as with any other process.doc
TRANSCRIPT
8/14/2019 As with any other process.doc
http://slidepdf.com/reader/full/as-with-any-other-processdoc 1/4
http://www.qualitydigest.com/june07/articles/05_article.shtml
As with any other process, auditing requires planning, definition, consistent implementation and control
to be effective. Without these features, auditing is a resource-draining waste of time.
Internal auditing is one of the elements that makes your quality management system (Q!" complete. It
fits snugly into the #check# component of your plan-do-check-act ($%&'" cycle. Internal auditing isnt a
hapha)ard or optional occurrence that you tolerate to maintain certification. Its an assessment tool that
provides a reliable indicator of the integrity of your organi)ations system and processes and their
capacity to support your goals.
'udits help you to identify problems, risks, good practices and opportunities to better serve your
customers. *he information garnered from well-conducted audits is a company asset that far outweighs
the modest investment in time and training. *he manner in which the organi)ation values and uses this
asset is partially dependent on how audits are performed.
+ecutive management, through visible support and allocation of resources, has primary responsibility
for ensuring the effectiveness of the internal audit program. 'uditors have the responsibility for good
stewardship of managements support, as demonstrated by their commitment to good auditing practices
and the production of meaningful audit reports. *he person in charge of the internal auditing program
asks management to support the endeavor. In echange for the trust and confidence implicit in this
support, auditors strive diligently to provide valuable information that management can utili)e for
strategic planning and other decision making.
What follows are some of the practices that will help your organi)ation reap benefits from its internal
auditing program. 'lthough the comments are directed primarily at the first-party (or internal" audit,
most of the tips are equally valid for second- and third-party audits.
Plan your audits
ake sure that the audit schedule and the defined frequencies reflect your organi)ations needs. ou
must give appropriate consideration to criticality of activities, identification of areas that are more
subect to change or to turnover of personnel, and processes that have eperienced problems or
breakdowns. /eview your audit schedule periodically and revise it based on these considerations.
If you have a mature product line and no new hires in recent history, assessing training more than once
a year is a redundant paper eercise. &onversely, if you handle a lot of customer-owned materials, and
their requirements vary significantly, ensure that those activities are included in the schedule at a
greater frequency.
0nce youve established your audit schedule, stick to it. %ont get into the habit of revising dates and
moving audits off to the net month to accommodate other peoples priorities. 's long as you allow it,
some individuals will always find a way to put you off. 'cceding to procrastination perpetuates the
impression that auditing is an #etra# task to be performed only when time permits. *his mindset
devalues the process and minimi)es the organi)ations ability to derive useful and timely information.
Prepare for the audit
1ave an audit plan. $robably the single best reason to have a plan and to communicate it is so that you
can tell people in advance when youll be in their area. Its common courtesy. *his goes a long way
toward dispelling the witch-hunt mentality with which people usually perceive the arrival of an auditor.
2ailing to alert process owners of planned audits carries other negative consequences. 's long as
individuals feel that an audit is a surprise attack designed to catch them in error, theyll conceal
problems. *hey wont look upon the audit as a fact-finding event designed to foster a culture of
improvement. *heyll look upon it with the dread of miscreants afraid to be punished for their
transgressions3even though theyve probably done nothing wrong. $roblems recur cyclically because
theyre covered up out of fear of punitive action.
8/14/2019 As with any other process.doc
http://slidepdf.com/reader/full/as-with-any-other-processdoc 2/4
+fficiency is another reason for having an audit plan. It saves time. *he auditor has a sequence that
makes the audit flow smoothly and logically from input to output through a series of processes. +ffective
planning brings an element of lean to the auditing process. It minimi)es the backtracking and repeat
visits that eat up precious time without adding value.
/eview the documents that describe the processes youll be auditing. *his helps you to frame the
questions youll be asking the auditee, and ultimately will promote more comprehensive answers./eading the documents ahead of time also helps you distinguish the most critical requirements and the
points at which ownership of a product (or process" changes to a new person or function.
/eview the last audit report and any corrective action requests that emerged. *his will help you to assess
if things have improved or if a problem has persisted or gotten worse. If your corrective action process is
well-linked to your internal audits, you can verify the implementation and effectiveness of corrective
actions as part of the audit process. *his applies to all corrective actions, regardless of origin. 0ne of the
areas in which this is particularly useful is in verifying the results of supplier corrective actions. *hrough
the questions that you ask, you can augment purchasing staffs understanding of the verification process.
