Role of a Lead Auditor
Lead Auditor –
One of the most demanded IT security job roles in today’s global market. A lead auditor is the one who is responsible for leading the audit team in an organization. He or she prepares the audit plan, delivers meetings and submits audit report at the end of quarter or year. Conducting audits is the main responsibility of a lead auditor and that needs to be done on a daily basis. In this article, we will describe the role of a lead auditor, typically confining our views to ISO Auditor. Let’s have a look at the responsibilities that fall in the plate of a Lead Auditor. The role of an auditor is completed broadly in three phases – Planning Phase, Audit Phase and Audit Reporting Phase.
As the term suggests, planning phase involves creation of the plan for an audit. In this process, various requirements for the audit plan are processed. The planning phase starts with the identification of the audit team members who are responsible for coverage of the audit. The elements to be audited and all the documents necessary for the plan should be identified. Besides identifying all the documents, the time frame to complete the audit should be decided. Also, each member will be assigned with their part of tasks and responsibilities. Members should ideally develop an individual checklist in order to ensure effective process.
Audit phase includes three stages – initiation, auditing, evaluation and closure.
- Initiation: The initiation phase includes meetings and process initiation with auditors and audit team members. The lead auditor should conduct meetings with team members discussing about scope, purpose and process of an audit team. Along with this, the timeline too is evaluated; if the auditing can be completed within the time processes.
- Auditing: The actual audit is in place in this phase. The plan and checklist are executed here. In this phase, it will be evaluated if an implemented process is worth it or not. The objective data needs to be collected, examined and documented. After every data is audited, the lead auditor examines if it is acceptable and needs to be continued in the process.
- Evaluation: This is the evaluating phase where the results are evaluated. The audit team will discuss the information collected and tally with the plan. The results are documented with reviews and the final corrective action request or change request is documented.
- Closure: This is the closing phase where the lead auditor and members will discuss and formally close the audit process. During situations when corrective action plan couldn’t be provided due to lack of information can be put forward in such meetings.
This is the primary responsibility of a lead auditor. Information related to the audit is documented and an audit report is created. Typically, an audit report covers information mentioned below.
- Company profile for audit
- Coverage of audit created in the planning phase
- Time frame defined to complete the audit
- Assignees with defined roles and responsibilities
- Documentation of compliance and non-compliance activities
- Audit results
- Correction action request
- Final observations of the audit
These are the phases that need to be led by a lead auditor. He or she needs to ensure that each member is delegated with their list of responsibilities and each of them is closing the same. Also, a lead auditor should be able to handle conflicts as auditing is always prone to lot of conflicts. So, if you are going to pursue a career as a lead auditor, you are clear about your roles and responsibilities as one.
Recommended articles for you
Certified Information Systems Auditor (CISA) CertificationArticle
Role of Communication in ProjectsArticle
Roles and Responsibilities in PRINCE2®Article