Deadline for approval of the internal audit program. Internal audit in a testing laboratory

The International Standards for the Professional Practice of Internal Auditing (IPSIA) require the formation of a risk-based internal audit plan, in particular, based on a formal risk assessment conducted at least once a year.

Canonical approach.

Of course, the canonical approach can be called an approach that is based on an existing risk assessment. There is quite a website on this site where I will show approaches to creating an internal audit work plan for the year.

So, there is a risk register with calculated mathematical expectations of the current and residual risk. You need to start by ranking the risks for internal audit.

The first thing that needs to be determined is which mathematical expectation should be used to rank the risks. My opinion is that you need to rank according to the current one. The logic is roughly as follows: management will always insist that “yes, everything is bad with us now (or, well, everything is good), but in the near future it will get worse (well, or it will become even better).” As practice shows, the near future does not always come quickly (after all, the duration of human life is insignificant in terms of the time of existence of the universe, and on this scale the near future is even 100 years). Therefore, the inspection plan was drawn up based on the current mathematical expectation. But theoretically, I allow a situation where the audit plan is drawn up based on both the mathematical expectation of residual risks and the change in the delta between the mathematical expectation of the current and residual risk. The logic of the latter is an audit of the effectiveness of the efforts made by management

When determining labor intensity, there is no need to take into account the speed of decision-making by management. If a particular manager took a break for three weeks due to vacation, the person from the internal audit department needs to be busy with something else. Yes, there are different psychological types, and among internal auditors too. I feel like the more things I have to do, the more I get done. Perhaps this is just my peculiarity: stress helps some people, and hinders others. But resistance to stress seems to be required for all vacancies.

Scheduling.

Some obvious scheduling tips.

Tip #1. If large changes in process curves are planned during the year, it is advisable to schedule the audit for January-February (a clear example from the program above is the audit of the current procurement system).

Tip #2. If management indicated the execution date of March 33, then it is advisable to begin the process execution audit on March 34.

Tip #3. Do not plan business trips for July-August. Of course, excursions in summer are much more interesting than in winter (although for me it’s more comfortable in winter because you don’t get wet with sweat). But tickets and other accommodations are much cheaper in February or November. We are not talking about unscheduled tasks - here, if something is needed, it is needed immediately.

If you find an error, please highlight a piece of text and click Ctrl+Enter.

Today, the concept of “internal audit” has become widespread in business. Many large enterprises and companies prefer to create their own internal audit services and departments, training their employees. In addition, in the labor market there is a constantly growing demand for specialists who have the relevant knowledge and have an international diploma.

Tasks of internal audit at the enterprise

Internal audit at an enterprise is an activity that is aimed at providing objective and independent advice and guarantees to improve the activities of the enterprise. The purpose of internal audit is to assess risks, find ways to reduce them, and also increase the profitability of business processes.

Auditor consultations include assessing, analyzing and reporting on the productivity and reliability of processes. They are addressed directly to the administration of the organization.

The main tasks of internal audit at the enterprise:

checking internal control systems to determine the level of efficiency of departments;
development of an integrated risk management system, analysis of its operation, as well as creation of measures to reduce them;
control over compliance with corporate governance principles.

The need to introduce internal audit

Recently in Russia there has been a focus on separating the functions of management and business ownership. The owners implement one general strategy for the development of the organization and manage the main directions, and, as a rule, hire top managers to solve small and everyday problems. In this case, the enterprise uses a tool to monitor the state of affairs - internal or external audit. It allows owners to obtain a complete and objective assessment of the activities of the entire organization.

The implementation of internal audit in Russian companies was no less influenced by the Federal Law “On Accounting” dated December 6, 2011. According to Article 19, from the beginning of 2013, absolutely all economic entities must conduct internal control of economic activities.

Checklist for internal audit

Control of accounting and management accounting, as well as other areas of business, should occur in absolutely all enterprises. However, it is important to know about the features of this procedure. All processes must follow each other in an orderly manner. Because it is precisely by complying with this requirement that many mistakes and problems can be avoided when conducting audits by regulatory authorities. Filling out a checklist greatly simplifies the process. It is very difficult to exaggerate his role.

