Eight steps for a successful internal audit program

Internal audit programs play an important role in ensuring the success of the system. ISO standards such as ISO 9001, ISO 14001,  ISO 45001 provide the framework for management systems to function using a process-based approach, to achieve customer and other stakeholder’s requirements. Organizations certified to ISO standards, strive to be compliant, efficient and remain certified. Successful systems have Top Management (TM) / Leadership that are committed to and engaged with the system. They ensure regular internal audits and conduct management reviews (MR) to assess the continuing suitability, adequacy and effectiveness of the system. They further ensure that their decision-making process uses the inputs from the MR to ensure objective resourcing and support for efficiency.

External third-party audits too add value to this system, provided the auditors remain objective throughout the audit. Over the years QMII has come across instances where Non-Conformities (NC) were issued without the requirement being clearly stated or the evidence did not substantiate the requirement not met. However, these NCs are rarely challenged by organizations for “fear” of upsetting the auditors. Changes are further implemented to the system as a part of corrective action based on these findings. At times when the management is disconnected from the working system they often are surprised by the NCs presented at the closing meeting.

Is there, as a result, a case for preparing the organization for both internal audits and external audits? In well-functioning systems the organization should never have to prepare for an internal audit. The systems are designed to drive success and not for auditors or to get through audits without any NCs. NCs are, after all, an opportunity for continual improvement of the system and should be embraced, provided they are objective and not subjective to an auditor’s experience or opinion. An organization can and must respect a good NC and use it to drive correction and corrective action (CA). After all CA is NC driven. The organization/ auditee should be happy to receive a NC for risk(s) not appreciated.

I do however think that there are steps organization can take to build employee confidence in the  system, including the confidence to challenge the auditor when a NC is not clear or incorrectly given. Here are eight steps an organization can do to have its employees get that confidence for internal audit and subsequently for external audits:

  1. Conduct orientation on the process-based management system (PBMS) approach in general, and introduction to the highlights of the specific standard (e.g. ISO 9001:2015). This ensures that the basics of system approach and the internal management system are clear to all personnel.
  2. All TM must do a short training to be aware of the ISO standard, the main clauses and the benefits of the management system. This awareness leaders workshop (ALW) brings the confidence in the system, its implementation and continual improvement. This leadership awareness further encourages engagement of all personnel to use the system and increases buy-in.
  3. On regular basis, in day to day work and meetings refer to the management system. Ensure Quality, environment, safety, security, social responsibility, compliance are topics of discussion at periodic intervals. Even the middle and lower management e.g. supervisors should be encouraged to use the  system and engage others to do so. Management may have to support others in their roles of leadership at relevant levels.
  4. More than just following processes, all personnel must feel free and confident to challenge the process, make suggestions, raise NCs and submit innovative ideas. A participatory approach to system implementation is very cost effective. Let employees voice their concerns. Once they confident of their process and their system (with the fundamentals of the ISO Standard/other requirements built-in) the fear of audits will reduce.
  5. Put in place an aggressive internal audit program. When an outside (third party) auditor raises a NC, the organization does RCA (Root Cause Analysis) of the NC, but rarely does it challenge its Internal system and ask how the internal audit program missed the NC raised by the third party? Internal audits must be objective and strict and must raise all NCs.
  6. NCs must be tracked diligently and addressed within the time frame the organization has set for itself. TMs must stay involved by asking on the progress to the CA process. Overdue NCs must be investigated and TM must ask during the MR why the concerned department did not address it in time. Encourage PSW (Problem Solving Workshops) so teams can look at complex, inter-departmental NCs. Encourage use of tools as Causal Analysis and FMEA (Failure Mode Effect and Analysis).
  7. Creating a lesson learned data base has many advantages. It acts as a historic record for new joiners to learn of past occurrences. Additionally, it has great participatory value connecting each future task as a driver of improvement based on the past. The collective intelligence of the organization is available to the organization and does not vanish when individuals leave the organization.
  8. Some additional points for ISO 9001/ ISO 45001/AS9100 audit preparation:
  • Answer audit questions to the point. Do not volunteer information not sought.
  • Do not be reluctant to ask for your manager/ supervisor to support you if you are not clear on the question.
  • Have the confidence in your professionalism to ask the auditor for the requirement based on which the auditor is planning to raise a NC.
  • Be aware of risks associated with their process and actions taken to address them.
  • Explain the risks in the context of the organization and the context of what the employee does to them.

