Rating: 0 out of 5 stars
0 ratings
Ebook126 pages1 hour
A Guide to Effective Internal Management System Audits: Implementing internal audits as a risk management tool
By Andy Nichols
Rating: 3 out of 5 stars
3/5
()
About this ebook
A Guide to Effective Internal Management System Audits provides a model for the management and implementation of internal audits that moves beyond simple compliance to ISO requirements and turns the internal audit into a transformational tool that the organization can use to assist with the management of risk, and implement improvements to management systems.
This book shows you how you can transform your internal auditing process to become a tool for development and continual improvement in your management systems. Buy it today and start adding value to your internal auditing program.
Author
Andy Nichols
Andrew W Nichols has more than 25 years of experience of management systems, in both the UK and the USA. As a trainer, he has delivered hundreds of ISO9000 related courses to audiences ranging from shop-floor personnel to CEOs of Fortune 500 companies. He has also led and contributed to the development of 'best in class' training courses for a number of international standards. Andy is a regular contributor to the well-known Elsmar Cove internet forum for management systems.
Read more from Andy Nichols
Implementing ISO 9001:2015 – A practical guide to busting myths surrounding quality management systems Exploding the Myths Surrounding ISO9000: A practical implementation guide Rating: 0 out of 5 stars0 ratings
Related to A Guide to Effective Internal Management System Audits
Related ebooks
Lean Auditing: Driving Added Value and Efficiency in Internal Audit Rating: 5 out of 5 stars5/5ISO 9001:2015 Audit Guide and Checklist Rating: 4 out of 5 stars4/5Iso 9001 Audit Trail: A Practical Guide to Process Auditing Following an Audit Trail Rating: 5 out of 5 stars5/5The Executive’S Guide to Internal Auditing Rating: 0 out of 5 stars0 ratingsQuality Management Iso9001:2015 Changes: A Guide to Implementation Rating: 5 out of 5 stars5/5Auditing Essentials Rating: 3 out of 5 stars3/5How to Audit the Process-Based QMS Rating: 5 out of 5 stars5/5Financial Audit A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsThe Internal Auditing Pocket Guide: Preparing, Performing, Reporting and Follow-up Rating: 0 out of 5 stars0 ratingsAgile Governance and Audit: An overview for auditors and agile teams Rating: 5 out of 5 stars5/5IATF 16949:2016 Audit Guide and Checklist 2nd Edition Rating: 5 out of 5 stars5/5Auditing Beyond Compliance: Using the Portable Universal Quality Lean Audit Model Rating: 0 out of 5 stars0 ratingsISO22301: A Pocket Guide Rating: 4 out of 5 stars4/5ISO 9001: A Pocket Guide Rating: 3 out of 5 stars3/5Auditing Information Systems and Controls: The Only Thing Worse Than No Control Is the Illusion of Control Rating: 0 out of 5 stars0 ratingsISO 9001:2015: A Pocket Guide Rating: 4 out of 5 stars4/5Hardening by Auditing: A Handbook for Measurably and Immediately Improving the Security Management of Any Organization Rating: 0 out of 5 stars0 ratingsIS Auditor - Process of Auditing: Information Systems Auditor, #1 Rating: 0 out of 5 stars0 ratingsFundamentals of Assurance for Lean Projects Rating: 0 out of 5 stars0 ratingsInformation Systems Auditing: The IS Audit Follow-up Process Rating: 2 out of 5 stars2/5Auditing Information Systems: Enhancing Performance of the Enterprise Rating: 0 out of 5 stars0 ratingsISO 22301: 2019 - An introduction to a business continuity management system (BCMS) Rating: 4 out of 5 stars4/5Risk-Based Internal Audit Rating: 5 out of 5 stars5/5A Step By Step Guide: How to Perform Risk Based Internal Auditing for Internal Audit Beginners Rating: 4 out of 5 stars4/5Risk based internal audit A Complete Guide Rating: 0 out of 5 stars0 ratingsWinning the Audit: 12 Proven Steps to Achieve Successful Customer & Third-Party Quality Audits Rating: 0 out of 5 stars0 ratingsSWANSON on Internal Auditing: Raising the Bar Rating: 5 out of 5 stars5/5ISO 14001:2015 Audit Guide and Checklist Rating: 3 out of 5 stars3/5
