WU

Before you start

As a member of an audit team (an audit participant), you are only required to perform the duties assigned by a lead auditor, so the responsibility for the audit is ultimately not yours. You will be told by the head auditor what is required of you. It may involve:

the entry meeting
the exit meeting
scheduling
contacting people to set up meetings
writing leading questions for interviews
setting up interviews
checking records
checking consistency of recorded information
analyzing your information and making recommendations for the final report.

Standards and evidence guidelines

Read through the standards and evidence guidelines very carefully. Ask about anything you don’t understand. You will be expected to have a good working knowledge of the standard that you are using. If there are evidence guides, or any statements interpreting the standards, then you should thoroughly familiarise yourself with them.

In an ideal situation, you would go through the entire standard and discuss it sentence by sentence as a group, examining the examples of evidence and looking at possible interpretations. This might be very time-consuming but will probably produce the best results. In any case, you will need to have a very sound understanding of them before you start auditing.

You need to see the relationships between different parts of the standard. The tricks and traps are the relationships between similar items in different parts of the document. For example:

An early section might list policies that are given in detail in later sections.
A policy might be separate from the requirement to inform students and staff of that policy.
In some cases, the same item of evidence can meet multiple requirements.

In a franchise or licencing arrangement, just because the center has done it right doesn’t mean that their partner organizations do it equally well. Having satisfactory policies does not ensure that they are uniformly well implemented. For example, the center might provide all the information that should be provided to applicants. Partners, however, could easily bypass some information and fail to refer prospective students to the website.

It is good practice to have a audit template. This is much like a checklist, but also includes spece for evidence reviewed, comments, and reasons for any decisions. You should familiarize yourself with it.

Lead questions

Think about lead questions. These are general, open-ended questions intended to elicit information from auditees.

"How does your organization work?"
"What is the history of this program?"
"Why do you need your training to be nationally recognised?"
"How does your training work?"
"Why have you chosen the approach that you did?"
"How does your assessment system work?"
"Show me how your assessment system covers all requirements?"
"What happens when a students wants to apply?"
"What would you do if a disabled person applied to become a student?"
"If your graduates went to work in the industry, what standard of literacy would they need?"
"You seem to be non-compliant on this point. Is there any more evidence that you could show me?"

Initiate the audit

Your organization is asked to conduct an audit of an institution of some kind. So what then?

Agreeement.The auditee agreed to the audit.
Authority. Your team is given authority to conduct the audit. This will most likely be in written form, such as a letter or authorization. For internal auditors, an official Board or committee minute might be adequate.
Scope. The authorization will specify the scope of the audit, that is, the extent of activities to be audited. Scope may be defined by location, compliance standards, or particular programs.
Boundaries of scope. The scope statement might also specify boundaries. For example:
• Auditors normally have authority to report illegal conduct.
• Auditors often have authority to explore serious non-compliances that arise during the audit beyond the stated scope.
• The scope statement will also specify whether or not auditors may give advice and recommendations. In some audits, auditors may not, while in others, the main value of the audit is the list of recommendations on the most practical way to attain compliance.
If you may not give advice and recommendations, avoid getting too involved in quality maintenance because auditors are not responsible for program quality.
• In organizations with confidential or secret information, auditors might not be permitted to some kinds of information, or may not interview some people on particular topics.
Purpose. The purpose of the audit will normally be to establish compliance or otherwise with a particular standard.
Independence. You must be independent of the auditee. In internal audits, it is best practice to report directly to the board, not to the CEO. The exception is internal audits that are preparation for an external audit; your job is to cast a fresh set of eyes over processes to identify what needs to be done for an external audit.
Qualifications. This training will make you appropriately qualified as long as you operate under the supervision of someone else until approved to audit independently.

The audit will normally include an evaluation of the organization's effectiveness in meeting its objectives and suggest possible improvements.

Ask your supervisor if there are any outstanding issues from previous audits. For example, you may be doing the audit to check whether serious non-compliances have been rectified. There may be recommendations that you should read.

Appoint a lead auditor

Your organization will appoint a lead auditor and any audit team members, although the "team" might only comprise only the lead auditor and you. The lead auditor is responsible for the whole audit. He/she:

represents the audit team to the auditee's management,
reviews documentation,
reports serious noncompliances immediately to auditee,
reports illegal activities to authorities, and
issues the final report.

The lead auditor also supervises members of the audit team. He/she defines the role of each audit team member, assigns their tasks,makes sure they know what to do and how to do those tasks, and (later on) monitors how they are going.

Set up the audit

The lead auditor should contact the auditee and set up the audit.

