chance to suggest and discuss improvements to the system and work processes; pointing out shortcomings of current methods; being listened too; learning from the auditor(s) experience(s) and points of view; etc.

Opportunities for Auditors include:

Internal auditing is a great chance for employees to step out of their normal working environment to learn about other functions within the organisation and how they interrelate. Audits provide time to listen and to
discuss system issues with Auditees and to find out what really happens rather then what system documentation says, should happen. Audits also provide internal auditors with and increased awareness of organisational issues and provide a better understanding of what other people in the organisation are working on.

Opportunities for the Organisation include:

Internal audits highlight any gaps between current practices and the documented system. They provide data for improvement initiatives and improve the communication between members within the organisation.

In order to take advantage of any of those opportunities we must change the way we look at, talk about and conduct management system auditing. For a start, the management team leading the organisation must want to improve the organisation‟s performance. (ie. its products; services; status in the community; etc.)

Very few people would disagree with the statement: ‘Performance improvement is a positive move.’ However in order to achieve organisational improvements from audits we must ensure that our audits are
designed to provide us with data that is meaningful. For this to occur auditors must not only be trained in the technical aspects of auditing, but must have the necessary interpersonal skills to clearly communicate with all people throughout the organisation. The auditor‟s role needs be seen as that of an internal consultant / coach working with the auditees to collect and document data with the aim to improve the organisation‟s performance. The auditor should be looked upon as somebody who is there to help, not as a police officer who is there to ‘enforce’ the system.

To obtain maximum benefits for the auditor, the auditee and the organisation it is preferable to train and utilise people from inside the organisation for system auditing. (Note: New recruits can sometimes make good auditors. They are often keen to learn about the organisation. Auditing provides them with the opportunity for training and meeting people in the organisation. They are also still unaware of ‘internal politics’ allowing them to ask questions and to initiate the discussion of topics that others in the organisation may not comfortable with.)

Whilst external auditors and consultants can also pick up and feed back valuable information, they can only make a limited contribution. Because they are not part of the organisation, they often do not know the intricacies of the various processes and fail to ask pertinent questions that need to be asked to flush out potential process improvements. This usually means that they will only check if current practices match documented procedures and they often can only make suggestions


  1. General Purpose of Management System Audits
    • To establish if current practices conform with documented procedures (ie. Quality, OH&S, Environmental; Corporate Governance, Regulatory / Statutory and Other).
    • To establish the effectiveness of the management system and the organisation‟s specified objectives.
    • To highlight any opportunities for improvement in the organisation (ie. Policies, Processes, Work Practices, etc.)
  2. Key Roles and Responsibilities of Auditors
    • Auditors need to:
    • Have the necessary technical background relevant to the organisation‟s operating environment. (ie. Software Development; Mechanical Engineering; Chemistry; etc.)
    • Plan and perform assigned tasks effectively and efficiently.
    • Communicate clearly with auditees. (Active listening; give and obtain feedback; be assertive in obtaining objective evidence; be empathic, friendly and encouraging; etc.)
    • Treat all information gathered as confidential.
    • Base observations on objective evidence and accurately document and report observations and recommendations.
    • If requested, verify the effectiveness of corrective actions taken as a result of previous audits.
  3. Some desirable personal attributes of Auditors
    • Auditors should:
    • Be courteous, respectful, objective and without bias.
    • Make a good outward impression (appearance & conduct).
    • Be alert; comprehending and reasoning.
    • Be calm; self-confident; assertive and task oriented.
    • Be honest, reliable, constructive, helpful and diplomatic.
    • Be open minded and curious.
    • Have a genuine desire to help and improve the management system so that it truly benefits the organisation.

– ISO 10011-1:1990, Guidelines for auditing quality systems – Part 1: Auditing
– ISO 10011-2:1991, Guidelines for auditing quality systems – Part 2: Qualification criteria for quality system auditors

To find out more about setting up effective internal auditing practices, call Raidho Solutions on (03) 9795 1546.

Comment via

Leave a Reply