Which areas of your company do you audit?

2021-05-01

From auditor to auditor: which areas of your company do you audit? The most common answers I’ve heard are two: a) the accounts that are related to money such as banks, petty cash, payments, purchases, etc. and b) the accounts that have a higher balance because when auditing them, a higher amount is being covered.

And what happens to the accounts that are related to the information? Or those that have a lower balance and have been there for years without someone having reviewed the movements? Knowing in which areas the company is vulnerable to risks can help auditors to diminish its probability of occurrence and focus on how to help the company to avoid them.


By taking a risk-based approach, you can identify where your business is vulnerable and pinpoint the cause. Finding the cause, it’s essential because in this way the problem is solved, and the auditor can give a true value added. But it’s not easy. Auditor’s most common mistake in issuing their recommendations is attacking the problem and not the cause. Example:


OBSERVATION: The legal area is not complying with the data protection law.


RECOMMENDATION: That the legal area complies with the data protection law.


Really? What kind of recommendation is that? Yes, we all know they must comply with the law, but the crucial thing is: why have they not complied with it? Do they know the reason? Do you know the reason? In this example, the first reason was that they weren’t familiar with the law; then that they didn’t have enough time to study the law and after that, because the area was chaos! And why? Because the activities were not aligned to the functions of each position…The main cause was detected, and it was affecting not only to comply with the law but the entire productivity of the area.


Interested in learning which areas of your company you should audit? Join us The Future of Internal Audit by Phil Griffiths which will be streamed ONLINE on the 10th until the 11th of February, 2022!





Get a feel for our events

Signal and Risk Management in Pharmacovigilance MasterClass

Signal and Risk Management in Pharmacovigilance MasterClass

09 & 10 December, 2021

The focus of this two days online MasterClass will be on providing an update of ongoing activities regarding medicines’ risk and signal management.

The EU Clinical Trial Regulation MasterClass

The EU Clinical Trial Regulation MasterClass

16 & 17 December, 2021

This Online MasterClass will provide an essential understanding to help with compliance with the new EU Clinical Trial Regulation (536/2014) and associated implementing acts for carrying out clinical trials in the EU.

Vendor/CRO Management and Oversight MasterClass

Vendor/CRO Management and Oversight MasterClass

12 & 13 January, 2022

On this MasterClass Training you will learn how to prepare a request for proposal (RFP), evaluate and select the right CRO and establish procedures for vendor oversight for projects you need to outsource.

check all pharma events