ISO 19001
ISO 19001
ISO 19001
Student’s Name
University Name
Date
Instructor’s Name
Abstract
ISO 19001 and its Scope
This is an international standard that gives guidelines necessary for management systems auditing. International Organization for Standardization is in charge and controls this mark of quality. The standard gives an organization four resources which includes;
· An elaborate explanation of all basics of management systems auditing.
· Updated information concerning the competence and evaluation of selected auditors.
· Guiding instructions on how to carry out internal and external audits.
· Guiding instructions on management of the available audit programs.
The main idea behind any management system auditing is to gather crucial evidence and this requires competent personnel. Three techniques are usually employed in getting this information. These are visual observations, physical interviews involving staff members and reading the available documents. The auditor used should be competent with the specific areas being audited and have basic training in it (Waddell, D 2005)
Internal audits
Internal audits are a function of an organization operating independently from other departments and usually reports to the appointed audit committee. They are charged with carrying out audits of the organization in all sections of the business as dictated by the annual audit plan. They are in charge of monitoring the financial flow in every department of the business. They focus on the keys issues facing the business and how well the management is working to have the problems solved. They are involved in decision making process regarding issues affecting the business that need to be improved for efficiency and increased returns. They keep the company updated at all times to make sure that finances are well utilized to maximize the returns. They generally help the company to keep going as they combine assurance and consulting services to ascertain that they achieve the very best. (Mock, TJ & Wright)
Internal auditors are professionals who are independent to the areas they carry out the audits. This is meant to reduce cases of fraud and be biasness. They must abide to a code of ethics, a core requirement for this career. They must be compliant with international standards and this increase and assures the quality of their output. They are put on mentoring and upgrading programs on regular basis to sharpen their skills and to keep them updated on upcoming issues and technology necessary for their practice.
External audits
External audits are external functions who work for an organization to carry out and confirm audits. They reside outside the governance of the business but they may at times be shareholders of the organization. Their objective is to add credibility of the financial reports earlier given by internal audits. Their coverage is mainly financial reports and other financial reporting risks. They have no responsibility in monitoring the improvement made by the company after highlighting key issues in the business. (Mock, TJ & Wright)They just give a report and leave the subsequent decision making process to the management.
· External auditors are also trained in their profession and must abide to the code of ethics governing their practice. They should have absolutely no links with members or team members of the company on matter regarding financial transactions.
Principles of an internal audit / external audit
Having a well-planned auditing program is essential to functional and workable risk management and internal control systems. Effective programs are playing a vital in defense against fraud and make it easier for the senior management to understand how effective the internal control systems are.
It is provided that the directors and other senior management members cannot be allowed to delegate their chief role of creating and maintaining audit programs if a business want to progress in a positive way. Audits are a backbone of every business and they should be assigned to well-trained and experienced personnel who have proven capabilities of giving the exact current financial status of the business. All documents and supportive information should be made available to the auditors in the original form without manipulation to favor something. Audit validation is very important where a number of verification procedures are employed.
Techniques for conducting internal audits
The following steps are followed;
· Establishing and communicating the scope of the audit as well as objectives in line with expectations of the management.
· The auditor takes time to clearly understand the specific areas of business being reviewed. These takes into consideration the type of transactions, set objectives of these areas and measurements involved. The process involves reading through the available documents and conducting interviews where applicable.
· Outlining and describing major risks affecting the business that is covered within the scope of the audit being carried out.
· Identification of role played by the management in the five components of control so as to be sure that each risk is being monitored and carefully controlled. An internal audit checklist can comfortably be used to identify major risks and dictate desirable control measures that the management should initiate.
· Development of a risk-centered sampling and appropriate testing approach to aid in determining the most important control measures to be implemented by the senior management.
· Clearly highlight and report all challenges identified during the audit process and negotiate with those charged with decision making for a lasting solution which will see these challenges minimized or solved completely.
· Make a follow-up on all findings reported at scheduled intervals to see how well the problems are being solved as recommended. This means that you keep an eye on the changes being implemented after giving your report.
Techniques for conducting external audits
In any business environment, internal matters can at times become complex and this requires involvement of external auditors to help see what might be going wrong on top of having internal auditors who are entrusted with financial monitoring roles. It is a sure way to confirm particular findings that were generated within the business.
An external audit is used to determine the nature, timing and the diverse audit procedures employed.
· Understanding working environment of the client
The auditor takes time to gain all the necessary information related to the business in which the audit is to be carried out. This is achieved by reading through the documents of the business and past financial reports. It is also very important to understand the rules of an organization. Understanding the external factors affecting the business is also very important.
· Understanding the controls used by the client
This helps to acquire information necessary in order to understand the current control mechanisms used by the management. This will greatly help when assessing the financial status and also when reporting your findings
· Test the controls already in place
This is meant to ascertain that the current controls being used are functional and in line with the recommended standards. Test all processes and procedures used in the business. Note all hitches in place and include them in the final discussion.
· Testing Account details
These are substantial tests on financial accounts to ensure that they are up to date and not misstated. This is getting a general overview of the account such as bank statements showing the recent transactions covering the entire period stated in the audit.