Business For You
The Intelligent Investor, Rev. Ed: The Definitive Book on Value Investing Rating: 4 out of 5 stars4/5Emotional Intelligence: Exploring the Most Powerful Intelligence Ever Discovered Rating: 5 out of 5 stars5/5The Richest Man in Babylon: The most inspiring book on wealth ever written Rating: 5 out of 5 stars5/5Law of Connection: Lesson 10 from The 21 Irrefutable Laws of Leadership Rating: 4 out of 5 stars4/5Your Next Five Moves: Master the Art of Business Strategy Rating: 5 out of 5 stars5/5Tools Of Titans: The Tactics, Routines, and Habits of Billionaires, Icons, and World-Class Performers Rating: 4 out of 5 stars4/5Limited Liability Companies For Dummies Rating: 5 out of 5 stars5/5Suddenly Frugal: How to Live Happier and Healthier for Less Rating: 3 out of 5 stars3/5The Book of Beautiful Questions: The Powerful Questions That Will Help You Decide, Create, Connect, and Lead Rating: 4 out of 5 stars4/5Crucial Conversations Tools for Talking When Stakes Are High, Second Edition Rating: 4 out of 5 stars4/5How to Write a Grant: Become a Grant Writing Unicorn Rating: 5 out of 5 stars5/5Becoming Bulletproof: Protect Yourself, Read People, Influence Situations, and Live Fearlessly Rating: 4 out of 5 stars4/5Collaborating with the Enemy: How to Work with People You Don’t Agree with or Like or Trust Rating: 4 out of 5 stars4/5Robert's Rules Of Order Rating: 5 out of 5 stars5/5The Five Dysfunctions of a Team: A Leadership Fable, 20th Anniversary Edition Rating: 4 out of 5 stars4/5Leadership and Self-Deception: Getting out of the Box Rating: 4 out of 5 stars4/5Confessions of an Economic Hit Man, 3rd Edition Rating: 5 out of 5 stars5/5Grant Writing For Dummies Rating: 5 out of 5 stars5/5Capitalism and Freedom Rating: 4 out of 5 stars4/5Nickel and Dimed: On (Not) Getting By in America Rating: 4 out of 5 stars4/5The Catalyst: How to Change Anyone's Mind Rating: 4 out of 5 stars4/5Set for Life: An All-Out Approach to Early Financial Freedom Rating: 4 out of 5 stars4/5Crucial Conversations: Tools for Talking When Stakes are High, Third Edition Rating: 4 out of 5 stars4/5How to Grow Your Small Business: A 6-Step Plan to Help Your Business Take Off Rating: 0 out of 5 stars0 ratings
Related podcast episodes
080: SMS Pt 1 - Safety Management System Defined: What is a Safety Management System (SMS)? 0% found this document useful083: SMS Pt 4 - What Does ISO 45001 Require?: Safety Management System overview 0% found this document useful062: The Difference Between a Safety Inspection and Safety Audit: 3 Criteria Needed for Both 0% found this document usefulWhat are the Top Compliance Issues Plaguing Medical Device Manufacturers? 0% found this document useful084: SMS Pt 5 - Breaking Down ANSI/ASSP Z10: Safety Management System Defined 0% found this document useful049: 8 Tips for Selecting Key Safety Performance Indicators: Important Key Performance Indicators for Safety 0% found this document usefulA Blueprint for Quality Culture with Vincent Cafiso 0% found this document usefulAudit and FDA Inspection Readiness Best Practices with Divya Gowdar 0% found this document usefulAn FDA Inspection Survival Guide with Jonathan Wacks 0% found this document useful054: Integrating Safety with Existing Processes: Use a Lean Approach to Safety 0% found this document usefulPMP BUSINESS (Task 1) COMPLIANCE ??Day #32 0% found this document usefulAccelerating Medtech's time to market with a modern regulatory strategy with James Gianoutsos, Founder of RimSys 0% found this document useful
