Optimizing Company Credibility Through ISO-based Internal Audit

Internal audit is an important process for a company to ensure the achievement of its corporate goals with a systematic and disciplined approach to evaluate and improve the effectiveness of risk management, control and corporate governance processes. Internal audit using the ISO approach is an effective audit process to add value and improve the operational performance of a company. This causes the internal audit process using ISO standards to work effectively and be recognized in 167 countries by 2022. 

What is Internal Audit?

Internal audit is a company's internal control procedures, including evaluating the company's governance and business processes. These audits ensure company compliance with laws, and help companies maintain accurate and timely financial reporting. Internal audit also assists company management in achieving operational efficiency by identifying problems and correcting deviations before they are discovered in an external audit.

What is ISO Based Audit?

The Internal Organization for Standardization  (ISO) is a global leader in developing industry-wide standards to keep products and work processes safe, effective and sustainable. Many ISO standards such as ISO 27001 and ISO 9001:2015 offer certification, where this certification can guarantee or increase a company's reputation if the company complies with ISO standards. An ISO-based audit is an audit that measures a company's compliance with one of the standards set by ISO. The ISO organization itself is a non-governmental organization based in Geneva, Switzerland that develops standards and control frameworks that guide industry best practices in various fields. 

Why Is ISO Based Audit Important?

ISO-based audit is important to do for several reasons, such as:

1. ISO-based audits can help company management find out whether the company meets the requirements for ISO compliance, 
2. In addition, ISO-based audits help company management find out weak points / deficiencies that occur in the company's operational processes. The ISO-based audit process can then be developed into a strong risk management strategy to ensure optimal company operations. 

The ISO standard itself can be regarded as an appropriate formula to support a company's business processes, such as manufacturing a product, managing a process, providing services, or providing  (supply) of materials. Audits with an ISO standard approach can also be part of the initial phase of a company's risk assessment plan, assist companies in developing new systems, and more. 

What are the types and types of ISO-based audits?

There are four main types of ISO Based Audit, namely Internal, External, Certification, and Supervision. The selection of these four types of ISO audits may change depending on compliance and certification objectives, scope, scale, and company budget.

1. Internal Audit
2. ISO-Based Audit can be carried out internally by an auditor appointed by the company itself. If a company wants to ensure ISO compliance as a guideline for running the company, then internal audit can audit (ensure) whether the company has actually adopted the ISO standard as a model/guideline in its business process practices.
3.  
4. External Audit
5. ISO-Based Audit is externally conducted by third-party auditors to assess the company's compliance with ISO standards. There are several types of external audits that can be carried out, one of which is a 'customer and supplier audit'. In carrying out a 'customer and supplier audit', there are many ISO standards that need to be complied with by all parties, from company management, supply chain members ,  to customers. 
6.  
7. Certification Audit
8. ISO-Based Audit certification can be carried out through companies registering for an audit based on ISO certification standards. ISO certificates are generally valid for 1 year, after that the company will be re-audited. For 1 year the company will be audited at a certain time, some are audited every 6 months, this is often called a  surveillance audit or periodic audit. Several types of ISO certifications such as ISO 9001 ( Quality Management System ), ISO 37001 (Anti-Bribery Management System), ISO/IEC 27001 (Information Security Management System), and others. Companies that have passed the certification audit must maintain processes and controls in accordance with the ISO standards during the validity period of the certification.
9.  
10. Surveillance Audits
11. Once a company achieves ISO certification, management must schedule surveillance audits with the certification body at least once per year. A surveillance audit includes a management review (the steps the company has taken to reduce or correct non-conformances were previously reviewed by the surveillance audit) and a review of how the organization responds to recommendations from the conduct of the audit.

ISO Certification Audit Checklist that must be prepared?

Following are some of the preparation processes that can help maximize the ISO Certification Audit process:

1. Setting the ISO Audit Schedule
2. Preparing a schedule for an internal audit in advance is an important step in preparing a company for an audit for certification according to ISO standards. Ensuring time flexibility to complete work projects and solving existing problems is also important in preparation for an ISO certification audit.
3.  
4. Compile Audit Checklists
5. Preparation of audit checklists can assist company management in preparing all operational needs in accordance with the ISO standards used. This must be ensured by the entire audit process in accordance with the standards that must be complied with. 
6.  
7. Defining
8. ISO Certification Audit Objectives can be time-consuming, especially when conducting a gap analysis . Recognizing the company's goal of obtaining ISO certification can increase effectiveness and efficiency in the course of the ISO audit process.
9.  
10. Establishing an ISO Internal Audit Team
11. The company can establish a team consisting of a combination of personnel from various divisions/units/functions. The selected personnel are expected to be able to see and monitor a broad range of the company's business processes. The Internal Audit Team that has been formed will then play a role in ensuring that the preparation and implementation of the ISO certification audit can run effectively and according to standards. 
12.  
13. Recording Findings Recording
14. any findings that do not comply with ISO standards in the company's business processes is important to identify any process discrepancies so that they can then be followed up and produce a summary report on these findings. This summary report will later be useful as a determinant of the right solution for adjusting business processes to comply with ISO standards.

Conclusion

In the end, ISO-based audits can assist companies in optimizing the company's business processes, optimizing employee performance, increasing customer trust through increasing company credibility, as well as providing assurance for the quality that companies offer through the application of International standards (ISO).  

Altha Consulting as an experienced management consultant provides  Business & Risk Advisory, Corporate Training and  IT Audit  services that can help companies determine and take proactive actions in improving internal controls and managing risks more effectively. If you have any questions please contact us.