What to include in Process Audit Checklists, Ask This:

What to include in Process Audit Checklists, Ask This:

Gerard Blokdyk Gerard Blokdyk

Gerard Blokdyk

???? 34K+ | Bestselling Author | Innovator | Speaker | Mentor | Founder and CEO at The Art of Service | Bestselling Author - With 1000+ Academic Citations my work is in the top 1% of most cited work worldwide

发布日期: 2022年1月4日
+ 关注

  1. Does your audit organization have any specific internal procedures in place to deal with ethical dilemmas?
  2. What can internal audit do to support your organizations cyber and IT risk management program and objectives?
  3. Do you feel that your risk, compliance, and audit processes need to be improved in order to address critical risk management challenges?
  4. How does your audit organization begin to take advantage of the new technologies and techniques?
  5. How would management know if your organization level controls provide a strong control environment?
  6. How can management and directors be assured that risk and risk process information is being effectively communicated?
  7. How does your organization know that it has the right arrangement in place at the front end?
  8. What percentage of time does the IT audit function spend on assurance, compliance and consulting activities?
  9. Why do the reasons that brought about the change to a new business risk audit approach matter?
  10. How does outsourcing of various functions change the risk environment and expose your organization to new risks?
  11. Does a third party audit process audit promote cost savings within your organization?
  12. What controls should management have in place to mitigate the risks associated with revenue transactions?
  13. Should an internal audit function coordinate its efforts with your organizations Chief Risk Officer?
  14. How does your organization track and monitor training requirements for all team members?
  15. Does the audit trail need to support scheduled system maintenance and archival procedures?
  16. Does your organization have content that is kept in different clouds, folders and other ways all over the place?
  17. Does your organization have operational capabilities that are consistent with what it claims to be the scope of its business?
  18. Do your facilities have a preventative maintenance program and are logs kept for ordered maintenance work or repairs, which are signed off when the work is completed?
  19. Is your risk management process coordinated and consistent across the entire enterprise?
  20. Is the frequency of process monitoring carried out as per control plan / work instruction?
  21. What procedures do you carry out in order to ascertain whether the audit was effective?
  22. What should the role of internal audit be in evaluating your organizations use of outsourced services?
  23. Has your organization stabilized the work program to ensure the timely and systematic completion of projects?
  24. How does your organization want employees, the general public, and key stakeholders to perceive it?
  25. Is there a documented system for dealing with complaints/feedback from consumers and buyers and organization responses, including corrective actions?
  26. Do you have a method or plan for ensuring customer requirements are determined and met?
  27. How do you assess risk and gather audit evidence in a way that is valuable and transformative to traditional approaches?
  28. What are the problems or complaints you have heard from your back office staff regarding the receipt & processing of customer orders?
  29. Is there evidence that quality objectives and targets affected by this process are being achieved?
  30. What IT processes/functions does your organization outsource/use a third party provider for?
  31. Do you have strong controls in place to ensure contracts receive the right approvals?
  32. Do you feel comfortable that the senior management and the auditors have an open dialogue?
  33. What combination of audit types and what audit information is needed to meet an audit objective?
  34. How important is it for an auditor to meet standards related to post audit activities?
  35. Do process control and monitoring records indicate that the process were controlled within the specified process parameter?
  36. Do you have mechanisms in place to validate the effectiveness of transaction monitoring detection scenarios?
  37. Do all process audits contain procedures that evaluate application configuration settings for the applications that automate the processes?
  38. Do you have mechanisms in place to monitor compliance with applicable record keeping regulations?
  39. Is the level of experience required to undertake the agreed audit plan reflected in the cost?
  40. Who conducts process audits to verify and certify that certain standards or regulatory requirements comply with the processes?
  41. How does the program consider and implement security requirements throughout the development?
  42. Which challenges have you experienced in gaining access to data within your organization?
  43. Do your auditors have the right skills to effectively evaluate digitalization risks and controls?
  44. Have process improvement opportunities been identified based on process performance data?
  45. Are there defined work routines and patterns of interaction for your process personnel?
  46. Should your organization enter, expand, contract or withdraw from any business segments?
  47. Do you measure and monitor activity by key manufacturers and products your organization needs to focus on?
  48. Does the supplier provide material with major impacts on product safety or customer satisfaction?
  49. Is there a product coding system that can identify products and can the system track products back to the source?