What you need to know about the checklist

This document consists of a list of detailed questions regarding the audit being conducted. The checklist does not have a specific format established by law. However, it is necessary to follow some rules when drawing up and filling it out. This is what will reduce the likelihood of problems during the audit process.

In fact, with the help of a checklist, you can solve a fairly large number of issues and tasks not only during the audit, but also during the ongoing activities of the enterprise. This document can be used by various organizations, regulatory agencies and their officials.

Using the checklist you can solve the following problems:

correctly plan the audit in accordance with legal regulations;
carry out intermediate and selective control, conduct effective time management;
ensures that important parts of the audit are not missed;
is one of the means of memory;
simplifies auditing;
with its help, the audit is comprehensive, structured and holistic, etc.

The legislative act that governs the preparation of this document is Federal Law No. 307 of December 30, 2008 “On Auditing Activities”.

An example of a checklist for internal audit can be found.

Internal audit of QMS

QMS - quality management system - one of the parts of the entire company management system, which was created to ensure and control the stability of economic activity, high quality and minimizing costs for the production of products or provision of services.

According to the QMS, the structure of the documentation is as follows:

quality requirements (quality manual);
goals and policies in the field of quality of products and services;
required documented processes;
regulations of procedures, work instructions;
quality records.

The audit of quality management systems is not regulated by either federal or international legislation. Therefore, there are no mandatory legislative norms that define the procedure and rules for conducting an audit of quality systems at an enterprise. This is explained by the organization’s voluntary desire to certify quality systems. And all the work that accompanies the construction and implementation of a quality system is also a voluntary initiative.

Consequently, organizations that carry out QMS audits can carry out their activities without additional licenses or other permits. And even more so, these documents are not needed to carry out internal audit. Despite this, there are special rules that govern the conduct of QMS audits. For example, ISO 19011:2011, which is called “Guidelines for auditing management systems.” It can be used for internal and external auditing.

Order on conducting an internal audit

An order to conduct an internal audit is an internal document that is drawn up by the head of the company and establishes:

dates of the audit;
a group of internal auditors and specialists responsible for its implementation;
providing conditions for conducting internal audit;
control over the audit.

How to become an internal audit specialist

Every day the demand for specialists who are able to carry out internal control of an enterprise is growing. But the requirements for them are also increasing. They must have knowledge in the financial sector, understand internal control and corporate governance, know national and international internal audit standards, and also understand the specifics of the activity that needs to be analyzed.

Online training comes to the rescue of always-busy financial professionals. Online courses allow you to study without interrupting your main activity, at home or at work in convenient, comfortable, familiar conditions. The quality of distance learning is not inferior to, and often exceeds, its face-to-face counterparts, due to the involvement of highly qualified teachers, a modular course system, online tests and much more.

Diplomas and certificates in internal auditing

To obtain a diploma that confirms your qualifications in the field of internal audit, you should choose an international program from a foreign institute. Today, Russian specialists have access to such programs as IPFM, IFA, ICFM and CIA.

Nothing contributes to the successful implementation of innovations more than the absence of checks

(Muench's Law)

The article described the documentation management system operating in the analysis and examination department of the Gokhran of Russia (hereinafter referred to as the Department). This article discusses the procedures and documentation associated with internal audit, which is carried out in the Department in accordance with the requirements of GOST R ISO/IEC 17025-2000 (clause 4.13). In 2000, the department received accreditation in the German accreditation system in the field of quality control of precious metals. The results of the inspection control carried out by the German Accreditation Body in the field of chemistry (Deutsche Akkreditierungsstelle Chemie GmbH DACH GmbH) showed that the quality system in force in the Department meets the requirements of the specified standard. Therefore, we believe that it will be useful for specialists responsible for organizing and conducting internal audits in testing laboratories to become acquainted with the experience of our Department.

