Open letters
The letters below are open for discussion and the INform team invites comments, answers and further questions either relating to these letters or posing new topics. Make yourself heard and send us your feedback
Auditing undocumented processes
(open letters, INform Issue 2)
I read the first issue of the new e-zine with interest. In his article 'The benefits of ISO 9001:2000', Dave Powley implies that a process cannot be audited unless it is 'put into the audit arena' by being presented in the form of a procedure.
I am extremely surprised to read this. I thought the whole idea was to allow companies the freedom to control processes more creatively. Is he saying that he cannot audit undocumented processes or that no one can? Admittedly, it's easier on the auditor to audit the 'say what you do and do what you say' type of system, but it certainly isn't true that a process has to be documented before you can determine that it is controlled. I have been teaching auditors to do just that for the past two years.
Chris Gowens
QMS 2000 principal auditor, UK
The author's response
Chris Gowens is correct in his belief that organizations should be given the freedom to control their processes more creatively - I wish there were more people with the same mind-set. He is also right in his contention that procedures and descriptions of them help the auditor, or more correctly, help the audit process. It is worth noting that an audit, or at least a management system audit, is a systematic evaluation of the adequacy of and compliance with planned arrangements.
I would like to draw attention to the 'compliance with' part of that statement. In effect, this means a 'comparison' - in this case a comparison between 'what is' with 'what should be'. If these planned arrangements are not described in some form, it is very difficult to enable that comparison. It certainly is possible to audit an organization where an employee population cannot refer to a prescription or a described process or flow diagram or even a procedure, if you will. However, the audit is likely to be fraught with misunderstanding as well as taking an undue length of time.
Imagine the case of an auditor who wants to audit compliance in cases where there is no description of processes. He would first ask a representative employee (A) to describe by 'word of mouth' how the activity being audited should be conducted. He clearly cannot then interview employee A as the audit subject in order to check compliance. He must then find other employees (B, C, D etc) who conduct the same activity. In doing this the auditor is likely to get interview responses that, even in the best scenario, would be an array of variations on the same theme and, in the worst case, outright contradiction or disagreements between the audit subjects.
This would be a manifestation of the classical 'communication line loss', in management consultant speak. Also, it is not hard to imagine how much time this would take. Furthermore, process descriptions should not be underestimated in their role as training aids or devices to assist consistency of operation, if consistency is an issue.
Finally, I am all in favour of the removal of burden in management systems, and there are several ways of doing this. However, I would suggest that descriptions of processes
should be one of the last items on the 'spring-clean' list.
David Powley
IMS principal lead auditor, DNV Certification, UK
 |
|
 |
|
 |
|
 |
|
 |
|
 |
 |