Demystifying audits: a guide for partners

The word "audit" can often strike fear in the hearts of business owners. But what exactly is an audit, and what does it entail? In this article I'll try to demystify the audit process, specifically focusing on partner audits within Provider programs. Understanding the purpose, procedures, and expectations of audits can give partners greater confidence before and during the process. They can also leverage learning gained during audits to improve their businesses.

What Is An Audit?

An audit is a systematic, independent, and documented process for evaluating whether a partner meets specific criteria. In the context of Provider programs, these criteria are typically outlined in the relevant requirements document.

The audit itself follows a defined process, ensuring a fair and objective assessment.

To help partners prepare, ISSI auditors act as independent evaluators, ensuring that both the letter and spirit of the requirements are met. To evaluate the extent to which the partner complies with the requirements, the auditor will follow the Three Es approach.

• Does a system Exist?
• Is the system Effective?
• Is the system Efficient?

Our role is to ensure that partners fully execute on these points prior to an audit. For example, if a partner claims they downloaded a Problem Management Procedure, it may be difficult to say that a system exists and is equally hard to determine if it is effective or achieved a desired outcome(s).

This can cause challenges at audit time. The partner might argue that "the requirement says we must have a documented procedure, and we have one." But the auditor is not going to accept that at face value. He or she will use professional judgment-and ask very pointed questions-to evaluate if the partner meets both the spirit of the requirements and the actual requirements.

Partners need to be aware that an audit is not just a "box-ticking" exercise.

For example, during audits partners will have to provide documentation and evidence of control points. The example above might read, "Partner must have a documented Problem Management Procedure and provide evidence of implementation." Being prepared for this in advance makes it easier when an auditor asks, "OK, so you have a procedure downloaded from the internet. Please show me where you keep your problem records."

In addition to evaluating the extent to which a partner meets the requirements, good auditors take a consultative approach and make suggestions for improvement. These will probably be recorded in the report as "Opportunities." In my experience, some partners resist the documentation of opportunities because they view it as a negative. But the opposite is true; most auditors will strive to help the partner. And who wouldn't want some free consulting?

Audit Methodology-And Getting The Best Experience

Auditors exercise professional care-attention, observance, faultlessness, discretion-in accordance with the importance of the task they perform. A solid audit methodology includes ethical conduct, fair presentations, independence, and an evidence-based approach.

An audit typically involves these stages:

1. Planning: The auditor prepares, gathers information, and reviews relevant documents.
2. Information Gathering: This phase involves conducting the actual audit (usually done remotely), which includes various auditing techniques and questioning methodologies.
3. Analysis and Review: The auditor reviews notes, action responses, and assesses compliance with both requirements and their intended purpose.
4. Report: The auditor generates a report summarizing the findings, highlighting compliance points, opportunities for improvement, and drawing meaningful conclusions.

During the process, auditors will look for objective evidence to answer questions such as, Does the partner meet the requirements? Do they have integrated management systems to achieve compliance? Are these systems effectively implemented?

Think of the auditor as a detective, gathering clues and building a picture of the partner's operations. They actively listen, process information, and ask insightful questions to gain a thorough understanding. They rely on meaningful conversations with relevant personnel, while leveraging live tools and processes so they can see demonstrations of actual practices and systems. They look for objective evidence with verifiable data upon to reach their conclusions.

Partners can contribute to a positive audit experience in several ways.

First, read the requirements document thoroughly. This is your roadmap for success. Assume all control points apply and carefully address each requirement, even if you believe it doesn't apply to your specific operations. Actively listen to the auditor's questions because they are trying to understand your unique approach. Finally, offer clear and concise responses. Avoid rambling or going off on tangents.

The Benefits Of An Audit

Audits offer valuable benefits for both partners and providers. They reveal important information with reliable data that can guide a partner's decisions for managing the business and executing effective programs. An auditor can provide unbiased insights on compliance and performance. The audit process can foster transparent communication and improved understanding between partners and providers.

Additionally, audits can uncover opportunities where training and support can benefit a business and proactively identify potential issues and vulnerabilities. Audits can also reveal areas for improvement and optimization, while delivering deep insights into the overall effectiveness of your systems and processes.

Conclusion

By understanding the audit process, its objectives, and expectations, partners can transform audits from stressful events into opportunities for improvement. Through active participation, by delivering accurate information, demonstrating a commitment to compliance, and relying on clear communication and transparency, partners can ensure a smooth and productive audit experience.