Ten steps to surviving an audit

So here are our ten top tips:-

1. Audit trail and documentation

As well as having clear, written policies and procedures, ensure that you have a detailed audit trail of all actions and can easily and quickly access the relevant documentation.  It is not just about being compliant and adopting best practice, it is also important to document that you are doing so.

2. Joined up processes

If a component of the business function to be audited is outsourced, check there is transparency across both organisations to make sure that the policies and procedures of each organisation support the other’s and that they are joined up. The requirement for joined up working should be specified in the contract for all sub-contracted activities.

3. Latest legislation

Check that your policies and procedures incorporate the most up-to-date legislation and regulatory requirements.  These change regularly, so you can never afford to relax and let your guard down. Link this to the document management system that holds all the documents and include review dates so that the document is regularly reviewed and updated with changes.

4. Escalation and emergency procedures

Test the robustness of your escalation and emergency procedures, for example, by having a trial run or a simulation exercise, whichever is more appropriate for the situation.

5. Start planning today

Start planning your audit well in advance.  Develop a checklist of all areas that will be audited.  Identify where you need to undertake remedial action and put a plan in place to address those.  Review any other activity from outside the core area that may impact on your audit.

6. Tell everyone

Brief everyone about what to expect and what is required of them, including your outsource partners.

7. Dress rehearsal

Run internal audits before the big day to check you are ready – if you like, a dress rehearsal.

8. Trained and skilled internal auditor

Make sure that the internal auditor that you use to run that dress rehearsal is properly trained and knows how to run an audit so that the things they pick up on are what an external auditor might have also picked up on. You can use previous external audits for guidance.

9. Complete remedial actions

Once you have had your audit, if there are any remedial actions that are identified, make sure that you complete those before the due date and that you document that completion. Be open and make your internal audit reports available for the auditor.

10. Be prepared

Finally, it is not just about surviving an audit on the day.  Your ideal position is to be audit-ready at all times.  If you have your systems and processes in place, it is not just in order to satisfy the auditor, but really to help the business mitigate operational risk.

So as the old Army saying goes, proper preparation prevents poor performance! Being audit-ready and managing your operational risk thoroughly will not only enable you to survive audits with minimal pain, but also help the enterprise to function at an enhanced level.