Risk Management

Levels of Internal Audit Findings

Even the best management systems can pick-up findings during an internal audit and it shouldn’t be seen as a negative.  Our auditors are committed to supporting the resilience and improvement of your organisation through our audit programmes.

This article describes the different type internal audit findings.  

 

Major Non-Conformance

A major non-conformance is the most severe that we will issue, and aligns roughly to the criteria a UKAS Accredited Certification Body would use.

Where the evidence suggests that there has been a complete breakdown in an area of your management system, or that something is missing entirely, a major non-conformance will be raised.  We recommend major non-conformities are corrected immediately.

We will also raise major non-conformities which we feel that if it occurred during an external audit, it would have the potential to delay or suspended your certification.  Part of the internal audit process is to identify these issues so they can be corrected with minimum impact on the organisation.

 

Minor Non-Conformance

If our auditors find isolated instances of a process not being followed, policy not adhered to or a control not applied, but the sample suggests this is generally applied, we may raise a Minor Non-Conformance.

Minor Non-Conformances can escalate to a major NonConformance if not corrected, as they generally indicate the beginnings of a problem.

A series of minor non-conformances within the same area of the management system might also escalate to a major non-conformance, if the auditor believes there is a root cause which has completely broken down.

Often minor non-conformances can be corrected by looking again at your process/control and raising awareness.

 

Observation

Sometimes there may be a weakness in a management system which has not yet caused a material impact to the organisation.  

Where these are identified the auditor will likely note it as an observation, allowing you to look into the issue and highlighting it as an area of attention for future audits.

Observations may escalate to a Minor Non-Conformance if not addressed.

 

Opportunity to Improve

While the impartiality and integrity of the audit is of primary importance, noting opportunities to improve can be used to highlight positive intentions of the auditee or other information which doesn’t form part of the audit opinion.

 

Fixing Problems: Corrective Action

Any non-conformances raised during an audit should be managed through your non-conformance/corrective action procedures, which should be compliant to the standard.

Investigating the root-cause of the issue is essential to ensure that you find an effective corrective action.

 


Source: ARM
Levels of Internal Audit Findings