Auditing that adds value to the business

K

Ka Pilo

#1
There are internal audits I considered useless or waste of time. Some audits are done in very limited time (ie, 30 mins). I think a comprehensive audit will take at least one whole day depending on the size of organization and the complexity of the process.

Some auditors looks at paper work issues (missing signatures, not completely filled-up form, etc), small operation issues (small 5S/GMP issues etc).

Instead of getting open and honest answers Auditees refused to give as much information/details. They regarded audits as unnecessary barrier to production/operation.

I am looking for advice on how to improve internal auditing under time pressure.
 
Elsmar Forum Sponsor
D

DomDom

#2
Re: Auditing that add value to the business

Good day to you,

This question may sound stupid but do the auditees know the reasons behind the audit?

Once this is done, a review of the results with the participant once the audit done with a creation of an action plan that involves the team.
Just be careful to bite what you can chew! Select the area with the biggest problems / opportunities and act on it to show the improvements. This will create a sense of understanding.

The buy-in is tough! Good luck
 

John Broomfield

Staff member
Super Moderator
#3
Re: Auditing that add value to the business

There are internal audits I considered useless or waste of time. Some audits are done in very limited time (ie, 30 mins). I think a comprehensive audit will take at least one whole day depending on the size of organization and the complexity of the process.

Some auditors looks at paper work issues (missing signatures, not completely filled-up form, etc), small operation issues (small 5S/GMP issues etc).

Instead of getting open and honest answers Auditees refused to give as much information/details. They regarded audits as unnecessary barrier to production/operation.

I am looking for advice on how to improve internal auditing under time pressure.
Ka Pilo,

Start with the objective of your auditing processes (some say auditing program).

Then ensure each audit has its own objective.

Both of these objectives come from management (so they get what they want from audit).

Select/train auditors able to fulfill the objectives.

Audit objective = the question to be answered by the audit. Audit conclusion = the answer based on the evidence collected and evaluated.

Ensure every audit fulfill its objective in that the evidence collected and evaluated supports each audit's conclusion that answers the objective.

Do not allow audit to repeat the process monitoring. Audit process monitoring instead.

Every quarter take a look at the audits and see if they are fulfilling the objective of the audit process and adjust as necessary.

John
 

somashekar

Staff member
Super Moderator
#4
Re: Auditing that add value to the business

There are internal audits I considered useless or waste of time. Some audits are done in very limited time (ie, 30 mins). I think a comprehensive audit will take at least one whole day depending on the size of organization and the complexity of the process.

Some auditors looks at paper work issues (missing signatures, not completely filled-up form, etc), small operation issues (small 5S/GMP issues etc).

Instead of getting open and honest answers Auditees refused to give as much information/details. They regarded audits as unnecessary barrier to production/operation.

I am looking for advice on how to improve internal auditing under time pressure.
Get the internal auditors to assess the PLAN >> DO >> CHECK >> ACT activities of any process that they go to audit. Get them to take varied examples to assess how this PDCA deployment is effected. Being internal it goes without saying that the auditor will be aware of the strength and weakness of the various processes. Honestly even the root cause will come from the auditee in many a findings during the audit process if only the management has the WILL to put things in place.
 

Randy

Super Moderator
#5
That's so easy I hesitate, but here goes...

The audits you decribed are being used to do nothing more than submit the organization to continuous beatings....Who do you know that really likes that?

You have described a reactive, negative, relatively non-value added activity and that is happening is what is being sought, non-cooperation and resentment. You're getting what you ask for...Enjoy it!

I admit, there are occasions that can mandate looking for where things are wrong, finding mistakes, undercovering problems, but not all the time! Sheeesh, who wants to participate in beatings?

You wanna add value and gain cooperation? It's so easy most "professionals" tend not to believe it, and here it is....Audit for what is right or what is supposed to happen. This can be called looking for "conformity". When we look for conformance as our goal the taste of the audit changes, we are looking for good, not bad. It is in the quest of "conformity" we will find the good or correct, and where we will find the broken or non-conformity, and we will find the "real-deal" and that's the stuff that may be having some difficulty and can be made better..."Opportunity"...Value Added stuff, or chances where we can do something entirely new and different, ....also Value Added.

When we focus on finding non-conformity, such as in the audit methods you described, we will almost, without fail, ingore those things that are not either correct or wrong... We will just see Black or White, nothing else...No Value!

