ne of the most overlooked tools in our continual improvement toolbox, is Internal Auditing. All of the major quality standards, ISO 9001:2000, ISO/TS 16949, ISO 17025, AS9100, and ISO 13485, require organizations to audit their quality management system as a condition of certification. Unfortunately, many organizations look at this requirement as a burden and not an opportunity to improve. As a result, reams of paperwork (records) are generated to show the Registrar evidence of compliance, with no tangible value being added to the organization.
There is a better way! Internal Auditing must
be a value-added
process; otherwise you are just wasting your time generating paper. In December 2000, the ISO 9001:2000 standard introduced the "Process Approach". This model looks at an organization as a system of interrelated processes, which must coexist and communicate effectively with each other.
The old model looked at twenty discrete elements that were managed independently of each other. We audited each element for compliance but never analyzed the interactions between them. A world-class business is not run that way. Internal Auditing must address these relationships and report not only on adherence to the steps of each process but also on the interactions between all of the processes.
In order to properly audit a process we must understand what a process is. A
process is a series of activities that are performed in a defined sequence to convert inputs into the desired outputs, which can be measured for effectiveness. So if we examine the parts of a process, which need to be audited, we have:
Auditing a process now becomes more than just testing the activities for compliance to a documented or accepted practice, it also involves testing the inputs for validity and completeness, verifying the acceptability of the outputs with the recipients, and finally evaluating whether the process is effective, by analyzing the measures of effectiveness. By taking this approach to internal auditing, we are now evaluating how well each process behaves with the other processes that make up our business model.
The last thing we need to take into account is how each process can be improved. As part of the auditing process we need to explore ways of improving each of the four (4) parts of each process during the audit. The auditors need to include opportunities for improvement as part of the audit preparation, execution, and reporting.