|
|||||||||||||
|
|||||||||||||
|
Title: How
to Plan an Audit :
|
|
|
|
You can order this book from internal-auditor.com at: http://www.internal-auditor.com/books.htm |
||
|
Feature Article Developing the Audit ScheduleWhen we read the standard (regardless of which standard), we get a picture of the requirements for setting an audit schedule. Yet, the "shall" of ISO 9001:2000, QS-9000 and ISO/TS 16949:2002 is still really vague. In each case, organizations are required to schedule audits base on four parameters (consult the standard two determine which of the following are required):
Status Status of the audited area and results of the previous audits are connected and are often combined. In reality, the results of previous audits help define the status. Status refers to how well the activity is performing. Is there a considerable amount of corrective actions (including audits) as a result of the activity? Has the activity led to customer complaints, or dissatisfaction? Does the activity have high employee turnover? Is this a new or revamped process? The answers to each of these questions indicate the status of the activity. Any 'yes' answer would necessitate more frequent audits. Determining the "status" of the activity is not always an easy task. In many cases, there may be some political issues that must be dealt with. Also, status might be considered subjective and the credentials of the person making the judgment may very well be called into question. Some organizations escape this by awarding "status points" based on pre-defined criteria. A given number of points results in a more frequent audit activity. Small organizations attempt to audit the entire system once or twice a year. This could lead to questions about whether they considered the "status" of activities. There are two plausible explanations for auditing everything. First, it is possible for all activities to have the same status. Secondly, you can plan to audit everything to the "worst" offender. Importance The importance of the activity to be audited is directly related to the impact, either actual or potential, of the activity on customer satisfaction. Some activities are much more critical in mission success than others. Those need to be audited more frequently. For example, 7.2.2, "Review of requirements related to the product" (the old contract review) would usually be far more important than record keeping, granted in some regulated industries record keeping is very important). Once again, politics may enter the picture, but to less of an extent as activity status. But once again, who is to say that purchasing is more or less important than calibration? Results of Previous Audits If an audit of an activity reveals issues, then it only makes sense that it should be audited more frequently. By the same token should an activity never have problems, then we can audit that activity less frequently. We can use the same sampling rules we have used for ages to determine frequency of auditing. Other Factors There are many other factors to consider when developing the audit schedule. To be effective, the audit schedule must include all shifts and all operations. Change One of the most important factors to consider is change. Anytime change is introduced into a process, the chance of variation increases. In QMS terms, this means an increased risk of nonconformances. If a process has significant change that should be a trigger for increased audit activity. Change could take many forms. It could be a change in material, equipment, environment, process or operators. Auditing an activity or process following a change could limit the change's ability to adversely affect product or customer satisfaction. In a previous issue, we discussed the use of Supplemental Audits. This would be an ideal use for such audits. Personnel Depending on your resources available, you might need to consider personnel in developing your audit schedule. Smaller organizations tend to use part-time auditors and it might be easy to stretch them too far. This is particularly true in cases where the auditor's regular job performance objective do not take into account their role as auditor. Also, make sure you include adequate auditor preparation time, as well as audit report and follow-up time in the audit schedule/plan. Audit Combinations The audit schedule should include and differentiate between different types of audits. Combining system and process audits will give you a better picture of the overall status of your QMS. Next month, we will discuss the differences in detail, so for now we just want to comment to consider them in the audit schedule. Audit Follow-up Another consideration is following up on previous audits. You need to maintain some flexibility in the schedule to provide the resources for any necessary follow-up activities. This should be built into external audits as well. Summary: Each of these factors needs to be included and considered if your QMS is to be effective. Determining the audit schedule requires some thinking and should not be done in haste. The audit schedule is more than just a requirement of the standard, it is also important for an effective QMS. Take some time and analyze what schedule would not only meet the mandates, but also yield the greatest impact for the organization. Like the rest of the QMS, the audit schedule and plan need to work for you. And like with everything else, planning on the front end can make the balance of the activity work better. As always...Good Auditing!
|
|||
|
Observations from the Field: Management review is an ideal time to visit the audit schedule, adjusting it as necessary, and publicizing the updated schedule. This will help you in establishing internal audits as another aspect of the overall quality management system. It will also give management an opportunity to hear the reasoning for the schedule and provide input. If possible, include second and third party audits in the published audit schedule. This gives a better "big picture" view and can assist in spacing out the audits.
|
|||
|
Question and Answers: Q – When I schedule the audit, how much lead-time is required for the auditee? A –There is no set time limit, however audits should never be a surprise. One effective way is to publish the schedule a year in advance, and notify the auditees at six month, three month, the month before and a week prior. There are excellent software programs that will automatically send emails, based on the schedule. Preparation time for auditees may include shifting workload, ensuring key people are present, and ensuring records are available (especially if records are kept off site). |
|||
|
Advertisement: |
|||
|
Element Understanding: ISO 9001:2000 Clause 5.6.2 Review Input "The input to management review shall include information on a) results of audits" Audit results are just one small part of management review. When reviewing audit results, you need to consider more than just internal audits. You also need to look at external audits as well as product audits. ISO doesn't specify which type of audits to include, so if it is an audit, include it. Another thing ISO didn't specify is how much detail to go into during the review. Although this is unspecified, most registrars I have contact with look for, as a minimum, how many audits were conducted, what areas have been audited, and some sort of summary of the overall audit. |
|||
|
Monthly Scenario Explained: January 2002's question: As part of the audit, you must determine if the quality policy is understood through out the organization. To determine this, you decide a random sample of persons exiting the break area. The next five people leaving the break area will be questioned. The first two go quite well. The third person is someone you know that has a reputation of being anti-company. You decide to ask anyway and the response is that he is sure the company doesn't have a quality policy. He has never heard of one, and has never been trained on a quality policy. You record his response and continue. The last two are also positive. The answer: This is a clear example of audit bias. The question is if the auditee was being truthful in his response. Just because an auditee is anti-company, we cannot assume they will always tell a lie. Something I learned years ago was that sometimes jerks are correct. The auditor must decide, without bias, whether the auditee is truthful or not. The auditor must also report the finding, regardless of the decision. It would be up to the audit team whether there is a nonconformance or not. And that decision could go either way. |
|||
|
The Back Page:
I find it very interesting that most companies, I've seen, do a fairly poor job of performing management review. Part of this may be our tendency to "do just enough to get by". We know what the standard requires and we do that. We don't want to go farther because it could lead to nonconformances. Although in many cases this is true, in many cases we miss opportunities for effectiveness because we don't attempt to apply the QMS to its fullest potential. Use the management review for what it was intended. Management review is one of the best tools management has to maximize the QMS. If done properly, better decisions are made and better communication takes place. Use the management review to propel your organization forward and upward. Dave ...Good auditing!
|
|||
|
Copyright notice: internal-auditor.com is
fully protected under US and International copyright laws. Copying, or
re-transmitting all, or any part of internal-auditor.com is expressly forbidden
without prior written consent from Ruth Ellen Carey Communications.
Because this site uses information from many different sources, it must be pointed out that any advice, tips, information, etc., provided should be regarded as opinion and not fact! What works well for one company may be a disaster for another. Also, what one registrar, or auditor may allow, another may not. As always, reflect on what you read, see if it fits into your own quality system, and if it conflicts with your auditor...you've got to make a decision |