Documents. What documents will you need? Will you need current checklists and questionnaires, entry meeting agendas, authorization forms, briefing documents for your audit team members or for auditees?
Who will be on the audit team? The audit team will liaise with a key person, whose title will probably be administrator or manager. The key person should be able to give you priority with no interruptions from phone calls, other responsibilities, or appointments. Ask whether other staff will be available.
Who will be audited? The audit team will liaise with a key person, whose title will probably be administrator or manager. The key person should be able to give you priority with no interruptions from phone calls, other responsibilities, or appointments. Ask whether other staff will be available.
If the organization or the program is quite complex, you might need to make a list of stakeholders. In an educational insitutition, the stakeholders are usually administrators, recruiters, teachers, students, and perhaps employers of graduates or interns.
Where? If you have never been there make sure you know exactly how to get there. Finding an address might not be enough; you might need to know where in the building it is.
When? Set a date and a start time. Give them time to organize their information and check that other personnel will be available. Ask whether classes will be held during that time.
What? Explain what will be audited and make sure that the auditee knows how to be audited.
How long? For some kinds of audit, a full audit at one location might normally take at least two days, but it could easily take longer if you find that evidence is insufficient or there are other sites to visit. A partner institution should take less time to audit.
Resources. What might you need? Usually you'll just need to borrow a desk, but you might also need an interview room, a meeting venue, and perhaps even materials, stationery, or equipment.
What risks? Your risk analysis may include:

What are the risks?
What will be the effects of high risks on individuals and the organization?
What are the consequences if I stuff up this audit?
What are the consequences if I find the organization is not doing well?
How will I manage risks and their potential consequences?

Establish an audit plan

The audit plan form in this website will be appropriate for all normal audits, and is flexible enough for changes of emphasis.Write down in your plan:

audit team member(s)
date, place, timeframe,
evaluation scope, objectives and outcomes.
confidentiality requirements.
the date you will issue the report
who will receive the report

You might need to write a separate planning document, and get it approved by your supervisor or stakeholders. It could include:

a schedule or timeline
the ways you will collect evidence
feedback and reporting strategies and timelines
contingency plans
reporting procedures including a final report to the chief executive officer/managing director and/or other managers
special requirements for access to records, site or specialist personnel
special resource requirements

Under the standards applying to auditors, individuals may be identified in the report when they have significant responsibilities. The standards are referred to in the scope, and the language of audit will presumably be English.

Conduct the audit

Hold an opening meeting

The opening meeting should be with senior management. At the meeting, the lead auditor should:

introduce him/herself and any audit team members
review scope and objectives of audit (e.g. compliance with a particular standard)
summarize the methods that the team will use
establish official communication links, i.e. the key person with whom you need to relate
confirm the resources and facilities the audit team will need. You won’t really need much, but you’ll need to be introduced to people and have access to records and people.
confirm time and date for closing meeting.
clarify that the auditee is responsible to (a) provide accompanying staff if necessary, (b) inform employees about audit, and (c) provide all necessary resources and access
clarify anything that is unclear.

The audit process (with the forms and meetings in this website) gives you a communication strategy that is adequate for almost all smaller organizations.

However, in a much larger audit, you may also need to put a more comprehensive communication strategy in place. It might include:

identifying the organization's communication and reporting channels
methods for the disseminating and promoting the audit, and perhaps also its methods and processes
identifying external communication and networks that can be used as part of the audit
regular reporting meetings with persons who have specific responsibilities
ways of regularly informing people of the evaluation
communicating timelines
special reporting requirements

Besides being transparent about what the team will do, all members of the audit team need to establish rapport so that people feel that you are working together with them. Listing your experience or credentials might make you sound pompous, and a friendly, collaborative attitude will normally get you further.

Get oriented

Arrive on time.
The lead auditor should introduce you the main person who will work with your team, and explain your role.
Then meet other key people and look over the premises. You'll also get introduced to other people.
Ask how the organization works. You'll quickly get a good general picture of what’s going on and how it happens.
Find a place where you can base yourself and locate key documents (such as their main policy documents and any relevant reports). This is when you start the audit proper. (If key documents don’t exist for a criteria, you can quickly mark "Non-compliant" and move on to the next step.)

Start with written documents

As a member of an audit team. your role is to do whatever tasks your lead auditor assign to you and report all audit to the lead auditor. If an auditee objects to something you want to do as auditor, refer the matter to the head auditor.

The kinds of tasks assigned to you will vary according to your skills and experience, but will probably be checking document and holding interviews.

Examine policy documents point by point to see if they comply.

Then go through the whole standard against which your are auditing. As you go:

Check that the auditee took any corrective actions required by previous audits.
Make written notes. These notes will become the basis for your report, and you must not rely on memory. Document all observations and evidence and relate them to standards. The recommended practice is to prepare checklist forms, but you also need to keep substantial notes of weaknesses, strengths, recommendations, non-compliances, and risks.
Find out how policy is implemented.
Look at the organization's documents and systems, such as:

previous audit reports
internal self-evaluations
policies and procedures
systems and processes, especially the information management and quality assurance systems.
forms
student and staff handbooks
relevant parts of business plans
organizational goals, objectives, plans,
staff files and qualifications
learning and assessment strategies
training and assessment records
enrolment details, including general learner information
a sample of student files (look at especially results and completion dates)
resources for delivery
assessment tools
traineeship/apprenticeship records
written partnership agreements (where relevant)
defined resource parameters
promotional/marketing materials

Interview people

As a member of an audit team, you have the authority to interview various people in the auditee organization and observe what they do. In an educational insitutition, you should try to observe some classes if you can.

Interview people in private, because the answers may be different if others are present. While you're at it, you should if possible, discuss the auditee's self-assessment checklist.

Do people understand what to do and do it correctly?

Ask what they understand of the policies.
Ask what they actually do (or plan to do).
Ask why they do as they do
Ask how they have documented it (or plan to document it)
Ask about contingencies: "What would you do if …?"

Get candid appraisals, for example:

"How does information flow within the organization? Are there bottlenecks or misunderstandings?"
"What are the three biggest strengths of this college?"
"What are the three biggest weaknesses of this college?"
"What improvements would you suggest?"

Interviewees often suggest improvements to auditors that their supervisors have never heard. You cannot presume that supervisors have actively listened for ways to improve. Besides, staff are often reluctant to suggest changes for fear that it will be interpreted as personal criticism.

Explore

Look for corroborating evidence and follow up potential problems. People write all sorts of things on bits of paper hoping that auditors will believe them. And people spin all sorts of tales. You don’t have to accept anything at face value.

Look for documentary evidence wherever possible. Ask different people questions independently about what actually happens. Take note of aberrations—things that don’t fit the pattern or potentially do not comply with policy. Ask why.

Actively explore anything that you suspect to be non-compliant. (As auditor, you have the authority to do so.) Identify any risk factors and check anything suspicious. Follow up clues on apparent noncompliance to standards, even if they are not on checklists. Remain alert to evidence that requires more auditing. Do not just passively accept whatever people show you, but avoid unfairly going on a witch hunt.

Explore evidence until you can draw conclusions based on a range of evidence over a period of time.

Look for corroboration. Do report items reflect reality? Do people understand and implement the organization's policies and procedures? Can you verify findings by getting the same information independently from other sources?
Determine whether the system documents are adequate for quality needs.
Determine whether the auditee's procedures are able to reach the desired objectives.
It is good practice to make notes of interpretations of criteria. It is also good practice to write down novel and innovative ways of complying with them.

Draw your conclusions and make recommendations

Good auditors are good at interpreting criteria and can differentiate between three things that can all look like non-compliances:

possible improvement (e.g. better documentation)
a risk
actual non-compliance.

As an audit team member, your role is to report your findings to the lead auditor, who is responsible for drawing conclusions and making recommendations.

If you find non-compliances, your responsibility is simply to identify them clearly. If the scope permits, you may suggest improvements. It doesn't matter if your data is inconclusive, just report what you find to the auditor.

Closing meeting and report

Submit your notes to the lead auditor, who will collate all notes for the exit meeting. It is most likely that you will need to meet and clarify some points so that the lead auditor can made unambiguous conclusions.

The lead auditor will close the audit with an exit meeting to explain clearly the audit results to the auditee. You may attend, and may speak if asked to do so.

After that, the lead auditor will compile a written report.

The audit is completed with the closing meeting and the submission of the audit report. The auditee is responsible for any corrective actions necessary.

After that

Your supervisor or a colleague will independently get feedback from the auditee. If you must do it yourself, it should be either anonymous or processed by a third party. The questions they will most likely ask include:

Were you polite and fair?
Were you sufficiently knowledgeable?
Did you stay within the defined audit bounds and protocols?
Were you thorough?
Did you use time effectively?
Did you listen and understand people's viewpoints?

Then review your audit:

What did you learn? What did you do best? What would you do differently next time?
Do you need to change your documentation?
What did you do well? What did you not do so well?
Moderate with other auditors to ensure consistent audit results.
Record new interpretations of the quality standard and your reasons for them.

Glossary

Auditee	The person or organization being audited
Audit report	The document given after the auditor documents the processes and findings of the audit
Compliance	Meeting the requirements of a written standard.
Continuous improvement	The idea that organisations should seek to always improve. An audit or report for continuous improvement.
Corrective action	An action required to attain compliance, when an audit identified a non-compliance.
Entry interview	The interview at the beginning of the audit where the lead auditor outlines the audit procedure to the auditee
Evidence	Direct indication through observation, documentation, oral reporting, etc. from the auditee relating to the purposes of the audit (e.g. compliance, improvement, etc.)
Exit interview	The interview at the end of the audit where the head of the audit team outlines the audit results
External audit	People come in from outside to check the program for a specific purpose, often compliance with a particular standard.
Internal audit	The auditee arranges their own audit, usually by selecting an auditor of their choice. If it is prpatory to an external audit, it's like checking all your homework before handing it to the teacher.
Lead auditor	• The head of the team of auditors • The auditor (if conducting the audit alone)
Scope	The extent of activities being audited

Audit team member