ISO 19001
ISO 19001
Student’s Name
University Name
Date
Instructor’s Name
Abstract
ISO 19001 and its Scope
This is an international standard that gives guidelines necessary for management systems auditing. International Organization for Standardization is in charge and controls this mark of quality. The standard gives an organization four resources which includes;
· An elaborate explanation of all basics of management systems auditing.
· Updated information concerning the competence and evaluation of selected auditors.
· Guiding instructions on how to carry out internal and external audits.
· Guiding instructions on management of the available audit programs.
The main idea behind any management system auditing is to gather crucial evidence and this requires competent personnel. Three techniques are usually employed in getting this information. These are visual observations, physical interviews involving staff members and reading the available documents. The auditor used should be competent with the specific areas being audited and have basic training in it (Waddell, D 2005)
Internal audits
Internal audits are a function of an organization operating independently from other departments and usually reports to the appointed audit committee. They are charged with carrying out audits of the organization in all sections of the business as dictated by the annual audit plan. They are in charge of monitoring the financial flow in every department of the business. They focus on the keys issues facing the business and how well the management is working to have the problems solved. They are involved in decision making process regarding issues affecting the business that need to be improved for efficiency and increased returns. They keep the company updated at all times to make sure that finances are well utilized to maximize the returns. They generally help the company to keep going as they combine assurance and consulting services to ascertain that they achieve the very best. (Mock, TJ & Wright)
Internal auditors are professionals who are independent to the areas they carry out the audits. This is meant to reduce cases of fraud and be biasness. They must abide to a code of ethics, a core requirement for this career. They must be compliant with international standards and this increase and assures the quality of their output. They are put on mentoring and upgrading programs on regular basis to sharpen their skills and to keep them updated on upcoming issues and technology necessary for their practice.
External audits
External audits are external functions who work for an organization to carry out and confirm audits. They reside outside the governance of the business but they may at times be shareholders of the organization. Their objective is to add credibility of the financial reports earlier given by internal audits. Their coverage is mainly financial reports and other financial reporting risks. They have no responsibility in mon ...
ISO 19001ISO 19001Student’s NameUniversity Name.docx
1. ISO 19001
ISO 19001
Student’s Name
University Name
Date
Instructor’s Name
Abstract
ISO 19001 and its Scope
This is an international standard that gives guidelines necessary
for management systems auditing. International Organization
for Standardization is in charge and controls this mark of
quality. The standard gives an organization four resources
which includes;
· An elaborate explanation of all basics of management systems
auditing.
2. · Updated information concerning the competence and
evaluation of selected auditors.
· Guiding instructions on how to carry out internal and external
audits.
· Guiding instructions on management of the available audit
programs.
The main idea behind any management system auditing is to
gather crucial evidence and this requires competent personnel.
Three techniques are usually employed in getting this
information. These are visual observations, physical interviews
involving staff members and reading the available documents.
The auditor used should be competent with the specific areas
being audited and have basic training in it (Waddell, D 2005)
Internal audits
Internal audits are a function of an organization operating
independently from other departments and usually reports to the
appointed audit committee. They are charged with carrying out
audits of the organization in all sections of the business as
dictated by the annual audit plan. They are in charge of
monitoring the financial flow in every department of the
business. They focus on the keys issues facing the business and
how well the management is working to have the problems
solved. They are involved in decision making process regarding
issues affecting the business that need to be improved for
efficiency and increased returns. They keep the company
updated at all times to make sure that finances are well utilized
to maximize the returns. They generally help the company to
keep going as they combine assurance and consulting services
to ascertain that they achieve the very best. (Mock, TJ &
Wright)
Internal auditors are professionals who are independent to the
areas they carry out the audits. This is meant to reduce cases of
fraud and be biasness. They must abide to a code of ethics, a
core requirement for this career. They must be compliant with
international standards and this increase and assures the quality
3. of their output. They are put on mentoring and upgrading
programs on regular basis to sharpen their skills and to keep
them updated on upcoming issues and technology necessary for
their practice.
External audits
External audits are external functions who work for an
organization to carry out and confirm audits. They reside
outside the governance of the business but they may at times be
shareholders of the organization. Their objective is to add
credibility of the financial reports earlier given by internal
audits. Their coverage is mainly financial reports and other
financial reporting risks. They have no responsibility in
monitoring the improvement made by the company after
highlighting key issues in the business. (Mock, TJ &
Wright)They just give a report and leave the subsequent
decision making process to the management.
