• The Secret to Creating an Effective Internal Audit Plan


The Secret to Creating an Effective Internal Audit Plan


Lois Pawlak, President, Profit Enhancement Group, LLC, Tucson, AZ, USA


Auditing, Planning, Effectiveness





Are you tired of spending time responding to nonconformances found during Registrar and customer audits? Is your organization frustrated with not being able to meet their process metrics or profitability? Is there a high number or high severity of customer returns or complaints? Do the same issues seem to be reoccurring? A review of your internal audit program methods may be way overdue.

ISO 9001, paragraph 9.2.2 requires that The organization shall: a) plan, establish, implement and maintain an audit programme(s) ... which shall take into consideration the importance of the processes concerned, changes affecting the organization, and the results of previous audits.

Internal audit planning is a critical first step in creating an effective audit program and reducing the day to day issues that take up precious resources and reduce effectiveness of the organization and its processes.

To be effective, audit planning has to be relevant to the organization's risks, objectives, needs of the stakeholders, keep pace with the changes occurring with the organization, and take into consideration information relevant to the past, present, and the future as it applies to each process. Audit planning is often far more cursory, lacking in relevance and quantitative information in determining what processes need to be audited and when. Methodologies such as 'covering all requirements in a one to three year time frame' is a 'check the box' mentality and is ineffective in meeting the organizational goals, those of their stakeholders, and the intent of the Standard, but are still commonly in use.

The focus of this session will be on the development of effective internal audit planning using a quantitative methodology that can be used for manufacturing and service organizations. The session will demonstrate how the audit manager will:

1. Identify information to take into account to determine process risk.

2. Utilize a point system to assign to determine process risk levels.

3. Determine which processes of the organization to audit and at what frequency.

Attendees will be provided an example of the this planning methodology and discussions will take place during the session to ensure everyone is understanding how to create an effective audit plan relevant to their organization and its processes.