Welcome to my blog for all things related to business quality (processes, systems and ways of working), products and product quality, manufacturing and operations management.

This blog is a mixture of real-world experience, ideas, comments and observations that I hope you'll find interesting.



Assess yourself

No, it isn’t a Madonna song or anything written by New Order for the England football team!

In order to go somewhere that you want to be you need to know where you are now, otherwise how do you know in which direction to travel?

A key element of many Quality Management Systems – for example, ISO 9001 – is the idea of self-assessment, often called ‘internal audit’. This differentiates itself from the external audit where an expert body such as BSI or LRQA or others comes in and assesses you against an official Standard. The internal audit is done by members of an organisation for its own benefit and is seen as more frequent, less formal, and hugely beneficial in that it helps both the auditor and auditee equally – everyone learns something.

Although some purists insist on acting in loco Assessment and Certification body, making the internal audit indistinguishable from its external cousin, I have always taken a more flexible, friendly and interactive approach to get the best out of the process. (Not to imply that external auditors can’t be friendly too, of course!).

As an internal auditor (whether a member of the organisation’s staff or not) I think you are there not only to assess whether the Standard or the processes are being implemented as it ‘says on the tin’, but also to help the auditee understand the system and to improve the processes or procedures where they fall short of what is required, preferably before they lead to problems in products or services or other areas. It allows people to express their concerns and views about how work is done in the organisation, and it helps you to identify best practice. In other words, this is a key mechanism for ensuring Continuous Improvement.

To start the internal audit you need to agree its scope, i.e. what specific areas of the business and what processes or systems are you covering. You will want to examine documentation or computer records, perhaps looking for specifications, diagrams, standards, procedures, records of processes or tests being done, checklists, analysis, Corrective Action records, and so on. You will certainly want to ask questions of the auditee and please make these open questions (what, why, how, etc) not closed or leading ones (“do you follow the process?”).

Look at the way that information flows and processes interact. How do people know when to start a process or a procedure? How do they know what to do? What are the steps they take and how do they know when and how to take them? Where are the records of them completing their actions; can they find documents and records easily? How do they know they have done the actions correctly and what happens when they have finished? Does everyone always use the processes they have described or are things sometimes done in a different way? How could the processes or procedures or systems work better or be easier to use?

It is important to de-personalise the process and make it objective rather than subjective wherever possible; look for specific evidence of something being done or not done. Use the auditor’s favourite phrase “show me…” to search for objective evidence not merely opinion, although for an internal audit both are important. Make sure you write down the details of documents or facts presented to you, then what else that led you to, then in turn what that led to, and so on, as a record of what you saw (‘audit trails’).

Your audit report can be very short – mine are rarely more than two pages and usually only one – and cover who was audited by whom and when, the scope and the standard being assessed against, the audit trail i.e. reference number and name of any documents, files or other material that you looked at, and a summary of what you found including Non-Conformances (i.e. not doing ‘what it says on the tin’), agreed Corrective Actions, or areas where you both think that improvements might be appropriate. By the way, the words ‘agree’ and ‘both’ are critical here, the findings should be fully and willingly agreed to by all parties as it’s your joint work rather than an examiner’s report!

If you see areas that do need improvement the Corrective Actions (or maybe Preventive ones) should also have the buy-in of the people who are affected and responsible for that area of business as well as the auditee.

Most of all, just to re-iterate, the Internal Audit is not a test. It is a way of helping the organisation and the people in it improve their ways of working and should be seen as a constructive and collaborative act not an assessment; it should contain no element of blame.

In other words, it’s about seeking improvement not criticism.

Internal Auditor Training How could the processes or procedures or systems work better?

Leave a Reply




You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>