Aspects and Impacts: Let’s start here

Every organization needs to consider the aspects of their organization, and the impacts they have on the planet.  Understanding the impacts is critical to the sustainability of the organization, and in the long run, the planet.

Most organizations only consider the impacts of their processes in relation to waste created and materials used.  While these are important, an organization should consider all aspects of their operation and processes before they start a business.  This includes the facilities, people, materials and other elements of their operations.  Once operational, they need to continually evaluate all process to look for improvement.

Many aspects are considered by organizations in order to borrow money to launch a product or service.  This is a good place to start.  Clearly understanding the impacts the organization will have on the local environment and community is a good step toward launching a sustainable business.  Lenders, both private and public, will be more generous lending if they know the organization is considering all three pillars of sustainability; social, environmental and economic.

Generally speaking, recycling an existing structure to a new operational use has less impact than building a new facility.  Applying building technics recommended under Leadership in Environmental and Energy Design (LEED) and Energy Star, will also reduce environmental impacts, and improve the operational economics.  If new structures are required, considering the site location, building facing direction and proximity to water, public transportation, and workers, will also help the organization conform to LEED and other building Standards.  Local communities will be much more accepting of an organization operating in their community if the proper design considerations are considered before construction is begun.

Once operational, every group in an organization needs to evaluate their processes on a regular basis to determine what improvements can be made to the aspects of the organization, and the impacts of there processes.  Management is accountable for the operation of the organization, but every department needs to be responsible for their processes.  This is not just the manufacturing or production departments, but also sales, marketing, receiving, packaging, shipping and customer services.  Organizations are also responsible for the performance of their products and/or services, and often the potential recycling of products. 

The International Organization for Standardization (ISO) has established Standards that can be used by an organization to help improve their management system processes and reduce risks.  ISO 14001:2015 Environmental Management Systems and ISO 9001:2015 Quality Management Systems can be used separately, or together, to provide guidance in improving an organization’s operations.  Lenders and communities appreciate the value of a well-run organization that understands the aspects of their operations and addresses the impacts.

What is ISO 14001 Lifecycle Perspective?

ISO 14001 Lead Auditor training introduces students to the ISO 14001 standard and its interpretation as well as the skills needed to assess the effectiveness of the environmental management system. ISO 14001 in its 2015 revision introduces the lifecycle perspective. In essence, the standard asks organizations to use a lifecycle perspective when designing/manufacturing their products/services. This means that instead of a cradle to grave concept organizations need to think of a cradle to cradle concept.

Cradle to Grave

ISO 9001 ‘Requirements for Quality Management Systems’ ushered in a new era of process-based management systems that could be used to improve the quality of products/services being delivered to customers as well as when well implemented to increase efficiency and productivity. However, as productivity, efficiency and quality were being improved; the by-products of the system were not addressed. During the 1980s there were some regional efforts to address the impact of organizations on the environment and ISO 14001 was ISO’s effort to lay down the requirements for a management system that addressed the aspects and their associated impacts. Organizations were expected to take action on these impacts to reduce them. Auditors undergoing ISO 14001 Lead Auditor training were now ready to assess the effectiveness of these systems.

In its initial publication and subsequent revision in 2004 ISO 14001 asks organizations to take a ‘cradle to grave’ approach to managing their impacts on the environment. This meant reducing the immediate impact on the environment. However, with time we learned that this does not address the growing landfill issues being faced by countries globally. To address this issue as well as to align with international efforts to address climate change, rapid depletion of the planet resources and encourage sustainable operations the ISO 14001 standard introduced the concept of ‘cradle to cradle’ in its 2015 revision.