Auditing is kinda like a story I tell about an old dog and it's master, and here it is....

Suppose a person has an old dog. Everytime that person approaches that old dog the dog will rise, wag its tail and smile (Check it out, dogs smile). The dog loves its master and shows that love in its greeting and action.

Now visualize the following....The master upon his approach and when being greated by the friendly old dog starts talking harshly and kick the dog when passing by and continues to do so from that time forward. Everytime the master passes the dog harsh language and a kick, harsk language and a kick.

After a while the dog will no longer rise, smile and wag his tail, he'll just huker down waiting for the kick....But here's the deal, the dog still loves his master...Dogs are very forgiving.

Eventually while in the process of kicking the dog, the dog will rise and bit the master. Why? Because no matter how friendly and regardless of its love for the master, that friendly old dog will get tired of being kicked and will strike back in defense.

Now change the story...The master is the organization and the audit methods it uses, and the old dog represents the people within the organization.

This may seem pretty simplistic to all the wiz-bang experts, but it's a fact.
 
J
#6
Much great advice already.
The problem is that you do not seem to have a properly focused Auditing system and as a result your auditors are not properly focused and perhaps not even properly trained.

Without knowing any details of your organization or age of you system, I wonder if perhaps your audit system is "too old" and needs updating to new realities.
Here is what I mean.

The things you describe sound a bit like audits conducted during a startup of a QMS. Making sure paperwork is properly done, looking for gaps etc...These are perfectly legitimate in the early stages while everyone is being trained and the kinks ironed out.
But once the QMS is up and running smoothly, there needs to be a shift in focus..without this shift in focus, aludits become stale and useless just as you describe.

If your system is already up and running what is needed is to rethink the objectives of the audit program. To refocus/retrain the auditors and to move forward toward greater improvements.
It may even be that you can scale back the number of audits and expand the scope of individual audits....Or it may be that you can review internal and external complaints, scrap, or other issues to help focus your efforts.

In any case, the problem sounds to me to be everyone getting in a rut.
Maybe it's time you shook things up....

Peace
James
 
P

pldey42

#7
Some simple ideas for adding value to audits. They're all about engaging with auditees and their contributions to defined quality objectives, individually and as part of a larger system ...

1. Yes, decent audits take more than 30 minutes. A day or two planning, another day or two auditing.

2. Ask auditors to review handoffs between functions. Are they smooth, or are workproducts being tossed across the fence incomplete, to meet time constraints or quotas? (ISO 9001 4.1.b "interactions") - good hunting ground for findings that everyone welcomes because while they can often influence their own processes, those they depend upon in other departments are harder to change - especially when such departments have their own agendas, not properly aligned with the organization's defined quality objectives.

3. Ask auditors to add a new field to their reports, entitled "So what?" In that field they spell out the consequences of not fixing the nonconformity they write. In its simplest form this is a statement of the risk of not meeting defined quality objectives. If they can't, if there's no real risk, the finding should either be trashed or, at best, recorded as a minor opportunity to improve.

4. Ask auditors to ask staff being audited how they would improve the processes they are involved in.

Hope this helps,
Pat
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#8
Such good responses so far. :applause:

I attached a paper on this subject in the Critical Action Limits (CAL) for All Internal and External Audit Findings thread, and a tracking log that includes a FMEA-type approach to evaluating value of issues and their resolution.

Why is time so limited for audits? There are certain sets of data I can find and report on in 30 minutes or less, but that isn't management system auditing. It's more like a follow up on a previous audit's issues.
 
