http://www.qualitydigest.com/june07/articles/05_article.

shtml

As with any other process, auditing requires planning, definition, consistent implementation and control
to be effective. Without these features, auditing is a resource-draining waste of time. Internal auditing is one of the elements that makes your quality management system (Q !" complete. It fits snugly into the #check# component of your plan-do-check-act ($%&'" cycle. Internal auditing isn(t a hapha)ard or optional occurrence that you tolerate to maintain certification. It(s an assessment tool that provides a reliable indicator of the integrity of your organi)ation(s system and processes and their capacity to support your goals. 'udits help you to identify problems, risks, good practices and opportunities to better serve your customers. *he information garnered from well-conducted audits is a company asset that far outweighs the modest investment in time and training. *he manner in which the organi)ation values and uses this asset is partially dependent on how audits are performed. +,ecutive management, through visible support and allocation of resources, has primary responsibility for ensuring the effectiveness of the internal audit program. 'uditors have the responsibility for good stewardship of management(s support, as demonstrated by their commitment to good auditing practices and the production of meaningful audit reports. *he person in charge of the internal auditing program asks management to support the endeavor. In e,change for the trust and confidence implicit in this support, auditors strive diligently to provide valuable information that management can utili)e for strategic planning and other decision making. What follows are some of the practices that will help your organi)ation reap benefits from its internal auditing program. 'lthough the comments are directed primarily at the first-party (or internal" audit, most of the tips are equally valid for second- and third-party audits.

Plan your audits

ake sure that the audit schedule and the defined frequencies reflect your organi)ation(s needs. -ou must give appropriate consideration to criticality of activities, identification of areas that are more sub.ect to change or to turnover of personnel, and processes that have e,perienced problems or breakdowns. /eview your audit schedule periodically and revise it based on these considerations. If you have a mature product line and no new hires in recent history, assessing training more than once a year is a redundant paper e,ercise. &onversely, if you handle a lot of customer-owned materials, and their requirements vary significantly, ensure that those activities are included in the schedule at a greater frequency. 0nce you(ve established your audit schedule, stick to it. %on(t get into the habit of revising dates and moving audits off to the ne,t month to accommodate other people(s priorities. 's long as you allow it, some individuals will always find a way to put you off. 'cceding to procrastination perpetuates the impression that auditing is an #e,tra# task to be performed only when time permits. *his mindset devalues the process and minimi)es the organi)ation(s ability to derive useful and timely information.

Prepare for the audit

1ave an audit plan. $robably the single best reason to have a plan and to communicate it is so that you can tell people in advance when you(ll be in their area. It(s common courtesy. *his goes a long way toward dispelling the witch-hunt mentality with which people usually perceive the arrival of an auditor. 2ailing to alert process owners of planned audits carries other negative consequences. 's long as individuals feel that an audit is a surprise attack designed to catch them in error, they(ll conceal problems. *hey won(t look upon the audit as a fact-finding event designed to foster a culture of improvement. *hey(ll look upon it with the dread of miscreants afraid to be punished for their transgressions3even though they(ve probably done nothing wrong. $roblems recur cyclically because they(re covered up out of fear of punitive action.

+fficiency is another reason for having an audit plan. It saves time. *he auditor has a sequence that makes the audit flow smoothly and logically from input to output through a series of processes. +ffective planning brings an element of lean to the auditing process. It minimi)es the backtracking and repeat visits that eat up precious time without adding value. /eview the documents that describe the processes you(ll be auditing. *his helps you to frame the questions you(ll be asking the auditee, and ultimately will promote more comprehensive answers. /eading the documents ahead of time also helps you distinguish the most critical requirements and the points at which ownership of a product (or process" changes to a new person or function. /eview the last audit report and any corrective action requests that emerged. *his will help you to assess if things have improved or if a problem has persisted or gotten worse. If your corrective action process is well-linked to your internal audits, you can verify the implementation and effectiveness of corrective actions as part of the audit process. *his applies to all corrective actions, regardless of origin. 0ne of the areas in which this is particularly useful is in verifying the results of supplier corrective actions. *hrough the questions that you ask, you can augment purchasing staff(s understanding of the verification process. *his helps them to discern if the response they(ve received from a supplier actually provides evidence of an effective action plan. Without such verification, all the purchasing department really has is evidence that the supplier can fill out a form. 0pportunities for learning and improvement are lost. +asy questions an auditor might ask are4 #1ow do you know that the plan worked5# #1ave you asked them to send final test reports for the last orders they(ve shipped us so we can review them against our own records5# In this way, the auditor furtively drops hints that increase other individuals( comprehension of how the organi)ation(s Q ! works to improve their processes3in this scenario, through the effectiveness and productivity of supplier relationships. $repare a checklist. +ven if your organi)ation uses canned checklists, it(s important to prepare and revise them, based on the documents you(ve reviewed, so the audit trail you map out is complete. *his also helps you to develop questions so you don(t waste time, and it serves to keep you from meandering outside of the scope of the audit.

