A Guide to Auditing Top Management and the Internal Audit Checklist

Organizations must audit the processes associated with top management as part of an effective internal audit program. These processes include those relating to strategic planning, the establishment of policies and objectives, ensuring effective communication and ensuring the availability of resources.

Auditing management or directors is often seen as a sensitive issue but by considering each management activity as a normal organizational process, it becomes much easier to focus on determining whether the outputs of their activities are effective.

How to Audit Top Management

By using a formal risk-based approach to internal audit planning, as required by ISO 9001, auditors have a great opportunity to engage top management in the audit process. By making management part of the planning process and by giving them ownership of the areas to be audited, the internal audit becomes a valuable mechanism for development.

A good starting point is to copy, into the audit checklist, all requirements from the standard that say ‘top management shall’, almost every clause of section 5 starts with ‘top management shall’ and it’s the auditors job to find if management ‘did’. The audit checklist must cover the requirements from the following sections:

5.1 Management Commitment

5.2 Customer Focus

5.3 Quality Policy

5.4.1 Quality Objectives

5.4.2 Quality Management System Planning

5.5.1 Responsibility and Authority

5.5.2 Management Representative

5.5.3 Internal Communication

5.6 Management Review

5.6.1 General

During the Internal Audit

When undertaking the internal audit of top management, the auditor should collect and corroborate evidence of top management’s commitment from within the quality management system itself. The auditor should ask how the quality manual addresses management commitment issues and ask how they are accomplished; then, the auditor must find objective evidence that proves it’s actually being done. This method applies to management as well as the production machinist, and everyone else in the organization for that matter!

If the standard, documented procedures, policies and objectives are audit inputs, then the evidence sampled and the interview statements made by top management auditees are the audit outputs. If the input does not align with the expected output, the auditor simply states this misalignment as a non-conformance whilst providing an audit trail to the supporting evidence.

Final Reporting

Auditors should prepare the internal audit report in a manner appropriate for presentation. It might be necessary to present the executive summary of the audit report directly to the top management and other interested parties within the organization. The executive summary must highlight both positive and negative findings and suggest opportunities for improvement.

Source by Richard Keen