Approach to Internal Auditing

[eee]

Before the beginning of a planned audit in one of departments we suggest them ( Manager, his Deputy, one-two specialists on middle level management and Supervisor) to fill out a special form named "What is the process in your department?". It's a kind of self-assessment. Then we collect these forms and analysed differences in their answers. They are always occured! It is a good input to the following audit. It seems like an evidence of understanding the System. Then our auditors put their efforts to find the causes of misunderstandings and eliminate these differencies. We are sure this approach brings value-adding to our internal audit system. The main problem is to change these questionnaries every planned audit year in order to make them (see ab.) think from various points of view.
What do you think about such approach?

 

[M Greenaway]

Interesting

It would normally be one of the first questions of an audit anyway. It may yield some important signals, but the differences might just be simple mis-understandings in detail. Do you still audit compliance of the process to ISO9000, or is it just an audit of management understanding of their processes ?

 

[eee]

If we consider cl. 8.2.2 it is more important for us to comply para. b) and then a), i.e we need to ensure that our system is effectively implemented and maintained. An understanding of all participants of the process of what is done is a milestone of this ensurance. Today we are sure that our system is in compliance to the requirements of ISO 9001. It is confirmed by external audits.

 

[M Greenaway]

I am amazed that so many people in this cove do not conduct internal audits to the requirements of the standard. Reliance on external auditors adequately performing this function is in my humble opinion naive. Also this reliance effectively puts your ISO9000 certificate on the line at every external audit, not to mention the inadequacy of external audits.

 

[eee]

"Inadequacy" - you are right!
JOurHO such xternal audits don't add value to our system. 70% of n/cs are "the form ¹.. is filled not in accordance with SOP". We do such findings better. But we are proud of our Certificate and sure that it should be valid till next 2 years. To comply to Standard req's isn't a problem for us.

 

[db]

Good first step

I agree with Martin that it is a good first step. But to go beyond that, if they really look at the process, not just fill out the form, then it could also be a strong tool for improvement.

Martin, I for one feel that auditing must be both process and system focused. Just looking at the process might not yield some information that auditing to the standard would reveal. If our goal is truly continual improvement, we must look at (read audit) our system from a variety of different ways.

 

[Claes Gefvenberg]

It would normally be one of the first questions of an audit anyway.

Same here. We always ask people to describe what they do and how.... If nothing else it sets the audit off in a positiv way: People like to tell you about what they do, and you frequently get answers to some other questions on the fly.

As for the original question, it can't be a bad thing to get peole thinking about the audit *before* you get there.

/Claes