Robust internal audit program

TacitBlue

Involved In Discussions
What are the elements of a robust internal audit program? We have several locations cert to as9100. We have sort of a complex internal audit process. We need to make it more effective and risk based. Any advice?
 

John Broomfield

Leader
Super Moderator
What are the elements of a robust internal audit program? We have several locations cert to as9100. We have sort of a complex internal audit process. We need to make it more effective and risk based. Any advice?

Ask top management what they want from their internal audit program.

Then you’ll be able to recruit the best people for auditor training.
 

Randy

Super Moderator
If your name is indicative of programs and activities, having a solid security clearance and engineering background would be extremely helpful. You guys should already have a good handle on risk, and regardless of industry risk=risk with just the risks themselves being different.

Too many internal audits are done at the 5,000 ft level and above, internal audits have to and must be "in the weeds" down to task specific operational levels, so focus on your lower level (narrow focus) "stuff" to a greater degree than the "high level" (broad reaching) whatever.
 

yodon

Leader
Super Moderator
I think the key element is attitude! Everyone should recognize that the internal audit is intended to be helpful, not a box-checking exercise. As @Randy noted, it should be down in the weeds to really ferret out any issues. Those being audited need to be open and honest and not fear any reprisals from management if there are findings.
 

Sidney Vianna

Post Responsibly
Leader
Admin
Any advice?
First and foremost; without this you will never succeed in making a valuable and robust internal audit program: top management HAS to be behind the drive to make internal auditing something that is perceived throughout the corporation as a business value aggregator. They have not only to believe in it, but make sure the whole organization understands that as well. They have to be explicit and recurrent in their support for the team. Recognition for in-house discovery of unmitigated risks (via internal audits) is a wonderful motivator. Internal audit planning and results HAS TO BE in the corporate agenda and definitely in the boardroom discussions. Assign a CIAO - S/he must have easy two-way access to top management.

The competence of internal auditors has to be top notch. To that effect, ISO 19011 and AS9104-3 (for Aerospace) are great documents to assist in the selection and development of internal auditors. The personal attributes of internal auditors is paramount and, many times, organizations don't pay enough attention to it. Internal auditors must be very comfortable in assessing business risks as part of their duties and be able to report audit results in a way that people can relate.

Search this forum. Over the years, we've had a number of great discussions around this subject. Why are GOOD Internal Auditors so hard to find?

Good luck.
 
Last edited:

Tagin

Trusted Information Resource
We need to make it more effective and risk based. Any advice?

  1. I would look at historical N/C records for recurring risk types and/or susceptible areas to focus on.
  2. I would look at historical audit (internal and external) records for recurring risk types and/or susceptible areas to focus on.
  3. I would consider doing a system-level FMEA to identify higher risk areas.
  4. I would look at customer and regulatory requirements as areas to focus on.
  5. Then determine a risk-based audit frequency for these specific identified areas, which will then give you a good idea of remaining audit resources & time to allocate to lower risk areas.
 
Last edited:

Funboi

On Holiday
What are the elements of a robust internal audit program?
Having your management team request audits because they see the strategic benefits. Offering their best and brightest people to become auditors. Taking an active role in the planning and preparation by those auditors. Ensuring that actions taken from the audits are appropriate and timely. Y’know. All those things that they currently don’t do…
 

Mike S.

Happy to be Alive
Trusted Information Resource
Lots of good points above.

Developing a good internal audit process is like developing any other process - it takes desire and time and effort and good people and training and practice and PDCA thinking.

What would you do if you had a production or service process that wasn't working too well?
 
Top Bottom