DMAIC as a model for managing an Internal Audit program

B

Bill Pflanz

#21
Bill Pflanz said:
I guess I am puzzled why you need any process improvement method. What is indicating that something is wrong? Making changes just for the sake of change doesn't seem valuable. If you have run across some better method for doing the internal auditing, you could do a trial run but how would you know it is better?

I am also do not think DMAIC is what you would use just to manage your internal auditing. Probably using the ISO standards would be more applicable for developing a good management system.

Bill Pflanz
I think we have come back full circle. You have not really described a system that is broken or needs to be re-designed. The fact that management does not pay much attention to auditing does not mean you have an auditing system failure. Management may not be openly supporting engineering, accounting or other areas but that does not mean that it is not needed or important.

Has management ever said that they were not getting useful information? That would at least give you something to start with.

Bill Pflanz
 
Elsmar Forum Sponsor

Helmut Jilling

Auditor / Consultant
#22
Bill Pflanz said:
... The fact that management does not pay much attention to auditing does not mean you have an auditing system failure. Management may not be openly supporting engineering, accounting or other areas but that does not mean that it is not needed or important.

Has management ever said that they were not getting useful information? That would at least give you something to start with.

Bill Pflanz

Management tends to support things they believe provide value.

1. Are we showing them the money? Are we giving them a reason to want to write the checks that support auditing?

Applying a well defined DMAIC model would at least be designed to accurately show the money and the benefits and results. But, as Andy alluded earlier, a lot of audits don't achieve this. They go through a closed loop exercise that only verifies the system is in place, something we already knew. But, unless they have been specifically trained by someone who has learned how to audit this way, how would they learn?

I think DMAIC and PDCA are two versions of the same practice, DMAIC being a little more defined, perhaps. I would argue that each process should follow that model. And, that makes a good case for why internal auditing should be defined as an internal support process.

2. This is also why the Management Rep is now required to be a member of management. The intent was so he has some equal level of rank when speaking to managers. A lot of companies are cheating this with lower level managers, and they lose that intended level of authority.
 
Last edited:

Sidney Vianna

Post Responsibly
Staff member
Admin
#23
AndyN said:
Oh, and I'm guessing that the small number of responses here shows a validation that audits give underwhelming results..............
Andy
Andy, I don't think you need more validation about that FACT. Nevertheless, our former cover Jim Wade had this to say about the state of the internal audit, back in 2004:

http://www.irca.org/inform/issue3/JWade.htm

Internal auditing

The internal audit is perhaps not the most popular aspect of the quality industry. Jim Wade of Advanced Training finds out why and examines the alternatives

Internal auditing is the activity associated with ISO 9001 that used to be called internal quality auditing. Perhaps a few internal auditors love it. But, almost universally, other people in most organizations do not have it high on their list of favourite business mechanisms.
If you doubt that, observe carefully your colleagues' reactions when the subject of internal auditing comes up. Ask them what words or phrases they think of when the words 'internal audit' are mentioned. Ask them about the value (to them) of the activity. Note the flicker of unease on the faces of the managers of the areas being audited as you ask them about the business value of the non-conformities with which they are presented (and about the close-outs for which they know they will be asked).
Of course, many readers will suggest that these reactions stem from internal audits not being done well. They will argue that, if done correctly, we would see more positive responses. Perhaps they are right; internal audit practice - like everything else - varies.
Why do it?

