Pitfalls in Internal Audits
What are the most common pitfalls in internal audits, and how can we effectively address them to ensure long-term quality improvement?
What are the most common pitfalls in internal audits, and how can we effectively address them to ensure long-term quality improvement?
Comments
I think one of the most common pitfalls in internal audit is inadequate planning and preparation. As a result, poorly planned audits can lead to oversight of critical areas. To counter this, the lab can conduct thorough pre-audit meetings to plan the audit activity and identify key focus areas.
Laboratories can also implement regular review of audit processes to evaluate and update how audits are conducted and to learn from past experiences.
In my opinion, the risk-based approach proposed in ISO 19011:2018 (Guidelines for auditing management systems) can be useful to determine potential pitfalls.
Section 5.3 deals with risk assessment of the audit program. This section indicates the minimum elements to consider when scheduling audits. Throughout the standard, emphasis is placed on evaluating the risks and opportunities of the audit process.
5.3 Determining and evaluating audit programme risks and opportunities
There are risks and opportunities related to the context of the auditee that can be associated with an audit programme and can affect the achievement of its objectives. The individual(s) managing the audit programme should identify and present to the audit client the risks and opportunities considered when developing the audit programme and resource requirements, so that they can be addressed appropriately.
There can be risks associated with the following:
a) planning, e.g. failure to set relevant audit objectives and determine the extent, number, duration, locations and schedule of the audits;
b) resources, e.g. allowing insufficient time, equipment and/or training for developing the audit programme or conducting an audit;
c) selection of the audit team, e.g. insufficient overall competence to conduct audits effectively;
d) communication, e.g. ineffective external/internal communication processes/channels;
e) implementation, e.g. ineffective coordination of the audits within the audit programme, or not considering information security and confidentiality;
f) control of documented information, e.g. ineffective determination of the necessary documented information required by auditors and relevant interested parties, failure to adequately protect
audit records to demonstrate audit programme effectiveness;
g) monitoring, reviewing and improving the audit programme, e.g. ineffective monitoring of audit programme outcomes;
h) availability and cooperation of auditee and availability of evidence to be sampled.
Opportunities for improving the audit programme can include:
— allowing multiple audits to be conducted in a single visit;
— minimizing time and distances travelling to site;
— matching the level of competence of the audit team to the level of competence needed to achieve the audit objectives;
— aligning audit dates with the availability of auditee’s key staff.
Hi Nadia, thanks for that comprehensive answer to Roberts's question. I will certainly utilize this information for improving my lab's internal audit program.
Thank you alot Nadia for your comprehensive response which Salome has summarised precisely. Will take note during our Audits.
To All
Glad you have this fruitful discussion and to Nadia for sharing information from ISO 19011.
15189 :2022 main update is to include risk-based approach to scheduling which I think is a great improvement. We tend to audit the same things all the time and not spend some time reviewing the highest risk areas.
I cant agree more - plan and prepare and plan and prepare. The better we prepare the more effective the audit.
My motto is : Rather audit fewer processes well than try and cover many badly or under time pressure.
Looking forward to further discussion in the coming live sessions.
Janet
On a lighter note, our laboratory has a joke on this matter:
We believe that an internal audit is more terrifying than an external audit because the internal auditors are among your peers which knows the deepest secrets of each section. But this is actually a good thing because when the actual external audit happens, we rarely have findings because majority are already addressed from the internal audit.
Great, this fulfils the very purpose of internal audit, ie continual improvement and OFIs. If internal audits works well, external audits have very little to find.