Don't Fear the Audit!
Internal audits often provide the biggest problem for ISO certified organizations. Fundamentally nobody objects to internal audits, the goal is to optimize them but that can mean different things. Management usually recognizes that audits are supposed to review the way the organization is operating to ensure that processes are followed as expected, to ensure they are still achieving the goals set and to look for opportunities for improvement. However, when they don’t see audits reporting any problems or finding things to improve then the tendency is to move for cost reduction.
How can we reduce the duration and the cost of the audit?
Here is the thought, "If there are no findings then my processes must be excellent – I don’t need to audit them." Of course the problem is that the reason nothing was found and no improvements were suggested is because the audits themselves were not effective. Should every audit result in at least one nonconformity? No. The last thing you need is for audits to feel like a traffic cop walking around the facility writing tickets.
Management must ensure that audits are effective and demand improvement. All processes can be improved and audits need to provide this for management. To get back to the original question of reducing the cost of audits - Costs can be significantly reduced by implementing improvement ideas resulting from internal audits - not by minimizing the audits.
Even with that mindset in place, there are still issues with internal audits
The first problem with internally resourced audits is that people typically don't want to do them. This is not what their career path is, this is not their chosen vocation and they know that when they get back to their day job nobody has done their work for them. This is not something to be desired, it is extra work to be avoided and minimized.
The next problem is that these people are rarely adequately supported. They may have auditor training but because they do this once a year for a few days it’s easy to forget. It is difficult to remember the types of things they should be looking for, how to determine conformance, how to assess a process for effectiveness and with limited experience it is difficult to identify opportunities for improvement. Typically internally sourced auditors are cautious about what they say. They are unsure if a process is effective or not and tend not to say anything. Their findings normally focus on errors with procedures and occasional administrative improvements.
One indicator of the performance of your internal audit team is whether they catch all issues before the external auditor has findings. Not only does this protect your certification but it reduces effort and administration. If your
external auditor is finding things then you should question your approach to internal auditing.
Outsource your internal audits?
Outsourcing internal audits is the solution that more and more ISO certified organizations are moving to. Their recognize their internal people already have full-time jobs to do. They have difficulty maintaining adequate expertise and dedicating the necessary time to perform effective audits. Companies have outsourced functions with similar traits for years (accounting, legal, information technology, etc.) and now that thought process is moving its way to into the quality profession. As internal resources get busy, it just makes more and more sense to call on outside expertise.
The outsourced internal auditors not only protect your certification but they are ISO experts. They maintain the necessary competence, have loads of experience and can bring best practices that your internal resources may not have thought of or been exposed to. They should be coaching, training and helping as they audit (good internal auditors are different from external auditors). They should be experienced enough to identify any issues in your ISO system and allow solutions before the external auditor gets there. They should have a wide ranging knowledge of organizations and subjectively advise about the effectiveness of your system and challenge for improvements. Management should again demand this of internal auditors irrespective of the fact that they are outsourced – it’s just that now the benefits of good internal audits can be realized.
When you get right down to the numbers, in practice, outsourced audits are likely cheaper and add more value. Higher quality audits, more valuable suggestions and the development of a relationship with an outside expert that can help support the ongoing development of your management system - and with responses to third party and customer auditors in the event they find something. Add to that the missed hours of work, the distraction to an employee's "normal job" and costs of training, preparation, reporting and on-going communication and questions. Outsourcing makes so much sense.
This does, of course, all rely on the fact that an outsourced auditor must be good. While simply being able to demonstrate effective audits is the ultimate test, someone with lots of auditing experience, ASQ and RABQSA qualifications, experience with consulting, qualified trainer and other ISO experience all indicate the ability of the auditor.
The benefits are there to justify outsourcing your internal audits now. If you are considering the move to externally sourced internal audits - Click Here for more information and to get the process started!
Christopher M. Spranger, MBA, ASQ MBB
Want to receive free tips on how to use Lean Six Sigma to improve your business?