· External auditors are also trained in their profession and must
abide to the code of ethics governing their practice. They should
have absolutely no links with members or team members of the
company on matter regarding financial transactions.
Principles of an internal audit / external audit
Having a well-planned auditing program is essential to
functional and workable risk management and internal control
systems. Effective programs are playing a vital in defense
against fraud and make it easier for the senior management to
understand how effective the internal control systems are.
It is provided that the directors and other senior management
members cannot be allowed to delegate their chief role of
creating and maintaining audit programs if a business want to
progress in a positive way. Audits are a backbone of every
business and they should be assigned to well-trained and
experienced personnel who have proven capabilities of giving
the exact current financial status of the business. All documents
and supportive information should be made available to the
4. auditors in the original form without manipulation to favor
something. Audit validation is very important where a number
of verification procedures are employed.
Techniques for conducting internal audits
The following steps are followed;
· Establishing and communicating the scope of the audit as well
as objectives in line with expectations of the management.
· The auditor takes time to clearly understand the specific areas
of business being reviewed. These takes into consideration the
type of transactions, set objectives of these areas and
measurements involved. The process involves reading through
the available documents and conducting interviews where
applicable.
· Outlining and describing major risks affecting the business
that is covered within the scope of the audit being carried out.
· Identification of role played by the management in the five
components of control so as to be sure that each risk is being
monitored and carefully controlled. An internal audit checklist
can comfortably be used to identify major risks and dictate
desirable control measures that the management should initiate.
· Development of a risk-centered sampling and appropriate
testing approach to aid in determining the most important
control measures to be implemented by the senior management.
· Clearly highlight and report all challenges identified during
the audit process and negotiate with those charged with decision
making for a lasting solution which will see these challenges
minimized or solved completely.
· Make a follow-up on all findings reported at scheduled
intervals to see how well the problems are being solved as
recommended. This means that you keep an eye on the changes
being implemented after giving your report.
Techniques for conducting external audits
In any business environment, internal matters can at times
become complex and this requires involvement of external
5. auditors to help see what might be going wrong on top of having
internal auditors who are entrusted with financial monitoring
roles. It is a sure way to confirm particular findings that were
generated within the business.
An external audit is used to determine the nature, timing and the
diverse audit procedures employed.
· Understanding working environment of the client
The auditor takes time to gain all the necessary information
related to the business in which the audit is to be carried out.
This is achieved by reading through the documents of the
business and past financial reports. It is also very important to
understand the rules of an organization. Understanding the
external factors affecting the business is also very important.
· Understanding the controls used by the client
This helps to acquire information necessary in order to
understand the current control mechanisms used by the
management. This will greatly help when assessing the financial
status and also when reporting your findings
· Test the controls already in place
This is meant to ascertain that the current controls being used
are functional and in line with the recommended standards. Test
all processes and procedures used in the business. Note all
hitches in place and include them in the final discussion.
· Testing Account details
These are substantial tests on financial accounts to ensure that
they are up to date and not misstated. This is getting a general
overview of the account such as bank statements showing the
recent transactions covering the entire period stated in the audit.
Difference between internal and external audit
1
Based on purpose
INTERNAL AUDIT
· To help determine how well the business is managing the risks
available in a close-monitored way. It targets on the
6. achievement of the key objectives of a business
EXTERNAL AUDIT
· To confirm the accuracy of the financial reports of an
organization based on the laws of the land.
2
Auditors
· The business can employ standby auditors who will be
available throughout. This allows for continued monitoring of
the financial risks
· They reside outside the business and have no connection at all.
They are hired on contractual basis as scheduled in the annual
audit plan.
3
Based on Agenda
· Directed to business's risks and set objectives.
· Under instructions and directions of the audit firm. Directed to
assess the misstated financial records which affect the business
4
Person reported to
· Management and audit committee of the business which
comprises of board of governors and directors
· The shareholders and to a small extent to trustees
5
Type of report
· Report designed to favor the specific areas in the business
7. · The main objective is to keep the business going, so
recommendations are always there
· Follows a standard stipulated format which cannot be
overlooked.
