Dogma can be a powerful force in our society. We have a strong tendency to try to short cut systems by copying what others have done. Why? Maybe we think it will be easier. After all, why do a lot of work ourselves when others have done the work for us.
Unfortunately we can end up with the blind leading the blind (or more crudely the dumb leading the lazy). One good example of this is the currently accepted process used almost everywhere to do ISO internal audits.
The popular process has an annual plan (matrix) showing what processes will be audited in what months. The matrix is revised annually with added audits as a result of audit findings or customer issues identified during the previous year.
The result of this process is often lack of commitment from those being audited (delays in scheduling and completing audits), insincere support from upper management and difficulty in closing audit issues.
What if we tried a different process? What if our plan wasn’t a matrix at all? The requirement of the standard says to have a plan and certainly a matrix is one way to create a plan, but there are others.
Picture this: plan to do two processes and two product audits per month (include manufacturing process audits if automotive). The two processes selected are determined as an output of a management meeting the previous month.
Management determines which processes to audit based on the performance of processes, customer feedback, plans to change or improve processes, etc. With this audit methodology, the processes which are most important to the organization’s objectives will be audited most frequently.
Because we audit what is important each month, some processes will be audited often, while others may not get audited at all. So what about having to audit all processes?
This is solved by keeping track of which processes are audited, and making sure that any processes (or product lines) not audited between January and September are included with the October through December audits. Audits of the left over processes should be very short compared to the management assigned processes because by definition they have been operating well.
With this process, audits have a purpose, they will be seen as beneficial by management and issues identified during the audits should get appropriate attention since the audits are focused.
You can read more about effective internal auditing in our Process Audit Toolkit.
Remember: To get the maximum benefit from any audit process, the training and skills of the auditors is as important as anything else.