Академический Документы
Профессиональный Документы
Культура Документы
traído a ust
Institución Universitaria Politécnico Grancolom
HOME JOURNALS & BOOKS CASE STUDIES OPEN ACCESS Resource areas: Emerald Resources
Need help?
This Journal
Advanced
Search
HOME BROWSE JOURNALS & BOOKS MANAGERIAL AUDITING JOURNAL VOLUME 15, ISSUE 6
GENERIC AUDIT OF MANAGEMENT SYSTEMS: FUNDAMENTALS
Seleccionar idioma
fundamentals
Author(s): Stanislav Karapetrovic (Department of Industrial Engineering,
Daltech/Dalhousie University, Halifax, Nova Scotia, Canada)
...Show all authors
Need help?
Type: Technical paper Current Issue
Available Issues
Publisher: MCB UP Ltd Earlycite
https://doi.org/10.1108/02686900010344287 RELATED
Downloads: The fulltext of this document has been downloaded 4587 The most popular papers
from this title in the past 7
times since 2013
days:
will win. Even today, knowledge of adequate and pertinent information helps The reliance of external
auditors on internal auditors
companies win the competition wars. Satisfying customers with the quality of
Audit quality
products and services is certainly one area of business that requires timely and
See more >
reliable information. In order to achieve this objective, a company must know not
only what the customers want, but also whether its operations and resources are
adequate. Managers must retrieve the right information for proper decision Further Information
making. Do past performance and results indicate competent management? Do
About the Journal
known mistakes demonstrate bad decisions or just out‐of‐luck situations? Which Sample Articles
Purchase Information
improvements would rectify the undesirable situation? Questions such as these
Editorial Team
demand correct and reliable examination of decision‐making processes and other Write for this journal
When in recent years formal management system standards, such as the ISO
9000 series, were successfully adopted by international businesses, special
system auditing was concurrently introduced. A manager can call on an internal
or external auditor to assess the implementation of the company’s quality
management system. The auditor will then conduct an impartial and competent
Need help?
examination of the compliance of the system with appropriate standards, as well
as an evaluation of the system’s suitability to achieve quality objectives
(Karapetrovic and Willborn, 1998a). After an external audit by an accredited
registrar, in the case of confirmed compliance and suitability, the company
becomes publicly registered. With over 300,000 worldwide registrations to date,
ISO 9000 quality systems and quality audits have become a valuable support to
management. Increasingly, quality audits are being used for the primary purpose
of continuous quality improvement, and not strictly compliance to stated
requirements (Willborn and Cheng, 1994; Burr, 1997; Hunt, 1997; Russell and
Regel, 1996; Russell, 1997; Gardner, 1997; Walker, 1998; Barthelemy and Zairi,
1994; Wharton, 1997). This international success in the quality management field
spurned other disciplines, such as environmental management, to introduce their
own management system standards (ISO 14001, 1996) and respective auditing
guidelines (ISO 14010/11/12, 1996). Unfortunately, substantial differences among
the audits and audit guidelines of various management systems still remain
(Willborn, 1982, 1993; Karapetrovic and Willborn, 1998b). Responding to the
needs of business and the general public, making these audits more compatible
has become an important international issue.
When people think about audits, they commonly perceive some formal
https://www-emeraldinsight-com.loginbiblio.poligran.edu.co/doi/full/10.1108/02686900010344287 3/26
11/4/2019 Generic audit of management systems: fundamentals | Managerial Auditing Journal | Vol 15, No 6
owns a business, accounting audits with the purpose of evaluating financial books
and activities may also come to mind. Audits have been a part of the accounting
profession for centuries. In recent decades, however, auditing processes have
emerged in other business disciplines. At first, quality professionals started to use
what they referred to as “quality audits” for evaluation of quality programs and the
Need help?
effectiveness of these programs to achieve quality objectives. Soon thereafter,
environmental auditing of corresponding management systems, as well as health
and safety audits, came forth. Today, you can audit your maintenance engineering
practices, ergonomic programs or even perform a social or ethical audit (Vinten,
1998a). Questions about the similarities and differences of discipline‐specific
audits naturally follow such developments. Are the fundamental principles of
auditing common to all disciplines? Are the auditing methodologies used similar
in nature? Are the levels of auditor qualifications and competence comparable?