Related articles
Know Before Your Inspection Cannabis & Tech TodayArticle
Know Before Your Inspection
Jun 22, 2020
2 min readIndustry Assurance Schemes Australasian Transport News (ATN)Article
Industry Assurance Schemes
Dec 16, 2019
4 min readSecurity, Chain of Custody, and The Transportation Manifest Cannabis & Tech TodayArticle
Security, Chain of Custody, and The Transportation Manifest
Nov 30, 2020
3 min readSensing From Within: The Insight-Driven Organization Rotman ManagementArticle
Sensing From Within: The Insight-Driven Organization
Sep 1, 2019
8 min readBe Prepared Australasian Transport News (ATN)Article
Be Prepared
Aug 19, 2019
3 min readHow Operation Managers Can Convince Executives To Solve Problems They Can’t See Facility ManagementArticle
How Operation Managers Can Convince Executives To Solve Problems They Can’t See
Aug 29, 2019
2 min readStartup Due Diligence: What You Need to Know Home Business MagazineArticle
Startup Due Diligence: What You Need to Know
Jun 29, 2023
4 min readIso 41000 – Game-changer Or White Elephant? Facility ManagementArticle
Iso 41000 – Game-changer Or White Elephant?
Aug 23, 2018
4 min readA Commitment To Best Practice Farmer's WeeklyArticle
A Commitment To Best Practice
Feb 10, 2020
Few retailers or brand owners will consider doing business with a supplier that does not have certification to a global standard. Certification helps a business improve its product, management systems, quality control and overall competitiveness. The
2 min readRaising The Ethical Bar Ethical Audits And Positive Culture Transformation The European Business ReviewArticle
Raising The Ethical Bar Ethical Audits And Positive Culture Transformation
Jan 25, 2021
10 min readCorporate Listening Provides Insights And Business Value The European Business ReviewArticle
Corporate Listening Provides Insights And Business Value
May 31, 2020
The voice of customers (VOC) is recognized as vitally important in marketing and corporate communication. VOC is a key source of market insights and intelligence as well as feedback in relation to products and services. Customer insights and feedback
6 min readChoosing The Best Fit Finweek - EnglishArticle
Choosing The Best Fit
Aug 7, 2020
all investments have an impact – either positive or negative. A positive impact can be generated deliberately or unintentionally. Selecting the right metrics is an important tenet of the impact measurement and management process. But simply measuring
2 min readDESIGN THINKING: Eight Mistakes to Avoid The European Business ReviewArticle
DESIGN THINKING: Eight Mistakes to Avoid
Feb 4, 2019
3 min readCalled To Account Money MagazineArticle
Called To Account
Apr 1, 2020
2 min readConquering Compliance Issues Shop TalkArticle
Conquering Compliance Issues
Jun 1, 2022
3 min readStandard Operating Procedures In Cannabis Production Farmer's WeeklyArticle
Standard Operating Procedures In Cannabis Production
Jul 22, 2022
In cannabis production, standard operating procedures (SOPs) form the backbone of operations and compliance, especially when it comes to medical cannabis cultivation. SOPs are essentially a set of best practices and standards that detail the daily op
2 min readOpinion: 10 Reasons Why Health Care Startups Fail STATArticle
Opinion: 10 Reasons Why Health Care Startups Fail
Feb 10, 2020
Here are 10 of the most common problems we've seen that can cause a health care startup to fail and some tips to solve them.
