In a recent article I explained how scientific sampling methods can help organisations deal with the ever increasing challenges being place on their internal auditing systems (Refer to website library http://www.compliance-master.com/support/reference-library.html). Some of these challenges include;
- Need to become risk based – organisations must look at the true risks that they face and tailor their audit plans to suit,
- Maximise Value for Money – many audits provide less value than they should by taking a “broad-brush” approach to activity assessment rather than targeting areas of high organisation value,
- Fast Changing Regulatory Environment – internal audits need to be more flexible to keep pace with the every-increasing rate of growth in industry regulations,
- New Technologies – organisations and auditors need to think of smarter ways to use technology to optimize the internal auditing process, and
- Move to Continuous Auditing – driven by a need to improve organisation productivity organisations need to consider continuous auditing to respond to noncompliances as soon possible.
I also pointed out that the “broad-brush” approach used by non-scientific auditing methods will have limited application in this new environment and that organisations and auditors alike will need to turn to scientific sampling methods to deal with these new challenges. The benefits of scientific auditing methods compared to non-scientific methods include:
- Objective and defensible audit results,
- Accurate estimates of sampling risks,
- Audit results can be combined; even though different auditors are used,
- Audit results can be objectively assessed; no arguments.
Of the scientific auditing methods available the international standard ISO 2859-1:1999 Sampling schemes indexed by acceptance quality limit (AQL) for lot-by-lot inspection is ideally suited to the challenges of optimising the internal compliance auditing function. Its advantages over other scientific methods include;
- The procedures in the standard are recognised as best sampling practice and published by standards bodies worldwide,
- Compared to other scientific compliance assessment methods its yes or no approach to compliance assessment is easy to understand and administer,
- It uses advanced statistical methods, simplified in the form of look-up tables, to determine the optimum sample size for an audit,
- Process activities can be separated into different risk categories; thereby enabling auditing resources to be allocated to areas of maximum organisation value,
- Its risk based approach to compliance auditing enables corrective actions to be developed in advance of an audit; thereby making the compliance control process more efficient and less prone to variation and error,
- It’s “switching rules” can be used in conjunction with a purpose-built spreadsheet or software applications to ensure the optimum sample size is always applied to an audit.
Despite its wide spread recognition, the standard is mostly used by organisations in the manufacturing, food and health industries; where the high costs of designing and operating a sampling scheme are far outweighed by the risks of noncompliance; that is until now.
Compliance Master® is the first web-based software application of its type to combine the single acceptance sampling methods outlined in the standard with a powerful relational database to create an affordable, fully integrated continuous compliance auditing and control system. Some of the software’s features include;
- The number of noncompliant activities found in a random sample of process steps is compared with a calculated acceptance number to assess whether the total number of noncompliant activities undertaken over the audit period has exceed a specified maximum limit (AQL); or not.
- The AQL for this type of application is defined in terms of “the total number of noncompliant activities per 100 audited process steps,
- Individual auditing plans (compliance plans) and reports can be created for different business systems; i.e. Quality Management System (ISO 9001), Environmental Management System (ISO 14001), Occupational Health and Safety System (OHSAS 18000), Finance (SOX), etc.,
- To help identify and address the causes of unacceptable compliance performance separate auditor instructions (inspection requests) and reports can be created for different business processes, geographic locations, structures, contractors, vendors, etc. (producers) ,
- Standard risk assessment methods can be used to separate process activities into two compliance categories (Class A and B) and to assign suitable AQLs; a third “Critical” compliance category is also available (i.e. AQL=0),
- The estimated number of process steps undertaken over an audit period (lot size) is used to calculate the optimum number number of steps that must be audited (sample size) to accurately assess whether the specified AQL has been exceeded for each compliance category,
- A predetermined set of actions (protocols) can be defined for the following possible audit outcomes; thereby making the auditor’s response more efficient and less prone to variation and error, i.e. (i) one or more noncompliant activities are identified for a compliance category but the specified AQL has not been exceeded, (ii) an AQL has been exceeded for one or more compliance categories and, (iii) a Critical noncompliant activity has been identified,
- Seven inspection levels can be selected to balance an organisation’s audit costs (sample size) and sampling risks; the default Level II should be suitable for most auditing applications,
- Individual audit checklists can be emailed to a suitability authorised auditors for execution and remote data entry,
- The compliance performance of each producer is continually monitored and the standard’s switching rules used to adjusts their inspection severity following each audit; if necessary,
- A comprehensive range of reports, performance indicators and warnings are used to notify organisations and auditors when they should take action to improve internal compliance controls.
As outlined above, Compliance Master® is certainly capable of meeting the challenges of a more rigorus internal auditing environment but it does require auditors to exercise high levels of consultation with stakeholders in order to define the key statistical parameters and operational data needed to configure the software, determine sample sizes and interpret audit results. Provided this can be achieved, the scientific methods used by the software will provide a more objective basis for evaluating and reporting on auditing outcomes than non-scientific methods.
For further details on how Compliance Master® can optimise your organisation’s internal compliance auditing system give us call 0n +61 1033 827 933 or send us at email with your contact details and a suitable contact time and we’ll ring you; http://www.compliance-master.com/contact-us.html.