MY thoughts on 'process based' auditing

[Gman2]

MY thoughts on “process-based” auditing

There has been a lot of talk about process approached auditing and to be honest I have searched up and down and still really have not found any defined answers.
So I will go the reverse, I will give you my thoughts on it and you can let me know if I am totally wrong or at least maybe heading in the right direction (this is one of the major’s I have to address right off the bat).
So I am thinking pretty much all along (with the 1994 standard) that we actually have been auditing process even to the old element based standard. After all, if I audited a the assembly area for example, I was not just going through the list of elements and just happened to find myself in the assembly area. No, I would purposely set out to audit the assembly “process” and see if that process itself was conforming to the elements that effected it. So was I not auditing the “process?”
I think the BIG difference is going to come in the way things are approached and the way things are documented.
So here is what I am thinking, everything is a process now, H.R., Quoting, Quality, Manufacturing, ect. because in fact all of these have an input and an output.
And even the individual machines and stations in the plant are processes within processes (manufacturing being the main process).
So to try and satisfy this I am going to do a few things
1. All the auditors need training to the new standard anyway, so during the training everything will be referred to as processes and no mention of elements in the training at all.
2. Audit schedules will solely be based on the processes that are being audited (like Purchasing, Quoting, Production) again no elements will be referenced either on the schedule or on the matrix.
3. All reports will list the process and the findings.
4. Employees that are being audited will be questioned more about their own process and how they fit into the entire manufacturing process, and if their process breaks down how does it affect the process as a whole. And also what could they be doing to improve their process for themselves and for processes down the line. And also is there something that could improve their process that happens earlier in the chain.

To me this seems like it might be all they are looking for.
Not a complete overhaul or drastic changes in the way audits are performed, but more of a way that they are approached and that the mindset of the company should be about the process and less about elements.
Could this be the simple tweak that will fix this?
It has been before that in this new standard that’s audits were not being affected, that they will be conducted in the same manner as before basically.
So I think maybe just changing the mindset and the focus could be the answer.
If not then I would really like to know (in more detail) what the answer is that they are looking for.

So am I all confused and totally going down the wrong road?
All comments are more than welcome!

G.

 

[SteelMaiden]

Gman2,
welcome to the Cove! I think that you make some real valid points about the process audit. We, also, have always followed processes more than elements. I have changed nothing in the way that I schedule the audits.

However, and especially if you have not done your certification audit, you probably do not want to drop all reference to the clauses of the standard. You want to make sure that you have met all the requirements, and you registrar will want to make sure that your initial cycle covered the entire standard. Now before this turns into a big discussion, I'd like to say that I personally don't agree with the registrar but the battle is not one that I choose to fight. We did get dinged in our preassessment because we did not specifically ask questions that were numbered out of section 4 (namely document control) but folded those issues into section 7 and control of the processes. (seemed like a good idea at the time, if we were using uncontrolled docs, the processes were probably not optimal?)

Anyway, that is my 2 cents worth.

 

[Paul Simpson]

1.5 pence worth

The problem with auditing a process is all to do with defining the process to be audited. If you define an audit scope as "Manufacturing" or "Quoting" you automatically tend to constrain the audit to a department. The process approach in principle starts and ends with the customer and covers a number of departments.

The audit then follows the process sequence and looks in particular at the interfaces between departments and the measures for the process as a whole.

 

[energy]

A Little difficult, no?

The problem with auditing a process is all to do with defining the process to be audited. If you define an audit scope as "Manufacturing" or "Quoting" you automatically tend to constrain the audit to a department. The process approach in principle starts and ends with the customer and covers a number of departments.

The audit then follows the process sequence and looks in particular at the interfaces between departments and the measures for the process as a whole.

In another thread there was somebody complaining about auditees not being adequately informed of an upcoming audit. Using this "free for all" approach, how do you minimize the disruption in various departments. I mean, if you start with the process covering several departments to the Customer, it would require a serious desk top audit and very careful planning. At least with auditing by departments you minimize this. No? Also, time spent on the actual audit would be less so that these people can get back to doing what they do best. Real work!

 

[Paul Simpson]

In the process of answering

The question was how to carry out a process audit - I never said it would be easy. Like all good things you have to expend the effort to get some benefit. I appreciate that it helps to be able to give people an exact agendabut the audit process isn't exact - just listen to what the 3rd party auditors say at their opening meetings they talk about following a trail and having to finish the trail before moving on.

