Is your audit adding value?
The first in our new series of guidance papers by the ISO 9001 Auditing Practices Group discusses the pitfalls of value-added auditing and provides some good advice
We hear so much about the importance of adding value during QMS audits, but what does this really mean? Is it possible to add value without compromising the integrity of the audit or providing consultancy?
In principle, all audits should add value, but this is not always the case. This article provides guidance on what constitutes a value-added audit, and the various situations that are likely to be encountered in the context of second or third-party audits.
What does it mean?
There are several dictionary definitions of 'value', but all focus on the concept of something being useful. 'Adding value' therefore means to make something more useful. Some organizations have used the ISO 9000 to develop QMSs that are integrated into the way they do business, and are useful in helping them to achieve their strategic business objectives - in other words, they add value to the organization.
Conversely, other organizations may have simply created a bureaucratic set of procedures and records that do not reflect the reality of the way the organization actually works, and simply add costs, without being useful. In other words, they do not add value.
A question of approach
A non-value-added approach asks: 'What procedures do we have to write to get ISO 9001 certification?' A value-added approach asks the question: 'How can we use our ISO 9001-based QMS to help us improve our business?' Thus, a value-added auditor should ask: How can we ensure that an audit is useful to an organization in maintaining and improving its QMS? (It should be recognised, however, that there may be other perspectives that need to be taken into consideration.)
A value-added third-party audit should be useful:
- to the certified organization, by providing information to top management regarding the organization's ability to meet strategic objectives. Also by identifying improvement opportunities and possible areas of risk, and problems which, if resolved, will enhance the organization's performance
- to the organization's customers by enhancing the organization's ability to provide conforming product
- to the certification body, by improving the credibility of the third party certification process
Some tips for value-added auditing:
Audit planning:
- understand the auditee's expectations/corporate culture
- any specific concerns to be addressed (output from previous audits)?
- risk analysis of industry sector/specific to organization
- pre-evaluation of statutory/regulatory requirements
- appropriate audit team selection to achieve audit objectives
- adequate time allocation
Audit technique:
- focus more on the process, and less on procedures. Some documented procedures, work instructions, check-lists etc may be necessary in order for the organization to plan and control its processes, but the driving force should be process performance
- focus more on results and less on records. In a similar fashion, some records may be necessary in order for the organization to provide objective evidence that its processes are effective (generating the planned results) but the value-added auditor should be aware of and give credit for other forms of evidence.
- remember the eight quality management principles
- use the plan-do-check-act approach to evaluate the organization's
process effectiveness: has the process been planned?Is it being
carried out according to plan? Are the planned results being achieved?
Are opportunities for improvement being identified and implemented
by:
- correcting non-conformities
- by identifying root causes of problems and implementing corrective action
- by identifying trends and the need for preventive action by innovation
- adopt a holistic approach to evidence gathering throughout the audit, instead of focusing on individual clauses of ISO 9001
Analysis and decision:
- put the findings into perspective (risk assessment/common sense)
- relate findings to the effect on the organization's ability to provide conforming product (see ISO 9001 clause 1.1)
Report and follow-up:
- sensible reporting of audit findings: different approaches may be required depending on the organization's maturity (zones 1, 2, 3 and 4); the level of confidence in the organization's QMS; the risks involved; the auditee's attitude and commitment to the audit process (proactive/reactive). Ensure that any cultural aspects are taken into consideration. Emphasize positive findings as appropriate. Will the solution proposed by the organization in response to negative findings be useful?
- reports should be objective and focused on the right audience. Top management will probably have expectations that are different from those of the management representative
This article is an edited version of 'Value-added
auditing' from the website of the ISO 9001 Auditing and Practices
Group and is reproduced courtesy of ISO and the IAF. These papers
were developed on current best practice and therefore have not been
formally endorsed as IAF guidance or ISO TC176 interpretations. For
further information about the Auditing Practices Group visit:
http://isotc176sc2.elysium-ltd.net/APG_index.html
 |
|
 |
|
 |
 |
 |
|
 |
|
 |