Page 256 - DCOM204_AUDITING_THEORY
P. 256
Auditing Theory
Notes auditor’s outside perspective can be quite valuable. The client (the person who commissions the
audit), in contrast to the auditee, is accountable for the auditors’ actions and reports. Committees
cannot generally perform this function; an audit boss should schedule the audits and make
assignments. Finally, auditors must serve the organization’s needs. Business values are important
and the auditors can assist by determining whether the enterprise is actually achieving its goals.
Rule 2: Use Qualified People
Auditors must be able to carry out their assignments in an impartial and objective fashion. This
means that they cannot have a vested interest in the activity being audited. If they developed the
rules, they cannot impartially evaluate the effectiveness and application of those rules. Although
an auditor can never be totally independent of the auditee, some separation must be maintained.
It’s fine to audit within your group, but you can’t audit your own job.
Auditors must also be capable of doing their jobs. They need certain emotional, intellectual and
mechanical skills, which they can obtain by attending a course, reading a book or observing
others. Often, all three methods are used. In addition to knowing how to conduct an audit,
auditors must be familiar with the technical processes being examined. A good way to demonstrate
this familiarity is to flowchart the activity to be audited—if a person can’t flowchart it, he or she
can’t audit it. Finally, auditors need to be able to communicate well, both orally and in writing.
Rule 3: Measure against agreed criteria
Auditors are not allowed to make up the rules—they must audit against performance standards
that are already in place and accepted by the auditee. This is the planning part of the plan-do-
check-act loop. The highest level of requirements includes corporate policies, management
system standards and regulatory requirements. Usually originating from outside the auditee’s
organization, these requirements establish the goals and objectives to be achieved. National
and international standards, such as QS-9000 and ISO 9001, fall into this highest category. Next
comes the local approach, often called a quality manual or quality plan, for implementing these
high-level requirements. It gives the framework for achieving the concepts and should be fairly
compact. This document is then followed by a number of process-specific procedures. Further
detail can be provided in work instructions, such as drawings, traveler sheets and sampling
plans. One of an auditor’s challenges is to obtain and become familiar with the many levels of
requirements forming the basis for the audit.
Rule 4: Use facts to Form Conclusions
Auditing is fact-based; conclusions are drawn from the data. Facts can be good (a requirement
was met) or bad (a requirement wasn’t met), but no judgment or opinion should taint them.
These facts, also known as objective evidence, can come from five sources. They can be physical
properties, such as flow rates and dimensions; sensory-derived input from seeing, hearing,
smelling or tasting; documents or records; information drawn from interviews with auditee
staff members; or patterns such as percentages or ratios. Auditors use checklists and other tools
to determine the facts to be gathered, and then they perform the fieldwork to gather these facts.
The output of the audit process, be it a management or compliance audit, is a report. The client
(audit boss) receives the report from the auditor and delivers it to the auditee. To prepare a
report, the auditor must take all of the positive and negative facts and make some sense of the
data. In other words, the auditor must analyze the data.
The first step is to list all of the positive and negative observations (data), then sort those data
into controls or problem areas. Generally, there will be a large number of negative observations
associated with just a few control items. This natural chunking of the data allows the auditor to
250 LOVELY PROFESSIONAL UNIVERSITY
