Audit to policy & procedures or Risk?

Posted By: Anonymous

Audit to policy & procedures or Risk? - 11/08/05 11:06 AM

Our QC department currently audits to policy & procedures; however, they make modifications to the outcome according to risk. Shouldn't the policies and procedures be modified in lieu of the audit since current policy has already been set? I am in disagreement with this philosophy of allowing leeway since the ultimate risk is not great. I feel it sends a mixed message to the field by saying although our policy & procedures say one thing, we are not going to cite you for this because there is no risk but we will cite for this because our policy & procedures state you have to have it???? (Sorry for the run-on sentences)
Posted By: Anonymous

Re: Audit to policy & procedures or Risk? - 11/08/05 04:04 PM

If you don't enforce adherence to policy/procedure, personnel will not follow it. There should be a consequence for violations, even minor ones - a consequence for a minor violation could be just a verbal reminder the first time. The riskier more serious or repeated violations of policy/procedure should have stronger consequences. If the policy/procedure no longer makes sense, it should be changed. To not enforce policy/procedures or to not change policy/procedures that no longer make sense sends a message to employees that management doesn't care about doing things right.
Posted By: Dip

Re: Audit to policy & procedures or Risk? - 11/08/05 05:32 PM

yeah, on minor/non-risky errors, we may nto cite them as findings, but we will go over them with management or maybe add them on to the audit report as a comment. if the errors continually ocurr, we can elevate the consequences and make them findings. management shoudl be assessing risk and creating policies and procedures that they want to be followed--once they have p&p's that they are satisfied with, they should be followed 100%.
Posted By: RR Jen

Re: Audit to policy & procedures or Risk? - 11/08/05 05:54 PM

I agree...a violation of policy/procedures that is a very low risk might not make it as a formal recommendation requiring management response but will be noted as a violation in the findings and discussed with management as a "house keeping" item.
Posted By: A_G

Re: Audit to policy & procedures or Risk? - 11/08/05 09:19 PM

I agree too. We call these verbal findings and communicate them to mangement during the exit meetings. They show in the workpapers as such. If they are that minor there is no point in overshadowing something of major risk with a minor housekeeping issue.
Posted By: A_G

Re: Audit to policy & procedures or Risk? - 11/08/05 09:22 PM

I agree too. We call these verbal findings and communicate them to mangem
Posted By: Anonymous

Re: Audit to policy & procedures or Risk? - 11/11/05 04:48 PM

It seems to me that if you ignore a procedural violation because there isn't any risk, you are indicating that there is no accountability for not following procedures.