Internal audits within iPassport are created using a Checklist. These checklists can be created as reusable templates within iPassport and selected when creating the internal audit.
If the preference is to produce audit reports created outside of a checklist process, then these are best stored as controlled documents with the Category of Internal Audit.
Internal audits can be on any topic; there is no limitation within iPassport on this.
For managers to have a quick overview of scheduled audits, the Metrics area provides a widget which lists ‘Internal Audits due within the next month’.
There are 20 permissions associated directly with internal auditing. For convenience, they come organised by level of authority in two system roles - Audit Viewer and Audit Editor. Audit editors’ permissions include those of audit viewers.
Internal Audits:Create Reports
Internal Audits:Search Internal Audits
Internal Audits:View History
Internal Audits:View Internal Audits
Internal Audits:View Non-Compliances
Internal Audits:View Print History
Desktop:Show Internal Audits Menu Item
Desktop:Show Non-Compliances Menu Item
All permissions above plus:
Internal Audits:Change OU
Internal Audits:Complete
Internal Audits:Create Internal Audits
Internal Audits:Delete Types
Internal Audits:Edit Internal Audits
Internal Audits:Edit Types
Internal Audits:Link To Records
Internal Audits:Manage Non-Compliances
Internal Audits:Manage Reviews
Internal Audits:Print Internal Audits
Internal Audits:Remove Links
Internal Audits:Schedule Reviews
There is currently one setting which allows closing internal audits when they still have open non-compliances. When it is not enabled (ticked), all related noncompliances must be closed before the internal audit can be set as completed.
The setting can be adjusted independently for each OU by navigating to Administration > Settings > Organisational Unit Preferences, selecting the OU and clicking, Internal Audit Settings. Once the option, “Allow closing Internal Audits with open non compliances” has been ticked or unticked, click Save.
Note: Checklists should be in place before they are used in internal audits.
The Internal Audit menu item is located under the Quality Management main menu item.
To create a new internal audit:
Click Next Page
In the New Internal Audit Step 2 of 3 screen (Peer Review Step), optionally enter values for the following fields-
NOTE: The peer review step is used to request other staff members’ feedback on the design of the audit. If this is not required the step can be skipped.
If filled, a task is issued to the selected users when the audit has been created, dependant on the Tasks Active on date.
In the New Internal Audit Step 3 of 3 screen, select one or more existing checklists to be used for this audit
NOTE: It is not required to select a checklist at this point and an internal audit can be completed without use of a checklist. However, internal audits are designed to use checklists for a more effective and efficient process. So, if it is missed here (for example, it has not been written yet), it can be added from the Checklist tab within the internal audit record later.
Click Create Audit
To add new types of audits:
All internal audits are listed under the Search Internal Audits tab. A set of search filters help locating any internal audit quickly. To save screen space, some search filters are kept hidden and can be easily viewed by clicking the Advanced Search bar.
To find an internal audit:
Search - free text can be entered to look for audits by name or index
OU - a dropdown menu displays all Organisational Units where the user has permission to view internal audits; ability to view internal audits is limited to the OUs where the permission (Internal Audits:View Internal Audits) is granted
Type - user created ’types’ help classify and locate audits
Status - the options are, Not Started, In Progress, Completed and Overdue; leave the field blank to view all statuses
Only the status label, Overdue is tagged to an audit’s name in red.
Review Status - if review feedback is requested for an audit, it can be in one of the following statuses, Reviewed, Scheduled, Under Review or No Reviews; leave the field blank to view all statuses
An audit might have already been reviewed and have reviews underway at the same time. These are marked with both tags:
Date - is after - is before - the Date field offers the options, Created, Schedule on or Completion Due; the other two fields have pop-up calendars to set a range for the date parameter
The list of audits resulting from any search can be exported in CSV format by clicking Export CSV, in the top right corner of the results section.
Once the internal audit is created, it can wait there until the audit needs to be performed. It is also possible to adjust the Scheduled On date at this point if needed. The Scheduled On date can’t be after the Completion Due On date; the system will validate this when these fields are edited.
The first three tabs of the record reflect the steps used to create it. The General tab, which the record opens to by default, represents the first step (page) when creating the internal audit. The Reviews tab and the Checklist tab represent the other two steps in the creation process.
Most elements of the record can be edited through these tabs while the audit is incomplete.