How are audit programs, i.e. aggregates of individual audits, managed across
disciplines? Ultimately, if financial, quality, environmental, health, safety and other
types of audits are compatible and similar in nature, should they be somehow
aligned and integrated for the purposes of saving resources and eliminating
redundancies?
• diminished cost‐effectiveness;
Need help?
• misalignment of audit objectives and principles;
All these difficulties, paired with the increased pressures for harmonization of
management systems and related audits (Karapetrovic and Willborn, 1998b,
Wilkinson and Dale, 1999), point to the fact that some changes in the direction of
alignment and integration of management system audits are required. However,
the extent to which these changes are to be performed still remains an open
question. Understanding the different issues and objectives that drive quality,
environmental, financial and other audits, as well as the distinct qualifications and
competencies of auditors, some companies simply request simultaneous audits of
their management systems. This would involve separate audit teams, under
separate management, but the audits would take place at the same time. Others
demand an additional level of harmonization, relying on a single audit team, with
team expertise spanning different disciplines. Such an approach would call for a
joint audit. In a joint audit, quality and environmental auditors may, for instance,
conduct their examinations separately, but would follow the same audit plan,
have the same team leader, and conduct a single opening/closing meeting. Yet
another level would require an integrated audit, where discipline‐specific audits
would lose their separate identities. Integrated audits require auditors competent
and qualified in several disciplines, and would be conducted as a single audit,
from planning and design, through execution, to reporting and completion.
Obviously, a solution is required that could accommodate these diverse requests,
and at the same time, provide for an integrative approach to management system
auditing. We believe that the concept of systems‐based generic auditing, together
with a sound generic audit guideline, will attain this objective.
https://www-emeraldinsight-com.loginbiblio.poligran.edu.co/doi/full/10.1108/02686900010344287 5/26
11/4/2019 Generic audit of management systems: fundamentals | Managerial Auditing Journal | Vol 15, No 6
Need help?
Generic audit
In the realm of management systems, “generic” is the term commonly used to
describe systems or associated frameworks that transcend industry or
geographical boundaries. For instance, ISO 9000 and ISO 14000 are generic
management system standards that are universally applicable to virtually any
organization, regardless of its size, place of business, ownership or market
environment. In particular, ISO 9000 standards have been successfully introduced
in manufacturing, service and non‐profit organizations in over 120 countries (ISO,
1998). Such use of the term correlates with its prevalent meaning of “belonging
to, or being a characteristic of, a group or class”, and its synonym “universal”,
found in most dictionaries (e.g. Webster’s, 1973; Drysdale, 1990). Typically, the
group, class, or “genus” referred to is a discipline‐specific management system.
For example, the standards from the ISO 9000 series belong to the quality
management group/class, and can be universally used for quality management.
The same is true for ISO 14000 and environmental management, and so on.
The current needs of industry, however, are propelling the move away from
discipline‐specific systems, towards all‐encompassing or integrated management
systems and related audits (Wilkinson and Dale, 1999; Karapetrovic and Willborn,
1998c). Therefore, we propose to broaden the term “generic” to include a class of
audit that would span across quality, environmental, safety or financial disciplines.
A “generic audit”, and the corresponding guideline, would be universally
applicable to any management system, irrespective of its purpose, boundaries,
location or outputs. An organization could use such audits to examine the
effectiveness and efficiency of a quality management system, to assess the
compliance of an environmental management system with appropriate standards,
or to improve upon existing safety and ergonomic practices. It could also apply a
generic audit if only one formal management system (say the one for quality) is in
place, or if separate systems exist, or even in the case that the organization is
operating an integrated management system for quality, environmental, safety,
ergonomic, maintenance, financial and other purposes. Generic audits would
provide a consistent, systematic, independent and objective service aimed at
continuous improvement, to the various levels of the hierarchy, from top
management to frontline personnel. In other words, this kind of audit would
https://www-emeraldinsight-com.loginbiblio.poligran.edu.co/doi/full/10.1108/02686900010344287 6/26
11/4/2019 Generic audit of management systems: fundamentals | Managerial Auditing Journal | Vol 15, No 6
Need help?
of identical or at least compatible characteristics of well‐established quality,
environmental and financial auditing guidelines, but also some blending or
alignment of their dissimilar attributes. Willborn’s (1982; 1993) work on the
compilation and comparison of quality and financial auditing guidelines provides
a source of defining such characteristics. Naturally, a generic audit would have to
be flexible enough to accommodate diverse functional objectives, and yet sound
enough to ensure consistency of the application and achievement of the
common audit policy of an organization. So, how can we systematically
accomplish these antagonistic goals without losing the important benefits of the
generic audit? As commonly is the case, half of the answer lies in the question, or
to be more precise, in one of its parts: “systematically”.
