4 Reasons why you should 'bother' with internal audit.

sanitized+206@versantus.co.uk
4 Reasons why you should 'bother' with internal audit.

In some organisations, it can feel like you are doubling up, particularly if you must comply with a range of standards to meet the requirements of funders.

I have some clients who tell me they feel overwhelmed by the number of certification audits they undertake and question why they need an internal audit system it all.

One client of mine provides services in aged care, children youth and families and homelessness and between announced and unannounced visits they feel they don’t need to have an internal review of their own.

My answer to the question “do we need to do internal audits?” depends on your understanding of the focus of the audit and what you are hoping to achieve.

Are you looking for compliance or improvement?

Certification audits often have a stronger focus on achieving compliance. Even when the standard is voluntary, for example, where you are certified to ISO 9001 2015, there is an expectation that the auditor is assessing how well you comply with the standard.

Where an audit is compliance based, either internal or external, you can generate fear in those being audited and drive a culture of ‘covering issues’.

An internal auditor who is looking to improve systems and work with the team can be seen more easily as a friend rather than a foe. People are more open and willing to discuss problems, meaning you can identify risks and get issues rectified in a way that suits your business long before the external auditor arrives.

This ASQ website link "What is auditing?"  provides definitions of internal (first party) audits and external certification (third party) audits.

The biggest difference is the concept of rewards or penalties.  Where the internal audit must be intrinsically motivated by the organisation’s desire to improve and be better than the competition, external certification audits rely on external motivators and rewards, getting a certificate versus losing your funding.

Just as the usefulness of performance reviews for individuals are being questioned... (see this interesting Harvard Business Review archive on "Ditching Annual Performance Reviews")
...should we also be asking ourselves whether certification audits are useful? or considering ways to strengthen internal audits?

When you are thinking about whether you need to have an internal audit system or not, it’s important to remember these 4 reasons why you should bother with an internal audit:

  1. your focus is positive
  2. your focus is on improvement rather than compliance
  3. you can work with the team to identify improvement strategies that are meaningful for the organisation
  4. you can map standards to support one system across the organisation, unlike certification audits that generally focus on one standard at a time.

I’m a firm believer that if you have a strong internal review process, certification audits are painless. Whilst certification is necessary, I would prefer a world where internal audit eats certification audit for breakfast.

Happy audits...