In accordance with GOST R ISO 9000-2001, “audit (verification) is a systematic, independent and documented process of obtaining audit (verification) evidence and objectively evaluating it in order to determine the degree of fulfillment of agreed audit (verification) criteria.” An internal audit in the testing laboratory is carried out to determine the compliance of its activities with the requirements of the quality system and GOST R ISO/IEC 17025-2000. The definition of “internal” emphasizes that the testing laboratory conducts the audit on its own, without the involvement of specialists from third-party organizations. No audit conducted by an external organization (customer, accreditation body, etc.) can replace an internal audit (except when the laboratory staff consists of one employee).
All accredited testing laboratories in Russia conduct internal audits, but it is rare that a laboratory conducts it in the spirit of the above definition and documents this procedure properly.
In accordance with clause 4.13 of GOST R ISO/IEC 17025-2000, internal audit (internal audit) is a mandatory procedure of the testing laboratory’s quality system. This paragraph of the standard defines the objectives of internal audit and quite clearly outlines the range of issues and procedures that should be described in the Laboratory Quality Manual. In this regard, problems arise:

how to develop, describe in the Quality Manual and carry out internal audit procedures with minimal time and effort so that they truly comply with the requirements of GOST R ISO/IEC 17025-2000;

how to document these procedures.

Below are described the procedures for planning, conducting and documenting internal audits, which have been developed and used in the Department over the past 3 years and have shown effectiveness with little labor input. It should be noted that when organizing the internal audit, we used the recommendations of the accreditation body DACH GmbH.

Planning and organization of internal audit

According to the method of organization, internal audit can be horizontal or vertical. A horizontal audit involves a detailed check of an element of the quality system (for example, “Personnel and advanced training”, “Work with the customer”, “Test methods”, etc.) for all objects in the scope of laboratory accreditation. During a vertical audit, all elements of the quality system are checked in relation to one or some objects in the accreditation area (from the sample acceptance procedure to the issuance of a test document).

The decision regarding the choice of type of internal audit is made by the quality manager, who is also responsible for planning, organizing and conducting internal audits. Our Department conducts a horizontal internal audit.

Internal audit is carried out in accordance with the plan, which is developed annually by the quality manager. The plan provides for a detailed audit of the Department's activities in the field of accreditation. All activities of the Department are checked at least once a year.

In addition to the scheduled audit, in some cases an unscheduled audit may be carried out, for example:

The plan has a very simple and visual form (Fig. 1). It reflects all areas of activity subject to audit (objects of audit), timing and results of the audit. The plan immediately shows what needs to be done, what checks have already been carried out, for which audit objects no significant inconsistencies were identified, and what checks should be repeated in connection with detected significant inconsistencies. Any laboratory can use this plan as a basis, making changes in accordance with its own requirements and organizational characteristics.

Conducting an internal audit

In our Department, internal audit is usually carried out by a quality manager. He may entrust some of the work to a specially trained employee who is familiar with the Department’s quality system and the requirements of GOST R ISO/IEC 17025-2000. The auditor should not check the areas of activity for which he is responsible, therefore, if the quality manager simultaneously has other responsibilities (for example, he is a team leader, is responsible for working with the customer, etc.), then the internal audit of this activity is carried out by another specialist, having appropriate training. The technical manager of the Department provides conditions for training and consultation of the auditor, and also gives him the appropriate authority necessary to carry out this work.

During the internal audit process, protocols are drawn up. The protocol form consists of one sheet, the front side of which is filled out by the auditor and contains the following information:

Full name of the auditor;
audit date;
audit object;
reference to the relevant section of GOST R ISO/IEC 17025-2000, which sets out the requirements for this audit object;
a list of requirements, the fulfillment of which is subject to verification;
identified inconsistencies;
auditor's signature.

The reverse side of the protocol is filled out by the quality manager and contains:

corrective actions, full name of the employee responsible for their implementation, and deadlines for implementation;
signatures of the quality manager and technical manager.

The protocol form is developed by the quality manager and approved by the technical manager. The list of requirements, the fulfillment of which is subject to verification, for each protocol is compiled by the quality manager without approval from management.