Cradle to Cradle

ISO 14001 defined lifecycle as “consecutive and interlinked stages of a product (or service) system, from the raw material acquisition or generation from natural resources to final disposal.” Life cycle stages can include the acquisition of raw materials, design, production, transportation/delivery, use, end-of-life treatment, and final disposal. A great example of a lifecycle perspective in manufacturing is the recycling of Lead-Acid Car Batteries. Nearly 99% of these batteries are recycled/reused. Major battery manufacturers have programs in place to encourage the recycling of car batteries.

While ISO 14001 does not call for a formal life cycle assessment ISO 14044 provides the guidelines for a life cycle assessment should an organization wish to do so. In determining the end of life disposal organizations may choose products that are recyclable, sustainable and even perhaps biodegradable. ISO 14001 lead auditor training provided by QMII, highlights the concepts of a lifecycle perspective and how to incorporate it into your environmental management system.

Conclusion

ISO 14001 Lead Auditor training enables participants to go back and implement environmental management systems that will benefit their organization, the environment, and stakeholders. It also enables participants to conduct value-adding audits of their systems. The intent of the audit is to identify opportunities for improvement. With the skills, ISO 14001 Lead Auditor training by QMII and the knowledge of a life cycle perspective participants are ready to hit the ground running in implementing and auditing environmental management systems.

 

Stop the Firefighting: Use Effective Root Cause Analysis

Root Cause Analysis (RCA) or Causal Analysis when applied correctly should help to prevent the recurrence and occurrence of similar issues within the organization. Why then is such little time, money and or effort afforded to it?

Heroes save the day! Yet again! How often have we come across news articles that laud those who manage the crisis, stop the plane from crashing or save the patient. The reality in any casualty is that, a system failure has resulted in a non-conforming product/service, including failed inspection. Organizations should laud and appreciate those who prevent incidents/ accidents/non-conformities and those who perform effective root cause analysis. Those who recognize near misses and perform CA  should receive equivalent if not more praise.

The root cause of many diseases is lack of a healthy lifestyle. Presumably, annual medical check-ups would show the flaws and enable risk appreciation to prevent a disease or illness from manifesting itself. This data however may not be enough to provide an accurate diagnosis or prevent a serious medical condition. Perhaps some may see the regular check-ups as a waste of money and time! This may help to explain why companies are reluctant to do root cause analysis when non-conformities arise. Their instincts are to do the firefighting when something goes wrong. This basic firefighting often appears to be less expensive, quick and seemingly more convenient. However, as has been proved again and again in various fields (quality, safety, security, etc.) prevention is better and more cost effective than the cure.

Why Problems Persist?

There are many methodologies for root cause analysis (RCA). It is not the intent of this article to educate its readers on the various RCA methodologies. Before we delve into why problem persists let us considers why problems occur. Problems usually occur because of the lack of a functional well implemented management system. This includes the lack of management commitment, timely identification of risks and lack of controls/adequate resources for the processes. Despite repeated warnings from their doctor, patients choose to continue living their current lifestyle. During incident investigation interviews this comment is often heard ‘this is the way we always did it’. Humans are not always accepting of changes and ‘if it ain’t broke then why fix it?’ Management of change is never easy. The larger the organization the more difficult it is to enable the change. Often in management systems, problems are ‘fixed’. This makes the issue go away albeit temporarily. Everyone likes a good score card and ‘fixing’ the issue makes everything look good again. However, when the root cause(s) are not addressed this dragon will raise its ugly head again.

When root cause analysis points toward leadership or top management, the job security aspects may prevent the middle managers from completing the RCA process. This political limitation, to avoid exposing process issues within the ranks of leadership are counterproductive, and yet a reality. As preposterous as it may sound, in some cases leadership may opt for paying the fine when things go wrong and then proceeding as is. This is seen as the ‘less expensive’ option than resourcing actions to prevent the recurrence/occurrence of problems. Conflicts of interest in the workplace, can often be a reason for a lack of effective root cause analysis.

Stopping the Firefighting.

