Re: Time for changes - Does your organization really benefit from internal audits?
Discordian said:
I've done internal and external auditing and really don't see much difference of substance in the methodology.
which is Andy's point...
As far as they are benficial?
That's all up to upper management, isn't it?
If they take them seriously then they will be beneficial. If they see them as a necessary evil, not so much. If they seem them as a non-priority then not at all.
So maybe the question would better phrased as "does your management support an audit program"?
The best audit process in the world will be ineffective if it's not supported.
True enough - as far as it goes. but this is really an iterative and evolving process - as ISO 2000 intended.
initially, INTERNAL auditing is primarily about compliance; and for the purpose of achieving of registration it is value add...
However, after registration is achieved merely auditing for compliance is not very value add at all - in *my* opinion and expereince. and it therefor rapidly loses active support from management in many cases. It becomes nothing more than a police action or at worst it's perceived as "tattling"
I think the question really is: is internal auditing - as it is typically performed as compliance based - value add? if not, why not? or if so, why?
and the logical next question is how to make internal auditing more value add? Andy - correct me if I've gotten it wrong.
As for management support - yes it is necessary but not sufficient in itself. After all "management" doesn't always know what is the best approach to take. That's why they hire subject matter experts: us. we need to recommend and implement and demonstrate better ways of doing things. This is what gains effective management support. It's a bit of a chicken and egg thing. It's iterative.
When I was a Quality Manager I required my internal audit teams to perform effectivness auditing and de-emphasized compliance auditing after registration.
an example: at one of my previous jobs my lead auditor became 'enthralled' with a finding in the packout process. The procedure had a 'throwaway' line that the operator was to perform a certain aspect of the process while seated on a swivel chair. The operators didn't do this - they stood. They could have performed the operation while seated but chose not to. Now this seating 'requirement' was not needed for ergonomic or safety reasons. It was just a silly slip - the originator of the procedure had observed the original operator sitting on swivel chair and simply wrote it into the proceure years before the audit and subsequent revisions of the procedure didnt' remove teh statement. Now of course it shouldn't have been in there if not required, but in the grand scheme of things this was so far on the right hand side of the pareto for causes to our quality problems that it was ridiculous. we could have spent time issuing a finding and revising the procedure and then re-auditing to ensure that the change was implemented and logging it in the database and - oh since this was an internal audit finding we also needed to determine and eliminate the cause of why operators weren't following the procedure -
but towards what end? We had real quality problems to deal with and a finite set of resources with which to address them. Not only did managment find this finding - and the many others like it - non value add, but they questioned the usefulness of the entire audit function. The auditor never saw or even really looked for the process issues that were driving our quality problems in this function.
From my perspective, auditing for compliance is needed but it should not be the primary purpose of internal audits. So compliance audits, in my opinion and my experience are of limited value add to any organization because all they do is maintain the status quo, they don't initiate significant improvements and are therefore not considered highly value add to managment.