We consider this form of protocol to be very convenient, since it does not require much time to complete it; in addition, this protocol contains all the information about the necessary corrective actions.
In Fig. Figure 2 shows the front side of the equipment internal audit protocol as an example. Similar protocols are drawn up for each audit object (hence, in this case there are 10 protocols in total).

A testing laboratory often has several working groups located in different rooms. There is no need to check all working groups for all audit objects (i.e., fill out 10 audit protocols for each working group). You can do random checks so that each area of activity is checked once in any one work group (at the discretion of the quality manager).

Documentation

When conducting an internal audit according to the proposed scheme, only two types of documents are drawn up: an audit plan and audit protocols. In our Department, this documentation is kept by the quality manager for 5 years.

Some conclusions

The proposed internal audit procedure is suitable for a testing laboratory that has a fairly large staff, several different test methods and several premises, otherwise the internal audit can be organized much more simply.
The results of the internal audit provide objective information about the compliance of the laboratory’s activities with the requirements of GOST R ISO/IEC 17025-2000. This information can be used directly when carrying out another mandatory quality system procedure, which in this standard is called “Management review”.

Literature used
1. Zhitenko L.P., Obrezumov V.P. Documentation management in a testing laboratory // Partners and competitors. 2001. 10, p. 27-30.
2. GOST R ISO/IEC 17025-2000. General requirements for the competence of testing and calibration laboratories.
3. GOST R ISO 9000-2001. Quality management systems. Fundamentals and vocabulary.

The need for internal audits has already become commonplace for medium and large organizations. Small companies do not always conduct audits due to the smaller volume of work processes, but for some of them such control could bring a lot of benefits. Read about improving the process, planning and preparation in this article. Here you will also find information about conducting an internal audit at an enterprise, using an example.

Internal audit program and schedule

Planning an inspection is one of the very important stages of preparation. At this time, it is necessary to assess the total amount of work, determine the schedule and timing of the audit, draw up a control program, select an appropriate methodology and first identify the most problematic units. Also, at the planning stage, it is advisable to try to take into account potential external influences.

The internal audit program is drawn up together with the plan. Most often, the program has a personal form, taking into account the most important aspects subject to control in a particular company. This document describes all the nuances of the auditor’s activities and includes the following points:

The main purpose of conducting an internal audit.
Scope of application.
Definitions and abbreviations.
Information about additional documents.
List of those responsible for the application.
Description of the audit process.
Schedule and frequency of control checks.
Preparation of a detailed audit plan.
Preparation of necessary documents.
Sequence of information collection.
Nuances of preparing final reports.

Order to conduct an internal audit (sample)

Order to conduct internal audit - 1

Order to conduct internal audit - 2

When an internal audit is carried out by a third-party company, an agreement must be added to the order. Only on the basis of this document is it possible to sign a contract for conducting a VA.

The rules and procedure for conducting internal audit are described below.

Conducting an internal audit of the QMS in order to comply with ISO 9001 is shown in this video:

Rules

There are certain international and Russian standards for conducting internal audits. At the same time, it is not legally prohibited to develop your own internal VA rules. The main part of the federal standards concerns the activities of third-party auditors, regulating their work to ensure the quality of the services provided.

At the same time, internal auditing standards created by a particular company cannot contradict federal and international rules. Regardless of the level of rules, they are all divided into several blocks. Of these, 3 are mandatory:

Block No. 1 reflects the nuances of the organizational and economic activities of auditors.
Block No. 2 specifies the responsibilities of auditors, how to obtain audit evidence and the procedure for drawing conclusions.
Block No. 3 contains rules for the selection of methods, documentation, and work instructions.

It is important to understand that in order to obtain reliable data from an audit, it is necessary to have an audit structure with clear rules. Only systematized activities according to certain standards can demonstrate clear results.

Step by step steps

At first glance, conducting an internal audit is quite simple. This procedure includes only 3 steps:

Preliminary preparation.
Collection of audit evidence.
Registration of inspection results.

