control, and governance
Reaching the Standard
A general auditor seeks to raise the level of process compliance within her own department.
Edited by Eelco van Wijk
Monika is the general auditor for PanierPom, GMHb, a publicly traded company active in several chemical manufacturing areas, as well as pharmaceuticals. Headquartered in the heart of Germany’s industrial Ruhr Area, Panier Pom has annual revenues exceeding 20 billion euros (US $25.4 billion) and maintains a significant presence in India, China, and seven European Union countries. Following a recent expansion of the department, Monika’s audit team now consists of 52 staff members and managers.
For the first time in years, Monika has close to sufficient resources to cover her audit universe; but the recent changes have come at a cost. While the department benefited in many ways from its expansion, newly created work groups’ roles and responsibilities were not clearly defined during part of the transition period. As a result, the department lost focus on its internal policies and procedures.
Panier Pom prides itself on maintaining a high standard of operational and internal corporate processes. As a previous recipient of many international quality awards, the company expects its internal audit department to take special care in assessing management’s compliance with policies and procedures and ensuring policies are established, communicated, and maintained throughout the organization. However, internal auditing now finds itself in the uncomfortable position of failing to maintain that same level of compliance within its own department. In addition, the audit department may soon be subject to a visit from an independent International Organization for Standardization 9001 audit team, which would likely expose the shortcomings.
With a diverse number of workgroups, domiciled in different cities and countries, how can Monika’s audit department regain the appropriate focus on its policies and procedures? Should she form a central group to establish, communicate, and evaluate compliance throughout the department? Should individual management groups be included in the policy-development or compliance-assessment processes? How can internal auditing better position itself to comply with the same standards it applies to clients?
Post your own thoughts on this scenario, or see expert commentary in the full version of the article.