When performed correctly auditing can be a very powerful risk monitoring and control tool. Unfortunately, many organisations often fail to achieve maximum value from their risk monitoring and control systems because they continue to rely on non-scientific auditing and inspection methods.
The biggest weakness with non-scientific auditing is that the accuracy of the result remains unknown. Accordingly, accuracy can and often will vary from audit to audit. This shortcoming significantly diminishes management’s ability to reliably assess and compare risk control performance across different business systems, processes, groups and suppliers.
Interestingly, there is proven scientific methodology available that can help organisation’s significantly improve their risk monitoring and control capability. It is called acceptance sampling.
There are many types of acceptance sampling but arguably the most popular is the International Organisation of Standardisation’s ISO2859.1: Sampling procedures for inspection by attributes. Equivalent versions of this Standard are published by standards bodies worldwide.
As the name suggests, the Standard’s main purpose is to assess whether large quantities of continuously produced items or activities have exceeded a user-specified “maximum failure rate” by examining a much smaller sample.
Although initially developed as a quality control tool, the statistical methods that underpin the procedures and tables in the Standard are applicable to a wide range of other risk monitoring and control applications.
One of the standards key features is its ability to separate risk controls into different risk categories for more efficient and effective auditing and inspection. For example, risk controls with the highest impact on risk mitigation are allocated a risk category with a low maximum failure rate, while those with a lower impact are assigned a risk category with a higher maximum failure rate.
The key benefits of this risk-based approach to risk monitoring are twofold. Firstly, it produces more accurate audit results for risk controls of higher importance. Secondly, it ensures an organisation’s limited auditing and improvement resources are always focused on those areas of it operation that will generate greatest benefit; i.e. risk reduction.
When compared to traditional non-scientific auditing methods the acceptance sampling methods outlined in the Standard should lead to less auditing work in the long term, but it is their ability to accurately assess and compare risk control performance where the most significant organisational benefits will be created.
Once only the province of large organisations, recent advancements in internet-based software and technology have made it possible for organisations of all types and sizes to benefit from this highly effective and efficient approach to risk monitoring and control.
For a more detailed overview of how acceptance sampling can be used to optimise risk monitoring efficiency and effectiveness follow this link;http://www.compliance-master.com/media/picture/Optimising%20Risk%20Monitoring%20with%20Acceptance%20Sampling.pdf