Rather than asking how internal auditing can be done better, we should consider why we do it at all. Internal auditors are often trained on exactly the same courses as third-party auditors. As a result, many internal audits mimic third-party audit practices - checking that things were done the way they were supposed to be done, gathering objective evidence, reporting non-conformities by clause, and so on.
I do not have the space here to argue for or against the value of checking, often months after the event, what was done or not done. However, it is worth noting that, as well as receiving a negative response in organizations, conformity-focused internal audits have very little to do with what ISO 9001 requires.
The internal audit requirements (contained in ISO 9001 clause 8.2.2 with an important link to clause 7.1) translate in plain English to:
  • check the degree to which you have implemented the plans for your operating processes, specifically those that are to do with getting work, doing the work, delivering the results and getting paid
  • check the degree to which you are meeting your objectives
  • a third requirement (newly introduced to internal audits by ISO 9001:2000) is to check the degree of conformity with the requirements of ISO 9001 but, in comparison with the other two items, this is relatively unimportant
These checks are fundamental to the business, but is it not the job of management to carry out those checks as an integral part of the normal business cycle, not months later when an audit is scheduled?
No more internal audits?

ISO 9001 has a set of requirements (under the heading 'internal audit') that describe good basic management practice, but which do not fit into an 'audit-it-later' scenario. In practice, through training and habit, many internal audits put a heavy emphasis on what is being done despite the requirements making it clear that this is only a part of what is to be checked.
So many internal audits fail to meet the requirements of both the standard and the business. There is a general assumption that if an organization wants or needs to be certificated to ISO 9001, it must continue doing internal audits because the standard requires it. This is not true. There are UK-based organizations, with certificates from UKAS-accredited certification bodies, which have opted out of the need to employ auditors and which no longer conduct internal audits.
One FTSE 100 company uses a self-assessment approach to replace internal audits (despite the fact that ISO 9004 says that this is not feasible). The European subsidiary of a Japanese company makes sure that managers meet the internal audit requirements during the normal course of their work.
Essentially, what is common about their approaches is that these organizations have studied clause 8.2.2 and have devised alternative ways, better suited to their business needs, to address its requirements.
About the author
Jim Wade is a director of Advanced Training and also runs the free membership Business Improvement Network (www.bin.co.uk). For more details contact t: 0118 987 5120, 07788 6666 08 or e: [email protected]
 
Last edited by a moderator:
#24
In essence, I agree....

with Mr. Wades assertions. I'm not sure about the 'self assessment' he talks about, which could be for 'very mature' organizations.......

I do, however, agree totally that internal audits have been based (from both training and implementation perspectives) on external audit principles. Neither second party or third party audits are viewed by (most) management as value added, so no wonder that internal audits are given such lip service.

I was looking to elevate this mired, but (potentially) useful tool from the dross of the mundane, compliance-oriented futility of today to something which gets (tangible) management support and 6 Sigma would appear to offer some sort of basis for this. Hence my question if anyone else has done it this way........

Andy
 

Helmut Jilling

Auditor / Consultant
#25
AndyN said:
... I was looking to elevate this mired, but (potentially) useful tool from the dross of the mundane, compliance-oriented futility of today to something which gets (tangible) management support and 6 Sigma would appear to offer some sort of basis for this. Hence my question if anyone else has done it this way........

Andy
Andy, I'm in agreement with this aim. I guess I am not clear how you intended the reference to DMAIC?

One angle, I suppose, is that all of my clients have identified Internal Auditing as a SOP, or support process oif you prefer. As a process, they are obliged to define its purpose, define inputs & outputs, define Criteria for Effectiveness, Metrics, and analyze the results. Most of them do pretty well at that, so they are probably getting some more benefit than the basic compliance example you used.

I guess we could say they are applying PDCA or DMAIC in that regard. Is that what you are looking for?
 
#26
More, more, more........

than this, 'H'.

I'm thinking that it starts with 'Define' - what should be audited, why, the scope, criteria, methods etc to be used. Which auditors would be qualified to do the audit. In much the same way as a 6 Sigma project is chosen based on 'C to C' or 'C to B' basis.
Following this, the current status of the process (es) being to be audited could be studied by the chosen auditors, as a basis for understanding the process.
Then, 'Analyze'. In preparation for the audit, various sources of data about customers' perceptions, process/product performance (yes, and a few procedures/W.I's) could be reviewed to see what's going on.

The DMAIC model could then be followed to it's end with the auditors actually providing some direction in terms of what methods could be used to improve the issues found etc......

