Clarity and comfort: the importance of quality auditing
December 2021 | FEATURE | ACCOUNTING & FINANCE
Financier Worldwide Magazine
December 2021 Issue
An audit determines whether an organisation is providing a true and fair view of its financial performance and position. In providing accurate management accounts, or revealing systematic errors, a year-end audit is critical to decision making for an organisation that relies on management information.
Audits are an essential management tool, used to verify objective evidence of processes, to assess how successfully processes have been implemented, to judge the effectiveness of achieving defined targets, and to provide evidence for reducing or eliminating problem areas.
Quality auditing is the systematic examination of an organisation’s quality management system (QMS). It is a key component of the ISO 9001 quality system standard, developed by the International Organization for Standardization (ISO) and first published in 1987.
Like all ISO standards, ISO 9001 is subject to periodic review to ensure its continuing relevance and usefulness. ISO 9001 has been revised four times since inception, to address the challenges of changing economies, advances in technology and trends in society. The current version was published in 2015. In 2020, members of the ISO opted not to review ISO 9001, so a new version of the standard may not be published until 2030 – despite the challenges presented by both the coronavirus (COVID-19) pandemic and by the continued pace of digital transformation.
According to the ISO, to comply with ISO 9001:2015, companies must demonstrate their ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements, and to enhance customer satisfaction through the effective application of the system, including processes for improvement. All the requirements of ISO 9001:2015 are generic and are intended to be applicable to any organisation, regardless of its type or size, or the products and services it provides.
Quality audits are usually conducted at agreed time intervals, ensuring that an organisation has a clearly defined system for quality monitoring. They can also help determine whether an organisation is compliant with the requirements of a specific quality system. A quality audit is typically carried out by an internal or external quality auditor or audit team.
For the benefit of the organisation, quality auditing should not only report on non-conformances and corrective actions, but also highlight areas of good practice. In this way, other departments may share information and amend their working practices accordingly, contributing to continual improvement.
Pressure
The need for accurate reporting in the today’s economic and regulatory landscape is increasingly clear. Against the backdrop of the COVID-19 pandemic, companies have had to consider how to deliver financial reports that provide the insights necessary to recover and thrive during a time of upheaval and uncertainty. Businesses that seek to understand the long-term impacts of the crisis on their business strategies and operating models are more likely to find new ways to quickly adapt to the post-COVID-19 world, according to Deloitte.
Pressure on firms to get their auditing right will only increase going forward. In September 2020, the International Auditing and Assurance Standards Board approved a new and revised set of quality management standards for auditors which will come into force at the end of 2022.
According to Deloitte’s Global Audit Value Pulse Survey 2020, which canvassed the opinions of C-suite, finance and audit committee executives, investors, shareholders and board members across nine countries from a wide range of industries, audit is an integral part of the modern financial reporting ecosystem. Management, boards, regulators, standard setters, auditors and investors each have an important role to play. Ninety-eight percent of respondents agreed that an audit of a company’s financial statements allows them to trust and rely on those statements to some degree.
Benefits
Audits can bring clarity about the state of a business and provide reassurance to executives, investors, regulators and other stakeholders.
Quality audits are an important function for driving growth within organisations. They provide mechanisms to evaluate the efficiency of the business and help managers to identify whether applied strategies are delivering results. In the case of deviations, they may identify root causes so that corrective action can be taken. Compliance, process and product audits should be at the heart of any quality management strategy.
Quality auditing can generate significant value for companies; indeed, the insights gained from audits can be significant drivers for new revenue. The process can, for example: (i) improve the quality of the system as well as the quality of the product; (ii) assess the cost-effectiveness of quality systems; (iii) measure the effectiveness of quality programmes; (iv) increase productivity by making product output more uniform, reducing mistakes and cutting wastage of resources and manpower; and (iv) give employees the chance to report inadequacies in the interpretation of basic quality requirements.
Conducting an audit
There are steps companies should take to prepare for an ISO 9001 quality audit, as these actions can be integral to its success. To start, it is important to establish the criteria and scope of the audit, a process best carried out by a quality manager. Audit criteria should focus on risk areas and remain consistent across subsequent audits, as this will allow companies to simplify the process, analyse their performance comparatively and set baseline goals to achieve between audits.
Prior to the audit, companies should ensure they have a top-down understanding of ISO 9001 requirements. Doing so allows them to take corrective action if they fall short. A comprehensive review should highlight areas of improvement to prepare for ISO 9001 auditing. The more rigorous the internal audit, the more likely the company will achieve and maintain ISO 9001 certification. Senior managers should review and act on the results.
Quality audits can be carried out by either external advisers or internal personnel. An auditor should have the knowledge and skills in audit principles, procedures and techniques, organisational understanding, quality management systems and social interaction. They must be able to identify all relevant documentation, including policies and procedures necessary to evaluate systems and products, as well as compile a preliminary list of individuals to be interviewed.
Conducting an audit correctly is essential to demonstrate to the market that a company is QMS compliant. Companies should begin by creating a plan to guide execution of the audit. The plan should outline the scope, detail the processes and list the departments or products to be audited, as well as present all the activities in a timeline.
During the process, the auditor will collect relevant information, including via interviews with staff, to determine whether established standards and quality control procedures are being followed. Non-conformities – situations that have occurred which conflict with standardised processes and procedures – are registered at this stage. Depending on the findings, the scope of audit plans and checklists may be widened to conduct additional evaluation.
Post-audit review
Once the audit has been completed, the audit team reviews problem areas and determines recommendations for correcting quality problems. This information will be presented in an audit results report, which should be consulted in strategic meetings held by senior leaders. The report helps companies to evaluate the results of the audit, determine how to implement steps for improvement, track performance and quality levels, and promote any achievements.
Of course, audits are not always successful. Companies fail to achieve compliance for many reasons, including unsatisfactory documentation, lack of ISO understanding and poor enforcement strategies.
Moreover, achieving certification for an ISO 9001 quality management system is not a one-off exercise – it requires an ongoing series of connected audits and reviews to ensure that management systems are compliant with ISO standards. As such, once a quality management system has been implemented, it will need to be regularly audited in a rolling, three-year cycle to maintain ISO 9001 certification, much like other ISO management systems.
An evolving process
In the complex business environment, there is a growing desire for auditing to evolve further, not least due to the intense pressures created by the COVID-19 crisis. There are calls for auditing to provide real-time, relevant information, to keep pace as companies introduce innovations into their businesses and processes.
External auditing firms are responding to these demands with new advancements. Auditing technology is modernising to include data analytics, artificial intelligence, robotic process automation and machine learning. Utilising blockchain technology is another area of interest. Going forward, investment in network security and data functionality will need to increase.
According to the Deloitte survey, 94 percent of respondents said they are more confident in their financial statement audit process than they were five years ago, with 32 percent stating they are much more confident. Although progress has been made, heightened expectations, risk and complexity mean there is much more to do.
Assessing risk and achieving compliance are important functions for any company under normal circumstances, but in times of acute crisis, it is imperative that companies can provide an accurate snapshot of their financial performance and position. Auditing, including quality auditing, have a key role to play in this process.
© Financier Worldwide
BY
Richard Summerfield