Carte Blanche to Create an Audit Programme

I'm back to doing what I was originally hired to do (5.5 years ago) with my current organization and that's develop and implement an internal assessment programme. We are not ISO.

Essentially, I have carte blanche on creating a user-friendly, meaningful, simple yet robust programme.

If you had to sell the idea of "why" regarding assessment, what would you say? Thinking about Simon Sinek's philosophy of "People don't buy WHAT you do, they buy WHY you do it", how would get people to care about assessments?

Secondly, forget ISO...if you could create your own audit methodology, what would it entail? I'll be honest, I have an approach that involves a scorecard approach for practices and metrics, this way people have an idea of where they are and where they need to be...but I know that "scores" can intimidate people (especially where I work - in healthcare - with people so concerned about feelings).

Think about it...you've been invited to create your own audit programme. What do you do? That's essentially the audiing opportunity that is in my lap at the moment...

RoxaneB said:

Think about it...you've been invited to create your own audit programme. What do you do?

Click to expand...

I will try to add more comments and suggestions later, but, the ONE THING I would most definitely do, given this type of opportunity, is to talk to the higher ups in the organization and ask them: what kind of information would you like to have from my assessments? I would love to think that the organization leadership really sees the audit program as a component that gives them valuable information on how to make the organization progress in the maturity journey. What is the data they would like to see and know?

Obviously, they have to understand this is not an exercise in snitching, finger pointing, etc...but I would love to think that the leadership of the enterprise is perceived and treated as THE MOST important stakeholder of this activity.

Congrats, Roxane. I am sure you will deliver a fantastic assessment "programme".

PS. Despite your system not having to conform to ISO (9001), ISO 19011:2011 actually gives some good guidance to establish and improve audit programmes. I recommend you have a look at 19011.

I would make sure it isn't a "gotta" system. Focus on the big picture items and make corrections/corrective actions less burdensome.

Considering this is coming from senior leadership for a national organization, it goes without saying that they WANT this programme...at least for now. The stumbling block in the past has been actioning the findings and follow-through. Everything was quickly brushed under the rug, so to speak.

So, how do you encourage them to do not repeat that approach?

The high level theory is all there...they want to understand conformance to our processes and contractual requirements.

Given creativity in developing the tool to do just that. A standard ISO checklist of yes/no to conformance won't cut it - in my opinion. I really do want a numerical score so that way they are able to see tangible improvement next time around.

Would you take this approach or would you stick with the simple yes/no ISO checklist and with comments for documenting evidence.

Remember, this is essentially the opportunity to create a meaningful assessment programme...the programme of your dreams...what would you want it to have?

RoxaneB said:

I really do want a numerical score so that way they are able to see tangible improvement next time around.

Click to expand...

I know you've had experience with quantified scored assessments in a previous "life". Like everything else, there are pros and cons. The major con is to have consistent grading/scoring when using different assessors.

If I had this opportunity, I would totally redirect the audit program from conformance to performance. Why are certain programs, areas, service lines not delivering the service level the organization aims for. Having the freedom to question the design and implementation of business processes, rather than just verifying adherence to it is a much more gratifying exercise, in my experience. You become much more of an internal consultant, with latitude to influence the way the organization operates, rather than the pesky person checking if we are "doing what we are supposed to be doing". Obviously conformance would still be a part of the audit process, but auditing focused on performance delivery and improvement is much more challenging and rewarding, in my estimation. The opportunity to truly understand all the business processes interconnections and help the alignment of objectives, while breaking down silos should be hugely fulfilling.

Sidney Vianna said:

I know you've had experience with quantified scored assessments in a previous "life". Like everything else, there are pros and cons. The major con is to have consistent grading/scoring when using different assessors.

Click to expand...

This is why grading criteria are established, with keeping it simple:

• N/A
• 0
• 1
• 2
• 3

Keeping to just 0, 1, 2 lends us to sticking to the middle of the road on the scores with 1 being scored most of the time and the occasional 0 or 2. Defining what separates a 1 from a 2 and 2 from a 3 will be part of the program development and is something I've already started toying with (i.e., used COBIT as a reference).

Sidney Vianna said:

If I had this opportunity, I would totally redirect the audit program from conformance to performance. Why are certain programs, areas, service lines not delivering the service level the organization aims for. Having the freedom to question the design and implementation of business processes, rather than just verifying adherence to it is a much more gratifying exercise, in my experience. You become much more of an internal consultant, with latitude to influence the way the organization operates, rather than the pesky person checking if we are "doing what we are supposed to be doing". Obviously conformance would still be a part of the audit process, but auditing focused on performance delivery and improvement is much more challenging and rewarding, in my estimation. The opportunity to truly understand all the business processes interconnections and help the alignment of objectives, while breaking down silos should be hugely fulfilling.

Click to expand...

I'm not disagreeing with you, Sidney...I actually do agree with this, however, it is once again THEORY. It's like an ISO standard saying "...the auditor shall assess to performance not conformance" - we've been told WHAT to do but there is no guidance on HOW.

I guess I'm trying to get some tangible take-aways from the group. Tool development, for example:

• How would folks set up their assessment "checklist"...if they even had one.
• What would the output of the assessment look like?
• How would you include metrics within the assessment? Or would you?

Perhaps, in a way, it sounds as if I'm asking the Cove to do my work for me. Not my intention in the least. However, I have a tendency to create systems that are simple for me and too complex for our users. Looking for support or ideas on creating a simple system with user-friendly tools and actionable, valuable outputs.