Auditing - System Approach and Process Approach Differences?

N

NumberCruncher

#11
Hi to everyone

I became one of the company internal auditors by accident. :( Partly because I have an IQ greater than my height in inches, (and I'm average height), but mainly because, as the newest member of staff, I didn't have the ability to say "*&£+ ^@#<>!!" to the company that had just taken me off the unemployment register.

I was happy with my metre long nested Excel formula, my mountains of numbers and my lovely graphs. I liked my vba macros and my beautiful flow diagrams. I'm at ease with my unnatural interest in statistics (something about the bimodal normal distribution, but that's another story:)).

Now on a regular basis, I am forced to do audits, with two day's worth of training. :frust:

When I do my audits, I just ask one question.

"What is going wrong here?"

I try to talk to the people who do the job and ask them what problems they have and how they would solve those problems.
I suggest ways that I would solve the problems.
If I know of other problems with a particular area that end up affecting me and the job that I do, I include those problems too.
I take photos where necessary.
I do a paper chase to the depths of hell. I do my best to find every inconsistency, every omission, every error, every spelling mistake in all of the relevant S.O.P.s.
Then I try to write the longest, most comprehensive, most critical audit report that I am able to write, complete with references to TS16949. If it only takes them a week to work through my audit, I haven't done it properly.

If anyone complains, then -

"I'm just doing my audits thoroughly. Here are the things that are wrong with what the company is doing. I'm showing you areas where you can change things for the better, to streamline the work, to improve the way we do things. And isn't it better for these problems to be spotted by an internal auditor? Then we can fix the problems before the external auditor finds them." :notme:

In short, I try to be the biggest pain in the a*** that I can!!!:mad:

What can the company do? Complain that I am doing my job too well? :confused:

And if they take me off the register of internal auditors, I will obviously be emotionally devastated :lmao: that they have chosen to treat me in such a manner. But I know that I will eventually recover from the loss :thanx: :thanks: and console myself by doing the job I was originally employed to do.:popcorn:

Now here is my question.

Having read the above, would you say this is this a system approach or a process approach?

NC
 
Elsmar Forum Sponsor

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#12
Hi to everyone

I became one of the company internal auditors by accident. :( Partly because I have an IQ greater than my height in inches, (and I'm average height), but mainly because, as the newest member of staff, I didn't have the ability to say "*&£+ ^@#<>!!" to the company that had just taken me off the unemployment register.

I was happy with my metre long nested Excel formula, my mountains of numbers and my lovely graphs. I liked my vba macros and my beautiful flow diagrams. I'm at ease with my unnatural interest in statistics (something about the bimodal normal distribution, but that's another story:)).

Now on a regular basis, I am forced to do audits, with two day's worth of training. :frust:

When I do my audits, I just ask one question.

"What is going wrong here?"

I try to talk to the people who do the job and ask them what problems they have and how they would solve those problems.
I suggest ways that I would solve the problems.
If I know of other problems with a particular area that end up affecting me and the job that I do, I include those problems too.
I take photos where necessary.
I do a paper chase to the depths of hell. I do my best to find every inconsistency, every omission, every error, every spelling mistake in all of the relevant S.O.P.s.
Then I try to write the longest, most comprehensive, most critical audit report that I am able to write, complete with references to TS16949. If it only takes them a week to work through my audit, I haven't done it properly.

If anyone complains, then -

"I'm just doing my audits thoroughly. Here are the things that are wrong with what the company is doing. I'm showing you areas where you can change things for the better, to streamline the work, to improve the way we do things. And isn't it better for these problems to be spotted by an internal auditor? Then we can fix the problems before the external auditor finds them." :notme:

In short, I try to be the biggest pain in the a*** that I can!!!:mad:

What can the company do? Complain that I am doing my job too well? :confused:

And if they take me off the register of internal auditors, I will obviously be emotionally devastated :lmao: that they have chosen to treat me in such a manner. But I know that I will eventually recover from the loss :thanx: :thanks: and console myself by doing the job I was originally employed to do.:popcorn:

Now here is my question.

Having read the above, would you say this is this a system approach or a process approach?

NC
I would qualify this description of activities as walking on burning coals, but I have not seen you describe how you verified and validated how which process is doing what in support of the QMS certification to which standard.

Let us be honest with one another. What you described is the sort of thing an Quality Engineer or a Quality Manager might do. But my experience is that an internal auditor is expected to do simple verification of activities' conformance to standards. Your doing more shows you care, but it should be taken into context. Those that appreciate it may well vouch for your good service, but unless your employer has asked for this good work it might not get recognized.

