A properly conducted audit is a positive and constructive process in enhancing the performance of an organization. The 2000 version of ISO 9001 standard was revised to introduce the process-based quality system approach. Consequently, it brought greater prominence to the process-based auditing technique and practiced as a preferred system audit approach. ISO 9001:2015 employs the process approach as well as risk-based thinking in deploying quality management systems.
While the process approach enables an organization to plan its processes and their interaction, risk-based thinking enables an organization to determine the factors that could prevent processes and system to achieve planned objectives and to put in place controls to mitigate its effects.
The addition of risk-based thinking to ISO 9001:2015 necessitates supplementing the process auditing technique with risk-based thinking.
Using a case study, the assessment technique described in this presentation blends the process auditing approach with the risk-based thinking to provide a tool to conduct efficient and effective audits. Using this tool, the auditor can carefully examine critical process characteristics, underlying potential risks, and its effects on process output. Benefits of this tool include:
- Identification of preventive controls to avoid or minimize negative factors associated with risk
- Determination of interaction of processes with related functions of the organization e.g. human resources, production, and procurement etc.
- Identification of system and process deficiencies at departmental boundaries due to silo affects