(20b) Auditing in Four Levels to Assure Completeness

An audit must have a defined structure, an understood purpose, and enough evidentiary details to assure completeness. It should be divided into discrete levels with specific topics so that the auditor can fully identify and understand the degree to which each facility or company complies with the requirements. Each level should also be designed to analyze different types of information and implementation actions. This paper proposes and discusses a four-level approach to conducting a comprehensive and complete audit. The four levels are:

1. Recognition and acknowledgment of the need to comply with a specific set of rules or regulations?senior level sponsored documents and actions;

2. An implementation strategy and infrastructure?procedures, practices, guidance documents and responsibilities necessary to frame and support the compliance efforts being measured;

3. Evidence of compliance?verifiable documentation, training records, and interviews that confirm necessary and required actions are institutionalized into the normal work practices; and

4. Quality assessments?confirmation that appropriate systems are in place and working as intended as well as a mechanism for identifying and implementing improvement opportunities.

The content and purpose of each level as well as the interaction between levels is discussed and explained in this paper.