the value of using the process approach for internal auditing frank sidorowicz tl 9000 program...
TRANSCRIPT
The Value of Using the Process Approach for Internal Auditing
Frank SidorowiczTL 9000 Program DirectorOrion Registrar, Inc.
Orion Registrar, Inc. 2
Why are internal audits conducted? Obtain factual input for management
decisions?---or---
Produce data needed to receive certification?
Improve documentation? Enforce conformity?
Orion Registrar, Inc. 3
The Old-Fashioned Way of Auditing Quality audits focused on procedures
and not on quality Auditors did not examine costs or OTD “Quality” was how well an outcome
met the needs of those for whom it was provided Good quality = satisfied the needs Bad quality = failed to meet the needs
Orion Registrar, Inc. 4
The Old-Fashioned Way of Auditing Companies ignored outcomes and
customer satisfaction when auditing Auditors were looking to “check the
box” leaving performance ignored and unchallenged
Conformity auditing looking to establish if specific requirement had been met
Requirement may have focused on a task, not performance result or output
Orion Registrar, Inc. 5
Document Review and Approval Auditor looked to see if documents had
been reviewed and approved by authorized person
Did Auditor look for: Competency of approver Why change was made Did change improve performance
Orion Registrar, Inc. 6
Clause Approach to Internal Auditing
Orion Registrar, Inc. 7
Clause Approach to Audit Plans Planned and conducted against clauses
(sections) of Standard Matched with person or department
within organization Looking for conformity with clause
requirements
Orion Registrar, Inc. 8
Company XYZ
Time Element Clause8:30 am Opening Meeting / Plant Tour9:00 am Design Control 7.310:00 am Internal Audits 8.2.210:30 am Purchasing 7.4.1, 7.4.211:00 am Receiving Inspection 7.4.311:30 am Preventive Maintenance 6.3NOON LUNCH BREAK1:00 pm Training 6.2.21:30 pm Preservation of Product 7.5.52:00 pm Calibration 7.62:30 pm Statistical Techniques 8.5.13:00 pm Preparation for Closing Meeting4:00 pm Closing Meeting
Orion Registrar, Inc. 9
Clause Approach to Checklists Turn “shall” statements into questions
Requirement = “Organization shall establish and maintain a documented procedure for…”
Checklist question = “Is there a documented procedure for…”
Orion Registrar, Inc. 10
Clause Approach to Auditing
Does procedure cover requirements of Standard?
Are employees following procedure? Are records being kept? Auditor is looking for nonconformities
If found, write a major or minor If none are found, move on to next clause
Orion Registrar, Inc. 11
Overall Result of Clause Approach Little added value “Paper chase” correcting minor
problems has little impact on organizational effectiveness
Orion Registrar, Inc. 12
Department Approach to Internal Auditing
Orion Registrar, Inc. 13
Department Approach to Audit Plans Based on the organizational chart Departments are allotted timeslots in
schedule Evidence of conformity may be
gathered from more than one department
Orion Registrar, Inc. 14
Company ABC
Time Department8:30 am Opening Meeting and Plant Tour9:00 am Sales & Marketing10:00 am Engineering11:00 am SchedulingNOON LUNCH BREAK1:00 pm Production3:00 pm Maintenance / Calibration3:30 pm Preparation for Closing Meeting4:00 pm Closing Meeting
Orion Registrar, Inc. 15
Department Approach to Checklists Arrange clause checklists to follow trail
through department Identify general company procedures
and departmental procedures Determine questions from
requirements of both Standard and departmental procedures
Focus on checking conformity with procedures
Orion Registrar, Inc. 16
Department Approach to Auditing Auditor asks questions of department
manager and employees, jumping from requirement to requirement
May follow trail through department but will stop at department boundary
Orion Registrar, Inc. 17
Task Approach to Internal Auditing
Orion Registrar, Inc. 18
Task Approach to Audit Plans
Auditor will: Identify work areas to visit Establish tasks performed there Gather facts about tasks in terms of
personnel performing or supervising tasks, equipment used, and information generated
Take notes of items to be checked elsewhere (e.g. training records, calibration status)
Orion Registrar, Inc. 19
Task Approach to Checklists
Focus on particular tasks and identify questions related to person, item, equipment, and information
May use flowchart in planning checklist
Orion Registrar, Inc. 20
Task Approach to Auditing
Auditor interviews individuals to establish tasks being performed are compliant with requirements
Audit may start with contract or project and proceed toward completion, or start with end result and trace backward through relevant work areas
Orion Registrar, Inc. 21
Overall Result of Task Approach Focus remains on whether tasks have
been performed according to requirements of procedures and Standard
Evidence can be gathered resulting in nonconformities addressing trivia as well as major loopholes in system
Orion Registrar, Inc. 22
More Effective Methodology Needed Focuses on performance, not just
conformity Management needs to know:
Does performance meet targets Are there opportunities for improving
performance
Orion Registrar, Inc. 23
Process Approach to Internal Auditing
Orion Registrar, Inc. 24
Process Approach to Audit Plans Based on processes that achieve
organization’s objectives Requires auditor to know what the
processes are prior to conducting audit ISO/IEC 17021 (Stage 1 and Stage 2) Code of Practice for Registrars
Orion Registrar, Inc. 25
Process Approach to Audit Plans Common processes, for example:
Business management Marketing and sales Resource management Purchasing
Product / service realization processes are different for each organization
Plan shows audit trail through business processes and across department boundaries
Orion Registrar, Inc. 26
Process Approach to Checklists Does not require detailed checklist Auditor can be guided by their
understanding of the Standard
Orion Registrar, Inc. 27
Process Approach to Audit
Start with top management and business management processes
Continue with resource management processes, establishing linkages Effective resource management processes
will provide competent employees and capable equipment to other processes
Continue with other processes from marketing to delivery
Orion Registrar, Inc. 28
Value of the Process Approach Focuses on results, not procedures Determines effectiveness of the management
system Evaluates the results the system delivers Tests linkages between departments and
processes Follows flow of work throughout organization Determines if operations are under control and
controls are effective Allows judgment on significance of findings Helps determine depth of problems across
organization Focuses on benefits of correcting nonconformities
related to improving organizational effectiveness
Orion Registrar, Inc. 29
The Process Approach requires a change in attitude across the
organization!
Orion Registrar, Inc. 30
What the Approaches Provide Clause Auditing provides:
Evidence that procedures are being followed
Clause Auditing does not provide: Evidence that planned results have been
achieved Following procedures without regard to
output is ineffective
Orion Registrar, Inc. 31
What the Approaches Provide Department Auditing provides:
Evidence that organization has interpreted the Standard with respect to departmental responsibilities and procedures
Department Auditing does not provide: Evidence that planned results have been
achieved
Orion Registrar, Inc. 32
What the Approaches Provide Task Auditing provides:
Evidence that specific tasks have been accomplished
Task Auditing does not provide: Evidence that planned results have been
achieved
Orion Registrar, Inc. 33
What the Approaches Provide Process Auditing provides:
Data for managerial decisions on growth, technology, staff development, products / processes based on current performance, not just current conformity
Information on whether performance meets targets
Information on opportunities for improving performance through better control of processes
Information on making processes more effective and more efficient
Orion Registrar, Inc. 34
Why Switch Approaches on Internal Audits? Eliminates many of the weaknesses of
other approaches Enables internal auditors to help
establish effective management of processes
Orion Registrar, Inc. 35
Five Basic Questions at Three Levels Basic questions can apply for all three
levels even though the “specific questions” will be different What are you trying to do? How do you make it happen? How do you know you are doing it right? How do you know it’s the best way of doing
it? How do you know it’s the right thing to do?
Orion Registrar, Inc. 36
Five Basic Questions at Three Levels Business Level – Audit results should
make the auditor confident that the organization: Knows what it is trying to do Knows how to make it happen Knows that it is doing the right things Knows that it is doing it in the best possible
way Is managing performance
Orion Registrar, Inc. 37
Five Basic Questions at Three Levels Managerial Level – Audit results should
make the auditor confident that management: Knows what the process aims to achieve Knows how to design and cause processes
to achieve results Knows that it is doing the right things Knows that it is doing it in the best possible
way Is regulating performance
Orion Registrar, Inc. 38
Five Basic Questions at Three Levels Operational Level – Audit results
should make the auditor confident that individuals: Know what they are supposed to do Know they are doing the right things Know they are doing them in the best
possible way Are regulating their own performance
Orion Registrar, Inc. 39
Summary
Internal auditing using process approach Can take internal audit team from mission
statement to employee contributions Identifies clear linkages between
interconnected processes Ensures requirements of the Standard fit with
processes Eliminates weaknesses of other approaches Enables internal audit team to establish that
the organization is managing processes effectively
Orion Registrar, Inc. 40
Orion Registrar, Inc.7850 Vance Dr., Ste. 210
Arvada, CO 80003303-456-6010