By Denise Robitaille
We often get so focused on doing things a certain way that we sometimes miss great ideas that are just beyond our self-limiting periphery. I’ve done a lot of training and writing around the subject of developing internal audit schedules. With the goal of ensuring complete coverage and appropriate frequency based upon criticality and risk, I’ve trained clients in how to put together internal audit plans that provide value while also ensuring fulfillment of ISO 9001 (or comparable) QMS requirements. The scheme works well and is beneficial to users. But it’s not the only way to get the job done.
I recently heard Larry Martof from the American Institute of Steel Construction speak at NASCC: The Steel Conference on the subject of “quick methods for quality assurance audits.” He presented a scheme that blends multiple types of audits into the annual audit plan. I am indebted to him for giving me a fresh perspective on developing internal audit programs.
The format presented accommodates resource constraints, varying levels of auditing expertise, and multiple perspectives. These combined allow for a comprehensive systemic view of the organization.
He presented five different kinds of audits: mini, targeted, process, product, and project. Any one of these taken individually would make it impossible to fulfill QMS auditing requirements or to allow for the holistic perspective needed to assess the integrity of interrelations and interdependencies. However, if the review of the results are combined, the information derived can be powerful.
The mini audit has the narrowest focus. It’s used predominantly to assess the effectiveness of actions taken after a nonconformance has been corrected or corrective action has been implemented. It can also be used to facilitate root cause analysis, before a corrective action plan is developed. These utilize the tools of auditing to look at a specific issue. The complexity of the issue drives the determination of duration and intricacy. However, the intent is to remain within a narrow focus. The downside to this type of audit is that it’s not necessarily planned and, therefore, cannot be relied upon as the sole audit to ensure assessment of part of a system.
The targeted audit delves deeply into a subprocess. Its focus is broader than the mini in that it’s not driven by a particular issue. Due to its narrow focus, it shouldn’t consume too much time while still utilizing the process approach. It is in essence an abridged version of a process approach. This type of audit relieves some of the stress on resources by limiting the scope. Instead of being away from their regular jobs for two or three hours, auditors can usually complete them in a brief period of time. Taken solely, they aren’t adequate to ensure conformance of processes. However, as interim assessment activities, they provide supplemental oversight of activities whose level of criticality may warrant more frequent audits.
Process audits are the cornerstones of an internal audit program. They’re the type of audits around which I construct traditional audit schedules. They are emblematic of process approach, reflecting assessment of defined inputs, control of activities, verification of desired outcomes and adequacy, and control of resources, such as documentation, training, equipment, calibrated instruments, effective communication, and appropriate work environment. Over time, multiple process audits allow for focused scrutiny of individual processes while also taking advantage of the opportunity to observe interrelation with abutting or sequential processes as well as systemic processes such as document control. They take longer than mini or targeted audits. Because these audits form the core of the audit program, they should be performed by more experienced internal auditors.
Product audits shift the lens to the product. In these audits inspection records, revision control, conformity to specifications (including those for packaging, certification, and labeling) are assessed for a particular product. These audits reinforce the essential concept that output matters. If we’re controlling processes and doing all the right things, the product should be what the customer wants. These audits don’t necessarily require comprehension of the process approach—although it’s always helpful—and so auditors may not have the same level of experience or expertise as those conducting process audits.
A project audit look at how a series of processes from concept to delivery have been implemented. It has elements of both the process audit and the product audit. It serves to reinforce the criticality of upstream processes such as design control and qualification of suppliers. Because it looks at everything from cradle to grave, it also allows for a review of lessons learned, including the good news, which is often neglected in audits. These audits don’t necessarily delve deeply into any one process.
If we look at the results of these audits in combination, we have a richer texture to assess how effectively and efficiently we work and how well we are serving our customers. The targeted audits can supplement information from product audits and help to understand why something went wrong. Mini audits can shed light on one aspect of a project.
Although each of these audits can stand alone as a point of information, none of them is adequate to ensure the whole system is working. However, an audit plan designed to exploit the unique perspective of each audit and interwoven to accommodate multiple focal points can provide multi-faceted and in-depth information that can augment an organization’s ability to experience significant benefits from its auditing program and ultimately its QMS.
About the author
Denise Robitaille is the author of numerous books on various quality topics. She is an internationally recognized speaker who brings years of experience in business and industry to her work in the quality profession. Denise is an active member of U.S. TAG to ISO/TC 176, the committee responsible for updating the ISO 9000 family of standards. She is also an Exemplar Global-certified lead assessor, an ASQ Certified Quality Auditor, and a fellow of the ASQ.
Denise’s latest book The (Almost) Painless ISO 9001:2015 Transition was published by Paton Professional in late December.