One Companyís Approach
With all of the quality lingo over the years Ė "Right-the-First-Time", "Prevention vs. Detection", "Total Quality", "6-Sigma", "Kaizen", and "Continuous Improvement", Intermec Media, a label converter in Fairfield, Ohio, has taken this to another level and have applied these concepts to their own internal audit process. As with any process, itís better to do it right the first time; hopefully, the process will prevent problems from reoccurring, and allow itself to be continually improved so that it can adapt to an ever-changing business.
Before we go into detail about internal audits, letís clear up some misconceptions. Most people equate internal audits with a witch hunt. The audit is done to find the negatives. Ė "What am I doing wrong?" The audit is punitive in nature Ė a surprise attack, done when you least expect it, to catch you in the act of doing something wrong. Heaven forbid, if we published a plan, everyone would have time to sweep the dirt under the rug. Other misconceptions: ISO belongs in the ĎISO departmentí just as all quality improvements are owned by the quality department. Have you had enough, or do you want more? How about, "We are only doing the audit because ISO says we should." "We are doing the audit to make management and our External Auditor happy!" Obviously, all of the above are truly misconceptions. Periodic internal audits are necessary to adhere to the ISO standard, but more important, they are done to improve your operation, and ultimately enhance the bottom line.
Accentuate the Positive Ė Start Spreading the News
Perhaps one of the reasons internal audits are shackled with the misconceptions is that auditors at times forget the positives. Although the audit should expose processes which are out of control or below standard, it should also publish the positive results as well. Examples: "Audited 20 work orders and all 20 adhere to the standard"; "Reviewed 50 employee-training records and all 50 are up-to-date and adhere to the standard"; "Audited the new process for Ďcustomer complaint resolution/cycle timeí. The improved process results in resolving customer complaints within five (5) days from 78% to 96%". Furthermore, internal audits are an opportunity to expose your companyís best practices. When exposed, other departments can study these and adapt where applicable. Keep in mind, the internal audit is not a failure, if all you have to report are positive results.
Intermec Media was first certified to ISO 9001 in 1996. Toward the end of 2007, the company started to look at their own internal audit process. Documented audit reports existed, however there was little or no evidence of any formal audit plan. Audits were always planned & done "at the time of the audit". They werenít viewed as a continuous process. A number of factors may have contributed to this. As some people know, the role of the internal auditor is not the most glamorous or sought-after position in the company. Who wants to be the one to point out faults or transgressions? Thus, a number of people passed through this position over the years. Each person may have made an attempt at putting a formal plan in place. However, no one person stayed in the position long enough to maintain continuity.
Plans are in the Mind of the Beholder
Just as "beauty is in the eye of the beholder", "plans are in the mind of the beholder". Many people plan but unfortunately most people fail to put their plans in writing. Isnít it ironic that the ISO 9001 slogan, "document what you do and prove that you are doing what you document" does not apply to its practice?
Of course, having a plan isnít enough. For the plan to be successful, all departments must be involved, which wasnít the case at Intermec Media. Given these factors, having an ongoing, documented audit plan became a priority for Intermec Media in 2008.
The Solution Ė The Plan
Faced with the problem above, the company set out to change the course. As an internal auditor, one cannot view the audit as simply a date on the calendar. Even though the audits are scheduled three to four times per year, the planning should be occurring almost daily. A similar analogy can be made with performance appraisals. These usually occur once per year, but the appraisal isnít fruitful or meaningful unless there is continuous communication & feedback throughout the year between a manager and subordinate.
The first step in this process was to document a plan portraying all of the scheduled internal audits throughout the year, but more important, all monthly, weekly, and even daily duties and tasks. The plan also defined all inputs to the audit process. These include all the quality information, charts, and metrics maintained in the company.
As the above items are studied and monitored, actual questions were formulated and saved in a file for use in the next internal audit. These questions were then linked to the current policies (PY), procedures (PR) and work instructions (WI) in the following manner:
- Is a problem/issue a result of a policy, procedure, or work instruction not being followed? (This shows a lack of training, communication)
- Is a problem/issue a result of a policy, procedure, or work instruction which is obsolete or out-of-date? (We donít do ďthisĒ anymore)
- Is a problem/issue a result of a policy, procedure, or work instruction which is lacking or simply incorrect? (We need to add or revise a PY, PR, or WI).
Letís get down to Tactics
One of the goals of the audit plan was to assure that it would be modularized by department and transferrable to any internal auditor. In this manner, anyone trained to assist the auditor could easily audit one or two departments. Furthermore, as internal auditors come and go, the plan, strategies and tactics, could be easily understood, adapted and maintained.
The first step was to create a spreadsheet file for each department. Within each file, a number of tabs or sheets were set-up to store applicable document indexes, surveys, and other information unique to the department. The key, however, was that a sheet was established for each audit to store the formulated questions for that department. On an ongoing basis (daily, weekly), as the inputs mentioned above are monitored, the questions are entered and stored direct to this tab. The end result was that the auditor had a list of specific questions targeted to specific job descriptions ready to go at the time of the audit. Furthermore, since there is a tab/sheet saved per audit, anyone can go back and review a history Ė what questions were asked and which issues were addressed over the past several audits.
