2. What will we cover?
Audit steps and rules
Definition of a Finding
How to write a Finding
Purpose of the audit report
How to write an audit report
Improve performance through audit
3. What is an audit?
Requirements
Findings
Observations
Observations
Observations
Findings
Findings
Conclusions
Evidence
Findings
4. Four Phases of the Audit
Preparation
(25% of the audit)
Performance (50% of the audit)
Reporting (15% of the audit)
Closure (10% of the audit)
5. First Rule of Auditing:
1. Audits provide
information,
about the future,
to decision-makers
6. Second Rule of Auditing:
2. Auditors must be
capable of doing
their job.
7. Third Rule of Auditing:
3. Audits measure
to agreed criteria
8. Fourth Rule of Auditing:
4. Conclusions are
based on facts
9. OK, so now what?
We have all this good information. What
should we do with it?
11. Definitions
Finding
“An audit conclusion which identifies a condition
having a significant adverse effect on the quality of the
activity under review.” (Arter)
Nonconformity
“Non-fulfillment of a requirement” (ISO 9000:2008)
Observation (No longer in use)
Positive Practice
“An audit conclusion which identifies a condition of
exceptional merit.” (Arter)
12. Do the Data Dump
GOOD
Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Quisque auctor. Vivamus volutpat
ipsum at metus.
Curabitur non lectus rutrum eros suscipit interdum. Vivamus mattis. Ut porttitor, dui
malesuada commodo vehicula, purus nisi imperdiet nibh, et posuere erat dui eu dolor.
Praesent et velit a urna faucibus ornare. Ut nec justo ut velit consectetuer tincidunt. In
gravida lectus et ante. Nullam eros. Ut bibendum purus non magna.
BAD
Fusce fermentum. Morbi tincidunt. Vivamus interdum mi vitae orci. Quisque ut nunc ut nibh
vehicula tempus. Nam arcu. Etiam lacus.
Vestibulum non diam. Sed dictum tincidunt lacus. Aliquam sagittis, diam non volutpat
tempus, neque augue viverra augue, vitae condimentum lorem nulla quis felis.
Donec quis erat. Morbi auctor felis. Nulla diam eros, lobortis vel, rhoncus sed, placerat ac,
nulla. Fusce porttitor dui condimentum justo. Vestibulum dolor lacus, consequat blandit,
feugiat ac, varius nec, augue. Aliquam et tortor quis quam adipiscing vehicula.
Nam molestie. Praesent pretium orci in purus. Phasellus massa dui, tincidunt a, dictum
sed, posuere vel, lorem. Maecenas et quam. Nullam mi. Proin ac eros.
Praesent malesuada nunc non risus. Praesent fermentum vehicula libero. Curabitur libero.
Ut molestie massa. Suspendisse urna. Vestibulum ante ipsum primis in faucibus orci luctus
et ultrices posuere cubilia Curae; Sed nulla.
Duis in turpis. Nunc lobortis. Ut massa nisl, rhoncus imperdiet, faucibus et, semper et,
lectus. Lorem ipsum dolor sit amet, consectetuer adipiscing elit. In hac habitasse platea
dictumst.
Mauris quis nulla sed mauris scelerisque pellentesque. Donec sit amet sem. Proin quis
velit. Ut ut erat ut mi viverra adipiscing. Sed sed ante. Integer at dolor. Vivamus porttitor est
et dui. Phasellus id dui.
Integer nonummy. Fusce justo magna, ultricies pretium, rutrum ac, ultrices a, ante. Morbi
gravida massa quis elit. Etiam nulla. Cras congue nibh eget metus. Integer varius nulla eget
nibh.
Ut at sem sit amet ipsum gravida viverra. Quisque dignissim ultricies metus. Fusce
ullamcorper. Nullam nec nisl eget nibh convallis molestie.
Aliquam commodo accumsan leo. Cras ligula. Sed elit ligula, faucibus sit amet, semper et,
accumsan quis, neque. Etiam in augue ut nunc tristique consectetuer.
Ut cursus aliquet eros. Aenean sit amet tortor eget ipsum bibendum bibendum. Nunc vel
justo sagittis libero iaculis bibendum.
Donec felis erat, egestas nec, posuere ut, tempor malesuada, quam. Donec arcu nibh,
blandit vitae, ullamcorper eu, posuere non, eros.
Curabitur dapibus euismod nulla. Class aptent taciti sociosqu ad litora torquent per conubia
nostra, per inceptos hymenaeos.