The main advantage of the systems approach in generic auditing is that it focuses
on the examination of interdependencies of management system elements within
a particular discipline, but also across quality, environmental, financial and other
disciplines. This provides for a better understanding of the overall business
https://www-emeraldinsight-com.loginbiblio.poligran.edu.co/doi/full/10.1108/02686900010344287 7/26
11/4/2019 Generic audit of management systems: fundamentals | Managerial Auditing Journal | Vol 15, No 6
Need help?
principles, procedures, and techniques in which every action is evaluated in terms
of the common global goal of the organization (Srikanth and Cavallaro, 1987). All
organizational elements, meaning the various processes, resources and
objectives, should be inter‐linked and geared to achieve this common goal. While
they were initially designed for manufacturing problems in inventory control and
scheduling of operations, Goldratt’s principles can be applied in other areas, such
as auditing.
Because all audit elements (processes, resources and individual audit objectives)
are subjected to the achievement of the global auditing goal, the audit system
becomes inherently dynamic and adaptive to the changes or disturbances in the
system environment. For a further discussion on the dynamic properties of
auditing, see Peters (1998) and Willborn (1990).
Need help?
objectives, this flexible system can be leveraged to attain specific quality,
environmental, safety, etc. goals. For example, as illustrated on top of Figure 1, if
we want to improve environmental (or quality) performance, our generic audit
will become an environmental (or quality) audit system. The generic audit system
is also a subsystem of the generic business system (Figure 1: bottom). Discipline‐
specific audits are, therefore, subsystems of quality, environmental and other
management systems.
the human agent in such an audit system is seen as the most important
prerequisite for achieving audit objectives. Here again the systems view applies, as
is explained in the generic audit guideline.
Need help?
Section: Choose
Definitions
The understanding of what auditing is and what it is not differs with the areas and
types of application. In the auditing of management systems, for instance, the ISO
10011 (1990) guideline for quality audit specifies that the auditor evaluates the
suitability and effectiveness of the system implemented by a company. The similar
guideline for auditing environmental management systems, namely ISO 14011
(1996), considers that such a general judgement of the system effectiveness is not
the responsibility of the auditor, who is only to verify compliance with audit
criteria. Still, both these international audit guidelines have many similar, if not
identical, features and requirements (Karapetrovic and Willborn, 1998b). This is
hardly surprising, considering the shared history and close ties between the
quality and environmental technical committees (TC 176 and TC 207 respectively)
that drafted the guidelines.
https://www-emeraldinsight-com.loginbiblio.poligran.edu.co/doi/full/10.1108/02686900010344287 10/26
11/4/2019 Generic audit of management systems: fundamentals | Managerial Auditing Journal | Vol 15, No 6
Need help?
Principles
Apart from the understanding of the term “audit”, in the century‐old auditing
practice, certain basic commonalities have evolved even as the business
environment has changed. We can refer to these commonalities as “audit
principles”, defined in the words of Schandl (1978) as “a group of guidelines or
recommendations to be followed in auditing practice if we want a good audit, a
correct opinion or judgement.” Historically, the earliest known auditing dates
back to ancient Rome, where an auditor was a public officer who observed
certain transactions and reported them if a misrepresentation occurred (Schandl,
1978). Interestingly though, the ancient accounts of auditing maintained several
fundamental principles that are still common to audits today. For instance,
auditors were independent, i.e. not a party to the proceedings, they were
objective in their observations and they had a duty to report the findings.
Therefore, in spite of the passage of time, the auditing practice in general, and
auditing principles, remain basically unchanged. While the ISO 10011 (1990)
quality audit guideline implies most of these principles, the subsequently
published one for environmental management system lists auditing principles in a
special document (ISO 14010, 1996), that logically precedes the audit process
(ISO 14011, 1996) and auditor qualifications (ISO 14012, 1996). Although the
principles of sound auditing have been widely used and are well established in the
accounting and internal auditing fields, such an explicit listing of audit principles
in environmental management has greatly helped to enhance the understanding
of management system auditing.
