Internal Audit Management

Internal Audit Management

Introduction

Internal audits within iPassport are created using a Checklist. These checklists can be created as reusable templates within iPassport and selected when creating the internal audit.

If the preference is to produce audit reports created outside of a checklist process, then these are best stored as controlled documents with the Category of Internal Audit.

Internal audits can be on any topic; there is no limitation within iPassport on this.

Required Permissions

There are 20 permissions associated directly with internal auditing. For convenience, they come organised by level of authority in two system roles - Audit Viewer and Audit Editor. Audit editors’ permissions include those of audit viewers.

Audit Viewer (also available in Global Viewer (excluding admin and personnel records) )

Internal Audits:Create Reports
Internal Audits:Search Internal Audits
Internal Audits:View History
Internal Audits:View Internal Audits
Internal Audits:View Non-Compliances
Internal Audits:View Print History
Desktop:Show Internal Audits Menu Item
Desktop:Show Non-Compliances Menu Item

Audit Editor (also available in Global Editor(excluding admin) )

All permissions above plus:
Internal Audits:Change OU
Internal Audits:Complete
Internal Audits:Create Internal Audits
Internal Audits:Delete Types
Internal Audits:Edit Internal Audits
Internal Audits:Edit Types
Internal Audits:Link To Records
Internal Audits:Manage Non-Compliances
Internal Audits:Manage Reviews
Internal Audits:Print Internal Audits
Internal Audits:Remove Links
Internal Audits:Schedule Reviews

Internal Audit Settings

There are no specific System Preferences or OU Preferences associated with internal auditing.

Creating Internal Audits

Creating a new internal audit record

Note: This process assumes you have a checklist in place already.

The Internal Audit menu item is located under the Quality Management main menu item.

To create a new internal audit:

  1. Go to Quality Management > Internal Audit > New Internal Audit (or use the [+] sign shortcut)
  2. In the New Internal Audit Step 1 of 3 screen, enter values for the following fields (at least those marked required must be entered to continue)-
    • Name (Required) - this field is displayed in search results so it’s beneficial to make it descriptive; the system will issue a warning if the name has already been used and it will prevent advancing to the next step.
    • Type - this allows breaking Internal Audits down by a searchable and reportable type. Only one type of internal audit can be selected/assigned from the dropdown menu. New types can be added using the spanner icon to the right of the field (please refer to, Adding New Types below).
    • Index (Required) - it can be left to Auto Generate by iPassport and it will use the settings in the Administration area; or it can be entered manually by clicking the cog icon, which toggles the auto generate on and off. The index is only used as an authentication method to help ensure there is a unique identifier for the record, therefore it can be manually configured. The system will issue a warning if the index has already been used and it will prevent advancing to the next step.
    • Schedule On (Required) - this field allows setting the date the audit is intended to happen. Internal audits can be created in advance so that an audit calendar can be built up well in advance. The schedule on date can be adjusted at any point until the internal audit is completed.
    • Authors - to record the people who prepare the audit
    • Organisational Unit - this provides the internal audit with a ‘home’ and helps define who can and cannot access the record
    • Locations - this helps to further categorise the record
    • Auditor - this is a free text field which simply allows writing the name of the auditor; it is currently not linked to a contact record in iPassport so no reminders are triggered from this field.
    • Introduction and Scope - this field is available to provide background about the audit
      Note: Should a reminder of the audit be required, the best solution is to create a task and assign it to the auditor. If the audit is not for a few months time, the task can be created with an appropriate Activation Date set in the future.
  3. Click Next Page

  4. In the New Internal Audit Step 2 of 3 screen (Peer Review Step), optionally enter values for the following fields-
    NOTE: The peer review step is used to request other staff members’ feedback on the design of the audit. If this is not required the step can be skipped. If filled, a task is issued to the selected users when the audit has been created, dependant on the Tasks Active on date.

    • Review to be completed by - to set a date by which the peer review should be completed
    • Tasks active on - to set a date to release the tasks in the future if preparation time is needed before the audit can be reviewed
    • Reviewers (Distribution Lists) - to select a group of reviewers in ‘bulk’ by selecting existing Distribution List(s)
    • Reviewers (Users) - to select individual users one by one
    • Priority for review tasks - to select a level of urgency from the dropdown menu
    • Task Description - iPassport pre-populates the field with a standard message which can be edited and extended as required
  5. Click Next Page

  1. In the New Internal Audit Step 3 of 3 screen, select one or more existing checklists to be used for this audit
    NOTE: It is not required to select a checklist at this point but it is not possible to complete an iPassport Internal Audit without one so if it is missed here (for example, it has not been written yet), it can be added from the Checklist tab within the internal audit record later.
  2. Click Create Audit

Adding New Types

To add new types of audits:

  1. Open an incomplete internal audit
  2. Click the edit (pencil) icon next to the Type field
  3. Click the manage (spanner) icon that appears
  4. Click [+]Add Audit Type in the Audit Types lightbox to open the Create Audit Type section
  5. Enter a name for the new audit type in the Name field
  6. Click Create Audit Type
  7. Use the delete (trash/bin) and edit (pencil) icons to manage the types listed below
    NOTE: Only types not in use can be deleted

Viewing the Internal Audit Record

Once the internal audit is created, it can wait there until the audit needs to be performed. It is also possible to adjust the Scheduled On date at this point if needed.

The first three tabs of the internal record reflect the steps used to create it. The General tab, which the record opens to by default, represents the first step (page) when creating the internal audit. The Reviews tab and the Checklist tab represent the other two steps in the creation process. Most elements of the record can be edited through these tabs while the audit is incomplete.

Non-compliances are created as part of the internal audit, based on the checklists chosen. As such, it is not possible to create a noncompliance from the Non-Compliances tab; it simply shows ones created from the Checklist tab as part of the audit.

The other tabs work in the same way they do elsewhere in the system.

Performing the internal audit

When the internal audit record has been created it is possible to ‘perform’ the audit, using the Checklists tab in the record. The Checklists tab shows the checklist(s) loaded to the internal audit and by working through them, the audit can be completed.

To perform the audit:

  1. Open the internal audit by going to Quality Management > Internal Audits > Search Internal Audits
  2. Click the Checklists tab to open it

  3. Click the magnifying glass in the Actions column of a checklist to access its elements

  4. Mark off each item of the checklist by selecting one of the options in the Actions column; from left to right these options are:

    • Compliant (’ ‘ check) - marking an item as compliant opens a lightbox to provide evidence. Free text can be entered here and other evidence such as a picture or scans, can added via the Attach tab.

    • Noncompliant (’X’ cross) - marking an item as noncompliant opens a noncompliance lightbox where some of the key information can be entered.
      Critically, a noncompliance record is created from this information, allowing the noncompliance to be expanded and actioned. Immediate and follow up actions are not created at the time of recording the noncompliance but through the (now) linked noncompliance record. The noncompliance record can be accessed from the Non-Compliances tab in the internal audit, or from the noncompliance record itself.

    • Not Applicable (’-’ dash) - marking an item as not applicable opens a lightbox where observations can be entered.

Completing the internal audit

Once all the checklist items have been worked through, and there is no time limit on this process, the internal audit can be marked as complete. For the internal audit to be marked as complete, not all the noncompliances have to be closed. These are on separate records which remain linked to the internal audit.

To mark an internal audit as complete:

  1. Expand the Actions drop down menu and select the Set as Completed option

  2. Click the Go button and the internal audit is marked as complete/finished