The Organisational Unit (OU) is the exception. To change it, the permission, “Internal Audits:Change OU” is required for the option, ‘Change OU’ to become available in the Actions dropdown menu.
It is possible to move an internal audit to a different OU after it has been closed, provided the user also has the permission, “Internal Audits:Complete”.
Non-compliances are created as part of the internal audit, based on the checklists chosen. As such, it is not possible to create a noncompliance from the Non-Compliances tab; it simply shows ones created from the Checklist tab as part of the audit.
The other tabs work in the same way as they do elsewhere in the system.
When the internal audit record has been created it is possible to ‘perform’ the audit, using the Checklists tab in the record. The Checklists tab shows the checklist(s) loaded to the internal audit and by working through them, the audit can be completed.
To perform the audit:
Open the internal audit by going to Quality Management > Internal Audits > Search Internal Audits
Click the Checklists tab to open it
Click the magnifying glass in the Actions column of a checklist to access its elements
Mark off each item of the checklist by selecting one of the options in the Actions column; from left to right these options are:
Compliant (’✓ ’ check) - marking an item as compliant opens a lightbox to provide evidence. Free text can be entered here and other evidence such as a picture or scans, can be added by dragging them into the dotted rectangle marked, Click here to attach evidence or by clicking inside the dotted area to open a ‘search and select’ browser window. Other records in iPassport can be linked at the bottom of the lightbox. Click the button, “Mark As Compliant” to complete the approval or click the “X” in the top right corner to close it without marking the step as compliant.
Noncompliant (’X’ cross) - marking an item as noncompliant opens a noncompliance lightbox where some of the key information can be entered.
Critically, a noncompliance record is created from this information, allowing the noncompliance to be expanded and actioned. Immediate and follow up actions are not created at the time of recording the noncompliance but through the (now) linked noncompliance record. The noncompliance record can be accessed from the Non-Compliances tab in the internal audit, or from the noncompliant audit step itself.
NOTE: A noncompliant internal audit checklist step and its associated noncompliance are two distinct items and once created they can have attachments and links added separately.
Non-Compliances created from an internal audit checklist step (also referred to as a ‘requirement’), will display information about their origin in the internal audit, with details about attachments and links added there.
Any attachments added are listed near the bottom of the lightboxes that open when clicking Compliant (✓), Not Applicable (-) or, when clicking the magnifying glass icon (🔍) which shows once a step has been marked. Steps can be revisited to upload, remove or replace more evidence. It’s possible to open these lightboxes just to manage attachments and then click the “X” in the top right corner to close them without altering the state of the step. For more information on the attachment icons, please refer to the user guide, Attachment Management.
Once the checklist items have been worked through, the internal audit can be marked as complete. For the internal audit to be marked as complete, not all the noncompliances have to be closed if the Organisational Unit Preference, “Allow closing Internal Audits with open non compliances” has been enabled. Please see the settings section above. If there are open noncompliances, they’ll remain linked to the internal audit as separate records.
To mark an internal audit as complete:
Expand the Actions drop down menu and select the Set as Completed option
Click the Go button and the internal audit should be marked as complete/finished
The fields under the general tab will still be editable after it’s completed. It will still be possible to manage the evidence submitted but it won’t be possible to change the state of any steps.
When a verifier is appointed in the field provided, the system automatically assigns a task to this person when the audit is set as completed. A task will be created even if the verifier completes the audit. The task will appear in the sidebar like any task and clicking it will take the user to the record so it can be verified easily.
If a value is entered in the Frequency field, the internal audit will automatically become recurring. At the point of completing the internal audit, a lightbox will pop up to allow adjusting the dates calculated by the system. Both dates, “Schedule the next audit on” and “Next audit’s Completion due date”, are based on the previous corresponding dates and incremented by the frequency value.
If a verification step has been added, the verifier will also have an opportunity to edit these dates when performing the step.
A new copy of the internal audit will be created with the approved dates. It will include the same checklist as the original audit and from version 3.5.6, if the checklist has been updated in the interim, the changes will be reflected in the new audit.
It is also possible to reopen an internal audit once it has been completed. The Actions dropdown menu will include the option, “Re-open” in completed audits. This option is only visible with the permission, “Internal Audits:Complete”. Completing this action reverts the internal audit to the status, “In Progress” and leaves an entry in the Changelog tab for future reference.