*his helps them to discern if the response theyve received from a supplier actually provides evidence of
an effective action plan. Without such verification, all the purchasing department really has is evidence
that the supplier can fill out a form. 0pportunities for learning and improvement are lost.
+asy questions an auditor might ask are4 #1ow do you know that the plan worked5# #1ave you asked
them to send final test reports for the last orders theyve shipped us so we can review them against our
own records5# In this way, the auditor furtively drops hints that increase other individuals
comprehension of how the organi)ations Q! works to improve their processes3in this scenario,
through the effectiveness and productivity of supplier relationships.
$repare a checklist. +ven if your organi)ation uses canned checklists, its important to prepare and revise
them, based on the documents youve reviewed, so the audit trail you map out is complete. *his also
helps you to develop questions so you dont waste time, and it serves to keep you from meandering
outside of the scope of the audit.
Use accepted audit practices
/egardless of whether this is an internal or an eternal audit, theres no ecuse for ignoring good audit
practices.
&onduct an opening meeting. 2or a third- party certification audit, this is a fairly formal event with a
whole list of items that must be covered4 scope, purpose, standard, duration, schedule, confidentiality
and nondisclosure agreements, rules for reporting nonconformities, safety equipment, escorts and the
appeals process. 2or an internal audit, its appropriate to have an abbreviated version that outlines what
processes are being audited, how long you epect the audit to take and the individuals you may wish to
interview. 'rriving in an area and beginning the audit without some initial remarks or a simple greeting
only serves to increase tension and the likelihood of alienating those who can facilitate a productive
audit.
$ay attention to how you ask questions. 1ere are a few pointers to remember.
• Bear in mind at all times that auditees weren't hired to answer your questions. *heyre paid to do their
obs, so they probably wont be quoting tet verbatim from a procedure. *hey should be describing their
process in a way that lets you understand it, and that demonstrates how well they understand it.
• Ask open-ended questions, as opposed to the kind that will get only yes or no responses. 6ive the
auditee an opportunity to eplain what she does. *he person will provide more complete information if
she isnt being steered toward the auditors preconceived notion of what the answer should be.
• Ask how the auditee does his job. oure not ust trying to verify that something is done7 you want to
verify that its done correctly3as defined. /eading a report on nonconforming product will tell you
something wasnt done right, but assessing the process will help you pinpoint what went wrong.
• Remember to use documents to help you frame your question. *his lets you determine if the
documentation accurately reflects the requirements of the process.
8/14/2019 As with any other process.doc
http://slidepdf.com/reader/full/as-with-any-other-processdoc 3/4
• on't be afraid to repeat or restate your question. !ometimes we need to come at a subect from a
different angle. /estating a question helps the auditee to grasp what youre trying to ascertain.
• !i"e the process owner time to answer. 8e patient. 1e may be thinking. %ont assume that a delayed
response is an indication that the person is lying or making stuff up.
• Ask what happens ne#t. 'void quality speak. If youre trying to determine what the output of a processis, simply ask, #What happens net5# 'sking a customer service technician, #Whats the output of the
process# will probably get you a blank stare followed by an awkward moment in which youll get the
sense that youve ust made her feel incompetent3which isnt the case. !he knows perfectly well that
when the order is entered in the database, it net gets routed to the scheduler, who confirms the ship
date so that the order can be acknowledged to the customer.
• $uggest a scenario and ask, %&hat would happen if(% *his will help you verify how well the process is
controlled if there is a deviation or if something goes wrong. It will also help you assess the effectiveness
of communication and the definition of authority and responsibility. %oes the person know what he is
authori)ed to handle, and what incidents require input from a supervisor5
• Ask why. $eople who do tasks mindlessly, without understanding the reason for the activity, are less
likely to be diligent in ensuring that the process is consistently and correctly implemented. Its hard to
care about something that makes no sense.
• )isten to the auditee. $ractice your listening skills. 're you hearing what the person is saying, or what
you anticipate her answer to be5 9istening is facilitated by the simple practice of looking directly at the
person whos speaking. :ot only do you remain better focused, you convey to the other person that
youre interested in what she has to say.
