An audit is intended to be an on-site verification (through examination and/or inspection) of processes, systems, data, and performance. Audits provide organizations, sites, and departments with a health indicator or maturity metric for whether their processes and practices are helping them achieve their goals. While there are many types of audits (maintenance, operational, quality, reliability, etc.), there are four key phases to most audit cycles:
- Plan & Prepare for the Audit
- Identify and communicate audit goals
What is the purpose and intended outcomes of the audit? How will results from the audit be quantified and communicated? Is this a regularly scheduled audit activity, or has some particular event triggered the need for this audit? What are the anticipated start and end dates for the audit? - Define activities that can be performed ahead of the on-site audit
For the aspects of the audit that involve data, identify data reviews that can occur in advance to better prepare the site and audit teams for particular areas that seem to be going well or that may indicate that processes or procedures are not being followed. Results from previous audits at the same site, along with completed action items, should be reviewed to confirm that the corrections remain in place. Setting up a schedule of interviews once on site helps block time on participants’ calendars and allows for identification of alternate resources where needed. - Identify specific resources, data, documentation, or other materials expected to be available during the audit
The party being audited needs to know which resources are expected to be available, along with data and other information that is expected to be provided before, during, or after the audit. This helps ensure that key audit location participants are present and that sufficient time is allocated to gather the required information. Who will be conducting the audit should also be communicated to the audited party in advance.
- Identify and communicate audit goals
- Execute the Audit
- Kickoff
Every audit should begin with a kickoff meeting that includes the audit team, participants from the location being audited, and the location's leaders. Kickoff meeting topics should include an overview of the audit's purpose, the audit schedule, specific planned activities, anticipated special needs for conducting the audit, and how outcomes will be communicated. The kickoff provides an opportunity for leaders to convey their support for auditing objectives and expectations for participation and cooperation. - Interview
Interviews are conducted with personnel involved in the processes or systems being audited. Interview questions are typically derived from specific business process steps and behaviors. Data analyzed ahead of audits also helps direct interview topics and questions toward specific patterns or questionable results that require explanation. - Observe
While on site conducting interviews, the audit schedule should include days and times when audit team members are expected to attend pertinent meetings for observation and to ask questions of a broader audience of site personnel, especially those critical to a particular process. Audit team members should also spend time with site personnel in key process roles to observe “Day-in-the-Life” type activities, ensuring that process steps are being adhered to. This allows for follow-up on responses provided in interviews to confirm that day-to-day actions are consistent with interview responses. - Hold daily check-in meetings
Audit and site team members should meet at the end of each day to discuss any needs or issues that have arisen, schedule additional interviews as needed, and review data, information, or reports that require follow-up beyond the initial requests.
- Kickoff
- Report Audit Results
- Hold an audit close-out meeting
Before leaving the site, the audit and site teams, as well as site leaders, should meet to summarize audit activities and confirm that all intended activities were successfully completed. High-level findings may be discussed to verify understanding; however, the site closeout meeting is not intended to be a comprehensive report on audit findings. - Summarize findings and observations into an audit report
The audit team documents all findings from interviews and observations, including charts, diagrams, tables, and other visual aids to support report comments. The audit report will compare expected process steps or behaviors with site findings, the extent of identified gaps, and the parts of the process where they were found. - Conduct the final audit report review
Audit and site team members, along with site leaders and other business or regional leaders, should be involved in a virtual or in-person meeting to review the final audit report. Discrepancies or questions from the audit are to be recorded and assigned to individuals for follow-up.
- Hold an audit close-out meeting
- Follow-Up and Closure
- Schedule regular follow-up meetings
Audit and site team members will meet virtually or in person to discuss Action Items developed by the site to address deficiencies identified in the audit report and to review progress made on completing these action items. In some cases, action items may need to be closed promptly based on regulatory interpretations (e.g., OSHA). - Verify follow-up action item completion
Audit team members should verify, either through transactional reviews, performance results, or on-site visits, that completed actions have sufficiently addressed audit findings.
- Schedule regular follow-up meetings
Audits are intended to be a positive tool that organizations use as part of their continuous improvement efforts. They help identify process and practice areas that need to be strengthened to ensure consistent, sustainable performance results. There are audit best practices to keep in mind in how audits are to be conducted to help ensure that they are viewed in a positive, constructive light:
- Make audits as objective and specific as possible. If audit findings are perceived as being too heavily based on the auditor’s opinion of how a process should be executed, how performance levels are quantified, etc., teams will find themselves spending more time disputing the comments made than on the merits of the improvement opportunity they are trying to represent.
- Audits should be based on specific aspects of documented business processes adopted by the organization. All parties should be trained in the proper execution of these processes, including expectations for inputs and outputs, as well as the overall performance to be achieved when processes are conducted appropriately. Documentation details must include specific steps and actions expected to be followed as the process is executed.
- Audits should be data-driven wherever possible, meaning that some findings are derived from system data on particular transactions, trends, and indicators. When approached correctly, audit teams should be able to prepare a portion of the audit by reviewing data ahead of the audit. This helps the audit team better prepare targeted questions to ask once on site. Sites should also be made aware of the data analysis methods and the parameters and variants involved, thereby allowing them to self-audit between formal audit activities.
- Audit teams should include at least some members who are not directly associated with the site being audited. Cross-site participation should be encouraged to allow other site team members to experience how processes are conducted at sites besides their own. If an audit schedule is published in advance, having participants from the next site to be audited in the current audit helps them see areas they need to prepare for.
- Audit scoring and results must avoid the halo effect. Just because a site or department has enjoyed high audit ratings in the past, each subsequent audit must stand on its own merits and be based solely on the facts and results brought out by analyses conducted for the current audit.
- In addition to assessing whether a site is complying with process and data expectations, the audit team should also determine whether performance results align with the business objectives the results are intended to support.
For organizations seeking a comprehensive platform for performance, compliance, and conformance audits, Operational Sustainability® offers a purpose-built solution to enhance governance and assurance. For instance, the OESuite® Audit Management + Mobile Module includes spot checks, which enable downloading records from multiple modules to verify compliance with the intended governance of management systems, rather than waiting until the next audit to assess adherence to standards, including:
- Management of Change (MOC) + Mobile
- Incident Management + Mobile
- Corrective & Preventive Action Item Management (CAPA) + Mobile
The OESuite® Audit Management + Mobile Module provides several detailed, pre-built reports on demand and allows authorized users to create powerful analytics using the Report Builder feature.
Because of OESuite®'s inherent interoperability, users can manage recommendations from root cause analyses though MOC, CAPAs, work requests, task compliance, project portfolio management, and action items.
The OESuite® Audit Management + Mobile Module offers specialized protocols to enable organizations to efficiently and effectively evaluate key management system elements that align with Responsible Care, ISO 45000, ISO 31000, ISO 14000, ISO 55000, and ISO 9000 management systems and standards.