Internal Audits must be inside of the continuous improvement cycle

R

rrramirez

Guest
#1
I´m woking in my country with some university where i´m teaching QMS/EMS Internal Audits for graduates.
My teaching since 1986, is that the audits, in order to be useful and "value-added" tool for manager, must be inside of the continuous improvement cycle. Most people thinks in internal or certification audits as the way only to comply with the standard (ISO 9000/14000) and no more.
I think we must view the QMS/EMS management system as a set of interrelated processes; in order to monitor that kind of system the internal audit "must" be combinated with another techniques (value-added analysis; SPC; P-D-S-A cycle, etc.).
I wish to listen some professional in this list regarding my points of view.
Reinaldo Ramirez
Senior Member ASQ (102050; 1986)
QMS/EMS IRCA Lead Auditor.
 

Marc

Retired Old Goat
Staff member
Administrator
#2
I agree that internal audits are a part of continuous improvement. Internal audits are one of many tools a company may use. I don't see internal audits as a way to ensure a company meets a standard.

The level 1 and level 2 documentation should ensure that the applicable standard is met (definition of the systems is within them). When these documents are changed they should be reviewed by the management rep (or whoever the person in the company which understands the standard(s) is) prior to release of the revision. This review should ensure compliance to the standard is not compromised.

Internal audits should focus on compliance of personnel to the documentation which affects them. Yes - as one part (one of a number of tools) of the continuous improvement process.
 
R

rrramirez

Guest
#3
I don't see internal audits as a way to ensure a company meets a standard.

Well,
If you don´t conduct at least one internal audit before the surveillance audit of the registrar it´s possible that the organization doesn´t realize its compliance with the standard.

I wish to listen your opinion regarding the value-added concept, because most "quality gurus" consider the audit as a non-value added activity.

Your website is a great please to improve the ISO 9000 and quality knowledge!

Thanks

Reinaldo Ramirez
Caracas, Venezuela
 

Marc

Retired Old Goat
Staff member
Administrator
#4
Originally posted by rrramirez:

Well, If you don´t conduct at least one internal audit before the surveillance audit of the registrar it´s possible that the organization doesn´t realize its compliance with the standard.
There are 2 issues.

1. Do the company's documented systems fulfill the requirements of the standard (not to mention requirements of applicable standards other than ISO9001)?

I do not see this as an issue of internal auditing, however QS9000 and to some degree ISO (not to mention the Institute of Internal Auditors who are not without an agenda to increase the 'importance' of internal auditing - they are an interest group like any other) are 'expanding' the intent of internal auditing to include consulting and compliance to one or more standard(s). See http://Elsmar.com/ubb/Forum13/HTML/000054.html

In their definition, the IIA says "It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes." In my opinion they have elevated internal auditing to a functionary / expertise level which the typical employee is simply not qualified. To meet this evolution of the definition companies will have to hire professional, qualified internal auditors - people whose specialty is internal auditing.

If they don't, the question becomes: If a buyer is auditing maintenance does that buyer have any qualification to "...evaluate effectiveness of risk management, control and governance of processes..." in a maintenance environment? Typically this is simply not the case.

But as is evident - the definition of internal auditing is changing. Now it includes consulting! QS9000 internal auditing teaches that the auditor should understand QS9000 and verify compliance to it as well. I personally see this as a much higher level function and beyond the province (not to mention the words qualified to do so) of the typical internal audior. See http://Elsmar.com/ubb/Forum13/HTML/000054.html

2. Are employees following (complying with) documented and undocumented (OJT) systems procedures?
I wish to listen your opinion regarding the value-added concept, because most "quality gurus" consider the audit as a non-value added activity.
Internal auditing should not be value added. Internal auditing in the past was an activity where the auditors simply verified that employees are doing what they are supposed to do. Ideally there should be no need to verify that employees are doing what they are supposed to be doing. Companies hire someone to do a job and you expect them to do it.

The reality is many times people are not doing everything they are supposed to be doing. This is why, in my opinion, internal audits are very important - at least initially - in most companies. I have only been into a few companies where people knew their jobs and really did everything required. Sometimes its simple stuff like not completing a form properly. Sometimes it's serious such as circumventing established systems. The reality is internal audits almost always are value added as they reveal where people are ignoring what they are required to do. Sometimes it's a matter of not being trained properly. Sometimes it's a matter of lack of attention and lack of caring. Sometimes it's a lack of supervision.

Ideally internal auditing is not a value added function. In reality it is value added in (just a wild *** guess - no objective evidence) 95% of companies.

Internal audits, in my humble(?) opinion should be used as an input (are people doing their jobs - following procedures - or are they not) into management decision making. The real consulting should be done by those qualified in their field during the various management decision making meetings.

This is not to say that 'observations' are totally without merit, but they should be kept in perspective.
 
Top