· The outcome cannot be predicted and recommendation will
always be unpredictable.
6
What follows after the audits
· Follow up activities to confirm whether recommendations are
being implemented.
· Constant consultation with the management to make sure that
the risks are well handled.
· No follow up until the next planned audit.
7
Publicity of the reports
· Does not happen in most cases
· Main report of the audit is publicly available.
8
Is it a must to have one?
· No, this is not a must.
· This depends on legal requirements of the land. Certain
8. institutions such as banks and investors need to have their
businesses assessed.
Lead auditor is the head of a team of experts carrying out an
audit of a given firm. They have additional training and more
experience than the rest of the team. They are experts who come
in to help when difficulties in some sections are encountered.
They are the overall masters of the team involved in the audit.
They are the link between the company and the specific audit
company hired to do the review.
Managing an Audit System
The importance of managing and audit program is to know how
effective the program is. Its effectiveness is what determines
achievement of the set goals by the end of it all. Proper
management pinpoints key areas necessary to be modified in the
process and that all that should be done is accomplished.
Constant and closing monitoring helps in making changes to
specific areas hence promising better and improved programs in
future. This makes sure that the right models are used and in the
best way possible. Any audit process is not cheap at all. Thus
close, monitoring is necessary to avoid a failed process which
means that extra costs will be suffered. Proper planning in
necessary and proper review of the risk being managed is vital.
This involves risk identification, analysis and risk containment
process. This ends when risk treatment process is evoked.
Performing an Audit and preparing an Audit report
An audit report has the following features;
· The cover page
· Executive summary giving a detailed summary of what is
contained in the extensive report. This is key for decision
makers to have a quick understanding of the whole document
without having to read it
9. · Content page showing what to expect therein
· List of abbreviations to make the reader aware of shortened
words in the report.
· Introduction. This gives an overview or the main purpose
other audit.
· Mission describing the specific relationship of the report and
the set strategies of the company
· Background information giving an overview of the program
being evaluated.
· Specifics within the report related to the program
· Portfolio of the project
· Reviews of the important parts within the program. These are
reviews on models and processes used. Quality management
reviews are also given here to ascertain that all procedures were
flowed as required.
· Findings and recommendations. Suggestions of probable
improvements of the business are given here. All other
additional information generated from the audit is also given.(
Thiry, M 2003)
Conducting the opening meeting
· It is at this point that preparation for the task is fine tuned.
Proper reviewing of the available documents is critical and this
ensures that all materials needed are available. The management
should cooperate fully with the team to make it easy and fast.
· Ensure constant communication with team members during the
process. Engage teammates in discussions of bothering issues.
Seek clarification when lost on certain issues.
· As a lead auditor, carefully subdivide duties and distribute
them equally to make the job easy. Consider experience when
doing so to ensure the output is reputable and confirmed.
· Use first hand data and information available when carrying
out the audit. Make use of the original data available and
physical interviews from the respondents. Second hand
information is not accurate as it can be biased and faked.
10. · Sum up the findings correctly taking care of every issue noted
and draw appropriate conclusions. The nature of business
greatly affects the recommendations given. This is an integral
part of the entire exercise. This is what the management is
interested in. It is good to make the findings and
recommendations to be precise as possible.
· Make copies of the audit report and hand them in to specific
people of the management who participate in decision making
process. Follow up of the concluded audit will make sure that
recommendations are implemented to solve the noted issues.
·
IRCA – International Register of Certificated Auditors (IRCA)
IRCA certification is an international recognition that a
particular management system auditor is highly competent. This
gives the company using the auditor confidence that they have
the right person on the ground and that quality is assured.
Auditors use this recognition to acquire professional recognition
and this greatly favors their job prospects. ISO 19.001 embraces
this recognition.
References:
Thiry, M 2003, ‘For DAD: a program management life-cycle
process’, International Journal of Project Management, vol. 22,
pp. 245-252.
Waddell, D 2005, ‘Program Management: The Next Step in the
11. Evolution of
Project Management?’ Problems and Perspectives in
Management, vol. 3,
pp. 160-168.
Mock, TJ & Wright, AM 1999, ‘Are Audit Program Plans Risk
Adjusted?’ Auditing: A Journal of Practice & Theory, vol. 18,
no. 1, pp. 55-74.