Often these stages are called: preparatory, working and final. Elimination or neglect of any of the stages deprives internal listening of any meaning.

At the preparation stage, it is necessary to plan and collect the necessary data, documents and various information about the object of control.
The working stage involves the direct application of selected control methods, conducting tests, searching for evidence and documenting the activities carried out.
At the final stage, the results of the audit are summed up, an analysis of the audit is performed and the preparation of documentation is completed.

Implementation results

All VA results must be in documented form for subsequent study. Most often, documents mean smaller forms. It indicates not only information about the detected deficiencies, but also proposed ways to eliminate them. Also, the results of the internal audit necessarily reflect potential ways to improve the efficiency of work processes.
In addition to drawing up reports and other audit documentation, another procedure is necessary. It is important to clarify in advance the criteria for the effectiveness of the work of inspectors and, upon completion of the internal audit, to analyze the quality of the control performed.
Often these criteria include compliance with the stated inspection time frame, the presence of complete and clear comments on all points studied, and an indication of potential problems in the future. It is also necessary to analyze the activities of auditors for compliance with inspection regulations and the correct use of various control methods. Another criterion is the availability, completeness and timeliness of providing documentation on the inspection performed.

When conducting an internal audit, a large role is played by its preparation (and don’t forget about!). Without a properly carried out preparatory part, high-quality work by inspectors is impossible. There is no unified audit system; each company independently combines control methods, so it is worth paying special attention to the preparation, the audit itself, and the analysis of work efficiency.

Conducting an internal audit of the management system is described in this video:

3. Normative references

ISO 9000:2005 – “Quality management systems. Fundamentals and vocabulary."

ISO 9001:2008 – “Quality management system. Requirements".

ISO 19011:2002 – “Guidelines for the audit of quality and/or environmental management systems.”

4. Terms, abbreviations and symbols

Terms and definitions:

Audit (verification) is a systematic, independent and documented process of obtaining audit evidence and evaluating it objectively in order to determine the degree of fulfillment of agreed criteria (ISO 9000:2005).

An auditor is a person who has demonstrated the personal qualities and competence required to conduct an audit (ISO 9000:2005).

Group of auditors - one or more auditors conducting the audit with the assistance (if necessary) of technical specialists.

Abbreviations used:

DP – documented procedure

QMS – quality management system

Legend:

Forking/merging process operations

5. Process description

5.1 Fundamentals

The QMS audit at KPMS is carried out with the aim of:

determine the level of compliance of the QMS with the requirements of the ISO 9001:2008 standard;
determine the level of compliance of the QMS with the requirements of internal regulatory documents.

The audit can be carried out scheduled (based on the annual audit plan) and unscheduled (based on the order of the general director).

The frequency of scheduled audits should be at least once every six months.

The quality officer is responsible for organizing audits.

The lead auditor is responsible for conducting audits.

The annual internal audit plan is developed and approved no later than December 20. The annual internal audit plan is developed by the quality officer. When planning internal audits of the QMS, a mandatory audit of each of the departments, each of the processes and each of the requirements of ISO 9001:2008 is provided.

Before the start of each audit, an audit schedule is developed. The schedule is developed one week before the audit date.

To conduct internal audits, a leading auditor, auditors and technical specialists are appointed from among the company's employees. The candidacies of the lead auditor and auditors are determined by the Quality Commissioner. The appointment of the lead auditor and auditors is carried out by order of the General Director for Personnel. The order may indicate the duration of the appointment. If the term is not specified, then the lead auditor (auditors) are considered to be appointed for an indefinite period and lose their status as an auditor only on the basis of an order from the general director to appoint a new lead auditor (auditor) or upon dismissal from the company.

Technical specialists are assigned (if necessary) to each audit upon the recommendation of the lead auditor. The appointment of technical specialists is carried out in an order for the organization to conduct an internal audit.

When drawing up an audit schedule, the distribution of auditors and technical specialists among the objects of inspection should exclude the possibility of them inspecting the units in which auditors and technical specialists work.

