Hi, Steve. I take it when you say 'follow the process' you mean compare it with the documented procedure? Please correct me if I am wrong. I am also assuming this is an internal audit of your own system - again please correct me if this is not the case.
But in answer to the question - Yes - as part of your internal audit you should be looking at the procedure being used to see that people are complying. I'll pick up the 'why do this' below.
:mg: Where did this come from? Let me just quote a few requirements of ISO 9001 (2008 edition) to put this particular urban myth to bed - for once and for all (as if that will happen!

) Compliance with procedures is still a significant part of the quality management systems standard.
So this requires the organisation to establish what documents are needed to control its processes. If the organisation decides it needs a documented procedure then it comes under this requirement.
... and then in the section on management representative it says the organisation's top management appoint one of their managers to:
So here the top team are allowed to delegate the responsibility to someone to put these procedures in place.
... and a bit of repetition here:
So when planning all the 'doing' bits the company has to make sure that everything necessary is in place.
... and a bit more duplication:
So again if the organisation decides they are necessary then documents should be in place to control how work is done.
... and finally the role of audit:
... now IMHO that is compliance auditing. It is not the full role of an internal audit but it is part of it and it can be extremely significant where procedures need to be strictly adhered to.
A lot depends on what you intent is here, John. You are of course right that auditing does not repeat management's supervisory role but it does provide an independent view of whether the organisation is following procedures that top management downwards feel are necessary.
How does compliance auditing do this?
If you have weak management they might play the 'auditor' card but that shouldn't stop an auditor evaluating compliance. To the extent that the organisation determines it needs procedures the audit has to determine that people are following them. If there is a finding that says 'Procedures not being followed' then the organisation has three (or even more) choices:
- Re-enforce the procedure
- Change the procedure to reflect what people are doing
- Delete the procedure
... and the first stage of determining this is to see if they are working to any procedures for the processes they work in.
All of the above is fine, John and I don't disagree with it but (as in the title of the thread) - one of the prime reasons for an audit is to establish: