Audit of an Accounting Department - No Documented Procedure for Accounting

Big Jim

Super Moderator
#11
The financial aspects of a business are generally outside of the scope of ISO 9001:2008.

However, in many companies, it is the accounting department that is responsible for some aspects that do fall within the scope. Very often it is the accounting department that handles the filing of records. Sometimes even purchasing is handled by the accounting department. There may be considerations for allocation of resources.

Since accounting is included in the interaction of processes of that company, some questions need to be asked as to how they are involved with the quality management system. If it is included only because it is one of the departments of the business, it could be misapplied (as Sydney pointed out). If it is included because of a pertinent involvement with the quality management system, then that portion should be audited. I don't view this as cause to "go through the books" though. I would be hard pressed to justify how an ISO auditor should be looking over balance sheets or income statements, even if they have such expertise.
 
Elsmar Forum Sponsor

somashekar

Staff member
Super Moderator
#12
i am an external audior.
In the organisation chart of the company i audited , the accounting department is considered as part of the quality system.

All The accounting trannsactions are done through an accounting software.

The company had no documented procedure for accounting.

how to audit such department ? audit the software against what ?!!!!
Its nice to read that accounting is considered into the QMS. A good process approach will incorporate this. Do not be worried about the accounting software and things as there are accounting audits seperately which checks and monitors accounting methods and its correctness. Accounting is involved in receivables and payables and so would have process interactions with customer interface process and purchasing process. Apart from this things like Training budget, Resource planning etc., will have an interface with accounting too. Your audit will have to look at this activity and get information of how effective these process interaction has been happening.
Are the accounting personel involved in the planning, budgeting and purchase / sales activities in order to make these processes effective. Are internal communications between accounting and other related functions properly established and are they effective. Are the accounting personnel trained about the process and interactions to be sensitive to the needs of the organization. Your auditing techniques must be able to dwell into these and get vital audit outputs about them.
 
C

Craig H.

#13
The financial aspects of a business are generally outside of the scope of ISO 9001:2008.

However, in many companies, it is the accounting department that is responsible for some aspects that do fall within the scope. Very often it is the accounting department that handles the filing of records. Sometimes even purchasing is handled by the accounting department. There may be considerations for allocation of resources.

Since accounting is included in the interaction of processes of that company, some questions need to be asked as to how they are involved with the quality management system. If it is included only because it is one of the departments of the business, it could be misapplied (as Sydney pointed out). If it is included because of a pertinent involvement with the quality management system, then that portion should be audited. I don't view this as cause to "go through the books" though. I would be hard pressed to justify how an ISO auditor should be looking over balance sheets or income statements, even if they have such expertise.
Well said.

In fact, in the US anyhow, accounting does have a standard, GAAP (Generally Accepted Accounting Principals) and they are audited against these by their outside accounting firm. Taxes, in the US, are audited by the IRS (Infernal Rascals and ...).
 

qusys

Trusted Information Resource
#14
Agree with you, but I intented to say that the audit could also touch some aspects related to the renewal of formation and competence.
Accounting personnel should be fully aware of the changes of the laws and regulatory issue that are linked with their own job.
For this purpose, I would like to check how the organization sets the refresh and the update of the accounting personnel's knowledge background when the law, impacting their job, is completely reviewed. Specific laws that apply to them could be asked by interviewing accountig personnel or looking at the information present in job descriptions
Some of them are very critical because if they are not correctly implemented, this could affect the health of the QMS organization.
So , as auditor I do not check the compliance vs law and regulatory item, but towards the respect of the training clause 6.2 as well 6.1 related to resources.
Original documents and cd-rom of the laws are to be provided by the organization.
Hope this helps

Auditors performing quality system audits can not be expected to know, or even be aware, of laws an organization has to comply with, outside of legal requirements that apply to the products.

QMS auditors should not delve into regulatory compliance assessments outside of the system being audited. And, even within the system being assessed, an ISO 9001 conformance audit should not turn into a regulatory compliance check, either.
 
Last edited:
C

Craig H.

#15
Agree with you, but I intented to say that the audit could also touch some aspects related to the renewal of formation and competence.
Accounting personnel should be fully aware of the changes of the laws and regulatory issue that are linked with their own job.
For this purpose, I would like to check how the organization sets the refresh and the update of the accounting personnel's knowledge background when the law, impacting their job, is completely reviewed. Specific laws that apply to them could be asked by interviewing accountig personnel or looking at the information present in job descriptions
Some of them are very critical because if they are not correctly implemented, this could affect the health of the QMS organization.
So , as auditor I do not check the compliance vs law and regulatory item, but towards the respect of the training clause 6.2 as well 6.1 related to resources.
Original documents and cd-rom of the laws are to be provided by the organization.
Hope this helps
CPAs are required to take a specified number of hours of training to maintain their certificate.
 
