Ensure the comprehensiveness of internal audits conducted by third-parties

By ,

COVID related travel restrictions are forcing more and more companies to use third parties for their internal audits, but how do you know if your consultants are being comprehensive?

With closed borders, locked-down cities and shuttered airports, more and more companies are having to explore outsourcing their internal audit work. Local consultants have to be brought in for routine internal audits where a corporate team would have normally flown in. In such a landscape how can you ensure consistency for internal audits across your operations and the comprehensiveness of those audits?

Most consultants conducting these audits are tenured professionals. They have developed a sixth sense for common problem areas over the years. Their approach is often searching for compliance issues based on their experience and by walking the site. They take notes in the field and then find the corresponding regulations that govern the issues they identified (PPE, waste,…). This approach works for many issues, but it inevitably leaves blind spots for the company as they cannot be assured that all compliance obligations were verified for compliance.

While this approach is valuable for periodic external audits (for example, for certifications to a standard), it may not be aligned with the goals of the internal audit the consultants had been brought in for. The corporate team is often looking for an extensive audit of all their operations with specific references to standards, so they can catch issues before they develop into bigger problems. With a comprehensive compliance audit, the idea is to catch a non-compliance early. You can then conduct root cause analysis, issue effective corrective actions and close it out before real external happens.

The way to align these two is for external auditors to conduct their audits against thorough checklists based on regulatory requirements and standards that have been determined to apply to the company. Instead of looking for problems, the third party auditors measure performance against each regulatory item. This allows the corporate team to have consistent data across their plants, and to make specific references to regulations when discussing audit findings with their team.