Interview Protocols for Compliance Audits

November 20, 2019 · 3 minutes

This posting provides interview techniques to verify that employees, including managers, follow documented processes and procedures. This posting is written for auditors, assessors, and inspectors1. It also informs audited individuals what to expect.

A business can have documented procedures, but are they followed?

Auditors can use observation to verify that processes are followed. Observation can include watching work being performed, an inspection of process results including a review of required records, or stepping through a process with an employee. Observation techniques apply to production procedures, as well as safety procedures, and other workplace policies. Observation requires an auditor to be familiar with an operation's processes to know what to watch for. Observation can be time-consuming especially if there are many policies and procedures involved. Processes that are executed rarely or only when a special incident occurs are difficult to observe.

Interview techniques can be used to indicate whether processes are followed or not. Interview questions can be mixed in during a site walk-through or be conducted in a group or private session.

1In professional circles the terms auditor, assessor, and inspector can mean different things. Herein, the term auditor is used to refer to all of these roles. The term process is used to include procedure and visa versa.

There are five key elements to having a reliable process-based operation

  1. The processes must be documented
  2. The process documentation must be up-to-date
  3. The staff must be trained and aware of the latest process updates
  4. The staff must follow the processes as documented
  5. The staff must have the means to update the process and its documentation

Asking questions that indicate or verify that each of these five elements is in place provides a good indication that the operation follows procedures in a reliable fashion.

Process Documentation, Training, and Maintenance

The following questions can be used to access awareness of processes, process documentation, training, and process status.

  • What processes or procedures do you perform as part of your job responsibilities?
  • Are these processes documented?
  • Where can you access the process documentation?
  • What training did you receive on this process?
  • Are there job aides built in to the work flow to ensure reliability?
  • Are the process documents up-to-date?
  • Is the process documentation detailed enough for a newer employee to perform the work?
  • Do you know how to go about getting a process updated?
  • How long does it take to have the documentation updated?
  • If a processes is changed, how do you find out about the changers?

Knowledge of Process

The next set of questions are examples that assess an employee’s knowledge of a process. These questions need to be formulated based on process-specific requirements. Here are some generalized questions, where the term XYZ represents some applicable situation:

  • What needs to be done if XYZ occurs?
  • What information needs to be recorded after XYZ occurs?
  • How do you determine if someone's ID is valid and not a fake?
  • When receiving a delivery what steps can be skipped?
  • Do you think the policy of XYZ is really necessary?
  • Are there other ways to get the work done quicker?

Comittment to Process

The following example questions assess the staff’s commitment to following the documented processes. The specific questions to ask depend on the situation and requires an auditor to formulate questions that draw out evidence that processes are regularly followed.

  • Can the XYZ process be followed as documented?
  • Do you or other employees have their own ways of performong the process?
  • When receiving a delivery what steps can be skipped?
  • Do you think the policy of XYZ is really necessary?
  • Are there other ways to get the work done quicker?
  • If a situation arises that is not covered by the process how is it handled?
  • When an issues occurs how does managment respond?

It is important that data collected from these type of questions are aligned with the audit objectives. Operational compliance audits are typically an assessment of the opertional systems, and the management controls of these systems. Auditors must use professional care and judgment in accordance with applicable professional standards and ethical principles to avoid implicatingn individual's performance based on limited observation and questioning. Employee performance evaluation is not the objective of a compliance audit, but poor adherance to policy, process, and procedures by employees is an indication of a poor managment system.

An auditor that uses a general audit program will need to develop their own similar questions that draw out indicators of compliance. Where common policy, requirements, and criteria apply to multiple operations and audits custom interview questions can be developed and added to an audit program to standardize the audit process.

Jet Stream Innovations is available to automate and customize your audits.