8/14/2019 As with any other process.doc

http://slidepdf.com/reader/full/as-with-any-other-processdoc 1/4

http://www.qualitydigest.com/june07/articles/05_article.shtml

As with any other process, auditing requires planning, definition, consistent implementation and control

to be effective. Without these features, auditing is a resource-draining waste of time.

Internal auditing is one of the elements that makes your quality management system (Q!" complete. It

fits snugly into the #check# component of your plan-do-check-act ($%&'" cycle. Internal auditing isnt a

hapha)ard or optional occurrence that you tolerate to maintain certification. Its an assessment tool that

provides a reliable indicator of the integrity of your organi)ations system and processes and their

capacity to support your goals.

'udits help you to identify problems, risks, good practices and opportunities to better serve your

customers. *he information garnered from well-conducted audits is a company asset that far outweighs

the modest investment in time and training. *he manner in which the organi)ation values and uses this

asset is partially dependent on how audits are performed.

+ecutive management, through visible support and allocation of resources, has primary responsibility

for ensuring the effectiveness of the internal audit program. 'uditors have the responsibility for good

stewardship of managements support, as demonstrated by their commitment to good auditing practices

and the production of meaningful audit reports. *he person in charge of the internal auditing program

asks management to support the endeavor. In echange for the trust and confidence implicit in this

support, auditors strive diligently to provide valuable information that management can utili)e for

strategic planning and other decision making.

What follows are some of the practices that will help your organi)ation reap benefits from its internal

auditing program. 'lthough the comments are directed primarily at the first-party (or internal" audit,

most of the tips are equally valid for second- and third-party audits.

Plan your audits

ake sure that the audit schedule and the defined frequencies reflect your organi)ations needs. ou

must give appropriate consideration to criticality of activities, identification of areas that are more

subect to change or to turnover of personnel, and processes that have eperienced problems or

breakdowns. /eview your audit schedule periodically and revise it based on these considerations.

If you have a mature product line and no new hires in recent history, assessing training more than once

a year is a redundant paper eercise. &onversely, if you handle a lot of customer-owned materials, and

their requirements vary significantly, ensure that those activities are included in the schedule at a

greater frequency.

0nce youve established your audit schedule, stick to it. %ont get into the habit of revising dates and

moving audits off to the net month to accommodate other peoples priorities. 's long as you allow it,

some individuals will always find a way to put you off. 'cceding to procrastination perpetuates the

impression that auditing is an #etra# task to be performed only when time permits. *his mindset

devalues the process and minimi)es the organi)ations ability to derive useful and timely information.

Prepare for the audit

1ave an audit plan. $robably the single best reason to have a plan and to communicate it is so that you

can tell people in advance when youll be in their area. Its common courtesy. *his goes a long way

toward dispelling the witch-hunt mentality with which people usually perceive the arrival of an auditor.

2ailing to alert process owners of planned audits carries other negative consequences. 's long as

individuals feel that an audit is a surprise attack designed to catch them in error, theyll conceal

problems. *hey wont look upon the audit as a fact-finding event designed to foster a culture of

improvement. *heyll look upon it with the dread of miscreants afraid to be punished for their

transgressions3even though theyve probably done nothing wrong. $roblems recur cyclically because

theyre covered up out of fear of punitive action.

8/14/2019 As with any other process.doc

http://slidepdf.com/reader/full/as-with-any-other-processdoc 2/4

+fficiency is another reason for having an audit plan. It saves time. *he auditor has a sequence that

makes the audit flow smoothly and logically from input to output through a series of processes. +ffective

planning brings an element of lean to the auditing process. It minimi)es the backtracking and repeat

visits that eat up precious time without adding value.

/eview the documents that describe the processes youll be auditing. *his helps you to frame the

questions youll be asking the auditee, and ultimately will promote more comprehensive answers./eading the documents ahead of time also helps you distinguish the most critical requirements and the

points at which ownership of a product (or process" changes to a new person or function.

/eview the last audit report and any corrective action requests that emerged. *his will help you to assess

if things have improved or if a problem has persisted or gotten worse. If your corrective action process is

well-linked to your internal audits, you can verify the implementation and effectiveness of corrective

actions as part of the audit process. *his applies to all corrective actions, regardless of origin. 0ne of the

areas in which this is particularly useful is in verifying the results of supplier corrective actions. *hrough

the questions that you ask, you can augment purchasing staffs understanding of the verification process.

