American National Standards Institute (ANSI) AUDIT PROGRAM 1. What is ANSI?

ANSI is a nonprofit, privately funded membership organization that coordinates the development of U.S. national voluntary consensus standards and is the U.S. member body to the non-treaty international standards bodies such as the International Organization of Standards (ISO) and, through the United States National Committee, the International Electrotechnical Commission (IEC). ANSI serves both the private and public sectors need for voluntary standardization. The voluntary standards system contributes to the overall health of our economy and the competitiveness of U.S. industry in todays changing global marketplace. The Institute was founded in 1918, prompted by the need for an umbrella organization to coordinate the activities of the U.S. voluntary consensus standards system and eliminate conflict and duplication in the development process. For over seventy years, this system has been successfully administered by the private sector, through ANSI, with the cooperation of federal, state and local governments. The Institute serves a diverse membership of over 1400 companies, 250 professional, technical, trade, labor and consumer organizations and some 40 government agencies. Standards exist in all industries, including safety and health, telecommunications, information processing, petroleum, medical devices, etc. ANSI does not itself develop American National Standards; rather it facilitates development by providing the structure within which standards can be developed and consensus can be achieved. ANSI is the only accreditor of standards developers in the U.S., and ANSI is the body that approves standards as American National Standards. ANSI approval of these standards is intended to verify that the principles of openness and due process have been followed in the approval procedure and that a consensus of those directly and materially affected by the standards has been achieved. The voluntary standards system in the United States consists of a large number of standards developers that write and maintain one or more national standards. The Institute ensures that its guiding principles -- consensus, due process and openness -- are followed by these standards developers through the accreditation process and the Audit Program. 2. ANSI Audit Program The actual implementation of the ANSI Audit Program for all ANSI-accredited standards developers took place in 1996. The Audit Program is designed to enhance the integrity of the voluntary standards system and increase the value of the American National Standard designation. The first audit was conducted on April 1-2, 1996. The authority for ANSI to audit accredited standards developers is contained in the ANSI Procedures for the Development and Coordination of American National Standards . The ANSI Auditing Policies and Procedures were approved by the ANSI Board of Directors on March 22, 1995. Since that time, the procedures have been streamlined and clarified as implementation issues have arisen and were addressed.

The purpose of the ANSI Audit Program is to confirm adherence by standards developers to the criteria for accreditation and to confirm that these developers procedures and practices continue to be consistent with their approved procedures and current ANSI requirements. The Audit Program also is intended to increase the level of credibility and the effectiveness of due process for all persons who are directly and materially affected by the development of a proposed American National Standard. In addition, auditing supports and strengthens the voluntary consensus standards system and enhances the reputation and integrity of ANSI-accredited standards developers. It provides an independent mechanism for checks-and-balances in a system that is in some ways selfpolicing. Auditing also assists standards developers in identifying areas where efficiencies can be realized and where potential problems may develop. When appropriate, recommendations are made by the auditors to improve efficiency and correct deficiencies. The ANSI Audit Program is an effective management tool for the developer and for the ANSI Executive Standards Council (ExSC) which is the accrediting body. It provides them with information regarding how effectively and efficiently the various standards processes are working and if the processes are working as intended. One important benefit derived from the Audit Program is the education of the auditee on relevant policies and procedures. For example, an audit may note that in some instances non-compliance with policies and procedures is due to the auditees lack of awareness or full understanding of the requirements. This may result in varied or incomplete implementation of procedures. The Audit Program is serving as a mechanism for highlighting and explaining the essential components of the ANSI requirements, and the ways in which those requirements can be most efficiently implemented. This focus results in an opportunity for developers to reconsider and perhaps reengineer their processes to meet all of the ANSI requirements while minimizing the cycle-time associated with the development and approval of American National Standards. Audits for accredited standards developers who currently have approved American National Standards will be regularly scheduled at a minimum of once every five years unless it is deemed necessary to conduct one sooner. Initial audits will be scheduled after the ANSI Board of Standards Review (BSR), which is the entity charged with approving proposed American National Standards, approves the first standard(s) submitted by an accredited standards developer following accreditation. Thereafter, regular audits will be scheduled once every five years. The auditing process extends to all ANSI-accredited standards developers regardless of the method they use. It also includes the more frequent audits of those accredited standards developers who have been delegated the authority to apply the ANS designation to their standards without review by the Board of Standards Review (BSR). The ANSI audit includes a review of the operations of ANSI-accredited standards developers as they relate to standards development and associated activities, including continuity of administrative oversight and support of the standards activity. A sampling of operations and documents is used to obtain a representative review. The scope of the audit includes 10% of the standards designated as American National Standards (i.e., new 2

standards, reaffirmations and revisions) since the last audit with minimum of five standards (or all standards if there are fewer than 5) up to 40 standards, unless otherwise warranted. Audits do not involve the accounting or financial aspects of standards developers operations. Audits take into consideration the practices, actions, records and reports of accredited standards developers in implementing their operating procedures to comply with ANSI criteria, rules, procedures and requirements including, but not limited to, the following items: 1. 2. 3. Criteria for Accreditation Due Process Requirements Criteria for Approval and Withdrawal of American National Standards