  50. Who in your organization has responsibility and accountability for managing the changes?
  51. Has it been demonstrated that actions taken have no adverse effects on products or services?
  52. What mechanisms are in place to complicate attacks your organization is concerned about?
  53. What standard should be used for process audits and what competencies should an auditor have?
  54. Are monitoring and verification information reviewed and considered at management level meetings?
  55. Are layered audit results incorporated into the layered audit countermeasure process?
  56. Have alternative risk management strategies been identified for all of the identified the top risk areas?
  57. What is the process to disseminate updates and/or changes to all personnel?
  58. Has your business impact assessment been conducted for the services moving to the cloud?
  59. Are procedures documented and implemented to ensure contract terms can and will be met?
  60. Do you have a designated safety officer that manages periodic safety inspections/audits and corrections?
  61. Does your organization impose upon employees a continuing affirmative duty to disclose any misconduct?
  62. Are desired auditing outcomes clearly defined, understood, and aligned with organization objectives?
  63. Is your organization tracking its performance in assessing and collecting financial assurances?
  64. What do you see as the appropriate trade off between audit effectiveness and audit efficiency?
  65. Will the audit seek to assess the suitability and competence of individuals within the leadership team?
  66. Have there been significant changes in the process recently or since the previous audit?
  67. Which staffing vendors are providing services to your organization, and do you have an active contract?
  68. Do reviewers have the enough time, space and expertise to conduct the systematic review?
  69. Are there analytical methods used to demonstrate that process outputs meet requirements?
  70. Is receiving inspection performed per documented procedures and detailed work instructions?
  71. Does the team member know the quality standards of the job, key points & reasons for major steps?
  72. Is a product safety policy documented and communicated to all levels of your organization?
  73. Are there instances when change orders are approved after the initial work has been started or completed?
  74. Who cares if you followed all your procedures if your customers are unhappy or your product is unsafe?
  75. Is pricing accurate and does order routing and execution meet best execution requirements?
  76. Are the operating models across your organization aligned in addressing resilience risks?
  77. Has your organization developed an effective positioning and marketing mix for each target segment?
  78. Has management implemented monitoring to detect strategic risks before a disaster hits?
  79. Has your management team provided time, funding and resources to support the innovation program?
  80. Has improvement of one process caused conflict in the achievement of other objectives?
  81. Is your organizations work concentrated in areas of high risk, judgment and sensitivity?
  82. What competencies and process advantages must the client possess to create targeted value?
  83. Are regulatory inspection procedures documented and are inspection records available for review?
  84. Does the board receive adequate information about the internal risk assessment process?
  85. Are customers notified of low yield production lots or issues that affect product reliability?
  86. What organizational structure do you need to put in place to support your analytics strategy?
  87. Are there processes in place to ensure internal consistency between the source code components?
  88. Is there a system in place for the proper handling, segregation, and storage of raw materials?
  89. Is there an effective preventive maintenance program in place for all significant equipment?
  90. Is the quality assurance department adequately staffed to perform product evaluations?
  91. What are the key elements of a holistic maintenance and reliability management system?
  92. What other teams / processes would be impacted by changes to the current process, and how?
  93. Is material properly identified in the work area with suspect/non conforming material isolated?
  94. Do possible external environment changes threaten achievement of your organizations strategy objectives?
  95. Is the use of nonconforming material is documented under a formal waiver or concession system?
  96. Is the reporting mechanism adequate to provide management with reliable and timely information?
  97. Does the supplier understand and follow the quality control instructions for cleanliness?
  98. Is there clear linkage of technology risks to IT processes/services and business services/processes?
  99. What functional areas of the business are involved either directly or in a supporting function?
  100. Should risk measures be formally incorporated into planning performance measurement and compensation?

Auditing? Ask this: Auditing? Ask this:

Auditing? Ask this:

4,931 位关注者

订阅
Porendra Pratap

Bachelor of Commerce - BCom from Nizam College at Hyderabad Public School

3 年

????
回复
Julie Tholen

Senior Documentation Specialist

3 年

100 questions. Guess how many will be answered at all or with any useful information? You ask excellent questions, but your approach would be difficult for the client to be successful in answering. 100 yes / no answers? Is that all that you are hoping the client's SMEs will supply? Or are you hoping that the client's SMEs will be moved to have meaningful discussions at some point. Just my two cents opinion.
回复
1 次回应
查看更多评论

要查看或添加评论,请登录

Gerard Blokdyk的更多文章

社区洞察

其他会员也浏览了