Feature Article: The do’s and don’ts’ of creating an internal audit programme for your RTO

If you want to achieve quality rather than just ensuring that your RTO meets its regulatory and contractual requirements, then putting the effort into effective internal auditing is essential.

Do:

Develop a proper risk-based audit programme

You audit programme should reflect risks identified in your management systems. Your RTO should not be auditing everything at the same frequency else you will be reviewing some areas too much and others not enough. You should apply risk ratings to areas of concern that determines their priority in the schedule. Ultimately, it’s just a poor use of your resources if not done correctly and you are just auditing for the sake of it and ticking some boxes!

Clearly define audit objectives

Your RTO’s audit objectives define why the audit is being done and what it’s purpose is.  You need to carefully consider why your auditors are actually conducting their reviews; what is the value of them and what outcomes do you want from them? Some objectives to consider are:

  • To check if organisational controls are being adhered to and are in alignment and fit for purpose
  • To determine if staff have a clear understanding of their roles and responsibilities
  • To identify areas for improvement
  • To determine levels of consistency across processes and departments

Clearly define audit scope

Your RTO’s audit scope should define the extent and boundaries of the proposed audit. These considerations include:

  • The size of the audit?
  • What breadth does it cover?
  • What teams; processes; locations are included?

It is important to be specific with your scope and not make vague references such as “all processes”. A well written scope will clearly define the boundaries of the audit for both auditors and auditees.

Clearly define the audit criteria

Your audit criteria is what the audit is checking against; for RTO’s generally this is likely to be the SNR’s from the SRTO’s 2015 or clauses from funding agreements or other contracts. Similar to the scope the audit criteria helps keep the auditors on track and is used to determine whether evidence complies or does not comply against the audit criteria stated. Your auditors need to be familiar with the requirements of the audit criteria. Audit findings are only valid when referenced back to the criteria, not auditors opinions. 

Use auditors with the right vocational background

Even if your auditors have appropriate qualifications in auditing they still need to know what they are looking at and have knowledge of the VET sector.  Ideally your auditors should be dual qualified / experienced in auditing and training and assessment to ensure they have a broad understanding of what they are auditing.

Don’t:

Use inexperienced or unqualified auditors

Your auditors whether internal staff or external contractors need to be appropriately trained. Training ensures that the auditors do their job correctly; that they use a consistent approach, and that they are skilled in communicating well with auditees. Experienced auditors understand how to conduct effective opening and closing meetings and how to gather and review evidence. They also provide feedback and audit reports that are brief, concise and factual. They do the job right. 

Audit the same things repeatedly: 

It is pointless continuing to audit the same areas and raising more non-compliances when the underlaying causes are not being addressed. There is no value in reviewing areas you know you are going to find the same issues as you did in previous audits.  Your RTO needs to ensure you are following up on outstanding rectifications from previous audits to ensure actions have been taken. This could also mean systemic issues previously identified have been addressed to prevent recurrence.

References: 

https://www.iia.org.au/technical-resources

https://www.pwc.com.au/assurance/internal-audit-profession.html

https://www.asqa.gov.au/resources/videos/video-understanding-audits

https://desbt.qld.gov.au/training/providers/pqs/audits

Leave a Reply

Your email address will not be published. Required fields are marked *