Regardless of the length of time a business or organisation has been operating; its size, or the sector it’s in, people often get frustrated, not only with the audit process but also with being audited in the first place. I hear this directly when I’m onsite as well as out and about socially.
The frustrations generally centre around:
• Cost
– Staff time to comprehend the standards
– Staff to conduct internal audits
– Consultants to assist in preparations or from whom systems can be purchased, cost
– Accreditation / certification audit, etc.
• Time – to prepare, to find the right systems, to locate the required evidence, etc.
• Poor to devastatingly bad experiences with auditors
• Continued emphasis on ‘ticking boxes’ to address compliance but not adding any other value to the business
• Challenges in keeping up with changes, not only with the continual review of standards from one year to the :next, but also keeping up with legislative and regulatory changes
• Existing government requirements to provide quarterly data which is not seen to be enough to validate the organisation’s commitment towards quality and customer outcomes
• Being expected to continually demonstrate continual improvement within business operations but emphasise opportunities for the business
Do any, or all, of these frustrations sound familiar? No doubt there are many others that could be raised. It’s easy to see why auditing has developed a bad reputation which, in some cases, no doubt is well deserved.
However, from what I have seen, audits can have a positive opportunity to be relevant and meaningful for organisations and businesses, regardless of the sector, particularly if they can move past the idea of simply doing it for the sake of a certificate stating they have met required standards.
The success of an audit depends very much on the organisation’s baseline beliefs of what the process is about and whether that marries up with where the organisation is heading. These beliefs, whether stated or perhaps unconsciously as a part of the organisation’s culture or psyche, can either make or break a positive auditing experience.
Research conducted by KPMG states that 68% of Australian CEOs believe their business is meeting and possibly exceeding customer expectations. Yet 60% of companies reported their auditor did not raise any issues or ideas that could be used in the business to enhance their processes or decisions. At a recent function I attended, participants candidly talked about making a strategic decision to withdraw from ISO certification because they [the organisation] did not obtain any benefits from this type of audit. Those benefits that could include having the auditor look at ways to build the business, not just focus on compliance or seeking a demonstration of continual improvement activity. Several people said the ISOajust didn’t have the value to the organization that it once had, nor was it of any tangible benefit for the organisation to develop a strategic and competitive advantage or to actively seek innovative opportunities to set the organisation apart from the rest.
Focusing on compliance alone is one thing, but it shouldn’t be the only task that is addressed in an audit. Adding value and working side by side with people to see potential opportunities and identify potential gaps in achieving the long-term strategic aim of the organisation or business should be a more strongly defined part of auditing practices. Research suggests that businesses and organisations would be better off without the burden of compliance and that a ‘risk-adjusted approach removing that ‘burden’ for trusted organisations with a strong record’, would go a long way in enabling innovation and responsiveness to changing needs. However, what this would look like in practice requires further attention, particularly when audit outcomes for longstanding organisations or businesses sometimes are accompanied by continual improvement actions, due to factors such as changing senior staff, change in business direction or a loss of organisational vision. Unfortunately, these situations do occur, and they present challenges, not only for the organisation or business confronted with this scenario but also with expectations about how audits should be conducted, both currently as well as into the next decade.
The world of businesses and organisations is changing and evolving – but is the auditing arena evolving at the same pace? From my experience, both as an auditor as well as hearing people’s frustrations about audits, I believe there is scope for the auditing industry to learn from those businesses and organisations who are actively preparing for technological advances and changing working conditions. Similarly, we need to be looking at the impact of ongoing compliance on different sectors and listening to organisations and businesses that are wanting other ways to demonstrate how they are seeking to be innovative and responsive, as well as successful and sustainable over time.
Is this possible? Is this required? What are your thoughts?
Thinking ahead:
1. Can the world of auditing evolve and adapt so that it is known to provide far more than a ‘tick box’ approach with no real value? What would the experience be like for businesses and organisations if they could look forward to obtaining valuable professional insights from an audit?
2. What do you think could be done to make this next step happen? What would happen if auditing remained the same during the next decade?