Figure 3 (top) lists in a tabular format the fundamental audit principles from three
different sources: accounting, quality and environmental management. It shows
compatibility among the essential rules for guiding auditing activities. For the
purposes of planning, conducting and improving upon generic audits, these
principles could be streamlined on their common basis, and perhaps augmented
with a general principle of continuous improvement. For instance, Arter (1998)
states the following five universal principles of auditing:
Need help?
5. 5 audit systems are managed for excellence.”
After taking into account the stated principles from different management fields,
a set of principles that could be used for the generic audit is proposed. This set,
arranged according to the systems approach, is presented in Figure 3 (bottom).
Naturally, any such integrative effort would require a relatively broad consensus
of interested parties from different disciplines. Rather than working in parallel on
similar and compatible issues, as was done in the past (see Vinten (1998b) on the
contested territory of internal audit), stakeholders in the auditing issue should sit
together, work out a common ground, and use the inevitable synergy effects to
their advantage. Representatives from various international professional
organizations, including the Institute of Internal Auditors (IIA), International
Federation of Accountants (IFAC), joint quality and environmental auditing
committee under the umbrella of the International Organization for
Standardization (ISO), and other concerned bodies, should certainly be involved.
This joint group could then be given a task to develop a set of generic auditing
guidelines, using the input from all relevant sources (such as existing audit
standards) and disciplines. The ISO format of making decisions by consensus
seems to be useful for this work. Once drafted, these guidelines would be
adopted by all participating bodies as international standards and a permanent
https://www-emeraldinsight-com.loginbiblio.poligran.edu.co/doi/full/10.1108/02686900010344287 12/26
11/4/2019 Generic audit of management systems: fundamentals | Managerial Auditing Journal | Vol 15, No 6
adopted by all participating bodies as international standards, and a permanent
committee would revise and improve them according to the needs and state‐of‐
the‐art developments. The use of the guidelines should be championed by
international and national professional organizations, including for example the
American Society for Quality (ASQ), the Chartered Institute of Public Finance and
Accountancy (CIPFA), and the American Institute of Certified Public Accountants
Need help?
(AICPA). Undoubtedly, these common auditing standards should be included in
the body of knowledge required for auditor qualifications, regardless of the
auditing discipline. A more detailed proposal for such guidelines is addressed later
in the paper.
Practices
Perhaps of all the characteristics of discipline‐specific audits, the most common
are the accepted practices of planning, conducting and reporting on the audit.
Audit practices, or the audit process, relate to the flow of activities from the
conception of an individual audit to the evaluation of whether the audit has
achieved set objectives. This is the area that will probably bring the least
contention among experts from different audit disciplines (Karapetrovic and
Willborn, 1998b). Because of their similarity, the harmonization of audit practices
for the purposes of generic auditing should be relatively straightforward, barring
any obstacles of a “political” nature.
Need help?
and existence of the qualifications and competence is likely, it is by no means
guaranteed. For example, an auditor who exclusively has experience in the
manufacturing industry may not feel competent to assess a quality management
system in a university environment or in a non‐profit organization. Or perhaps it is
not possible to achieve all objectives within a set time and with given resources.
This would render a planned audit unfeasible. Another solution, such as the
revision of the audit plan or acquiring another auditor or technical expert, is
required. Following the confirmation of feasibility and competence, the audit is
planned and adequate processes and resources are designed. This includes:
• audit risk assessment (evaluating the probability that the audit will result in
an incorrect finding (ISO 14010, 1996));
Auditors are then allocated to audit teams, and specific audit assignments are
given. Prepared audit methodologies may be tested to ensure compliance with
the audit objectives. The audit is executed in the well‐known sequence of: the
opening meeting – collection and verification of audit evidence – comparison of
audit evidence against audit criteria – summary of audit findings – closing
meeting. Finally, the audit report is prepared, communicated and reviewed, which
concludes the audit process in some disciplines (e.g. environmental auditing). In
quality auditing, the process continues with preventive and corrective actions that
eliminate the causes of poor performance or non‐conformances identified by the
audit (Russell and Regel, 1996).