Still, nothing is wasted. This is all good for your professional development and your resume.
:2cents:
 
N

NumberCruncher

#13
Hi Jennifer

Your comment about "... an internal auditor is expected to do simple verification of activities' conformance to standards." explains why the internal audits done by other people seem rather cursory. A bit like being given the task of investigating the reasons for a multi-car pile up and observing that "The vehicles, in their current state, will need some improvement before the next MOT test." The statement is true, but to me, it seems to be missing the point.

[MOT test = Ministry of Transport test, a mandatory yearly vehicle check for basic road worthiness in the UK]

Perhaps I would be better suited to being a Quality Engineer. The problem is, I don't want to be a Quality Engineer. I want to be... a Lion Tamer!

Oh dear, I feel a Monty Python sketch coming on.

http://www.youtube.com/watch?v=XMOmB1q8W4Y

I'll go away now and let other people talk about this topic sensibly.

NC
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#14
Hi Jennifer

Your comment about "... an internal auditor is expected to do simple verification of activities' conformance to standards." explains why the internal audits done by other people seem rather cursory. A bit like being given the task of investigating the reasons for a multi-car pile up and observing that "The vehicles, in their current state, will need some improvement before the next MOT test." The statement is true, but to me, it seems to be missing the point.

[MOT test = Ministry of Transport test, a mandatory yearly vehicle check for basic road worthiness in the UK]

Perhaps I would be better suited to being a Quality Engineer. The problem is, I don't want to be a Quality Engineer. I want to be... a Lion Tamer
Yes, it does explain why most audits are rather cursory. But the essentials must get done, and then we can work on the rest.

You don't need to be a Quality Engineer to help with organizational performance. You need an organization that wants performance.

I have been doing as you described, but I have had to pick my battles. Some of my process owners just want the minimum. They want compliance auditing, then say "Just tell me what you want" and do the minimum so the audit will be closed. We very often find each other together again, hashing over the same issue. It gets uncomfortable and frustrating, but in these re-iterations both parties can come closer to a consensus that some fundamental improvement is needed.

It helps for the auditor to have a strong manager who champions the improvement cause. Do you have that person at your back? It shows the organization that your methods are sanctioned, that you are not just a swashbuckling caped crusader.

Some of my process people have been more open minded, and actually asked for my help in renovating their processes. The results have been very good, and provide a sense of team achievement we enjoy.

And so the answer to your question is a maddening "it depends." Certainly I don't regret doing what you are suggesting. I think more people ought to.
:2cents:
 

Helmut Jilling

Auditor / Consultant
#15
Hi to everyone

I became one of the company internal auditors by accident. :( Partly because I have an IQ greater than my height in inches, (and I'm average height), but mainly because, as the newest member of staff, I didn't have the ability to say "*&£+ ^@#<>!!" to the company that had just taken me off the unemployment register.

I was happy with my metre long nested Excel formula, my mountains of numbers and my lovely graphs. I liked my vba macros and my beautiful flow diagrams. I'm at ease with my unnatural interest in statistics (something about the bimodal normal distribution, but that's another story:)).

Now on a regular basis, I am forced to do audits, with two day's worth of training. :frust:

When I do my audits, I just ask one question.

"What is going wrong here?"

I try to talk to the people who do the job and ask them what problems they have and how they would solve those problems.
I suggest ways that I would solve the problems.
If I know of other problems with a particular area that end up affecting me and the job that I do, I include those problems too.
I take photos where necessary.
I do a paper chase to the depths of hell. I do my best to find every inconsistency, every omission, every error, every spelling mistake in all of the relevant S.O.P.s.
Then I try to write the longest, most comprehensive, most critical audit report that I am able to write, complete with references to TS16949. If it only takes them a week to work through my audit, I haven't done it properly.

If anyone complains, then -

"I'm just doing my audits thoroughly. Here are the things that are wrong with what the company is doing. I'm showing you areas where you can change things for the better, to streamline the work, to improve the way we do things. And isn't it better for these problems to be spotted by an internal auditor? Then we can fix the problems before the external auditor finds them." :notme:

In short, I try to be the biggest pain in the a*** that I can!!!:mad:

What can the company do? Complain that I am doing my job too well? :confused:

And if they take me off the register of internal auditors, I will obviously be emotionally devastated :lmao: that they have chosen to treat me in such a manner. But I know that I will eventually recover from the loss :thanx: :thanks: and console myself by doing the job I was originally employed to do.:popcorn:

Now here is my question.

Having read the above, would you say this is this a system approach or a process approach?

NC
Gee, NC, I wouldn't say it is either a system or a process audit. I would say it was an inquisition, and misses the point of continual improvement.

Audits are not supposed to be battles done with blunt instruments.

Being the "the biggest pain in the a*** that I can..." is not constructive.

Doing "a paper chase to the depths of hell... [doing] my best to find every inconsistency, every omission, every error, every spelling mistake... is not streamlining and improving a QMS.

