Getting the Most out of Internal Audits - Confirming to Innovating

[Marc]

Food for thought,folks!

------snippo--------

Subject: Re: Getting the most out of audits? /Chris/Cogan
Date: Mon, 14 Jun 1999 08:55:15 -0600
From: ISO Standards Discussion

From: ken.cogan
Subject: RE: Getting the most out of audits? /Chris/Cogan

Chris,

In order for audits to move from "confirming" to "innovation" and from "compliance" to "stimulation", the values and rewards systems at your organization need to value these attributes. If the current system rewards maintaining the status quo, it will be difficult to progress in these directions.

Auditors can help to influence some managers by asking them what they want out of the audit. After all, they are a customer of the audit process. Auditors can also contribute to innovation and stimulation by staying current on what other organizations are doing. Participate as an MBNQA auditor or as an award auditor in your state. Read journals related to quality and innovation. Read research papers and find out what's new through you local colleges and universities. By sharing ideas from other organizations with your management, you may be able to move in the directions you desire.

Ken Cogan

>From: chris
>Subject: Q: Getting the most out of audits? /Chris

>Audits of a management system (quality, environmental, ...) - after a few runs
>resulting in considerable improvements - often deteriorate into a method
>to estimate compliance of the work actaually done to the written
>procedures...

>My questions then are:

>1. What can we do to make auditing (and results from audting) move from:

>a) "confirming" to "innovating"?
>b) "compliance" to "stimulation"?

>2. What do I do to get top management actually and practically involved in
>audits so that management becomes a real customer ordering CREATIVE audits
>based on their need for information?

>Chris

 

[Marc]

Subject: Re: Q: Getting the most out of audits? /Chris/Scalies
Date: Mon, 14 Jun 1999 13:51:25 -0600
From: ISO Standards Discussion

From: Charley Scalies
Subject: Re: Q: Getting the most out of audits? /Chris/Scalies

> From: chris
> Subject: Q: Getting the most out of audits? /Chris
>
> Audits of a management system (quality, environmental, ...) - after a few runs
> resulting in considerable improvements - often deteriorate into a method
> to estimate compliance of the work actaually done to the written procedures...
>
> My questions then are:
>
> 1. What can we do to make auditing (and results from audting) move from:
>
> a) "confirming" to "innovating"?
> b) "compliance" to "stimulation"?

If after only a few auditing runs your system is running effectively (i.e., no nonconformances plus it is demonstrably supporting the quality policy and all the objectives are being met), I congratulate your firm for having a truly exceptional system. Whether it is or not, I recommend you make it a practice of adding these types of inquiries to each audit,"What problems are you personally having with the quality system?"
"How would you like to see the inputs of the process come to you?"
"If you were the boss, how would you make this process better, faster."

> 2. What do I do to get top management actually and practically involved in
> audits so that management becomes a real customer ordering CREATIVE audits
> based on their need for information?

Why do I get the sense that your management might only be "involved" in the audit process because "ISO-SEZ-SO"? If they are not now ordering audits based on their need for information it is only because they don't think they need it, or even want it. There is only one reason why management, or any of us, purposefully works toward change and that is because we are not satisfied with the status quo. (Of course, being unsatisfied is no guarantee we'll do anything, but that's another matter.) As an auditor, you are in a position to cultivate information that might indicate the possibility of improvement. Find it and put a spotlight on it.

If management is just doing enough to get by, consider using your registrar to stir things up for you. Ask them to help you raise the bar on successive surveillance audits. Most good ones I know do it anyway. If they know it is welcomed, they "try harder". They will also give you useful tips on how you might help it along.

If the 2000 version of the standard settles out as the latest draft suggests it will, there will be plenty of new requirements and new opportunities resulting from them. For example, more definitive measureable objectives, customer satisfaction measurements, continuous improvement (which by itself will give the auditor all he/she needs), etc. You just might want to wait until it firms up and let it be the catalyst.