Help! Ė I canít do it alone.
Another tactic employed was a periodic survey sent to all department managers asking for their help. The purpose of the survey was to act as a preventative tool to identify any trends or new events within the company that may trigger the need to audit a particular function in the near future. Also, it can be used to alert other departments to review specific procedures or work instructions as a result of a trend or new event. The surveys were specifically tailored to each department. The results of the surveys triggered questions and/or issues that needed to be documented in the appropriate department files for the upcoming audits.
Unless your company is very small, no one person can possibly know everything thatís going on in all departments. Also, one cannot assume that department A is communicating with department B on all relevant issues. How many times have you heard: "No one told me they changed the specification on this", or "I didnít get the memo on that". The internal auditor, with these survey results in hand, acts as a carrier of pertinent and timely information between departments. One example: The survey results from R&D and purchasing departments indicated new product development had resulted in the purchase of new raw materials. The survey results from the receiving department indicated some employee turnover within the incoming receiving function. This combination raised a flag and generated a notation for the audit file: Do the new employees in receiving understand the procedures for separating and inspecting the new raw material?
Check this & check that
In addition to the above, incorporated into the audit plan were many checklists. Some people like checklists and some people donít. Checklists are an excellent way of making sure you have covered all bases. After your car is serviced, doesnít it give you a nice, secure feeling to look over the checklist of services and see "brake lines, shoes, & pads thoroughly inspected"? Especially when making a hurried stop at the next busy intersection! The checklists encompassed all the data gathering activities throughout the year right up to the time of each audit.
Havenít I seen you here before? ÖDo you come here often?
Havenít I seen you here before? Do you come here often? (The common pick-up lines from a complete stranger at your local pub). After each quarterly audit thereís usually a big sigh of relief Ė especially from the auditee. Many auditors have heard comments as they walk out the door: "Iím sure glad thatís over," or, "Thank God we wonít see him again for three months." What must they think when, one week after the audit, the auditor shows up at their departmentís doorstep? At Intermec, the results of the quarterly audit warranted additional mini/weekly audits or spot checks in some key areas. Keep in mind some problems are real while other problems are perceived. No one knows for sure until you collect some data, chart the data if needed, and analyze the results on an ongoing basis. This canít wait until the next internal audit, which is three months away.
Even though non-conformities or corrective action reports (CARs) were written, some areas needed more attention in the form of these mini audits. These audits were carried out in five separate departments for different reasons and objectives. Each audit only took about 15 to 20 minutes per week, but gave management more data to see if corrective actions were carried out and their effect on the business. The duration of most of these audits lasted just four to six weeks. For example, from one quarterly audit an issue was raised regarding the revision levels of our raw material specifications. There were some inconsistencies between the hard-copy documents and some of our database files. After four weeks of sampling the raw material specifications, we found that we simply had too many data bases storing the same information. (Welcome to our world of decentralized computing!). Sometime the obvious isnít so obvious until you look at the data. In this case, we picked the low hanging fruit and eliminated the raw material specifications from one of the databases.
In another example, a quarterly audit raised the question of whether operators were performing the proper quality checks on the production lines. In this case, production records were randomly sampled weekly for 25 weeks to see if the proper checks were done. This raised awareness of the importance of the quality checks. At the end of this duration, errors in production dropped about 18-20 percent, and there was about a 10 percent drop in customer complaints. Other factors may have contributed to these statistics, but the weekly, mini-audits helped as well.
Elementary, my dear Watson
Whether you are an internal or external auditor, youíre always fighting the battle of paper-trails and traceability. Auditors are always faced with the task of connecting the dots. Paperwork and documents flow through a company bureaucracy like itís nobodyís business. The fictional character, Sherlock Holmes, had the unique ability and memory to connect all facts logically. Unfortunately, we arenít all so lucky. Each department in a company has its own documents Ė hard-copy and digital. The employees in each department know exactly what they do to their documents. However, not everyone knows how all documents in the company are interrelated or connect to one another.
To address this issue, a number of systems were set-up within the company. These included a complete paper trail audit system with instructions to connect most documents as well as a database routine which linked all documents to the appropriate ISO 9001 standard element, e.g. "Control of Nonconforming Product." These systems proved to be big time savers.
Tactical Advice: Where do we go from here?
This article explains how one company tackled the plan, strategically and tactically with respect to the internal auditing function. When it comes to tactical advice, thereís plenty of information in various trade journals, consultants, registrars, and even from other companies in your industry. Investigate, seek, and explore for ideas, but donít duplicate. What works for one company, may not work in another. All companies are unique and may adapt in their own way to ISO 9001.
Intermec Media has made considerable progress in one year and is facing the new ISO 9001:2008 revision, which was released in November 2008. Although the experts say the changes are minor in nature and emphasize clarifications, the company has addressed its 2009 audit program with the mindset of continuous improvement. But at least weíre facing it with a plan in place, rather than no plan at all. Happy trails.
This article originally appeared in the Quality Digest Newsletter, in February 2009.