J

John Martinez

#16
I can audit any undocumented process that is included as a process in ISO 9001:2008 by Clause 4.1 Then, I would ask how do you do this task to several people. If I get the same answer from everyone, ok. If I get different answers, then we have an issue to raise with the process. :caution:

Like it was also said, I'd keep my "how do you do this task" questions specific to what affects the quality of the product or customer satisfaction.

If anyone thinks that accounting, specifically accounts receivable, should be outside their QMS, try sending an incorrect bill to a customer and see what it does to customer satisfaction. :soap:
 
T

Trike99

#17
I agree with Sidney.

Management system audits are not a substitute for, or even a compliment of financial system audits. Even if I had the expertise and/or qualifications of a CPA, my work as an internal auditor wouldn't normally cross into the boundaries of, say that of the Sarbanes Oxley Act. In contrast, it is easier to identify requirements and compliance to OSHA laws, and I am ethically bound to report to management any OSHA violations I see while auditing, even if I am not doing a safety audit.

That said, if I ran across something flagrantly wrong in the accounting field while I was doing an audit of a management system, I would be duty bound to report what I saw to management - I just wouldn't be able to do so in more than an advisory capacity.
:2cents:
I agree that you would be 'ethically bound' to report the non-compliance to an OSHA requirement to management....BUT...I wonder, if you were a Registrar's Auditor and found an OSHA requirement not met by the Auditee organization while performing an AS9100B surveillance audit, would you write documented findings (NC's) against the OSHA requirements under Clause 6.4 Work Environment of AS9100B ? Thanks in advance for your feedback..
 
T

Trike99

#18
Auditors performing quality system audits can not be expected to know, or even be aware, of laws an organization has to comply with, outside of legal requirements that apply to the products.

QMS auditors should not delve into regulatory compliance assessments outside of the system being audited. And, even within the system being assessed, an ISO 9001 conformance audit should not turn into a regulatory compliance check, either.
Thanks for your comments on this issue. Would you tell me please if you think a Registrar's auditor is within their right to audit an organization for compliance to OSHA's requirements (ANSI Z385.1) and to subsequently write documented NC's and CAR's as part of their AS9100B Audit report. The basis for the CAR is given as AS9100B Clause 6.3 Infrastructure.

The auditee was not advised in advance that the OSHA standard was to be made part of the AS9100B audit. I don't disagree that the auditee has to be in complaince, but I question the Auditor's method of trying to 'enforce' something through the use of documented NC's and CAR's while not discussing this issue with management on an ethical reporting basis...

Any comments would be appreciated...and thanks in advance..
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#19
Thanks for your comments on this issue. Would you tell me please if you think a Registrar's auditor is within their right to audit an organization for compliance to OSHA's requirements (ANSI Z385.1) and to subsequently write documented NC's and CAR's as part of their AS9100B Audit report. The basis for the CAR is given as AS9100B Clause 6.3 Infrastructure.
Certainly not. 6.3 of AS9100 has NOTHING do to with Occupational Health & Safety. We've had so many discussions on this topic, over the years.
While the organization should be receptive to feedback on occupational health and safety issues, irrespective of the source, an external CB auditor, doing a QMS audit is way out of bounds issuing a nonconformity for issues OUTSIDE of the QMS, be them a safety violation, an environmental hazardous discharge or a business ethics breach. While all of those things are important, they are outside the scope of a QMS (e.g., AS9100) audit. An easy appeal.
 
T

Trike99

#20
Sidney - thank you so much for your quick reply - you confirmed what I was thinking and feeling about this issue, and what I had told my customer.

I appreciate your willingness to share with those of us (Consultants, trainers, etc) who do not have access to 'all' the information and have to work sometimes very hard to stay 'educated' with what is right or wrong - both in the 'accepted' interpretation of the standard's requirements, the appropriate implementation in the context of any organization, and in what the Registrar's Auditors are going to be expecting...(and my view is they are sometimes doing their 'own' thing).

