Best Practice Audit Reporting
The practice of audit reporting evolves over time, often as a result of technological advances and also in response to practical limitations in our time-poor contemporary society. Managers are generally looking for shorter and sharper formats, with clear indicators of any shortcomings and positive findings.
The use of ‘traffic light’ reporting (or the use of similar colour-coded icons) is now common place as a way to quickly highlight to the reader the status of the organisation’s performance against the audit criteria. (Thankfully we haven’t yet progressed to the use of emoticons!)
The use of a tabular-style reporting is also reader-friendly, wherein the information is presented in a table that aligns with the audit criteria, and against the criterion presents both the findings and any recommendations, all within one page. This style of report is much easier for the time-poor reader than older prose-based styles wherein the reader has to flick between sections and mentally collate the relevant information.
Industry leaders in best practice auditing have advocated for a structured and graded approach in relation to any identified non-conformances within the auditing framework. This is commonly applied as:
- Major non-conformance (NC-M) being a non-fulfilment of a requirement of the standard or internal organisational requirement, or non-compliance to a legislative requirement, that affects the ability of a management system to achieve the intended results; or a number of minor non-conformities listed against similar areas.
- Minor non-conformance (NC-m) being a non-conformity that does not affect the capability of the management system to achieve its intended results.
This structured approach to classifying non-conformances allows the auditor to highlight the significance of any detected issues. The auditor should then respond to the non-conformances by offering Recommendations relating to each finding, which then enables the auditee to address issues in a prioritised way. These Recommendations should be specific and ‘value add’ to not only the audit process, but also the client’s operations.
Opportunities for Improvement (OFIs) can also be offered where there is conformance with the audit criteria but also potential to improve or streamline an area or process. OFIs may also indicate trends which may result in a future non-conformance.
While hazards may be evident on-site, and a photo of a hazard can be powerful in explaining a site issue to Management, the systems auditing process should see the hazard simply as an indicator or symptom of a process or system deficiency. The key question that needs to be asked is, why did the hazard manifest itself and why did internal systems not detect it prior to an audit?
The aim of a systems audit is not just to fix the hazard; it is to prevent such hazards systematically re-occurring.
Please contact QRMC for assistance with reviewing your internal auditing processes and tools.