Risk-driven auditing, is it necessary? If so, how can it be tackled? During our online MasterClass, nearly 50 auditors were questioned and prompted to think about this. They found out how to manage risks in their organization and how this leads to process optimisation. Their knowledge and experience with audit processes were taken to a higher level.
Divided into break-out sessions, the auditors sought answers to questions like:
- What are the benefits of risk-driven auditing?
- What input is needed for it?
- What are the criteria for switching to risk-driven auditing?
- What qualities are needed for it?
- What are good questions for a risk-driven audit?
- What requirements must someone meet to conduct a risk-driven audit?
Main Goal of Risk-Driven Audit: Take Action
Quality experts Anita te Riet and Sascha van de Ven from QAducation – the knowledge provider for quality care – supplemented the output of the break-out session with valuable tips and recommendations.
Sascha: “The main goal of risk-driven auditing is to take action when a risk is detected.” According to Anita, all risks across the company must first be identified, including those at the management level. She often sees that the management team makes agreements of which the shop floor is unaware and vice versa. “Such issues need to be clearly identified,” says Anita.
Benefits of Risk-Driven Auditing
The break-out sessions offered the MasterClass participants the opportunity to share how they view risk-driven auditing, how they tackle risks, and what challenges they encounter in their work. It brought the auditors together and facilitated a dynamic exchange of knowledge and experiences.
It concluded that risk-driven auditing has many advantages, for example:
- Working more efficiently and quickly
- Achieving positive results and improvement proposals faster
- Auditing more targeted
- Making processes measurable
- Creating insight and overview of processes
- Making choices in the processes to be audited (not auditing all processes)
- Focusing on matters that are important
- Moving from relative to proactive to predictive auditing
Towards a Better-Functioning Management System
Anita: “You start with risk-driven auditing when there are many complaints or problems in processes. How often you do this depends on the chain you work in, the organization, and the situation. In the food chain, auditing must be done more frequently due to food safety than in a less sensitive sector.”
Sascha: “Risk-driven auditing makes an audit more enjoyable and the output more valuable. It brings added value to organizations, fewer pain points, and a better-working management system.”
Risk-based auditing makes an audit more fun and the output more valuable. It adds value to organizations, reduces problems and creates a better working management system.
New Insights
Setting up a risk-driven audit requires input. This can be standards and regulations, but also internal observations around processes, trend analyses, and objectives to be achieved.
From the questions the auditor asked themselves and the course participants, it emerged that a risk-driven audit is not a process that runs smoothly and easily for everyone. Practice shows that auditing is often done for the sake of auditing itself. This does not lead to desired results, such as change and improvement in the organization.
Sascha: “It’s important to record why you do or change something within your audit process and to substantiate it. This keeps the management team informed of what you have been doing, and your possible successors know the ins and outs immediately.”
Ideal Process for Web Forms
Risk-driven auditing requires different and additional competencies compared to traditional auditing. Anita: “As an auditor, you need to maintain an overview, keep things in the right perspective, and stay close to the processes. You must guard against tunnel vision. As a specialist, you might overlook things. And let yourself be helped. It’s an ideal process for designing web forms.”
A risk-oriented auditor has extensive knowledge of underlying standards, a keen sense for main and side issues, good communication properties, and a healthy dose of courage.
Sascha: “A risk-driven auditor is an auditor+++. You need more flight hours for it. I meet auditors who don’t dare to approach their manager or director. While ultimately, those are the people responsible for how things are run. Involve people in your audit and remember that risks are opportunities for improvement.”
The tips that auditors received from Anita and Sascha provided them with new insights they could use, as evidenced by the responses.
Asking the Right Questions
A risk-driven audit revolves around asking the right questions. For this, you need the right tools and information.
Anita: “Ask mainly open questions and dare to probe further. Also ask about the opportunities that colleagues encounter on their path.” Who, what, where, when, how, and why form the basic questions.
Good preparation for the audit is indispensable. If the planning, preparation, execution, and reporting phases are followed, this meets the PDCA cycle.
“Very educational, all of it.” I’m glad I attended this MasterClass.” “I learned a lot,” were the responses from the MasterClass participants afterward.