• &rite down the answer so you don't forget. 'lso, record the evidence youve assessed. *ake copious
notes. *his provides the foundation for the audit report and it also allays any confrontation. *he auditor
doesnt need to defend his conclusion. 'll thats needed is a reference to the evidence upon which the
observation is based.
• *f you're writing while the person is speaking, make sure that she knows it. !ay, #Im listening to you,
but I need to write this down.# If you get the sense that the auditee is afraid that your report will result
in punitive action, eplain why you write things down. y favorite line goes something like this4 #I have a
brain like a sieve. If I dont write things down, Ill forget, and I wont be able to do my report.#
• Always make sure you tell the auditee if you're planning to report a nonconformity unco"ered in his
area. *his goes back to the fear of punitive action mentioned earlier. :o one likes to be blindsided two
days after an audit by a report that appears to say that he screwed up. *ell the person what will be
reported and provide reassurance that the intent is to make the process better for everyone.
• +e"er lea"e an area without saying, %hank you.#
Write a comprehensive audit report
*he report doesnt have to be lengthy, but it should convey a balanced summary of the status of the
organi)ation audited. It should mention good practices that have been observed, risks that have been
perceived and problems that have been identified.
*he audit report should include the following4
• ate of the audit . When did the audit take place5 *his provides evidence that audits are being
conducted in accordance with the established audit schedule. If management wants to know what
resources are being epended, its also appropriate to record the duration of the audit. 1ow much time
and money is the organi)ation spending on internal auditing5
• Areas audited . If the company has multiple locations, this is even more important.
• $tandard used . 2or a third-party audit, its generally a Q! standard, e.g., I!0 ;<<=, I!0>*! =?;@;,
I!0 =A@BC, etc. 2or internal audits, its usually a list of the internal documents associated with the
8/14/2019 As with any other process.doc
http://slidepdf.com/reader/full/as-with-any-other-processdoc 4/4
functions and activities audited. +amples would include procedures, work instructions and detailed
travelers.
• )ead auditor and audit team. If theres only one auditor, that person is the lead.
• ersons inter"iewed . *his provides evidence that the persons who answered questions were actually
the process owners who have responsibility for the activity. Its not uncommon for people to try to behelpful and answer an auditors question even its not part of their regular obs. !ometimes the auditor
finds out too late that she wasnt speaking to the right person. What you hear is a manager saying,
#2rancine doesnt take care of patient intake, so she wouldnt know where those forms are kept.#
/ecording names of persons interviewed helps auditors provide obective evidence that theyve fulfilled
the requirements of the auditing process.
• !ood points. 'n audit isnt an attempt to observe a collection of bad processes. *herefore, an audit
report should also mention good points that were observed. #*he newly developed design software is
facilitating the control of new proects,# #*he records show evidence that operators have had training on
the &:& machine# or #*he corrective action tracking system is better able to calculate the cost of
nonconformities and the money saved when problems are solved# are eamples of this.
• +onconformities. When writing up findings of nonconformity, its important to be clear and complete.
What is the actual nonconformity5 What is the standard that defines the requirement5 What evidence did
you use to conclude that there was a nonconformity5 ' well-articulated nonconformity statement should
provide enough direction and clarity that the process owner can use it to initiate root cause analysis and
eventually develop a viable corrective action plan.
• bser"ations /also called opportunities for impro"ement0. Its appropriate for auditors to make
statements about perceptions of risk or the identification of a process that may not be controlled as well
as it should be to prevent problems. *hey shouldnt specifically say something is wrong but should
intimate what might go wrong. 9ike nonconformities, observations should be tied to requirements to
allay the misconception that they are ust ideas that the auditor thought up.
2ollowing these basic audit practices should ensure that the information management gets is accurate,
reflects the status of the organi)ation and is detailed enough so that it results in good decisions. *his is
what makes audits effective. 'nything less is a meaningless paper shuffle.
About the author
enise Robitaille is an RAB1$A- certified lead assessor, A$1-certified quality auditor and a member of
the 2.$. A! to *$34 567. $he's the author of numerous articles as well as *he &orrective 'ction
1andbook , *he $reventive 'ction 1andbook, *he anagement /eview 1andbook and %ocument &ontrol,
all published by aton rofessional. Robitaille also writes %he $tandard Answer% column in Quality
%igests Inside !tandards e-mail newsletter. 8isit http4>>qualitydigest.com>standards>inde.lasso to read
recent columns or subscribe for free.