Audits, as an important part of the control and development of organizations, are familiar to all of us. There are a number of them, from audits of management systems, information security, health and safety, to audits of an operational nature, such as 5S and lean audits. The workflow can be automated for all performed audits, whether they are performed internally or externally. The benefits of automation become more important as the audits are repeated. Audit workflow automation can take place on the part of the auditee, but also on the part of the auditor. One of the goals is to make all audit-related activities as easy as possible by using templates, alerts, generating requests, and automatically filling in data that people would otherwise have to rewrite.
In this case study, we will introduce you to the digitization and automation of audit activities on the part of the auditor or certification company. Over the years, there has been a growing need in this organization to radically streamline audit activities and get rid of paperwork, which complicates work, causes duplicate activities, and prevents routine tasks from being automated. The main reasons why the company approached the digitization and automation of audit activities were:
- Improving the quality of audits - We focused on fast search and interpretation of past audits, fast partially automated evaluation of whether audited companies improve or deteriorate in audit results over time, the goal was to eliminate the activities of rewriting data into tables, copying, manual sending or uploading files and duplicating or adding messages to multiple people.
- Increasing the reliability of the entire standardized process - The basic idea and goal here was that the process of planning, performing and evaluating the audit must be reliably monitored in terms of meeting deadlines and adapting to individual customers. The aim was to automate and streamline the routine activities of annual planning and make the activities more pleasant for customers where their active cooperation is required.
- Facilitating routine work or automating specific activities - Automated steps have been set up throughout the process so that they do not take up time and energy for employees to use in other ways. Where possible, templates, automatic alerts, automatic request generation and data completion were created that would otherwise have to be manually rewritten.
What audits can be digitized and automated?
Digitization and automation of processes related to audits as well as the audit activity itself can be performed in whole or in part for any types of audits that are performed in companies. The main input information we need to know if we are starting to think about the automation and digitization of audits is mainly the number of repetitions of these audits, the number and structure of evaluated elements and evaluation parameters and, last but not least, the course of the audit itself. Different audits have their own specifics and it is therefore appropriate to take them into account. Of course, the more often the audit is performed and the activities associated with it are more routine, the more sense it makes to invest time and money in automation and digitization.
Here are the most common types of audits that are suitable for data digitization and automation of activities, and their specifics:
- ISO and other certification audits - In automation, activities are to be carried out within one year (for example, definition of management system objectives). We can manage internal, certification and supervisory audits in different ways. It is also possible to schedule audits for different branches or departments during the year, always as required.
- Standards, 5S, security audits - Audits are repeated more often and are often used for operational change management and problem solving. Therefore, the automation process will be set up to generate more audits for different departments, production sections, etc. At the same time, more emphasis is placed on continuity, it is desirable to see the course of audit results and, for example, the potential for improvement. The audit itself can be defined via an online form that is shared with the auditor.
- Lean and process audits - These audits are often an example of random audits used to identify the current status of administration or production processes. The important part is to reveal the potential. We can plan these (and similar) audits based on the required quantity per year. For example, when we know that an audit is to be performed in the first quarter, we are able to set the foundation for automation and notification of upcoming deadlines.
How to proceed with digitization and automation in the field of auditing
The certification institutiion involved the digitization of documents and the automation of key activities in supervisory and certification audits. As a first step, it was necessary to describe and standardize in detail the whole process that is associated with the audit. The process defined by us consisted of 7 steps. If we start with digitization and automation, it is possible to choose only a partial part of the whole process and focus on it in a pilot project. This approach is especially suitable if we implement everything ourselves and we do not have sufficient experience with the systems we want to use. Thanks to the pilot project, we will learn to work with the systems, verify the correctness of our requirements and it is possible that the original assumptions and needs will change. It is also appropriate at this stage to consider whether it pays to invest in an external expert familiar with the methodology and tools, who can not only facilitate our work in the implementation of the solution, but especially can help define needs with regard to knowing the potential and use of individual systems, applications and methods.