The purpose of an audit is to review a process from a somewhat more objective point of view, helping the process owners identify for things that are not the way they should be, and seeking ways to improve them. You are supposed to be on their side, not be an enemy to be feared...

If you are not receiving cooperation and respect...you might want to reevaluate your approach?

Best wishes...
 

Helmut Jilling

Auditor / Consultant
#16
A system audit is often done by an external auditor - CB auditor at a Certification 'stage 2' or by an SQA, in a pre-award supplier evaluation.

Internal auditors often do system audits, early in the implementation of an ISO standard, to prepare for Certification. Process audits can be the principle focus of internal audits, or SQA auditors, or even by a CB auditor, at a surveillance.

It's more a case of selecting which is going to give the right results for the situation under consideration. Whatever that is, Jennifer gave a good response.
I would propose a different answer. The confusion is compounded in the TS standard which requires a system audit, a manufacturing process audit, and a product audit. Unfortunately, it does not describe or offer any detail.

I would propose the following clarification:

The ISO standards recommend and support a process approach. They require the quality system to be defined as a series of processes. Not departments, not elements, but processes.

So, if the system is defined as a series of processes, then it should be audited as a series of processes. Sure, there will be times you do a gap analysis of each requirement, to make sure everything is covered. But, the intent is to audit a series of interacting processes.

In other words, a system audit IS a process audit. It is an audit of how the processes in the system perform and interact.

I think it is easier to understand and implement if you see it this way. And, it is the intent of ISO 9001 based systems, as I understand it.
 

harry

Super Moderator
#17
........................... If you are not receiving cooperation and respect...you might want to reevaluate your approach? .............................
I love this last sentence. It is a 'painful' truth which many do not have the courage to admit and face and it applies practically to most situations. I recalled someone complaining about people not interested in the training he/she conducted - the answer lies in this sentence (instead of blaming others).
 
#18
Helmut, I don't disagree...however;

Some folks only (internally) audit their qm system - they take what they learned in a LA class and apply it, rigorously. As a result, they end up auditing the whole system each and every time - from receipt of an order to shipping. Sure, they audit processes (perhaps, usually it's 'elements') but rarely does such an audit program take a single or few processes at a time.

Often it's done once or twice a year, just before the CB arrives and, often, the CB auditor is happy to see this! It's said that imitation is the sincerest form of flattery, and it's very true with qms audits! It's not compliant with ISO, but hey, it gets past the auditor...

Often, when consultants perform internal audits, clients don't want to pay for then to be done frequently - it's too expensive! So the default becomes one or two system-wide audits, which 'cover all the elements' and reduce the risk of a CB nonconformity.

So, yes a qm system audit should be a process(es) audit...but my experience tell me it rarely is and, worse, it's often all that's done, irrespective of the maturity of the organization's system.
 
M

Muadh

#19
Great answer, Haifeng! And, if I can elaborate just a bit on the definition of "Process": "(A) Sequence of interdependent and linked procedures which, at every stage, consume one or more resources (employee, time, energy, machines, money) to convert inputs (data, material, parts, etc.) into outputs. These outputs then serve as inputs for the next stage until a known goal or end result is reached."

Source: BusinessDictionary

Using various "tools", e.g. flow-charting, mapping, etc., the process approach, then, provides improved understanding and communication, which can provide the following benefits:

  • The integration and alignment of its processes to enable the achievement of its planned results.
  • An ability to focus effort on process effectiveness and efficiency.
  • An increase in the confidence of customers and other interested parties as to the consistent performance of the organization.
  • Transparency of operations within the organization.
  • Lower costs and shorter cycle times through effective and efficient use of resources.
  • Improved, consistent and predictable results.
  • The identification of opportunities for focused and prioritized improvement initiatives.
  • The encouragement and involvement of people, and the clarification of their responsibilities.
  • The elimination of barriers between different functional units and the unification of their focus to the objectives of the organization.
  • Improved management of process interfaces.
Source: ISO
 

LUV-d-4UM

Quite Involved in Discussions
#20
TS requires auditing the system, process and Product. I approach it this way:
QMS- audit the PDCA Continuous Improvement Initiative
Process- audit the process input, output, the linkage and effectiveness
Product - either do dock audit or I have taken a product from the inventory and have the tester conduct the same test as described in the Control Plan.

The above seems to be acceptable to the auditor.
 
