How To Write an Internal Audit Schedule
An internal audit schedule will help you determine the extent to which your businesses quality management system (QMS) conforms to the requirements. If you know how to write an internal audit schedule, your audit process will run smoothly and consistently.
In this video, I'm going to run through how to write an internal audit schedule, using a template from the website that is free to download if you need.
Internal Audit Schedule Overview:
An internal audit schedule is something that's required as part of your compliance to ISO and various other international standards.
A lot of people use a traditional approach to internal auditing and undertake audits based on the standard, or based on maybe something that's been prepared for them by an external consultant.
What we really want to talk about here is getting the greatest return on investment of your internal audit process. After all, you have invested in training internal auditors, you're giving the time away from their normal day job to do internal audits, therefore, you want a return on that investment.
What is an internal audit schedule or plan?
It's a list of internal audits that you need to do
It should identify what the scope of the audits are
It should identify who the auditors are
It should identify who or what will be audited
It will include a timeline around the requirements to meet with appropriate and international standards
Internal Audit Schedule Method
One of the things we want to talk about in more detail, is taking a better approach so that it is a risk based internal audit schedule, and therefore you are putting your attention and focus in the right place.
You can do this by:
Identifying the risks and weaknesses in your business
These can be the links between processes, and therefore doing an audit on a standalone process might not be the most beneficial for that activity. It may be more appropriate to audit, for example, three different processes or procedures together to see the interaction of how they link between one another.
Grade them according to how important it is to your business
Low, Medium or High Risk.
I want to stress the importance of this being done within the organisation. You know your business and can look back or think about areas that have bought concern, or caused issues with customers or the supply chain.
Don't Forget Critical Suppliers
If critical suppliers are a fundamental part of your business and they could potentially cause additional risk or weakness in your workplace or the services you provide to your clients, then you must consider them as a critical process within your business.
It is important to remember here that it doesn't necessarily mean that you have to go and visit them. It doesn't necessarily mean that they have to come to you. It could be a desktop exercise that's sufficient to satisfy the criticality of that supplier.
Benefits of Internal Audit Schedules:
Focus is given to what is important inside your business - not what's required by an international standard or an external auditor, or suggested by a consultant.
And remember, it should be a live document so make changes as additional weaknesses are uncovered.
By this we mean, make changes where you see an increase in:
The number of customer complaints
The number of issues with a particular supplier
Your scrap rate or rework rate
Service provision recalls
Greater Return on Investment:
You want greater return on your investment, that time you put in to doing the audits should not just be about ticking boxes to satisfy an external auditor, you must move beyond that.
It's about getting that return on investment so that you can drive improvements in your business and give you confidence that the actions you've taken to correct weaknesses are working well.
More Engagement from Workforce:
Rather than doing these audits based on what an ISO standard has said or an external consultant, let's do the audits with the people in your workplace, for the people in your workplace. Let's give them the opportunity to report areas of concern that they know about.
Often the people doing the work are the ones that are experiencing the higher risks, the concerns, the face to face interactions possibly with unhappy customers, the face to face interactions with always addressing supplier issues, so more engagement with the workforce improves that.
Don't repeat Audits
Think about doing your audit schedule over a three-year certification cycle. When you look at your audits, processes and risks, think about grading them and making a case for how often you should be auditing them.
So low risk things, it maybe that you don't have to audit them at all. If you've got a case not to, or maybe you're auditing them once in a three-year cycle.
Medium risk activities, you may say, once every two to three years might be sufficient, but remember, it's a live documents so if any of these processes have additional weaknesses or risks that appear over that three year cycle, you may need to upgrade them from medium risk to high risk.
Then maybe you might look at high risk and say, well for high risk, we're going to do these once every year.
And then you may also have critical. Critical typically will be only a handful of processes or activities or procedures that are really fundamentally critical to what you do, and you know that they have a critical risk level in your business, if not well controlled.
You may know that there could potentially be some weaknesses. These you may decide to do two or three times a year to give you more focus on the things that are important to your organisation.
Example of an Internal Audit Schedule:
If you wish to see a real life example of what an internal audit schedule looks like, we suggest you watch the video. You can also download the resource used in the video via our free resources section of the website.
Other Auditing Videos: Handling an External Audit and What You Show the Auditor