Wes Bucey said:
Bottom line:
Effectiveness of IA has nothing to do with IA metrics, it has to do with the results of the organization as a whole.
I don't agree, Wes. Many companies measure the economic benefit of CI projects. ROI is evaluated on any significant capital investment before we approave the funds. Six Sigma requires calculating the expected savings as part of the project. So does Kaizen and Lean.
Why is internal auditing the only improvement activity where no one tracks the inherent benefits? I would propose it is because it evolved out of the negatively-tainted customer or military inspection model where the auditor was never viewed as a value-added part of the business.
But, in this ISO Process model, auditing is a process to help us improve. So, auditors should be recognized as part of the team. They should be trained to view themselves as part of the team. And, they should be trained to look for preventive actions and improvement opportunities as well, not just finding people who aren't following their procedures.
When I train auditors, I begin a discussion of Current State vs. Ideal State concepts. I follow that with the statement that "an auditor's role is to identify anything that is not as it should be."
I stress they are to widen their perspective. And, in every class, the idea is embraced as a great idea, but they always say "we didn't know we were
allowed to do that." I view that as a tragic lost opportnity, to not empower and train auditors to do that.
I teach them to list those observations, discuss them with their auditees to get their input. Then review them with the Lead Auditor to filter out the oddball items. Then, write CA's, PA's and OFI's to address the remaining findings that were approved as beneficial and legit.
I find companies who do this get dramatic improvements in their systems. Their metrics are consistently at benchmark levels. And they don't fuss that their ISO or TS systems don't provide value.
PS: My premise is not so much that I want companies to measure results of audit findings, though I think that will certainly come in the next few years. But I would encourage them to recognize auditing as a true improvement process and treat it as such. And, on that basis, I still believe that tracking audit findings as a metric will provide the starting point to understand whether they are getting value. Far more meaningful than whether the audit was done on time.
After all, my clients evaluate the effectiveness of whether my audits had value based on whther they got good ideas and improvements from it. Why shouldn't internal audits be viewed the same way?