Use accepted audit practices

/egardless of whether this is an internal or an e,ternal audit, there(s no e,cuse for ignoring good audit practices. &onduct an opening meeting. 2or a third- party certification audit, this is a fairly formal event with a whole list of items that must be covered4 scope, purpose, standard, duration, schedule, confidentiality and nondisclosure agreements, rules for reporting nonconformities, safety equipment, escorts and the appeals process. 2or an internal audit, it(s appropriate to have an abbreviated version that outlines what processes are being audited, how long you e,pect the audit to take and the individuals you may wish to interview. 'rriving in an area and beginning the audit without some initial remarks or a simple greeting only serves to increase tension and the likelihood of alienating those who can facilitate a productive audit. $ay attention to how you ask questions. 1ere are a few pointers to remember. Bear in mind at all times that auditees weren't hired to answer your questions. *hey(re paid to do their .obs, so they probably won(t be quoting te,t verbatim from a procedure. *hey should be describing their process in a way that lets you understand it, and that demonstrates how well they understand it. Ask open-ended questions, as opposed to the kind that will get only yes or no responses. 6ive the auditee an opportunity to e,plain what she does. *he person will provide more complete information if she isn(t being steered toward the auditor(s preconceived notion of what the answer should be. Ask how the auditee does his job. -ou(re not .ust trying to verify that something is done7 you want to verify that it(s done correctly3as defined. /eading a report on nonconforming product will tell you something wasn(t done right, but assessing the process will help you pinpoint what went wrong. Remember to use documents to help you frame your question. *his lets you determine if the documentation accurately reflects the requirements of the process.

 on't be afraid to repeat or restate your question. !ometimes we need to come at a sub.ect from a different angle. /estating a question helps the auditee to grasp what you(re trying to ascertain. !i"e the process owner time to answer. 8e patient. 1e may be thinking. %on(t assume that a delayed response is an indication that the person is lying or making stuff up. Ask what happens ne#t. 'void quality speak. If you(re trying to determine what the output of a process is, simply ask, #What happens ne,t5# 'sking a customer service technician, #What(s the output of the process# will probably get you a blank stare followed by an awkward moment in which you(ll get the sense that you(ve .ust made her feel incompetent3which isn(t the case. !he knows perfectly well that when the order is entered in the database, it ne,t gets routed to the scheduler, who confirms the ship date so that the order can be acknowledged to the customer. $uggest a scenario and ask, %&hat would happen if'(% *his will help you verify how well the process is controlled if there is a deviation or if something goes wrong. It will also help you assess the effectiveness of communication and the definition of authority and responsibility. %oes the person know what he is authori)ed to handle, and what incidents require input from a supervisor5 Ask why. $eople who do tasks mindlessly, without understanding the reason for the activity, are less likely to be diligent in ensuring that the process is consistently and correctly implemented. It(s hard to care about something that makes no sense. )isten to the auditee. $ractice your listening skills. 're you hearing what the person is saying, or what you anticipate her answer to be5 9istening is facilitated by the simple practice of looking directly at the person who(s speaking. :ot only do you remain better focused, you convey to the other person that you(re interested in what she has to say. &rite down the answer so you don't forget. 'lso, record the evidence you(ve assessed. *ake copious notes. *his provides the foundation for the audit report and it also allays any confrontation. *he auditor doesn(t need to defend his conclusion. 'll that(s needed is a reference to the evidence upon which the observation is based. *f you're writing while the person is speaking, make sure that she knows it. !ay, #I(m listening to you, but I need to write this down.# If you get the sense that the auditee is afraid that your report will result in punitive action, e,plain why you write things down. y favorite line goes something like this4 #I have a brain like a sieve. If I don(t write things down, I(ll forget, and I won(t be able to do my report.# Always make sure you tell the auditee if you're planning to report a nonconformity unco"ered in his area. *his goes back to the fear of punitive action mentioned earlier. :o one likes to be blindsided two days after an audit by a report that appears to say that he screwed up. *ell the person what will be reported and provide reassurance that the intent is to make the process better for everyone. +e"er lea"e an area without saying, %,hank you.#