Thread starter Similar threads Forum Replies Date
P System Audit Approach - Application of VDA 6.3 - Process Auditing VDA Standards - Germany's Automotive Standards 2
B Process Approach to Auditing Quality Management System Internal Auditing 12
A Process Approach to Auditing Undocumented Processes at the System Level Internal Auditing 7
M Auditing ISO9001/AS9100 7.3 Design and Development Quality System Effectiveness Manufacturing and Related Processes 12
F Looking for a free Online Auditing Software / System ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
W Internal Auditing - Observational Checklist for a Behavior Based System Internal Auditing 3
J Auditing Returned Goods Tracking System - Tracking returned Class 1 Medical Devices ISO 13485:2016 - Medical Device Quality Management Systems 3
S Quality Auditing System - Audit Plan per guidance from ISO 19011 Internal Auditing 8
A Swimlane Diagram for Internal Auditing System - Anybody using this? Process Maps, Process Mapping and Turtle Diagrams 13
C Who is responsible for auditing the Internal Audit system? ISO 13485:2016 - Medical Device Quality Management Systems 56
Jen Kirley Beyond Compliance: Value-added auditing for system performance The Reading Room 9
Y How do you Perform Internal Audit on your Internal Auditing System? Internal Auditing 18
C Does auditing improve a Quality or Business System? Internal Auditing 7
J Setting up ISO9001 system - when to start internal auditing? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 17
I Process Auditing for our TS system - Please help and review if you would be so kind Process Audits and Layered Process Audits 7
T Auditing Process and System to TS 16949 - SMMT Industry General Auditing Discussions 7
S Process and system auditing - numerical score methods General Auditing Discussions 3
J Auditing 5.4.2 Quality System Planning General Auditing Discussions 4
S ISO 9001:2015 Internal Auditing Internal Auditing 8
H Auditing Santa's workshop General Auditing Discussions 0
C List of MDSAP Auditing Organizations Medical Device and FDA Regulations and Standards News 1
A What are the pros and cons of using an audit software for internal auditing? General Auditing Discussions 7
cscalise Suggestions for MDR Auditing tools EU Medical Device Regulations 1
J Auditing of Support Function IATF 16949 - Automotive Quality Systems Standard 9
D ISO 13485, FDA 21 CFR 820 and Auditing the Accounting Department ISO 13485:2016 - Medical Device Quality Management Systems 5
S Risk based internal auditing Internal Auditing 6
Randy Remote auditing (for disaster, disease, disturbance etc...) during the Neo Coronavirus Pandemic and Social Distancing Registrars and Notified Bodies 7
K ANVISA B-GMP Auditing requirements for Contract Manufacturers Other Medical Device Regulations World-Wide 1
F AS9100D Internal auditing requirements Internal Auditing 11
R Does any here use an internal auditing tool that works on different platforms? Internal Auditing 3
W Does anyone have an API Q2 checklist for internal auditing? Oil and Gas Industry Standards and Regulations 1
G Best Practices for IT auditing - Is a session-id necessary for a complete audit trail? IEC 27001 - Information Security Management Systems (ISMS) 0
I Questions to ask when auditing for Organizational Leadership and Planning for the QMS? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
C CE marking for general IVD (self-certified) & ISO 13485 QMS requirements - auditing EU Medical Device Regulations 6
blackholequasar Internal Auditing Inspiration - Getting volunteers to perform internal audits. Internal Auditing 22
W Internal Auditing carried out by a 3rd party - Review of previous audits AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
tony s What is the automotive process approach for auditing? IATF 16949 - Automotive Quality Systems Standard 2
S Internal Auditing for API Spec Q1 - auditor qualification requirements Oil and Gas Industry Standards and Regulations 6
R I've been auditing for a CB for 18 years General Auditing Discussions 10
P Consultant Auditing Qualifications Requirements ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 23
E Informational Internal Audits - Wear multiple hats what can and can't I audit (so I'm not auditing my own work) Internal Auditing 149
M We still have not received our certificate due to a 'backlog' with our auditing body Registrars and Notified Bodies 25
N Online Internal Auditing Course for ISO 13485 - Suggestions ISO 13485:2016 - Medical Device Quality Management Systems 8
A Agenda for 8D audit on Supplier's side - Auditing Corrective Actions General Auditing Discussions 5
U Internal auditing - Company employees or contract second party Internal Auditing 10
J Recomended Values - Auditing process in a supplier IATF 16949 - Automotive Quality Systems Standard 18
M Canada - Registrars that allow e-auditing for ISO 9001? Registrars and Notified Bodies 4
K Internal Auditing - Umbrella QMS and Multiple Standards Oil and Gas Industry Standards and Regulations 4
D Auditing Our Outsourced 2nd-3rd Party Internal Audit Company ISO 13485:2016 - Medical Device Quality Management Systems 6
supadrai Auditing Organization dragging their heels on issuing our MDSAP Surveillance Audit Confirmation Letter - everyone is nervous ... are we the only ones? Canada Medical Device Regulations 7

Similar threads

Top Bottom