CHAPTER 10

INTERNAL QUALITY AUDITS

Objectives
To reacquaint you with the purpose of conducting an internal quality audit, the following
considerations are paramount. First, internal quality audits allow you to juxtapose the real-world,
day-to-day practices of your quality management processes against your documented policies,
objectives, and procedures.
Quality Audit
Quality audit is the process of systematic examination of a quality system carried out by an
internal or external quality auditor or an audit team. This can help determine if the organization
complies with the defined quality system processes and can involve procedural or results-based
assessment criteria.
Audit
A systematic independent, and documented process for obtaining objective evidence and
evaluating it objectively to determine the extent to which the audit criteria are full filled.
Planning the audit:
 The audit programmed for a specific year shall be prepared by the internal quality audit
team leader and approved by the quality council prior to its implementation.
 The auditors should not be assigned to an area they belong to or responsible for
organizationally
 The auditors are likewise discouraged to audit the areas where they have had involvement
in any manner for at least 1 year prior to audit.
There are a number of types of audits that can be conducted, including the following:
Types of audits
Compliance audit. This is an examination of the policies and procedures of an entity or
department, to see if it is in compliance with internal or regulatory standards. This audit is most
commonly used in regulated industries or educational institutions.
Construction audit. This is an analysis of the costs incurred for a specific construction project.
Activities may include an analysis of the contracts granted to contractors, prices paid, overhead
costs allowed for reimbursement, change orders, and the timeliness of completion. The intent is
to ensure that the costs incurred for a project were reasonable.
Financial audit. This is an analysis of the fairness of the information contained within an
entity’s financial statements. It is conducted by a CPA firm, which is independent of the entity
under review. This is the most commonly conducted type of audit.
Information systems audit. This involves a review of the controls over software development,
data processing, and access to computer systems. The intent is to spot any issues that could
impair the ability of IT systems to provide accurate information to users, as well as to ensure that
unauthorized parties do not have access to the data.
Investigative audit. Involves the examination of accounts and the use of accounting procedures
to discover financial irregularities and to follow the movement of funds and assets in and out
organization.
Operational audit. This is a detailed analysis of the goals, planning processes, procedures, and
results of the operations of a business. The audit may be conducted internally or by an external
entity. The intended result is an evaluation of operations, likely with recommendations for
improvement.
Tax audit. This is an analysis of the tax returns submitted by an individual or business entity, to
see if the tax information and any resulting income tax payment is valid. These audits are usually
targeted at returns that result in excessively low tax payments, to see if an additional assessment
can be made.
The following audits tools would be required to perform an internal audit:
 Internal Auditor(s)
 Audit plan
 Audit checklist (recommended)
 Audit schedule
Performing Internal in 6 steps
Step #1: Know what and when to audit
Before conducting the internal audit, you should identify what processes are going to be audited.
Understanding the scope and objectives of the audit process will help you create an audit
schedule. As mentioned earlier, internal audit should be conducted based on the risks of the
processes.
Step #2: Create an audit schedule
Creating an audit schedule provides the departments with an advanced notice of the upcoming
audit. The program will help them have the necessary documentation and records available for
review and audit.
Step #3: Pre-Planning the scheduled Audit
Being prepared before a scheduled audit is essential as it will simplify and make the whole audit
process effective. During the pre-planning phase, auditors need to send an audit plan to
department providing information about the audit scope, objective, criteria and possible
documentation evidence needed for the audit.
Step #4: Conducting the audit
Internal audit can be conducted by different methods such as documentation review,
interviewing and observation. Based on the scope and objective of the auditor, the audit shall
choose any methodology or combination of all to carry the internal audit.
Step #5: Record the findings
Recording the findings is vital in the audit process, and auditor needs to list all evidence sighted
by record number or record data. The aim of documenting audit findings is to identify gaps in
compliance and look at opportunities to fix the deficit and improve the process.
Step #6: Report findings
All findings should be reported in an easy to read audit report. Audit reports serve evidence that
an internal audit was conducted. These reports should be reviewed and approved by the
department manager / top management..

THE AUDIT PROCESS

There are five phases of our audit process: Selection, Planning, Execution, Reporting, and
Follow-Up.
Selection Phase
Internal Audit conducts a University-wide risk assessment near the end of each calendar year.
We develop the audit plan for the subsequent year based on the results of this assessment and the
department‘s available resources. The Chancellor and the Fiscal Affairs and Audit Committee of
the Kansas Board of Regents review the audit plan before it is executed.
Planning Phase
During the planning phase of each project, the Internal Audit staff gather relevant background
information and initiate contact with the client. Auditors meet with University leadership and
clients to identify risks and determine the objectives and scope of the audit as well as the timing
of fieldwork and the report distribution.
Execution Phase
Once the audit is planned, fieldwork is executed by the Internal Audit staff. Clients are kept
informed of the audit process through regular status meetings. We discuss audit observations,
potential findings, and recommendations with the client as they are identified.
Reporting Phase
A summary of the audit findings, conclusions, and specific recommendations are officially
communicated to the client through a draft report. Clients have the opportunity to respond to the
report and submit an action plan and time frame. These responses become part of the final report
which is distributed to the appropriate level of administration.
Follow-Up
Internal Audit follows up on all audit findings within one year of when the report was issued.