Write a comprehensive audit report

*he report doesn(t have to be lengthy, but it should convey a balanced summary of the status of the organi)ation audited. It should mention good practices that have been observed, risks that have been perceived and problems that have been identified. *he audit report should include the following4 ate of the audit. When did the audit take place5 *his provides evidence that audits are being conducted in accordance with the established audit schedule. If management wants to know what resources are being e,pended, it(s also appropriate to record the duration of the audit. 1ow much time and money is the organi)ation spending on internal auditing5 Areas audited. If the company has multiple locations, this is even more important. $tandard used. 2or a third-party audit, it(s generally a Q ! standard, e.g., I!0 ;<<=, I!0>*! =?;@;, I!0 =A@BC, etc. 2or internal audits, it(s usually a list of the internal documents associated with the

functions and activities audited. +,amples would include procedures, work instructions and detailed travelers. )ead auditor and audit team. If there(s only one auditor, that person is the lead. -ersons inter"iewed . *his provides evidence that the persons who answered questions were actually the process owners who have responsibility for the activity. It(s not uncommon for people to try to be helpful and answer an auditor(s question even it(s not part of their regular .obs. !ometimes the auditor finds out too late that she wasn(t speaking to the right person. What you hear is a manager saying, #2rancine doesn(t take care of patient intake, so she wouldn(t know where those forms are kept.# /ecording names of persons interviewed helps auditors provide ob.ective evidence that they(ve fulfilled the requirements of the auditing process. !ood points. 'n audit isn(t an attempt to observe a collection of bad processes. *herefore, an audit report should also mention good points that were observed. #*he newly developed design software is facilitating the control of new pro.ects,# #*he records show evidence that operators have had training on the &:& machine# or #*he corrective action tracking system is better able to calculate the cost of nonconformities and the money saved when problems are solved# are e,amples of this. +onconformities. When writing up findings of nonconformity, it(s important to be clear and complete. What is the actual nonconformity5 What is the standard that defines the requirement5 What evidence did you use to conclude that there was a nonconformity5 ' well-articulated nonconformity statement should provide enough direction and clarity that the process owner can use it to initiate root cause analysis and eventually develop a viable corrective action plan. .bser"ations /also called opportunities for impro"ement0. It(s appropriate for auditors to make statements about perceptions of risk or the identification of a process that may not be controlled as well as it should be to prevent problems. *hey shouldn(t specifically say something is wrong but should intimate what might go wrong. 9ike nonconformities, observations should be tied to requirements to allay the misconception that they are .ust ideas that the auditor thought up. 2ollowing these basic audit practices should ensure that the information management gets is accurate, reflects the status of the organi)ation and is detailed enough so that it results in good decisions. *his is what makes audits effective. 'nything less is a meaningless paper shuffle.

About the author

enise Robitaille is an RAB1$A- certified lead assessor, A$1-certified quality auditor and a member of the 2.$. ,A! to *$.3,4 567. $he's the author of numerous articles as well as *he &orrective 'ction 1andbook , *he $reventive 'ction 1andbook, *he anagement /eview 1andbook and %ocument &ontrol, all published by -aton -rofessional. Robitaille also writes %,he $tandard Answer% column in Quality %igest(s Inside !tandards e-mail newsletter. 8isit http4>>qualitydigest.com>standards>inde,.lasso to read recent columns or subscribe for free.