Whadya think.........:cfingers:

Andy
 
#27
But I'm not sure..............

hjilling said:
One angle, I suppose, is that all of my clients have identified Internal Auditing as a SOP, or support process oif you prefer. As a process, they are obliged to define its purpose, define inputs & outputs, define Criteria for Effectiveness, Metrics, and analyze the results.
that I agree with this approach. The requirement is for a procedure, not a process and since there's no meaningful metrics you can put on audits, why try - So, I maintain my position that audits are not a 'process' (even if the AIAG say so):rolleyes:

Andy
 
Last edited by a moderator:

Jim Wynne

Staff member
Admin
#28
AndyN said:
...there's no meaningful metrics you can put on audits...
Say what? Do you mean to say that there's no "meaningful" way to tell whether something is better today than it was last week, or last year...that there's no "meaningful" audit output?
 
#29
Well, Jim, I guess it depends..........

Jim Wynne said:
Say what? Do you mean to say that there's no "meaningful" way to tell whether something is better today than it was last week, or last year...that there's no "meaningful" audit output?
on your point of view. I didn't say there isn't a meaningful output, just that there isn't a meaningful metric! Quite the opposite, in fact. I believe there should be a meaningful result from audits. And that means more than just 'major' & 'minor' non-conformities or 'OFI's etc.

Many posts here have debated audits metrics with no overwhelming resolution. What hasn't been considered is meaningful results. Apart from anything else, Management have bigger fish to fry that worrying about how to measure audits. However, they do (even if they don't always know it) need to have meaningful 'results' from audits (not just 'outputs').....

So, I guess I'm just going to have to plow my own furrow when it comes to the purpose or doing audits and the need for a better way.....

Andy
 

Helmut Jilling

Auditor / Consultant
#30
AndyN said:
than this, 'H'.

I'm thinking that it starts with 'Define' - what should be audited, why, the scope, criteria, methods etc to be used. Which auditors would be qualified to do the audit. In much the same way as a 6 Sigma project is chosen based on 'C to C' or 'C to B' basis.
Following this, the current status of the process (es) being to be audited could be studied by the chosen auditors, as a basis for understanding the process.
Then, 'Analyze'. In preparation for the audit, various sources of data about customers' perceptions, process/product performance (yes, and a few procedures/W.I's) could be reviewed to see what's going on.

The DMAIC model could then be followed to it's end with the auditors actually providing some direction in terms of what methods could be used to improve the issues found etc......

Whadya think.........:cfingers:

Andy

Sure. I mean, that pretty much mirrors what should happen in audit prep and so on. It is as good approach as any. I guess I just never linked the two, but why not?
 