6 min readBuilding A Future-proof Company – Four Cornerstones Of Transformative Corporate Foresight The European Business ReviewArticle
Building A Future-proof Company – Four Cornerstones Of Transformative Corporate Foresight
Feb 25, 2021
5 min readSix Lessons I Learned About Innovation The European Business ReviewArticle
Six Lessons I Learned About Innovation
Dec 3, 2019
13 min read3 Tips For SMEs, Entrepreneurs To Have A Good Year Sunday TribuneArticle
3 Tips For SMEs, Entrepreneurs To Have A Good Year
Jan 21, 2024
2 min readDriving Brand Affinity, Consumer Trust, And Business Growth Through Esg The European Business ReviewArticle
Driving Brand Affinity, Consumer Trust, And Business Growth Through Esg
Dec 2, 2022
4 min readRun Sales on Data, Not Hunches ThinkSalesArticle
Run Sales on Data, Not Hunches
Nov 2, 2016
4 min readMaking A Corrosion Strategy Facility ManagementArticle
Making A Corrosion Strategy
Feb 25, 2018
The degradation of private and public assets and infrastructure continues to have a major economic impact on industry and the wider community. In Australia, the yearly cost of asset maintenance is estimated to be approximately $32 billion, with $8 bi
4 min readWhy Forgiveness Should Be Part Of Your Compliance Strategy The European Business ReviewArticle
Why Forgiveness Should Be Part Of Your Compliance Strategy
May 22, 2018
9 min read3 Fees And Remuneration: Is The Juice Worth The Squeeze? Architecture AustraliaArticle
3 Fees And Remuneration: Is The Juice Worth The Squeeze?
Aug 28, 2022
Guest editors: The survey revealed a resounding concern about the influence and impact of low fees on wellbeing in the profession, with a strong perception that societal under-valuing of architectural design related to equally undervalued financial i
4 min readKim Adams Auto Express MagazineArticle
Kim Adams
Feb 9, 2023
Got a query? products@autoexpress.co.uk HOW TO Understand our tests OVER the next few pages you will see several star ratings. There are even more across the Auto Express website, where we have a huge archive of product tests going back more than a d
1 min readWhat If Your Business Model Was To Blame For Your Lack Of Innovativeness? The European Business ReviewArticle
What If Your Business Model Was To Blame For Your Lack Of Innovativeness?
Mar 1, 2022
4 min readUnited We Stand Peppermint MagazineArticle
United We Stand
Nov 23, 2023
3 min readHow To Turn Customer Insight Into Growth Rotman ManagementArticle
How To Turn Customer Insight Into Growth
May 1, 2017
10 min readCompliance Is Riskier Than Ever The European Business ReviewArticle
Compliance Is Riskier Than Ever
Jan 31, 2020
4 min read
Reviews for A Guide to Effective Internal Management System Audits
Rating: 2.8 out of 5 stars
3/5
5 ratings1 review
- Rating: 3 out of 5 stars3/5
the content of the book was good and easy to understand
Book preview
A Guide to Effective Internal Management System Audits - Andy Nichols
A Guide to Effective Internal
Management System Audits
Implementing internal audits as a risk management tool
A Guide to Effective
Internal Management
System Audits
Implementing internal audits
as a risk management tool
ANDREW W. NICHOLS
Every possible effort has been made to ensure that the information contained in this book is accurate at the time of going to press, and the publisher and the author cannot accept responsibility for any errors or omissions, however caused. Any opinions expressed in this book are those of the author, not the publisher. Websites identified are for reference only, not endorsement, and any website visits are at the reader’s own risk. No responsibility for loss or damage occasioned to any person acting, or refraining from action, as a result of the material in this publication can be accepted by the publisher or the author.
Apart from any fair dealing for the purposes of research or private study, or criticism or review, as permitted under the Copyright, Designs and Patents Act 1988, this publication may only be reproduced, stored or transmitted, in any form, or by any means, with the prior permission in writing of the publisher or, in the case of reprographic reproduction, in accordance with the terms of licences issued by the Copyright Licensing Agency. Enquiries concerning reproduction outside those terms should be sent to the publisher at the following address:
IT Governance Publishing
IT Governance Limited
Unit 3, Clive Court
Bartholomew’s Walk
Cambridgeshire Business Park
Ely, Cambridgeshire
CB7 4EA
United Kingdom
www.itgovernance.co.uk
© Andrew W. Nichols 2014
The author has asserted the rights of the author under the Copyright, Designs and Patents Act, 1988, to be identified as the author of this work.
First published in the United Kingdom in 2014
by IT Governance Publishing.