Standards developers are responsible for the costs associated with conducting the audits. ANSI makes every effort to keep the costs of an audit as low as possible. Among other things, ANSI attempts to schedule audits for standards developers in the same geographic location consecutively to reduce travel costs and uses trained consultants who can complete the audits within projected time periods. In addition, ANSI is committed to working with each standards developer in an effort to schedule an audit at an optimum time and to tailor it if necessary to best meet the standards developers needs. An audit team and leader is appointed by the Audit Director for each audit. The audit team consists of one to three individuals, selected from an ANSI-organized pool of available and qualified people. An audit team member may be replaced by the Audit Director with or without cause. Audit Consultants are required to have the following qualifications: 1. Experience in, and knowledge of, the voluntary consensus standards system including ANSI criteria for accreditation, due process and consensus. 2. General knowledge of auditing principles and methods obtained through any combination of experience, education or ANSI training. 3. The ability to act objectively and independently. 4. The ability to analyze information and to express findings clearly, concisely, and in a timely manner. The Audit Director does not appoint auditors to an audit team who have a known conflict of interest that may affect their ability to perform an unbiased audit. Appointed auditors notify the Audit Director of any real or apparent conflict of interest as soon as practicable after notification of their appointment. Accredited standards developers may notify ANSI if they believe a proposed audit team member has a conflict of interest. An ANSI audit consists of four phases. They are as follows: 1. Preparation Initial contact, scheduling and cost estimates.

Audit questionnaire provided to developer to complete and return to lead auditor. Information gathering and review of auditees procedures, questionnaire and all relevant information that pertains to the audit. Pre-audit conference with auditee (via telephone). The conference is intended to confirm that the audit will take place in the scheduled time frame. Additionally, clarification of the scope and content of the audit is provided. The conference allows ANSI the opportunity to provide the auditee with any questions which will help speed up the process. The conference also provides an opportunity for the auditee to ask any questions, address any concerns the auditee may have and to highlight any standards the auditee would like ANSI to review during the audit.

2. Conduct of Audit An audit is conducted on-site or via mail. The same documentation is reviewed in either case. Standards developers with a small number of standards may qualify for a mail-in audit. Auditors are required to use ANSI-developed work papers to document their findings, observations and suggestions. The use of standardized work papers and report templates, developed by the Audit Director, ensures a high degree of consistency, thoroughness and quality. Informal post-audit conference for on-site audits. This provides an opportunity for the developer and the auditor(s) to clarify issues that may arise during the course of the audit and to ensure that the auditors understanding of the implementation of the procedures is consistent with that of the auditees.

3. Post-Audit Development of audit report with proper attachments. Post-Audit Conference. This conference is used to discuss findings, observations and suggestions with the auditee via a telephone conference call. Transmit audit report to auditee. The audit report includes a summary of the procedures used by the accredited standards developer, findings identified by the auditor, observations regarding procedural implementation issues and suggestions for improving observed/audited processes. The auditee is required to respond within thirty days of receipt of the report. The auditees response should include plans and a time-table for corrective action related to any findings contained in the audit report.

4. Audit Report Approval Audit report and response is reviewed and the audit is closed unless other action is deemed necessary by the ANSI Executive Standards Council which is the reviewing body.

Conclusion The ANSI Audit Program is intended as a quality assurance review of the auditees compliance with its accredited procedures and current ANSI requirements. Additionally, it is intended, when appropriate, to offer suggestions on ways for the auditee to change the implementation of their procedures to increase the efficiency of their process.

BIOGRAPHY

Jay Moskowitz, Director, ANSI Audit Program Jay Moskowitz was hired by ANSI in May of 1995 to implement a brand new standards developer Audit Program. The ANSI Audit Program is mandated to audit over 200 ANSI-accredited standards developers on a five-year cycle. Prior to joining ANSI he was employed by the U.S. Navy as a management analyst for ten years. When working for the U.S. Navy, Jay was charged with managing its internal review program. The program detected waste, fraud, abuse and mismanagement in the Federal Government. Jay is experienced in conducting management control reviews and internal audits. He holds a Bachelors Degree in Business Management from Baruch College in New York. Jay can be contacted by calling (212) 642-8925 or by sending an E-mail to jmoskowi@ansi.org.