*his helps them to discern if the response theyve received from a supplier actually provides evidence of

an effective action plan. Without such verification, all the purchasing department really has is evidence

that the supplier can fill out a form. 0pportunities for learning and improvement are lost.

+asy questions an auditor might ask are4 #1ow do you know that the plan worked5# #1ave you asked

them to send final test reports for the last orders theyve shipped us so we can review them against our

own records5# In this way, the auditor furtively drops hints that increase other individuals

comprehension of how the organi)ations Q! works to improve their processes3in this scenario,

through the effectiveness and productivity of supplier relationships.

$repare a checklist. +ven if your organi)ation uses canned checklists, its important to prepare and revise

them, based on the documents youve reviewed, so the audit trail you map out is complete. *his also

helps you to develop questions so you dont waste time, and it serves to keep you from meandering

outside of the scope of the audit.

Use accepted audit practices

/egardless of whether this is an internal or an eternal audit, theres no ecuse for ignoring good audit

practices.

&onduct an opening meeting. 2or a third- party certification audit, this is a fairly formal event with a

whole list of items that must be covered4 scope, purpose, standard, duration, schedule, confidentiality

and nondisclosure agreements, rules for reporting nonconformities, safety equipment, escorts and the

appeals process. 2or an internal audit, its appropriate to have an abbreviated version that outlines what

processes are being audited, how long you epect the audit to take and the individuals you may wish to

interview. 'rriving in an area and beginning the audit without some initial remarks or a simple greeting

only serves to increase tension and the likelihood of alienating those who can facilitate a productive

audit.

$ay attention to how you ask questions. 1ere are a few pointers to remember.

• Bear in mind at all times that auditees weren't hired to answer your questions. *heyre paid to do their

 obs, so they probably wont be quoting tet verbatim from a procedure. *hey should be describing their

process in a way that lets you understand it, and that demonstrates how well they  understand it.

• Ask open-ended questions, as opposed to the kind that will get only yes or no responses. 6ive the

auditee an opportunity to eplain what she does. *he person will provide more complete information if

she isnt being steered toward the auditors preconceived notion of what the answer should be.

• Ask how the auditee does his job. oure not ust trying to verify that something is done7 you want to

verify that its done correctly3as defined. /eading a report on nonconforming product will tell you

something wasnt done right, but assessing the process will help you pinpoint what went wrong.

• Remember to use documents to help you frame your question. *his lets you determine if the

documentation accurately reflects the requirements of the process.

8/14/2019 As with any other process.doc

http://slidepdf.com/reader/full/as-with-any-other-processdoc 3/4

• on't be afraid to repeat or restate your question. !ometimes we need to come at a subect from a

different angle. /estating a question helps the auditee to grasp what youre trying to ascertain.

• !i"e the process owner time to answer. 8e patient. 1e may be thinking. %ont assume that a delayed

response is an indication that the person is lying or making stuff up.

• Ask what happens ne#t. 'void quality speak. If youre trying to determine what the output of a processis, simply ask, #What happens net5# 'sking a customer service technician, #Whats the output of the

process# will probably get you a blank stare followed by an awkward moment in which youll get the

sense that youve ust made her feel incompetent3which isnt the case. !he knows perfectly well that

when the order is entered in the database, it net gets routed to the scheduler, who confirms the ship

date so that the order can be acknowledged to the customer.

• $uggest a scenario and ask, %&hat would happen if(%  *his will help you verify how well the process is

controlled if there is a deviation or if something goes wrong. It will also help you assess the effectiveness

of communication and the definition of authority and responsibility. %oes the person know what he is

authori)ed to handle, and what incidents require input from a supervisor5

• Ask why. $eople who do tasks mindlessly, without understanding the reason for the activity, are less

likely to be diligent in ensuring that the process is consistently and correctly implemented. Its hard to

care about something that makes no sense.

• )isten to the auditee. $ractice your listening skills. 're you hearing what the person is saying, or what

you anticipate her answer to be5 9istening is facilitated by the simple practice of looking directly at the

person whos speaking. :ot only do you remain better focused, you convey to the other person that

youre interested in what she has to say.

