How To Survive An Outside Audit

Ideally, an audit is a management tool to ensure that procedure is being followed and processes are working as expected. The best kind of audit is a regular, scheduled event, a review of the agreed-upon proof that people are doing what they are supposed to be doing in the way they are supposed to be doing it. Ideally there isn’t much difference between an internal audit and an external audit: you do the same thing in the same way for the same reason.

Sadly, all too often, an “audit” is a blame assignment exercise after something has gone wrong. The implicit assumption is that every adverse event is someone’s fault, and a further assumption that assigning that blame will accomplish something useful. As for internal versus external, people often go too easy on themselves in an internal audit and too hard on others in an outside audit.

So people ask us: how do I survive an outside audit? The answer is simple: preparation. Forethought. Having already prepared. Here is my usual checklist:

1. Have a policy for the risk

2. Have a procedure for the policy

3. Have proof that you follow the policy

4. Have a plan for when the risk happens anyway

5. Have a regular review to update the policy

Then “surviving” the audit is easy: show the proof. Show the plan. Show how the process and plan have been improved in the wake of whatever failed. You did your best and you are learning.

Trying to get through an unfriendly audit without adequate preparation is a stomach-churning experience I would love to never go through again.

We have a short video on this topic on our YouTube channel.