An audit examines whether processes , requirements and guidelines meet the required standards. Such an examination procedure often takes place within the framework of quality management . The audits are carried out by a specially trained auditor .
A distinction is made between two types of audits within quality management: In the area of static quality management , the audits have the character of an audit, as they provide evidence of contractual agreements. They are therefore only carried out once per verification cycle. In dynamic quality assurance (or quality management), the audits have a wider meaning: They serve to record development trends and give the initiators of changes important feedback on the effectiveness of the measures they have taken. The significance of these accompanying audits increases with the repetition rate with which the identical catalog of questions is presented to the identical affected group on the same topic. The " DIN EN ISO 19011 , guidelines for auditing management systems" make specifications .
In this sense, the term was originally used in human resources . Today audits are carried out from time to time in almost all areas of companies or organizations (see internal audit ): finance , information management , data protection , production processes , customer management , quality management , the environment, management or leadership of a company / organization (see management audit ), Job satisfaction , work-life balance, etc.
Depending on the area, the current situation is analyzed during an audit or a comparison of the original objective with the objectives actually achieved is determined. An audit is often also intended to identify general problems or a need for improvement so that they can be eliminated. After possible corrective measures / improvements have been initiated, these must be proven. This is done using documents, images, etc.
In English, audit means “checking the books, checking the accounts”, which in turn goes back to the Latin auditus to audire = to hear; the public The book examination was originally given orally.
Audits play an important role in setting up, certifying and maintaining management systems .
The audit types are differentiated according to various criteria. Differentiation according to the audit item:
- Financial audit (check financial figures according to accounting principles (correctness, accuracy, regularity))
- Compliance audit (review of compliance with a set of rules, questionnaire)
- Performance audit (also called legality check; objective and systematic review of the achievement of goals / effectiveness and whether the resources used for this were used economically and efficiently)
- System audit (considers the management system )
- Process audit (considers individual processes )
- Process audit (synonym for process audit or to consider processes)
- Product audit (considers the product based on customer expectations)
- Project audit (considers the progress of a project )
- Media audit (checking the consistency of media activities)
Differentiation according to the status of the auditor:
- Internal audit (1st party; the auditor is an employee of the organization in which the audit is carried out)
- Supplier audit (2nd party; usually by the management representative of a customer at his supplier)
- Certification audit (3rd party; by an independent auditor from a certification body, such as by DQS or TÜV Cert , SGS Institut Fresenius , Bureau Veritas or the ULD (in data protection matters))
Audits related to the certification of management systems :
- Pre-audit to determine the certification ability, even friendly Audit called
- Certification audit with examination of the documents and the fulfillment of the to be certified rules based on a questionnaire
- Surveillance audit (usually carried out annually) to monitor the further development of the management system
- For most management systems, a repeat audit or recertification is carried out every three years
In information technology , the term audit is used for various internal reviews:
- a regular or random check of software projects for compliance with internally defined rules (use of special templates, conformity to the overall project, suitability for implementing the requirements for the module, etc.)
- the systematic examination of source code , e.g. B. on unclean implementations, quality (goodness) of the source code formatting or completeness of the documentation ( code audit )
- the systematic search for potential security gaps in programs or weak point and risk analysis of an IT infrastructure ( security audit or security audit )
- the logging of security-critical operations in software applications
- Verification of whether a company has a sufficient number of licenses for the software used ( license audit )
The Austrian higher education system provides that state universities and technical colleges have to subject their internal quality management process to an audit, see: Agency for Quality Assurance and Accreditation Austria # Audit .
- G. Gietl, W. Lobinger: Quality Audit. 2nd Edition. Hanser, Munich 2010, ISBN 978-3-446-42230-8 .
- Gerd F. Kamiske (Ed.): Management systems. Symposion Publishing, Düsseldorf 2008, ISBN 978-3-939707-02-8 .
- K. Wübbelmann: The challenge of management audit. Gabler, Wiesbaden 2009, ISBN 978-3-8349-0744-8 .
- International organization for standardization
- German Institute for Standardization eV
- Software audits: contractual and legal bases - series of articles on software audits for license reviews (process, legal bases, recommendations for practice)
- ^ Online Etymology Dictionary , accessed September 3, 2014.