Fusce vehicula erat id ante. Aenean non libero ut tellus scelerisque ultricies. Aenean ac leo
fermentum pede porttitor varius. Donec et justo quis nisl faucibus ultricies. In odio.
Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis
egestas
Vivamus eu eros vestibulum sapien nonummy ullamcorper. Aliquam congue est sed turpis.
Nullam suscipit lobortis dui. Nam ipsum.
Fusce fermentum. Morbi tincidunt. Vivamus interdum mi vitae orci. Quisque ut nunc ut nibh
vehicula tempus. Nam arcu. Etiam lacus.
Vestibulum non diam. Sed dictum tincidunt lacus. Aliquam sagittis, diam non volutpat
tempus, neque augue viverra augue, vitae condimentum lorem nulla quis felis.
Donec quis erat. Morbi auctor felis. Nulla diam eros, lobortis vel, rhoncus sed, placerat ac,
nulla. Fusce porttitor dui condimentum justo.
13. Do the Data Chunk
Fact
Fact
Fact
Fact
Fact
Fact
Fact
Fact
Fact
Fact
Fact
Fact
Fact
Fact
Fact
Fact
Fact
Fact
Fact
Fact
Problem
Problem
Problem
14. Bank audit example
Equip. maintenance
Teller competencies
Network down
Backup server data
Bill sorting machine
Doors, locks, and keys
Cash machine jams
False security alarm
Debit and credit
reversed
Cash drawer daily audit
No pattern
Key-in entry mistake
Coins falling out of
rabbit
15. Step 3 – Identify the pain
Cost
Production
Risk
16. Step 4 – Put them together
Problem
+
Finding
Pain
17. Step 5 – Turn piles over
Statement of the system control problem
◦
◦
◦
◦
Bad fact
Bad fact
Bad fact
Bad fact
18. Finding
Lack of equipment maintenance is causing higher
operating costs.
Computer network was down for a total of 25 minutes during the
month of July.
Backup server was loaded with out of date data files on July 12.
Hill Street branch experienced 3 cash machine paper receipt jams in
June.
Bill sorting machine malfunctioned on July 3 and again on July 9.
Three branches experienced entry door lock jamming this year. One
resulted in a key breaking.
Oak Lawn branch experienced a false security alarm on July 20. Police
responded.
19. Cause and effect?
Whoa! That’s much too hard
(and my firm is not ready to
accept this approach)!
Is there a simpler way?
20. Finding
Non-conformances are not being identified
throughout the company.
◦ Only receiving inspection is presently using the NCR
Form (#278).
◦ Operators filling boxes often have to bend pigtails to get
the components to fit in the box.This is not being
recorded.
◦ Observed pigtail variance on line 3 averaged 1/2 inch on
Tuesday during the audit.
These are called finding sheets
21. Can we say good things?
These are called Positive Practices
Constructed just like negative Findings,
except use good facts rather than bad
facts.
22. Write the Summary
Overall evaluation of the management
controls
◦ One or two paragraphs
◦ Very subjective (by design)
Is the operation safe? Efficient?
Is there reason to believe that controls
will continue?
Are there any regulatory risks?
23. Focus on the system
System: grouping of
interrelated processes
designed to achieve a
common objective.
To have lasting effect
(improvement),
stakeholders must have
a desire to change the
system
27. Audit report
Finding 3
Finding 2
Finding 1
Audit Report
1. Background
2. Summary and
Conclusions
3. Any Deficient
Areas
Lead Auditor
Date
28. Report distribution
You work for the audit boss
Audit team writes report
Team leader drafts cover letter
◦ Background
◦ Executive summary
◦ Request for corrective action
Audit boss sends report out (internal)
Buyer sends report out (external)
Auditors
Audit Boss
Buyer
Auditee
31. Summary: Phases of the Audit
Preparation
Performance
Reporting
Closure
32. Summary: Value of the Audit
Audits provide confidence:
◦ Controls are present
◦ Controls are used
◦ Controls really work
◦ Controls will continue
33. Summary: Rules for the Auditor
You must be prepared
You must dig for threads and
patterns
You must look for cause and
effect
Managers understand the
language of business (cost,
production, risk)
34. Summary: Rules for the Audit
1.
Audits provide information
2.
Auditors must be qualified
3.
Audits measure to agreed criteria
4.
Conclusions are based on facts
36. Thank you!
Dennis R. Arter, CQA
Columbia Audit Resources
Kennewick, Washington
(509) 783-0377
Dennis@Auditguy.net
Web site: http://Auditguy.net
Blog site: http://Auditguy.blogspot.com