Now that generic audit definitions, principles and practices have been identified,
one question still remains. Namely, how can this presentation of auditing
fundamentals be strengthened, and partly revived, in the rapidly emerging field of
management systems auditing? As Pyzdek (1999) emphasizes for the quality field,
no one best answer exists for auditing either. Perhaps a request for continual
https://www-emeraldinsight-com.loginbiblio.poligran.edu.co/doi/full/10.1108/02686900010344287 14/26
11/4/2019 Generic audit of management systems: fundamentals | Managerial Auditing Journal | Vol 15, No 6
no one best answer exists for auditing either. Perhaps a request for continual
Need help?
not only in accounting, but also in the quality, environment, safety and other
fields. Much like engineers, medical doctors and accountants, for instance,
auditors may organize their own associations, which would set the qualification,
competence and professional development requirements, and protect the
auditors’ interests regardless of which area in auditing they are working in.
Universities should play a more important role here, by offering upper‐level
undergraduate and graduate courses in generic auditing. Without a doubt, the
road to a full development and implementation of a generic audit will be
treacherous and daunting. In our opinion, however, at least a partial answer to the
above question lies in the development of an internationally accepted and
discipline‐wide generic audit guideline, which would certainly be a step in the
right direction.
relates to the effort of aligning the structure and content of the guidelines, which
would remain separate documents, but with a significantly increased
compatibility. On the other hand, integration would involve a complete
amalgamation of guidelines into a single document. Nevertheless, revising
international standards is a complex task. The ongoing work, which started
Need help?
several years ago, has yet to produce a final draft. Part of the difficulties
encountered rest in the lack of conceptualization of auditing fundamentals.
Auditors, managers of audit systems and programs, and clients must be equipped
with practical concepts that will strengthen and simplify understanding and
application of auditing. A mere listing of auditing principles, even in connection
with the subsequent outlining of audit processes and auditor qualifications,
appears to be insufficient for such an understanding to occur. The current
revision of ISO audit guidelines will hopefully arrive at an internationally
acceptable integrated audit guideline. This should then facilitate joint or
integrated audits of management systems in a company, since managers are
particularly interested in greater cost‐effectiveness of this type of auditing.
This guideline would be generic in itself, meaning that it would not have special
Need help?
what “the best in auditing” means at any particular time. Developing generic audit
guidelines along both prongs should provide a more solid foundation of modern
management system auditing.
The first part would list the fundamental principles of generic auditing, an
example of which has been provided in the above discussion on auditing
principles. It would also provide some guidance on the implementation of these
principles. The second part conceptualizes an audit as a system, illustrates the
basic features of the generic audit system model, and discusses the management
of different levels of audits, including individual generic audits, audit programs,
and finally the audit management system. Similar to the ISO 10011 (1990) quality
audit standard, sections on audit management of the generic guideline would
address such issues as determining the organizational structure, procedures,
authority and responsibility for the audit system, as well as the measurement and
i f di ffi i d ff i Th
https://www-emeraldinsight-com.loginbiblio.poligran.edu.co/doi/full/10.1108/02686900010344287 17/26
11/4/2019 Generic audit of management systems: fundamentals | Managerial Auditing Journal | Vol 15, No 6
improvement of audit system efficiency and effectiveness. Three separate
subsections of the second part of the guideline would illustrate common audit
policy and objectives, audit processes (in the flowchart form, as presented in
Figure 4), and audit resources, including auditors, information (audit evidence,
criteria, findings and conclusions), methods (sampling, flowcharting, checklisting,
computer‐aided auditing) and infrastructure.
Need help?
Finally, the third part would address quality assurance of generic audits, including
the establishment of specific quality assurance systems for auditing activities,
reliability and maintainability of generic audits, and, probably the most important
issue, qualifications and competence of auditors as the human resource element
of the audit system. Qualifications refer to the aggregation of auditor’s education,
training and experience, which makes the auditor eligible to conduct audits.
