1. Identify areas that need auditing. Begin by identifying the departments that operate using policies and procedures written by your organization or by regulatory agencies. These can include activities as complex as manufacturing processes or as simple as accounting procedures. Make a list of each activity and the functions that require review.

2. Determine how often auditing needs to be done. While some areas may only need to be audited annually, other departments may require more frequent audits. For example, the HR function may only require an annual audit of records and processes, while a manufacturing process may require daily audits for quality control purposes.

3. Create an audit calendar. A structured and systematic approach to the auditing process will help assure that the function lives up to its full potential. Audits should be integrated into corporate objectives, like any other business goal. Scheduling audits on your business calendar will assure that they are done consistently.

4. Alert departments of scheduled audits. Give departments notice of an audit so they can prepare the necessary documents and materials for the auditor. A surprise audit should only be conducted if you suspect unethical or illegal activity, and department managers should not feel threatened by an auditor.

5. Be prepared. An auditor should come prepared with an understanding of policies and procedures and a list of items for review. The more prepared an auditor is, the more efficient the process will be.

6. Interview employees. The auditor should interview employees and ask them to explain their work process compared to written policy. This step will help to establish an understanding of employee competence and identify employees who need additional training.

7. Document results. Record the results and any differences in practice to how policies are written, as well as when policies are followed and when they are not. This may also include other information that is gathered from the interview process. The goal is to identify any gaps in compliance and find a way to bridge those gaps.

8. Report findings. Create an easy-to-understand audit report to be reviewed with senior management. In addition, an improvement plan should be developed for areas with any gaps in compliance.

Here are some other considerations when conducting an internal audit:

• When reviewing policies and procedures, consider whether written policies are meeting the needs of “customers” (that is, your employees) and adding value to the organization.

• Policies and procedures should be focused on continuous improvement as it relates to how work is performed.

• Ask whether the team environment is healthy and supports compliance with policies and procedures. A dysfunctional team has the potential to impact procedural compliance.

• Policies and procedures should be reviewed annually to assure they reflect the changing business environment.