We have defined the process in an overview in the following seven steps:
- Creating an audit request;
- Audit planning;
- Conducting audits;
- Records of findings to be corrected;
- Information on the results of remediation and audit;
- Long-term reporting of results;
- Audit closure and approval;
Then the whole process was described in detail and the potential for digitization and automation was evaluated. We had to specify clearly what and how it would be done and what the benefits would be. The possible risks that may arise during implementation were also consulted and also steps taken to avoid these risks. As we focused on a living process that could not be carried out, as a key process of the organization, we had to proceed with the utmost caution and in parts so that there was no loss of personnel and system support at any stage. The following table illustrates which steps have been selected for automation and what benefits automation will bring to the company.
Audit step | Automation | Improvement and benefits |
---|---|---|
Determining what audit to do and when | The audit request is automatically generated according to the date of the last audit performed. | There is no need to repeatedly check the appointment table and scroll through customer data manually. There is no risk of error. |
Proposing a date of audit | Automatic generation of a suitable date and sending invitations to the auditor and the auditee. | Controlled appointment via calendar or booking system. There is no need to enter and communicate dates manually. |
Performing an audit | An application that navigates participants during an audit. Just select the type of audit and the customer, the other elements are in the template. | We only fill in the form, there is no need to print documents and fill them in manually, or then rewrite and record them on a computer. |
Records of findings to be corrected | When a problem is detected, a photo can be taken and the application automatically creates a task to which people and deadlines can be assigned. | The photo is saved directly to the audit and added to the report. A request is automatically created by the responsible person according to the audit site. |
Information about the results | The automatically generated report is sent to all participants. | It is not necessary to process it manually and insert, for example, pictures, etc. At the time of completing the audit, a report on status, time, participants and results is available. |
Reporting | We have a long-term overview of the results and status of audits. It is support for system improvement. | You can perform ad-hoc dataset analyzes and preset reports showing information for decision making. We see a detail of the course of audits, duration and results over time. |
Closing and approval of the audit | After completion, it is possible to automatically schedule another date, send a summary of changes, determine recommendations from reporting. An automatic audit approval request is sent to supervisors. | There is no need to create follow-up actions, additional audits are generated according to set, automatically scheduled requirements. Administration is simplified. |
This automated system allows us to focus on continuous process improvement, instead of having to put a lot of energy into their evaluation and auditing. The faster we evaluate, the better we can respond to the results. Reporting audits over a longer period of time allows us to detect repeated errors and causes of non-fulfillment of goals or insufficient growth in productivity. It is then possible to purposefully adjust the audit process to support the fulfillment of our goals. An important part is the saving of staff time, which is in the tens of percent depending on the repeatability of all activities.
Systems that have been used and their benefits
In projects of this type, we always try to make the most of the potential of the systems available to the customer. We most often choose Microsoft 365 systems for application creation and reporting. In this particular project, the customer has the entire company environment, documentation and audit management directly in the Microsoft 365 cloud. We therefore worke in an environment that has many advantages for digitization and automation. Those that are most interesting for customers include:
- Availability of the solution - MS 365 applications are widely used, even if companies use them only in the base, high availability of services is always guaranteed.
- Price per SW - Within standard cloud licenses, most functions for automation are accessible, the use of higher licenses is always recommended by an external specialist.
- Security - Data security and prevention against data loss is addressed within the cloud as one of Microsoft's services and support.
- Support and documentation - Quality documentation of the entire platform in the form of instructions and video instructions and a large professional and community base for solving requirements from professional consultants and Microsoft support.
In the preparation of the project, digitization and automation of the audit management process of the certification body, we used various applications, which together ensured a highly functional and easy-to-use and user-friendly unit:
- MS Teams - a central site for managing tasks, requirements and approvals
- Sharepoint Online - management of stored data, requests, audits, their results, customer information
- Power Automate - creation of automatic actions that will happen under given conditions (for example, generate the necessary audits every Friday)
- Power BI - creating reporting that automatically updates and allows us to perform detailed analyzes
- Power Apps - creation of mobile applications with minimal requirements for their programming, which we will use for auditing
We wish you much success on the road to more agile, digital and automated processes and systems!