Difference between internal and external audit
|
1 |
Based on purpose |
INTERNAL AUDIT · To help determine how well the business is managing the risks available in a close-monitored way. It targets on the achievement of the key objectives of a business
|
EXTERNAL AUDIT · To confirm the accuracy of the financial reports of an organization based on the laws of the land.
|
|
2 |
Auditors |
· The business can employ standby auditors who will be available throughout. This allows for continued monitoring of the financial risks |
· They reside outside the business and have no connection at all. They are hired on contractual basis as scheduled in the annual audit plan.
|
|
3 |
Based on Agenda |
· Directed to business's risks and set objectives.
|
· Under instructions and directions of the audit firm. Directed to assess the misstated financial records which affect the business
|
|
4 |
Person reported to |
· Management and audit committee of the business which comprises of board of governors and directors
|
· The shareholders and to a small extent to trustees |
|
5 |
Type of report |
· Report designed to favor the specific areas in the business
· The main objective is to keep the business going, so recommendations are always there
|
· Follows a standard stipulated format which cannot be overlooked.
· The outcome cannot be predicted and recommendation will always be unpredictable.
|
|
6 |
What follows after the audits |
· Follow up activities to confirm whether recommendations are being implemented.
· Constant consultation with the management to make sure that the risks are well handled.
|
· No follow up until the next planned audit.
|
|
7 |
Publicity of the reports |
· Does not happen in most cases
|
· Main report of the audit is publicly available.
|
|
8 |
Is it a must to have one? |
· No, this is not a must.
|
· This depends on legal requirements of the land. Certain institutions such as banks and investors need to have their businesses assessed.
|
Lead auditor is the head of a team of experts carrying out an audit of a given firm. They have additional training and more experience than the rest of the team. They are experts who come in to help when difficulties in some sections are encountered. They are the overall masters of the team involved in the audit. They are the link between the company and the specific audit company hired to do the review.
Managing an Audit System
The importance of managing and audit program is to know how effective the program is. Its effectiveness is what determines achievement of the set goals by the end of it all. Proper management pinpoints key areas necessary to be modified in the process and that all that should be done is accomplished. Constant and closing monitoring helps in making changes to specific areas hence promising better and improved programs in future. This makes sure that the right models are used and in the best way possible. Any audit process is not cheap at all. Thus close, monitoring is necessary to avoid a failed process which means that extra costs will be suffered. Proper planning in necessary and proper review of the risk being managed is vital. This involves risk identification, analysis and risk containment process. This ends when risk treatment process is evoked.
Performing an Audit and preparing an Audit report
An audit report has the following features;
· The cover page
· Executive summary giving a detailed summary of what is contained in the extensive report. This is key for decision makers to have a quick understanding of the whole document without having to read it
· Content page showing what to expect therein
· List of abbreviations to make the reader aware of shortened words in the report.
· Introduction. This gives an overview or the main purpose other audit.
· Mission describing the specific relationship of the report and the set strategies of the company
· Background information giving an overview of the program being evaluated.
· Specifics within the report related to the program
· Portfolio of the project
· Reviews of the important parts within the program. These are reviews on models and processes used. Quality management reviews are also given here to ascertain that all procedures were flowed as required.
· Findings and recommendations. Suggestions of probable improvements of the business are given here. All other additional information generated from the audit is also given.( Thiry, M 2003)
Conducting the opening meeting
· It is at this point that preparation for the task is fine tuned. Proper reviewing of the available documents is critical and this ensures that all materials needed are available. The management should cooperate fully with the team to make it easy and fast.
· Ensure constant communication with team members during the process. Engage teammates in discussions of bothering issues. Seek clarification when lost on certain issues.
· As a lead auditor, carefully subdivide duties and distribute them equally to make the job easy. Consider experience when doing so to ensure the output is reputable and confirmed.
· Use first hand data and information available when carrying out the audit. Make use of the original data available and physical interviews from the respondents. Second hand information is not accurate as it can be biased and faked.
· Sum up the findings correctly taking care of every issue noted and draw appropriate conclusions. The nature of business greatly affects the recommendations given. This is an integral part of the entire exercise. This is what the management is interested in. It is good to make the findings and recommendations to be precise as possible.
· Make copies of the audit report and hand them in to specific people of the management who participate in decision making process. Follow up of the concluded audit will make sure that recommendations are implemented to solve the noted issues.
IRCA – International Register of Certificated Auditors (IRCA)
IRCA certification is an international recognition that a particular management system auditor is highly competent. This gives the company using the auditor confidence that they have the right person on the ground and that quality is assured. Auditors use this recognition to acquire professional recognition and this greatly favors their job prospects. ISO 19.001 embraces this recognition.
References:
Thiry, M 2003, ‘For DAD: a program management life-cycle process’, International Journal of Project Management, vol. 22, pp. 245-252.
Waddell, D 2005, ‘Program Management: The Next Step in the Evolution of
Project Management?’ Problems and Perspectives in Management, vol. 3,
pp. 160-168.
Mock, TJ & Wright, AM 1999, ‘Are Audit Program Plans Risk Adjusted?’ Auditing: A Journal of Practice & Theory, vol. 18, no. 1, pp. 55-74.