ISBN 978-1-84928-561-2
FOREWORD
The word audit
comes from the Latin audītus meaning the act of hearing. A benign definition, so it’s strange then, that the idea of an audit is often viewed negatively by people. Typically, this comes from the spectre of an income tax audit or those performed by a regulatory agency, which is common in the food, pharmaceutical, and health and safety industries.
Since the early 1960s, it has become more and more common for purchasers to audit their supply chain, sometimes with terrible results! For example, the UK’s Ministry of Defence had ordered a maritime attack and patrol aircraft from the supplier BAE, known as the Nimrod MRA4.
Development started in 1996 and in 2010, the project was canceled at which point it was £789 million over budget and more than nine years late. The UK newspaper, the Financial Times, reported (in January 2011):
Safety tests conducted [in 2010] found there were still ‘several hundred design non-compliances’ with the aircraft. It was unclear, for example, whether its bomb bay doors functioned properly, whether its landing gear worked and, most worryingly, whether its fuel pipe was safe.
At no point did any of the auditors, who were evaluating the various subcontractors, formally report that any problems were being encountered!
Since the early 1990s, a number of international standards have been published that define requirements for management systems, including ISO9001 for the quality management of products, ISO14001 for environmental controls, ISO/TS 16949 for automotive product suppliers, ISO13485 for medical device manufacturers, and, more recently, ISO20000 for information services and ISO27001 for information security.
The requirements specified in each of the preceding standards describe many topics that are common with – and based on – ISO9001, specifically those that relate to:
management review
corrective action
preventive action
document and records control
internal audits
improvement
In most cases, the requirement for implementing management system internal audits is practically identical to that found in ISO9001.
Originally, ISO9001 (and its precursor, British Standard BS5750) was created to be the basis for agreement on how (product) quality would be systematically assured between customer and supplier organizations. At about the same time in the UK, the use of so-called Third Party Certification
became an option for purchasing organizations (typically the UK government-owned utilities and other agencies like the Ministries of Defence, Public Buildings and Works etc.) to use, in place of their own supplier evaluations.
The third-party certification bodies (or registrars
in the US), as they have become known, audited subscribing organizations for compliance to the ISO9001 requirements. At about the same time, training organizations started offering training courses for people to learn how to perform internal management systems audits. Furthermore, another auditor training course also became popular, the so-called lead auditor
course. Based on supplier Quality Assurance auditing techniques, this became the de facto training for certification body auditors, since it formed part of the accreditation criteria developed by the International Register of Certificate Auditors (IRCA). Auditor course accreditation became important in establishing credibility.
The lead auditor course, usually of 36 h duration, has become very popular over the past two decades, since it is often perceived as being a way to experience and learn how a certification body auditor will perform a certification audit. Attendees are, in many cases, those responsible for leading the implementation of a Quality Management System to meet ISO9001 to achieve certification or who have been identified as the internal auditor.
Internal auditor training courses usually cover the basic audit technical content of the Lead Auditor course, but in a reduced format, over a 16 or 24-h duration.
Although thousands of people have been trained through attendance at this type of course, what isn’t well understood is that the style of auditing experienced by the attendees is based on external audit principles and techniques, which focus almost exclusively on compliance to the ISO requirements. Many organizations have no benchmark for how internal audits really should be performed and those who experience customers’ quality audits recognize a good deal of similarity.
Unfortunately, much of the training content doesn’t fully address the needs of the organization’s audit program with the result that rarely are the true benefits of effectively managed internal audits fully realized.
This book gives guidance and a model for the management and implementation of internal audits, which moves beyond simple compliance to ISO requirements, dispenses with the typical external audit-based practices – which may be perceived as offering more style than substance
– and becomes a transformational tool that the organization can use to assist with the management of risk.
PREFACE
There is a lot of misunderstanding about the role of internal audits in the implementation of a management system. The range of expectations of internal audits ranges from confirming simple compliance of activities compared with documentation at one end of the scale, to that of identifying improvements at the opposite end.
Furthermore, it is commonly expressed that auditors should be somewhat god-like in their knowledge and understanding
Enjoying the preview?
Page 1 of 1