Thread starter Similar threads Forum Replies Date
A Stuck at 'Analyse' stage of DMAIC Improvement Cycle on Cosmetic Specification Manufacturing and Related Processes 10
G IQF Six Sigma DMAIC Certification vs. ASQ Certification Six Sigma 4
T Six Sigma (DfSS in Design & DMAIC in Production) Maturity study Six Sigma 1
F Problem Solving Workshops - DMAIC Example? Six Sigma 11
F Can someone to help to compare APQP and DMAIC? Six Sigma 10
F Comparison of the DMAIC methodology used in Six Sigma with 8D Quality Tools, Improvement and Analysis 7
B How 8D is different from DMAIC or other Problem solving techniques Nonconformance and Corrective Action 3
J Lean Maintenance - Six Sigma's DMAIC guideline serving as a roadmap Lean in Manufacturing and Service Industries 3
T Using DMAIC to reduce equipment downtime Statistical Analysis Tools, Techniques and SPC 1
A PDCA (Plan Do Check Act) vs. DMAIC (Define Measure Analyze Improve Control) Quality Tools, Improvement and Analysis 24
Q Six Sigma DMAIC (Define - Measure - Analyze - Improve - Control) program Six Sigma 1
J UDI-DI how should we interpret Device version or model to determine if a new UDI-DI is needed? EU Medical Device Regulations 0
K PDCA cycle and ISO processes alternative model Quality Management System (QMS) Manuals 14
B Cybersecurity Maturity Model Certification for military customers AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
M Kano-model and Importance Benchmarking 1
V New Product Model CE Mark Certification under MDR EU Medical Device Regulations 0
DuncanGibbons Model-Based procedures and Architecting the QMS as a System Document Control Systems, Procedures, Forms and Templates 2
B Susceptible, Infected, Recovered model for coronavirus modeling Misc. Quality Assurance and Business Systems Related Topics 0
K A proposal for the model Quality Management - I need help for the project ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
howste Aerospace Improvement Maturity Model (AIMM) AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
S Waterfall model or v-model design and development ISO 13485:2016 - Medical Device Quality Management Systems 2
T Change control and configuration management - When to create a new model/part number? Other Medical Device and Orthopedic Related Topics 0
N Mojonnier Model 1000 Documentation - Validation of my tank IQ-OQ-PQ US Food and Drug Administration (FDA) 0
M Are model# and Serial # required on a calibration cert? General Measurement Device and Calibration Topics 4
D Kanomax MODEL 3443 DIGITAL DUST MONITOR Calibration and Metrology Software and Hardware 3
S Least squares estimate, regression model and corresponding residuals Using Minitab Software 13
N Regression Model (Minitab 18) - Which values my input parameters should have Using Minitab Software 2
Sam Lazzara GS1 introduces Global Model Numbers for Medical Devices Other Medical Device Regulations World-Wide 2
J Revised MDSAP Audit Model - Health Canada - October 30, 2017 ISO 13485:2016 - Medical Device Quality Management Systems 7
H Taguchi mixed model DoE [L16 (4^3 2^6): factors interaction and ANOVA calculation Using Minitab Software 3
P Is ISO 9001 Model tested for its effectiveness by ISO before its release? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
K UDI "Version or Model" for Stand-Alone Medical Device Software US Food and Drug Administration (FDA) 6
R Need Help on Analysis: How to know potential causality model from historical data Problem Solving, Root Cause Fault and Failure Analysis 5
G New model for existing Class I Device Listing (510K exempt) US Food and Drug Administration (FDA) 8
L Communication Needs Identification and Communication Model Development Human Factors and Ergonomics in Engineering 10
M Calibration of a Power Meter Model Hm8115-2 (Hameg) General Measurement Device and Calibration Topics 8
pittmatj Countries that require Medical Device Model Number Registration Other Medical Device Regulations World-Wide 3
A Predictive Model Development (Regression?) Statistical Analysis Tools, Techniques and SPC 5
I Is ARIMA (Time Series Analysis) Model appropriate for this Dental Research? Using Minitab Software 4
S How to use Dummy Variable in Regression Model in Minitab Six Sigma 2
Ajit Basrur See this 1:15 model of Airbus A380 fly the skies! Coffee Break and Water Cooler Discussions 7
V Analysis of DOE Results and Model Finalization Using Minitab Software 4
J Standard / Brown & Sharp Gage Tower model E8-5000 Manual General Measurement Device and Calibration Topics 1
K Wilson Hardness Tester Model 525 Accuracy/Repeatability issues help General Measurement Device and Calibration Topics 4
M Even the ASQ got it wrong, the Kano model Quality Tools, Improvement and Analysis 4
P Is it necessary to show Model Number on the Labeling (meter box, label and manual)? Other US Medical Device Regulations 3
Y Can there be multiple Brazil Registration Holder (BRH) for same model ? Other Medical Device Regulations World-Wide 3
M KANO Model - Changing the source Quality Tools, Improvement and Analysis 2
T Subcontractor Model to Shelter Model - How to include in ISO 9001 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
G Minitab GLM (General Linear Model) - Problem with recognition of Level Using Minitab Software 1

Similar threads

Top Bottom