What is Auditing??
Financial auditing is the process of examining an organization's (or individual's) financial records to determine if they are accurate and in accordance with any applicable rules (including accepted accounting standards), regulations, and laws.
External auditors come in from outside the organization to examine accounting and financial records and provide an independent opinion on these records. Law requires that all public companies have their financial statements externally audited.
Internal auditors work for the organization as internal employees to examine records and help improve internal processes such as operations, internal controls, risk management, and governance.
THE THREE DIFFERENT TYPES OF AUDITS – PROCESS, PRODUCT, AND SYSTEM
ISO 19011:2018—Guidelines for Auditing Management Systems defines an audit as a “systematic, independent and documented process for obtaining audit evidence [records, statements of fact or other information which are relevant and verifiable] and evaluating it objectively to determine the extent to which the audit criteria [a set of policies, procedures or requirements] are fulfilled.” There are three main types of audits:
Product audit : This type of audit is an examination of a particular product or service, such as hardware, processed material, or software, to evaluate whether it conforms to requirements (i.e., specifications, performance standards, and customer requirements).
Process audit : This type of audit verifies that processes are working within established limits. It evaluates an operation or method against predetermined instructions or standards to measure conformance to these standards and the effectiveness of the instructions. A process audit may:
- Check conformance to defined requirements such as time, accuracy, temperature, pressure, composition, responsiveness, amperage, and component mixture.
- Examine the resources (equipment, materials, people) applied to transform the inputs into outputs, the environment, the methods (procedures, instructions) followed, and the measures collected to determine process performance.
- Check the adequacy and effectiveness of the process controls established by procedures, work instructions, flowcharts, and training and process specifications.
System audit: An audit conducted on a management system. It can be described as a documented activity performed to verify, by examination and evaluation of objective evidence, that applicable elements of the system are appropriate and effective and have been developed, documented, and implemented in accordance and in conjunction with specified requirements.
- A quality management system audit evaluates an existing quality management program to determine its conformance to company policies, contract commitments, and regulatory requirements.
- Similarly, an environmental system audit examines an environmental management system, a food safety system audit examines a food safety management system, and safety system audits examine the safety management system.
Other methods, such as a desk or document review audit, may be employed independently or in support of the three general types of audits.
Some audits are named according to their purpose or scope. The scope of a department or function audit is a particular department or function. The purpose of a management audit relates to management interests, such as assessment of area performance or efficiency.
An audit may also be classified as internal or external, depending on the interrelationships among participants. Internal audits are performed by employees of your organization. External audits are performed by an outside agent. Internal audits are often referred to as first-party audits, while external audits can be either second-party or third-party.
WHAT IS A FIRST-PARTY AUDIT, SECOND-PARTY AUDIT, AND THIRD-PARTY AUDIT?
A first-party audit is performed within an organization to measure its strengths and weaknesses against its own procedures or methods and/or against external standards adopted by (voluntary) or imposed on (mandatory) the organization. A first-party audit is an internal audit conducted by auditors who are employed by the organization being audited but who have no vested interest in the audit results of the area being audited.
A second-party audit is an external audit performed on a supplier by a customer or by a contracted organization on behalf of a customer. A contract is in place, and the goods or services are being, or will be, delivered. Second-party audits are subject to the rules of contract law, as they are providing contractual direction from the customer to the supplier. Second-party audits tend to be more formal than first-party audits because audit results could influence the customer’s purchasing decisions. A third-party audit is performed by an audit organization independent of the customer-supplier relationship and is free of any conflict of interest. Independence of the audit organization is a key component of a third-party audit.
Third-party audits may result in certification, registration, recognition, an award, license approval, a citation, a fine, or a penalty issued by the third-party organization or an interested party.
Industry Certification Through Auditing
Companies in certain high-risk categories – such as toys, pressure vessels, elevators, gas appliances, and electrical and medical devices – wanting to do business in Europe must comply with Conformité Europeënne Mark (CE Mark) requirements. One way for organizations to comply is to have their management system certified by a third-party audit organization to management system requirement criteria (such as ISO 9001).
Customers may suggest or require that their suppliers conform to ISO 9001, ISO 14001, or safety criteria, and federal regulations and requirements may also apply. A third-party audit normally results in the issuance of a certificate stating that the auditee organization management system complies with the requirements of a pertinent standard or regulation.
Third-party audits for system certification should be performed by organizations that have been evaluated and accredited by an established accreditation board, such as the ANSI-ASQ National Accreditation Board (ANAB).