As to going back to "Real Work", I don't know what can be more real than investigating the process to see if it continues to work for the company.

 

[M Greenaway]

Paul

A process audit can start and end with INTERNAL customers.

It does not have to be, nor should it in my opinion, be external customer end to end process audit.

 

[Randy Stewart]

It does not have to be, nor should it in my opinion, be external customer end to end process audit.

That's right! You may look at the COP it supports, but it does not have to be all the way through.
You can look at the process in 1 cell, 1 group, 1 department. You don't have to disrupt the whole company. Manufacturing was broken down into different components for a reason, we are not trying to prove them wrong. But each of those components have desired inputs and required outputs. How are they doing?

 

[energy]

As you see it!

The question was how to carry out a process audit - I never said it would be easy. Like all good things you have to expend the effort to get some benefit. I appreciate that it helps to be able to give people an exact agendabut the audit process isn't exact - just listen to what the 3rd party auditors say at their opening meetings they talk about following a trail and having to finish the trail before moving on.

As to going back to "Real Work", I don't know what can be more real than investigating the process to see if it continues to work for the company.

Big difference between External Auditors and Internal. It's a given that while they are there, they have a pass to go anywhere. Everybody knows they are there and prepared. Period.
If you see "real work" as investigating the process........and so on, good for you. If you can afford to have them away from their primary functions for extended periods of time, meandering into various departments as they see fit, you are the exception.(IMHO) The results of the External audit you have presented indicates, at least to me, the company is on pretty solid ground as it is.
Finally, investigating the process to see it continues to work for the company sounds nice. If your business is flourishing and you can afford to spend the resources as you see fit, the processes are already working for the company.

 

[Paul Simpson]

Tell me I'm not alone!

The last couple of posts just summarize for me why ISO 9k2k will struggle to provide the benefits it should.

Yes you can audit a department, a cell or an individual person's work … the point of the process approach (and process auditing, whether internal or external) is that their work fits in as part of a process that should be aligned with satisfying a customer requirement. If not then it is just so much wasted time, effort and money.

The process audit should cut across departmental boundaries to see that the voice of the customer is heard. Process problems (and that is what the internal audit is looking for) generally occur at boundaries.

So if the internal audit is going to be meaningful (and not just a tick in the box for the 3rd party certification body) it should look at a whole process – anything less is a compromise. Maybe it is just me. I think if a quality management system is to be meaningful you need a process audit to support it.

Whilst on the subject of taking time out to do proper audits (that Energy seems to begrudge) – yes, they do take time and proper planning is needed (it helps to prevent meandering) but, and it is a big but, most people involved in business processes (where they see system problems on a daily basis) will see that investigation of the ways of working can be an investment in improvement. There is a whole industry selling in depth analysis of processes as a contribution to the bottom line under the banner of six sigma and there a lot of CEOs out there bankrolling programmes which take people out of their primary functions, invest in extensive training and then give them a free rein to take apart processes and put them back together in a way that improves the company. I know not all companies are in that position but surely we are all looking for improvement?

There are problems getting senior managers to see the benefits a QMS can give but that does not mean we have to condone the “check in the box” approach that some quality professionals put forward as ISO compliant systems. Quality has always been more than the ISO documented system – it is looking for a better way so that the company can maintain its competitive edge and stay in business.

 

[Greg B]

Process problems??

The process audit should cut across departmental boundaries to see that the voice of the customer is heard. Process problems (and that is what the internal audit is looking for) generally occur at boundaries.

So if the internal audit is going to be meaningful (and not just a tick in the box for the 3rd party certification body) it should look at a whole process – anything less is a compromise. Maybe it is just me. I think if a quality management system is to be meaningful you need a process audit to support it.

Paul,

I have to disagree. I don't audit to find process problems. I audit to see if the system is operating as stated in the documents supplied by the people that own the process. If I was out looking for problems I would be a Quality Controller not a Quality Assurer. Symantics?? I don't think so. I will offer my opinion if I feel that the system as written may be a bit off but that is not my ultimate goal. I am not the expert on the production methods within my company. I will observe that records have not been maintained or that a process, as laid down, has not been adhered to but I will not go out looking for Process problems. That's thier job and they should and must take responibility.
JMHO

Greg B