• &rite down the answer so you don't forget. 'lso, record the evidence youve assessed. *ake copious

notes. *his provides the foundation for the audit report and it also allays any confrontation. *he auditor

doesnt need to defend his conclusion. 'll thats needed is a reference to the evidence upon which the

observation is based.

• *f you're writing while the person is speaking, make sure that she knows it. !ay, #Im listening to you,

but I need to write this down.# If you get the sense that the auditee is afraid that your report will result

in punitive action, eplain why you write things down. y favorite line goes something like this4 #I have a

brain like a sieve. If I dont write things down, Ill forget, and I wont be able to do my report.#

• Always make sure you tell the auditee if you're planning to report a nonconformity unco"ered in his

area. *his goes back to the fear of punitive action mentioned earlier. :o one likes to be blindsided two

days after an audit by a report that appears to say that he screwed up. *ell the person what will be

reported and provide reassurance that the intent is to make the process better for everyone.

• +e"er lea"e an area without saying, %hank you.#

Write a comprehensive audit report

*he report doesnt have to be lengthy, but it should convey a balanced summary of the status of the

organi)ation audited. It should mention good practices that have been observed, risks that have been

perceived and problems that have been identified.

*he audit report should include the following4

• ate of the audit . When did the audit take place5 *his provides evidence that audits are being

conducted in accordance with the established audit schedule. If management wants to know what

resources are being epended, its also appropriate to record the duration of the audit. 1ow much time

and money is the organi)ation spending on internal auditing5

• Areas audited . If the company has multiple locations, this is even more important.

• $tandard used . 2or a third-party audit, its generally a Q! standard, e.g., I!0 ;<<=, I!0>*! =?;@;,

I!0 =A@BC, etc. 2or internal audits, its usually a list of the internal documents associated with the

8/14/2019 As with any other process.doc

http://slidepdf.com/reader/full/as-with-any-other-processdoc 4/4

functions and activities audited. +amples would include procedures, work instructions and detailed

travelers.

• )ead auditor and audit team. If theres only one auditor, that person is the lead.

• ersons inter"iewed  . *his provides evidence that the persons who answered questions were actually

the process owners who have responsibility for the activity. Its not uncommon for people to try to behelpful and answer an auditors question even its not part of their regular obs. !ometimes the auditor

finds out too late that she wasnt speaking to the right person. What you hear is a manager saying,

#2rancine doesnt take care of patient intake, so she wouldnt know where those forms are kept.#

/ecording names of persons interviewed helps auditors provide obective evidence that theyve fulfilled

the requirements of the auditing process.

• !ood points. 'n audit isnt an attempt to observe a collection of bad processes. *herefore, an audit

report should also mention good points that were observed. #*he newly developed design software is

facilitating the control of new proects,# #*he records show evidence that operators have had training on

the &:& machine# or #*he corrective action tracking system is better able to calculate the cost of

nonconformities and the money saved when problems are solved# are eamples of this.

• +onconformities. When writing up findings of nonconformity, its important to be clear and complete.

What is the actual nonconformity5 What is the standard that defines the requirement5 What evidence did

you use to conclude that there was a nonconformity5 ' well-articulated nonconformity statement should

provide enough direction and clarity that the process owner can use it to initiate root cause analysis and

eventually develop a viable corrective action plan.

• bser"ations /also called opportunities for impro"ement0. Its appropriate for auditors to make

statements about perceptions of risk or the identification of a process that may not be controlled as well

as it should be to prevent problems. *hey shouldnt specifically say something is wrong but should

intimate what might go wrong. 9ike nonconformities, observations should be tied to requirements to

allay the misconception that they are ust ideas that the auditor thought up.

2ollowing these basic audit practices should ensure that the information management gets is accurate,

reflects the status of the organi)ation and is detailed enough so that it results in good decisions. *his is

what makes audits effective. 'nything less is a meaningless paper shuffle.

About the author

enise Robitaille is an RAB1$A- certified lead assessor, A$1-certified quality auditor and a member of

the 2.$. A! to *$34 567. $he's the author of numerous articles as well as *he &orrective 'ction

1andbook , *he $reventive 'ction 1andbook, *he anagement /eview 1andbook and  %ocument &ontrol,

all published by aton rofessional. Robitaille also writes %he $tandard Answer% column in Quality

%igests Inside !tandards e-mail newsletter. 8isit http4>>qualitydigest.com>standards>inde.lasso to read

recent columns or subscribe for free.