However, competence is a broader concept that involves a demonstrated and
recognized ability to consistently achieve audit objectives and assure the client
and auditee of the quality of auditing services. The guideline for generic audits
would list the principles and methods for the evaluation of competence (for
instance the application of relevant audit methodology), methods for
demonstration and recognition of competence, as well as the principles of
continuous professional development and improvement. Such quality assurance
should provide good confidence to the client and the auditee alike that the
generic audit performance is satisfactory.
and implementation of such a document requires some further research. The key
to success is the open mind of a practitioner.
Need help?
Table I Compilation of audit definitions
https://www-emeraldinsight-com.loginbiblio.poligran.edu.co/doi/full/10.1108/02686900010344287 19/26
11/4/2019 Generic audit of management systems: fundamentals | Managerial Auditing Journal | Vol 15, No 6
Need help?
Figure 6 Content of a generic audit guideline
holar]
Need help?
10. Goldratt, E.M. (1990), The Theory of Constraints, North
River Press, Croton‐on‐Hudson, NY. [Google Scholar]
15. ISO (1998), The ISO Survey of ISO 9000 and ISO 14000
Certificates: Seventh Cycle 1997, International
Organization for Standardization, Geneva, Switzerland.
[Google Scholar]
Need help?
19. ISO 12207 (1995), Information Technology – Software
Life Cycle Processes, International Organization for
Standardization, Geneva, Switzerland. [Google Scholar]
Need help?
27. Karapetrovic, S. and Willborn, W. (1998d), “Integration of
quality and environmental management systems”, TQM
Magazine, Vol. 10 No. 3, pp. 204‐13. [Link], [Google Scho
lar] [Infotrieve]
28. Kurtzman, R.D. and Brewer, C.W (1997), “An ISO 9001
and 14001 integration: lessons learned”, Proceedings of
the 51st Annual Quality Congress, Orlando, FL, pp. 351‐5
[Google Scholar]
32. Russell, J.P. and Regel, T. (1996), “After the quality audit:
closing the loop on the audit process’, Quality Progress,
Vol. 29 No. 6, pp. 65‐7. [Google Scholar] [Infotrieve]
https://www-emeraldinsight-com.loginbiblio.poligran.edu.co/doi/full/10.1108/02686900010344287 23/26
11/4/2019 Generic audit of management systems: fundamentals | Managerial Auditing Journal | Vol 15, No 6
Need help?
ar]
https://www-emeraldinsight-com.loginbiblio.poligran.edu.co/doi/full/10.1108/02686900010344287 24/26
11/4/2019 Generic audit of management systems: fundamentals | Managerial Auditing Journal | Vol 15, No 6
Need help?
44. Willborn, W.O. (1982), Compendium of Audit Standards,
American Society for Quality Control, Milwaukee, WI. [G
oogle Scholar]
We recommend
Audit and self‐assessment in quality Current Severe Psoriasis and the Rule of
management: comparison and compatibility Tens
Stanislav Karapetrovic et al., Managerial A.Y. Finlay et al., Medscape
Auditing Journal, 2013
School culture at risk of political and
Knowledge management: the new methodological expropriation
challenge for the 21st century Ondrej Kaščák et al., Human Affairs, 2012
Atefeh Sadri McCampbell et al., Journal of
Knowledge Management, 2013 Quality of Care for OA
John J. Edwards et al., Medscape
Integrated audit of management systems
Stanislav Karapetrovic et al., International Post-modernism, post-structuralism, post-
Journal of Quality & Reliability Management, semiotics? Sign theory at the fin de siècle
2013 Roland Posner, Semiotica, 2011
Environmental audit: theory and practices Defining and Distinguishing Homeland from
Josephine Maltby, Managerial Auditing National Security and Climate-Related
Journal, 2013 Environmental Security, in Theory and
Practice
Explanation of terms of concepts and Terrence M. O’Sullivan et al., Journal of
fundamental principles of grey systems Homeland Security and Emergency
Sifeng Liu, Grey Systems: Theory and Management, 2015
Application, 2016
Powered by
https://www-emeraldinsight-com.loginbiblio.poligran.edu.co/doi/full/10.1108/02686900010344287 25/26
11/4/2019 Generic audit of management systems: fundamentals | Managerial Auditing Journal | Vol 15, No 6
Need help?
Contact Us Industry Standards Emerald Bookstore
Accessibility
statement
https://www-emeraldinsight-com.loginbiblio.poligran.edu.co/doi/full/10.1108/02686900010344287 26/26