This article is also available in the following languages: Thai

Next

THANK YOU so much for the very useful information in the article. Everything is presented very clearly. It feels like a lot of work has been done to analyze the operation of the eBay store
- rootsshell
  
  Thank you and other regular readers of my blog. Without you, I would not be motivated enough to dedicate much time to maintaining this site. My brain is structured this way: I like to dig deep, systematize scattered data, try things that no one has done before or looked at from this angle. It’s a pity that our compatriots have no time for shopping on eBay because of the crisis in Russia. They buy from Aliexpress from China, since goods there are much cheaper (often at the expense of quality). But online auctions eBay, Amazon, ETSY will easily give the Chinese a head start in the range of branded items, vintage items, handmade items and various ethnic goods.
  - Next
    
    What is valuable in your articles is your personal attitude and analysis of the topic. Don't give up this blog, I come here often. There should be a lot of us like that. Email me I recently received an email with an offer that they would teach me how to trade on Amazon and eBay. And I remembered your detailed articles about these trades. area I re-read everything again and concluded that the courses are a scam. I haven't bought anything on eBay yet. I am not from Russia, but from Kazakhstan (Almaty). But we also don’t need any extra expenses yet. I wish you good luck and stay safe in Asia.
rootsshell

It’s also nice that eBay’s attempts to Russify the interface for users from Russia and the CIS countries have begun to bear fruit. After all, the overwhelming majority of citizens of the countries of the former USSR do not have strong knowledge of foreign languages. No more than 5% of the population speak English. There are more among young people. Therefore, at least the interface is in Russian - this is a big help for online shopping on this trading platform. eBay did not follow the path of its Chinese counterpart Aliexpress, where a machine (very clumsy and incomprehensible, sometimes causing laughter) translation of product descriptions is performed. I hope that at a more advanced stage of development of artificial intelligence, high-quality machine translation from any language to any in a matter of seconds will become a reality. So far we have this (the profile of one of the sellers on eBay with a Russian interface, but an English description):
https://uploads.disquscdn.com/images/7a52c9a89108b922159a4fad35de0ab0bee0c8804b9731f56d8a1dc659655d60.png

DIY bicycle illumination with LED strip DIY LED strip for bicycle spokes

Illuminating bicycle wheels using an LED strip is a great way to highlight your two-wheeled friend against the background of darkness and surprise passers-by with its original appearance. Unlike the advertised...

Combine harvesters Polesie: review of models and prices

For 20 years, the Belarusian plant "Gomselmash" has been successfully producing agricultural machinery, including grain harvesters, which are famous in the domestic and foreign markets for their high...

Longitudinal section of the Titanic

Drawings of the Titanic, a steamship of the British shipbuilding company White Star Line. Construction of a large ship took more than two years. About 3,000 people worked at the shipyard. In May...

Basic techniques for working with the machine

All photos from the article Wood is not only a material for making beams, boards and other building elements, it is also a space for creativity, since this material is processed...

How to create interior paintings yourself?

Hand-made decor items are becoming more and more popular every year, as everyone wants to have an exclusive decoration in their home, and not a replicated faceless souvenir from...

How to combine copper with aluminum - the better and more reliable

When installing electrical wiring, sometimes the question arises about connecting copper and aluminum wires. This issue is especially relevant during electrical work in old housing stock, where the main part...

How to choose the best moonshine still for home use

To prepare a high-quality alcoholic drink yourself, you need to carefully select raw materials and devote a lot of time to the technological process. Moonshine stills simplify this task -...

Homemade mini flour mill

All farm owners know how useful a personal grain mill is, which is easy to make with your own hands. Using this design, you can renew food supplies for rabbits...

Free photo frames online - beautiful photo effects

Make fun, smile and create with our photo effects! The service site contains a unique collection of beautiful photo effects, and modern ones (like Instagram effects). You will like...

Old lighthouses Abandoned lighthouses Photos

Clickable 1920 px Remember, I showed you. I didn’t want to fill the topic with all sorts of interesting things and details, there was already something to look at :-) But now I’ll tell you about...