Not surprisingly, the development of auditing accompanied the development of accounting, and the ﬁrst recorded auditors were the spies of King Darius of ancient Persia around 2500 years ago. Modern auditing began in 1844 when the British Parliament passed the Joint Stock Companies Act, which for the ﬁrst time required that corporate directors report to share-holders via an audited ﬁnancial statement, the balance sheet. And so the process goes and has evolved from there. The sad fact remains though that in many organisations, auditors as still viewed as there were in ancient Persia, spies and those who cannot be trusted. The truth of it is that audits should be a positive experience for an organisation, providing an update on how the organisation is running and whether additional training needs to be undertaken and providing management with key indicators to be able to make decisions in the best interest of the business.
Unfortunately, audits can also be used to scare monger, blame and create fear in an organisation. If you are hoping to develop a culture of continuous improvement and lifelong learning, audits done well can be an integral part of that process, here's how to do it:
1. Communicate in advance and communicate for the listener
Auditors tend to be C style profiles (Check out DISC for more information), Conscientious profiles tend to be very confident and thorough in their communication, however can also be seen by others judgemental, perfectionists or even pedantic in their communication. As such, for Ds and Is (Dominant (think big boss, direct) or Influencers (think extrovert, sales guys)) may struggle with this communication style and cease communication. This will be hard to hear for the high Cs but there is no point in being right if you aren't being heard, so prepare and be able to provide short concise notes with further follow up information for reference for staff when you are starting or opening the meeting and throughout the process. Also, try to temper language so that you come across as much as possible as personable and approachable. Audits run in defensive mode are rarely as productive as they could be. If you are the auditee dealing with a difficult auditor, take the time to figure out how they communicate and adjust your style to theirs to build communication from your end.
2. No pre-conceptions.
This is so key to a successful audit, if you are going in with the premise of 'finding something' or 'confirming suspicions' then the whole process is doomed. This is actually one of the first premises of the ASQA Auditor Code of Practice. The Code states that auditors will "behave in a fair manner and without favouritism, patronage or prejudice and ensure their personal beliefs or opinions do not influence their findings."
Now all auditors are human (yes, I promise they are) and therefore prone to err on occasion. However, the intent is absolutely key and there are a few good reasons. Firstly, if you are intent on finding something, you will find it, whether it is there or not. Secondly, most people are poor at hiding their intentions and most people being audited will assume that the auditor is out to get them. This is so counterproductive to building trust, communication and education, which should be the intent of an internal audit and is integral to procedural fairness and integrity. If you do feel you are being unfairly targeted and you disagree with the auditors findings, have the discussion, ask what the standard is they are auditing, what is the evidence and how they have arrived at their finding, where is the gap. Often many non-compliances can be addressed then and there once both parties understand where the gap is.
3. Recognise the difference between standards and expectations
This one is a personal bug bear of mine, there is a set of standards, dictated by the regulator and set in legislation. Then there is a set of expectations or interpretations in how they can be applied to varying degrees, these are personal benchmarks or expectations. As an example, RTOs issue first aid, the Statement of Attainment is actually valid forever according to the standards, however, its an industry expectation that the unit is renewed every xxx years. Similarly, there is a standard that RTOs identify and deliver an appropriate amount of training to meet the learners needs, there is an expectation that for Certificate III learners will need 12 months or 1200 hours to achieve this. When undertaking audits, auditors need to separately address the standards (what is an absolute must) and expectations (how standards have been interpreted previously and can be addressed). If you are the auditee, ensure that you are asking questions to identify what the standard is and what the gap is where non-compliances are deemed. Be familiar with the exact language of the standards and have clear and concise explanations for how you have addressed it backed up with evidence.
4. Check in regularly
Whether you are the auditor or auditee, regular communication is a must for shared understanding, so organise regular check ins like small closing meetings at the end of each day and at least one check in around or just after lunch/before lunch.
5. Follow a clear and transparent process
Finally, just as good and fair assessment relies on transparency, so does a good audit process. This is why ASQA and most auditors will start any audit process with an opening meeting to discuss the rules, process and general flow that the audit will take. Auditees need to understand how they can provide evidence in and around timeframes, why non-compliances may be reported and the consequences of such. Additionally, good audit processes provide for opportunities to respond or clarify perceived non-compliances.
Overall, the above means that all parties understand the process and are clear on the goal, where there is a difference, the parties can communicate to arrive at a resolution if not agreement. It's not always an easy balance to strike, but finding the balance can reap huge benefits for organisations resulting in a supportive environment where staff learn together and management can be confident in their ability to self regulate.
Good luck, go forth and audit well.