Thread starter Similar threads Forum Replies Date
S ISO 9001:2015 Internal Auditing Internal Auditing 8
H Auditing Santa's workshop General Auditing Discussions 0
C List of MDSAP Auditing Organizations Medical Device and FDA Regulations and Standards News 1
A What are the pros and cons of using an audit software for internal auditing? General Auditing Discussions 7
cscalise Suggestions for MDR Auditing tools EU Medical Device Regulations 1
J Auditing of Support Function IATF 16949 - Automotive Quality Systems Standard 9
D ISO 13485, FDA 21 CFR 820 and Auditing the Accounting Department ISO 13485:2016 - Medical Device Quality Management Systems 5
S Risk based internal auditing Internal Auditing 6
Randy Remote auditing (for disaster, disease, disturbance etc...) during the Neo Coronavirus Pandemic and Social Distancing Registrars and Notified Bodies 7
K ANVISA B-GMP Auditing requirements for Contract Manufacturers Other Medical Device Regulations World-Wide 1
F AS9100D Internal auditing requirements Internal Auditing 11
R Does any here use an internal auditing tool that works on different platforms? Internal Auditing 3
W Does anyone have an API Q2 checklist for internal auditing? Oil and Gas Industry Standards and Regulations 1
G Best Practices for IT auditing - Is a session-id necessary for a complete audit trail? IEC 27001 - Information Security Management Systems (ISMS) 0
I Questions to ask when auditing for Organizational Leadership and Planning for the QMS? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
C CE marking for general IVD (self-certified) & ISO 13485 QMS requirements - auditing EU Medical Device Regulations 6
blackholequasar Internal Auditing Inspiration - Getting volunteers to perform internal audits. Internal Auditing 22
W Internal Auditing carried out by a 3rd party - Review of previous audits AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
tony s What is the automotive process approach for auditing? IATF 16949 - Automotive Quality Systems Standard 2
S Internal Auditing for API Spec Q1 - auditor qualification requirements Oil and Gas Industry Standards and Regulations 6
R I've been auditing for a CB for 18 years General Auditing Discussions 10
P Consultant Auditing Qualifications Requirements ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 23
E Informational Internal Audits - Wear multiple hats what can and can't I audit (so I'm not auditing my own work) Internal Auditing 149
M We still have not received our certificate due to a 'backlog' with our auditing body Registrars and Notified Bodies 25
N Online Internal Auditing Course for ISO 13485 - Suggestions ISO 13485:2016 - Medical Device Quality Management Systems 8
A Agenda for 8D audit on Supplier's side - Auditing Corrective Actions General Auditing Discussions 5
U Internal auditing - Company employees or contract second party Internal Auditing 10
J Recomended Values - Auditing process in a supplier IATF 16949 - Automotive Quality Systems Standard 18
M Canada - Registrars that allow e-auditing for ISO 9001? Registrars and Notified Bodies 4
K Internal Auditing - Umbrella QMS and Multiple Standards Oil and Gas Industry Standards and Regulations 4
D Auditing Our Outsourced 2nd-3rd Party Internal Audit Company ISO 13485:2016 - Medical Device Quality Management Systems 6
supadrai Auditing Organization dragging their heels on issuing our MDSAP Surveillance Audit Confirmation Letter - everyone is nervous ... are we the only ones? Canada Medical Device Regulations 7
Ed Panek Supplier Auditing - No purchases from our key suppliers in the last 24 months ISO 13485:2016 - Medical Device Quality Management Systems 5
P Auditing "process validation" process 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
qualprod Effective Auditing advice needed ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 16
M Acceptance of remote auditing techniques - Can you help me with my research? General Auditing Discussions 0
GStough Auditing Against Criteria Unfamiliar to Auditee - Yea or Nay? General Auditing Discussions 11
qualprod Auditing Product and Services doubts ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
R Auditing support and management processes General Auditing Discussions 7
F It is acceptable moving remote locations staff to manufacturing plant for auditing? IATF 16949 - Automotive Quality Systems Standard 3
D MSDS / GHS Walk-through / Auditing Occupational Health & Safety Management Standards 6
Pmarszal Supplier Auditing Services (Audit Needed?) General Auditing Discussions 4
S ISO 9001 Audit Observations - Transitioning my career into auditing Career and Occupation Discussions 16
G AS9101 Rev F - Worksheets for internal auditing AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 11
N API Q2 clause 6.2.2.1 Auditing Outsourced Suppliers Oil and Gas Industry Standards and Regulations 5
M Auditing processes followed by employees placed on client's site Internal Auditing 4
S ISO 13485:2016 and MDSAP internal auditing ISO 13485:2016 - Medical Device Quality Management Systems 6
M Auditing a Contractor in EMS and Non Conformity Report General Auditing Discussions 1
Richard Regalado ISMS Auditing Guideline V2 (based from ISO/IEC 27001:2013) IEC 27001 - Information Security Management Systems (ISMS) 7
S ISO 9001:2015 - Internal Auditing - Audit to the Standard? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6

Similar threads

Top Bottom