Good luck and have fun.
Charley

 

[Marc]

Subject: Re: Q: Getting the most out of audits? /Chris/Randall
Date: Mon, 14 Jun 1999 13:58:50 -0600
From: ISO Standards Discussion

From: RCR9000
Subject: Re: Q: Getting the most out of audits? /Chris/Randall

Compliance is the primary goal of a quality system audit. However, as the overall level of compliance increases - some clever companies incorporate a different type of audit into their program to supplement the traditional quality system (compliance) audit. This new type of audit is called a "Value Added Assessment" (VAA). During a VAA the auditor does not audit for compliance, but rather for "value".

During a quality system audit the auditor compares the observed practices to the documented procedures to ensure they match. During a VAA the auditor evaluates the practice/procedure to determine whether that practice/procedure adds value to the company (or customer).

The concept is simple, but implementation can be difficult when using in-house resources. As employees become accustomed to seeing practices implemented a certain way, they gradually come to view that as simply the way it is supposed to be done - resulting in few improvements. For best results I recommend using:
(1) new employees who have not yet been fully indoctrinated into the company;
(2) employees from different departments or (3) outside consultants who will bring a completely new perspective - but I caution you that a consultant may not fully understand the needs of your business if there for only a short period. Another option for larger companies (and a technique used by HP) is to have employees from different sites perform the VAA. This can result in a sharing of "best practices".

I know of at least one book on the topic:

"Understanding and Applying Value-Added Assessment" by William E. Trischler Available through ASQC Press ISBN 0-87389-369-7

I must caution you that the above book contains a lot of ideas I do not agree with - but it also contains many "pearls of wisdom". Some of the things that I did not like included a focus on "internal customers" and the "customer chain". I have found that the use of the term "internal customer" tends to take the focus of the business away from the external (real) customer. Due to this problem, many companies are replacing the term "internal customer" with "process partner" (I like this term a lot better). The book also contains an interesting (and very good) discussion on the definition of "value" and who should be the recipient of "added-value" (this alone is worth the price of the book). I did not agree with the emphasis book placed on all "stakeholders" Vs "shareholders" with respect to "value" - this seems a bit naive. Overall I think that the book contains enough useful information to warrant sitting on my bookshelf!

I hope that this helps,

Richard C. Randall

 

[Marc]

One more from 'The List'

----------snippo---------

Subject: Re: Getting the most out of audits? /Chris/Arter
Date: Wed, 16 Jun 1999 12:32:38 -0600
From: ISO Standards Discussion

From: Dennis Arter
Subject: Re: Getting the most out of audits? /Chris/Arter

>Audits of a management system (quality, environmental, ...) -
>after a few runs resulting in considerable improvements - often
>deteriorate into a method to estimate compliance of the work
>actaually done to the written procedures...
>

Maybe that's part of the problem -- you only perform "system" audits. There are two other forms of the audit: process and product. While the product audit has limited usefulness, the process audit has great potential for usefulness. Unfortunately, the process audit has yet to be fully defined and codified and few organizations are making use of them.

>My questions then are:
>
>1. What can we do to make auditing (and results from auditing) move from:
>
>a) "confirming" to "innovating"?
>b) "compliance" to "stimulation"?
>

I am more and more convinced that we must move away from the third-party registration auditor mindset for first and second party audit applications. The compliance audit of a system works fine for the registrars. Most perform their task exceptionally well. You get a good product and your question, "Are we complying to the standard?" is answered.

So why should we limit ourselves to that same approach for first and second party applications? Probably because that's the way we were taught! Who taught us? The registrars.

I believe that there may be a better way. Add "management" audits to your compliance audits. These are also known as "value-added audits" or "performance improvement audits." In addition to asking if the rules are being followed (compliance), they ask if the rules themselves are any good. Are they even the right rules for these business objectives? It's very difficult to perform a management audit. It takes a lot of thinking and analysis and presentation skills.

>2. What do I do to get top management actually and practically
>involved in audits so that management becomes a real customer
>ordering CREATIVE audits based on their need for information?