Internal Audit: The types of internal audits

Internal audits are conducted for different reasons and with varying objectives and with each
type of risk exposure an organization would need to conduct a particular type of internal audit.
Some audits are required by regulation or policy, while others are requested by management to
help improve processes or identify internal control weaknesses.
Here are some types of internal audit:
Operational Audit. An operational audit evaluates performance of a particular function or
department to assess its efficiency and effectiveness. Financial data may be used, but the primary
sources of evidence are the operational policies and achievements related to organizational
objectives. Internal controls and efficiencies may be evaluated during this type of audit. Some
areas of operational audits include: organizational structure, processes and procedures, accuracy
of data, management and security of assets, staffing, and productivity
Compliance Audit. A compliance audit evaluates an area‘s adherence to established laws,
standards, regulations, policies, and/or procedures. Compliance audits are done because of a
policy or statutory requirement. While the audit is done for regulatory reasons, the objectives are
still to ensure adequate control over an important internal process.
Financial Audit. A financial audit is a historically oriented, independent evaluation performed
for the purpose of attesting to the fairness, accuracy, and reliability of financial data. The central
objective is to ensure that the financial activity of the department, unit or area is completely and
accurately reflected in the appropriate financial reports.
IT Audit. An Information Technology (IT) audit evaluates controls related to the institution‘s
automated information processing systems. The information technology audit function develops
audit programs to assess, evaluate, and make recommendations to management regarding the
adequacy of internal controls and security inherent in an organization‘s information systems, and
the effectiveness of the associated risk management.
Management Audit. Also called performance audit, are internal consulting projects. Because an
internal audit is an activity independent of management, it is often an excellent resource to
provide independent and objective insight on the efficiency of business processes. Management
can request internal auditors to review a business process, organization, or strategy; and the
auditors do not have to worry about backlash from management.
Four Types of Audit Reports:
There are four types of audit reports issued by auditors on financial statements. Each type of
report contains different meaning and massages from auditors to users of financial statements.
Those audit reports included Unqualified Audit Report (Clean Audit Report), Qualified Audit
Report, Disclaimer Audit Report, and Adverse Audit Report. The following are the detail of
audit reports.

1 Unqualified Audit Report (Clean Audit Report):

Unqualified Audit Report issued by the auditor to financial statements when auditor found no
material misstatements after their testing. This report contains the unqualified opinion from an
independent auditor.

The report showed that the entity financial statements are prepared and present true and fair and
complying with accounting framework being used.
2 Qualified Audit Report:
The qualified Audit report is the report that issue by auditors to the financial statements that
found material misstatements on them. But those material misstatements are not pervasive.
3 Adverse Audit Report:
Adverse Audit Report is a type of audit report that issued to the financial statements when
auditors found that there are material misstatements in the financial statements.
4 Disclaimer Audit Report:
The disclaimer audit report is the report that issues to the financial statements where there is
matter to auditor‘s independence and those mater cause auditor not be able to obtain sufficient
audit evidence to support their opinion.
https://www.accountingtools.com/articles/types-of-audits.html
https://www.iqs.com/top-benefits-conducting-internal-quality-audits/
https://medium.com/@cshikati/internal-audit-the-types-of-internal-audits-5eaf6ca43981
https://www.patriotsoftware.com/accounting/training/blog/different-types-of-audit/
https://en.m.wikipedia.org/wiki/Internal_audit
QUESTIONS:

1. A systematic independent, and documented process for obtaining objective evidence and
evaluating it objectively.
 AUDIT
2. It is the process of systematic examination of a quality system carried out by an internal or
external quality auditor or an audit team.
 QUALITY AUDIT

3- 6 Give following audits tools would be required to perform an internal audit:

 Internal Auditor(s)
 Audit plan
 Audit checklist (recommended)
 Audit schedule

7 - 10 Give at least 3 Types of audits.

 Construction audit
 Financial audit.
 Tax audit.
 Operational audit.
 Investigative audit.
 Information systems audit

11-15 What are the five types of internal audits

 Operational Audit.
 Compliance Audit.
 Financial Audit.
 IT Audit.
 Management Audit