|
|
 |
16th January 2001, 08:10 AM
|
|
|
Risk Based Audits ocussing on those areas of identified risk
Does anyone have experience of Risk based auditing i.e. focussing on those areas of identified risk rather than on those which, if non-compliant would have no significant impact on the process.
Regards
Eric
|
16th January 2001, 09:03 PM
|
|
|
Hi Eric,
I have evaluated organizations for risk of delivering nonconforming products and violating regulatory requirements. I call them Risk Assessment Audits or Risk Analyses or Risk Reduction System Evaluations. Should allegations of product liability or regulatory compliance be raised, organizations need to have systems, practices and records in place to send the investigators elsewhere.
What would you like to know?
|
16th January 2001, 09:15 PM
|
 |
Your Elsmar Cove Host
Registration Date: Jan 1996
Location: West Chester, Ohio - USA
Age: 59
|
|
Posts: 15,857
Thanks Given to Others: 1,895
Thanked 1,566 Times in 1,018 Posts
Karma Power: 605
|
|
I'd like to hear whatever you have to say about format, what things are you looking at, how do you assign risk values, etc.
|
28th February 2001, 06:17 AM
|
 |
Inactive Registered Visitor
Registration Date: Feb 2001
Location: Brisbane, Qld Australia
|
|
Posts: 71
Thanks Given to Others: 0
Thanked 0 Times in 0 Posts
Karma Power: 37 Karma: 10
|
|
Hi Eric,
I have used a risk based assessment for our internal audit schedule. As we have a National system (across Australia) involving five business units, I have asked each Department Manager in all businesses to assess each procedure based on risk to the business.
A rating of "1" is considered a high risk, "2" is considered a medium risk, and "3" a low one. These are then scheduled to be audited six monthly, annually and biennially respectively.
This was a good and easy approach which has worked well for us and also impressed our third party auditors. It is an easy approach to compiling an audit schedule based on risk.
Recently (last week) I re-issued our schedule and changed it somewhat. I have made the schedule more of a "real-time" schedule rather than an excessive planned approach, and also cut back dramatically on the base schedule.
Now we have our category "1's" which are audited by an internal Corporate Team annually. Category "2's" are scheduled once every two years, and category "3's" are considered optional based on need as they are not considered a risk to the day-to-day operation of the business.
The intent is that the trends identified in the Corrective/Preventive Action system are added to the audit schedule on a progressive basis. So this then reflects the current "real-time risks" of the business rather than trying to plan risks over two years based on gut-feel.
Of course, should the business wish to audit areas at a higher rate than the base schedule then that is up to each respective business.
This approach seems to be good on paper so far, and time will tell how effective it is. I am banking on it being a winner though.
Hope this insight helps.
|
Lower Navigation Bar
|
|
|
|
Visitors Currently Viewing this Thread: 1 (0 Registered Visitors and 1 Unregistered Guests)
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
Rate Thread Content |
 Linear Mode
|
|
Posting Settings
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|
