I think most people would agree that the quality of internal auditing (of any discipline) isn’t always what it should be. Typically reports are run off in a rush, with a poor level of detail, calling into question how rigorous the audit process actually was. And as for overall value …
There are a few techniques that people can use to increase the chances that the audit process will have the rigour and depth of scrutiny necessary to generate decent management information, turtle diagrams, for instance. Lately, though, I’ve been looking at how we can borrow part of the EFQM assessment approach to improve our internal audits. In an earlier post I highlighted a few EFQM weaknesses, but I think there is an opportunity to take one of its most simple and easy to apply strengths, and apply it to internal auditing – and it is equally applicable to quality, environmental and health & safety audits
For those of you who don’t know, the EFQM assessment process uses a numerical scoring system. Its not an exact science, of course, but it does help assessors rank and rate comparative data between companies and processes, and maintain a consistent approach. At the moment that scoring system is based on the “RADAR” Scorecard (see below)
The EFQM RADAR assessment approach uses a type of balanced scorecard to encourage the assessor (or auditor for that matter) to ask a series of key questions, namely;
R. To what extent are results used to set targets for process performance?
A. To what extent is a clear approach (procedures for example) defined and understood?
D. To what extent is the approach deployed (i.e. does everyone follow the approach or is deployment patchy)?
A. To what extent is the process assessed (i.e. measurement that asks the question “is it working the way it should”)?
R. To what extent is the process reviewed? (i.e. a review of whether the overall approach is still relevant and suitable)?
My view is that many internal audit systems could benefit from using this type of framework. It would improve the depth and consistency of process scrutiny no end. Internal audit report forms and checklists could be constructed to force auditors to follow the discipline. A similar scoring system could even be used to try to generate comparative data, audit to audit
Its a different approach, right enough, but worth thinking about maybe? Drop me a line if you’re interested in working with me to integrate this approach