Cause and effect. Nonconformities, be they "major" or "minor," report only compliance. (See the definition in ISO 8402.) To be truly effective, a "finding" must contain two elements: cause and effect. The cause is always a control weakness. The effect should identify pain: cost, risk, production/opportunity. For example, "Lack of a process to continuously assess training needs is resulting in increased production costs." Cause and effect.

Start reporting findings in your audit results.

>Will read and enjoy any thoughts and ideas on the topic!

You may hear more on this issue. At the Annual Quality Congress meeting of the ASQ in Anaheim (May 21-26), I suggested that the time was right to start developing two USA standards on auditing: product/process audits and management audits. The international efforts are focusing almost entirely on system compliance audits. There are five other forms of the audit that just haven't gotten the attention they deserve.

If my proposals are accepted, we have a big task ahead of us.

Dennis R. Arter

 

[Marc]

We can't forget Sidney!

---------snippo----------

Subject: Re: Getting the most out of audits? / Vianna
Date: Wed, 16 Jun 1999 12:53:00 -0600
From: ISO Standards Discussion

From: "Vianna, Sidney"
Subject: RE: Getting the most out of audits? / Vianna

Value added audits will only exist if the organization's culture want it to happen AND if the people performing the assessments are qualified for the task.

All too often, internal auditors are poorly selected. Internal auditors must possess very good analytical skills, be able to see the big picture and the linkages between the organization's processes. They also must be respected by their peers and not misuse the short and elusive power they have as assessors. Their mind-set should be not only to verify compliance with the command media, but also to identify opportunity improvements. I have seen a few internal auditors boost their careers within a company once they were able to demonstrate to top management some serious inefficiencies within the organization. Some latent and chronic problems are most of the time revenue drains, detracting from your bottom line and some refer to it as the hidden factory.

Further, and unfortunately, most internal auditors are thrown in that position with minimum training and resources such as adequate time to perform meaningful audits.

But, in addition to this, the organization performing internal assessments must welcome and encourage such assessments. It is not uncommon for people to misunderstand the importance and potential benefits of effective internal assessments. Witch hunts and finger pointing are normally mis-associated with internal audits. Also few top managers that I know of, agree that internal audits are a value added activity.

Some see the light. Some do not.

Thanks and best regards,

Sidney Vianna

 

[Marc]

Any new thoughts on this topic?

 

[Sidney Vianna]

Re: Confirming to Innovating

Marc, isn't that amazing that, 9 years later, the discussions and opinions are still identical to what we presently have concerning internal audits?

 

[CliffK]

Wow!

This thread alone justifies the cost of admission.

Thanks to all.

 

[Marc]

Re: Confirming to Innovating

I guess it's not surprising in light of the fact that we've been around this stuff for so long, and talked about this stuff so long ago and so many times along the way to now, that we tend to forget that this is so new to so many people.

Considering the subject of this group of posts, its also not surprising because some companies really do not get value from internal or external audits. Many companies do. So to me it's sorta like a Mac vs. PC debate. It can go on for years. Each user (each company in the case of audits) is unique.

There is also the aspect of what different people in different positions in each company see in audits and what their expectations are for audits. How are they being used?

What I do see is more companies are trying to develop better metrics to assess the effectiveness of their audits, and to assess the validity of audits being a value added part of their business. The 'Value Added' aspect is the contentious point. I recently 'cut off' a company I've done internal audits for since about 1997. I know them. I know most of the employees. I know their processes and systems. There are never any findings. The registrar hasn't had a finding since 2000. The company knows it has to be registered ISO 9001, but other than the customer requirement aspect it is a waste of time and money. It's a well run company where people do their jobs and do their jobs correctly. I just couldn't do their audits any more.

On the other hand, I have clients where internal and extrenal audits are value added. They do identify problems and help them improve.

So - I expect this debate to continue for years as auditing is brought in as a 'standard' part of every business.