8 Tips for Effective Internal Audits

One of my tasks this week has been to produce a number of internal audit checklists for a client.

The use of checklists in an internal audit can be quite controversial, but there is certainly a place for them in modern internal auditing.

Now, I’m not performing the internal audits for my client. I’m creating checklists so that my client can do the audits at a time that suits them, and without the headache of wondering what to check.

The number one challenge that organisations face when performing an internal audit is – ‘what am I supposed to look at’?!

Therefore, it makes sense to remove that worry, and let someone else look at the process to be audited and create a checklist that can be picked up and followed. Less time spent head-scratching – more time spent auditing.

Many companies use the same checklist each time an audit is performed. I don’t think this is a good idea – use the same questions and you are likely to get a similar answer. For me, every audit checklist should be completely different, taking a fresh approach and testing the process in a way that is relevant now, not 2 or 3 years ago.

Of course, it is also of value to┬ámy client that I am taking an external view on their systems and creating checklists that really test the processes. The less familiar you are with a system, the more rigorous you are likely to be in the audit. And therefore, you’ll get more value from the activity of course.

Here are some of my tips on how to create a checklist that adds real value to the auditing function:

  1. Be impartial and treat the process as though it’s the first time you have seen it
  2. Identify the key activities in the process and ensure they happen every time
  3. Identify activities that require expertise or training and identify how well that is managed
  4. The risks should have already been identified in the process documentation. However, if they haven’t, they can be identified by following the process from a ‘what if’ point of view. During the audit find out how these risks are being mitigated.
  5. Identify what is supposed to be achieved by the process and question whether it does in fact achieve it.
  6. Is the process documentation still current, relevant, up to date? Is anything missing?
  7. How is the performance of the process monitored and measured?
  8. How can the process be improved?

Let’s not forget of course, that auditing is all about asking questions and stepping back. Listen and observe.

Finally, you don’t have to always use a checklist. There’s no right or wrong way to execute an internal audit as long as you get real business value from the results.


Back to Blog