Thank you very much ..:thanx::thanx::thanx::thanx::thanx::thanx::thanx::thanx::thanx:
 
Thread starter Similar threads Forum Replies Date
P Configuration Status Accounting vs. Configuration Audit - Differences Software Quality Assurance 2
D How to Audit Oracle used for Accounting Processes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
J Internal Audit Questions - Accounting - ISO 9001 Internal Auditing 24
R Auditing Accounting as a Key Process - TS16949 Audit Internal Auditing 6
Q ISO 9001-2015 Internal audit finding Internal Auditing 12
lanley liao How to understand this words that the planning of internal audit shall take into consideration the results of previous audits? Oil and Gas Industry Standards and Regulations 10
P Audit check for IT company (ISO 9001) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
D Supplier audit Medical Device and FDA Regulations and Standards News 2
M Go Live With New ERP System before Recertification Audit General Auditing Discussions 6
A Add MDSAP to Internal Audit Schedule Medical Device Related Regulations 0
A Define timeline for Major and Miner Audit finding General Auditing Discussions 4
J IATF 16949 Internal Audit question - Auditor's responsibility Internal Auditing 6
A API Monogram audit review process Oil and Gas Industry Standards and Regulations 4
S IATF 16949 Internal Audit Example IATF 16949 - Automotive Quality Systems Standard 7
B Remote IATF 16949 audit preparation General Auditing Discussions 10
M AS9100D Registrar pre-audit requirements AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 15
I Do I need to sign off my annual audit calendar? Internal Auditing 2
R AS9100D internal audit checklist or ISO 9001 2015 to AS9100 D AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
M Nice and simple invitation email to an audit kickoff meeting Internal Auditing 1
M IATF 16949 - Audit of Remote Location/Support Site and IT IATF 16949 - Automotive Quality Systems Standard 4
Q IATF audit - Root Cause Analysis results IATF 16949 - Automotive Quality Systems Standard 5
Q Self-assessment audit information Quality Management System (QMS) Manuals 6
Le Chiffre Online training available for ISO/IEC 17021-1: Requirements for bodies providing audit and certification of management systems Training - Internal, External, Online and Distance Learning 3
xfngrs NIOSH Audit for N95 respirators US Food and Drug Administration (FDA) 1
Sidney Vianna IATF 16949 News Risked Based Audit Day Calculation IATF 16949 - Automotive Quality Systems Standard 2
T AS9100 audit due to facility move AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
M ISO 13485:2016 internal audit checklist Medical Device and FDA Regulations and Standards News 5
A Internal Audit Questions ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
B SAP Audit trail Periodic Review EU Medical Device Regulations 1
N What are the software audit and control steps Reliability Analysis - Predictions, Testing and Standards 2
R Gap Audit Aerospsace and Rail QMS Quality Manager and Management Related Issues 0
salaheddine96 Internal audit planning Internal Auditing 2
A MDSAP Audit Questionnaire Medical Device and FDA Regulations and Standards News 7
H Obligations as a contract manufacturer during an MDSAP audit ISO 13485:2016 - Medical Device Quality Management Systems 5
M What are the basics of Medical Device Single Audit Program (MDSAP)? ISO 13485:2016 - Medical Device Quality Management Systems 7
Sidney Vianna IATF 16949 News Update on the IATF CARA Project (“Common Audit Report Application”) - 12/2020 IATF 16949 - Automotive Quality Systems Standard 1
R ISO 17025 vertical audit checklist wanted Document Control Systems, Procedures, Forms and Templates 2
Z Rapid audit template for plastic parts manufacturing process Manufacturing and Related Processes 12
M ISO 9001 Major Nonconformance Internal Audit Schedule/COVID-19 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
S Quality Audit Training Activities Quality Manager and Management Related Issues 2
G IATF Rules for COVID 5th revision - Re-certification audit timing IATF 16949 - Automotive Quality Systems Standard 3
E MDR internal audit Internal Auditing 1
Ed Panek Remote Audit GOTOMEETING thoughts Coffee Break and Water Cooler Discussions 22
B ISO 9001 - "Remote Audit Fee" Registrars and Notified Bodies 13
L IATF external audit virtual (remote) IATF 16949 - Automotive Quality Systems Standard 13
M Audit Criteria Training Materials Internal Auditing 1
K New supplier audit as per V3.1 by French Automotive OEM General Auditing Discussions 2
S Complexity Rating - CB adding another audit day for "high complexity" AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 6
U Internal Auditor not trained but done Audit for some process Nonconformance and Corrective Action 5
B Looking for 10 Internal Audit Online Training Participants ISO 17025 related Discussions 2

Similar threads

Top Bottom