With all due respect to firefighters and other emergency personnel, organizations want to solve the problem, so they do not have to call them back! This means getting to the root cause(s) of the incident. Very often when identifying the root cause(s), the work group or practitioners often stop short of finding the actual “root cause.” These may be the immediate direct or indirect causes. The root case may lie in another part of the organization and often gets missed. Root Cause Analysis when done correctly drives systemic changes to prevent similar issues from cropping up again. As with everything else the RCA team needs the backing of the leadership including the needed resources to be effective.

In conducting effective root cause analysis, the inputs of customers and other stakeholders may be needed. For effective root cause analysis is of interest to all organizations that are integral to the successful implementation of a management system. The element of social responsibility in the defined duties of leadership need to be audited and have consequences when customer focus is lost. The new root cause analysis model should have an element of responsibility attributable to the top management. The intent, not to encourage a blame culture, but a responsibility culture. As a part of QMII’s management system implementation we train selected candidates as a problem-solving team to enable and empower continued success of the system. To sit in the fire house and focus on other initiatives such as innovation, social responsibility etc. an organization has to proactive rather than be responsive.

Conclusion

Leadership often questions why money spent on management systems, particularly when based on ISO Standards do not work? Why a conforming product or service is not constantly delivered by an organization? Mature organizations recognize that the only bad nonconformity (NC) is the one that they do not know about. Once the NC is identified, the system must drive Correction and CA (corrective action, based on RCA). Closed NCs added to the database, along with the proper analysis of the information, will allow system users to appreciate risks and trends to identify the opportunities for improvement (OFI). However, all this will fail if the MS (management system) users do not understand the value of RCA.

For the success of a Management System, its outputs based on inputs must deliver conforming products and services.  When the Management System does not achieve this, all stakeholders should be interested in the root cause analysis and corrective action.

Defining Measurable Objectives/ Metrics to Drive Continual Improvement

Measurable objectives are an essential input for all levels of the management and come from the top management (TM). These objectives guide personnel at the work level to help ensure the success of a management system. The need for a set of value-based metrics is met by looking carefully at the company policy (based on the strategic direction) and then drawing the measurable objectives from it.

My thought is for any organization giving more than the desired value is a challenge! Values in today’s business world are often related solely to the ROI (Return on Investment). Providing value to the customer is a goal. The question is at what cost? Due to budgetary concerns, no organization wants to do more than what is required. Availability of funds is input to the design of the final product and or service. Consequentially, the values that an organization sets for itself must be based on trying to meet the objectives and expectations of the customers, or the statutory bodies (if relevant) within the constraints of the resources. Where a statutory body is involved, it is the vital responsibility of that body to precisely define expectations and what metrics they will accept.

My opinion is that the statutory bodies such as the FAA, FDA, EPA, and USCG, would have concerns about continual improvement by the external service providers. It is therefore critical to conduct an analysis and conduct management reviews internally to achieve the intended purpose of Clause 10.3 of ISO 9001:2015. However, it all starts with defining, providing and monitoring these clear expectations. This means that the statutory body should provide guidelines for stated requirements, as the IMO does in the ISM Code, within Resolution A.1118(30) & MSC-MEPC.7/Cir8. In a similar manner, the USCG could provide clear guidelines for TPO (Third Party Organization) and for the towing companies for the Subchapter M.

Statutory bodies, understandably, may struggle with defining their policy in the initial stages and clearly converting it to a set of measurable objectives (Value based metrics) for external providers. The need for the Leadership (TM) is to spend time and resources well at the plan stage of the PDCA cycle (Plan-Do-Check-Act) by understanding the context of the organization (Clauses 4.1 and 4.2 of the ISO 9001) and appreciate the various risks (Clause 6.1 of ISO 9001) keeping the customer focus in mind. The Standard here provides useful clauses to make the decision. An objective audit of the internal procedures of the statutory body (Clause 9.2 of ISO 9001) would provide the inputs for the Management Review (Clause 9.3) and ensure a robust decision-making process. This then should be followed by regular audits of the organization to which the processes have been outsourced (meeting the requirements of Clause 8.4.1 and 8.4.2 of ISO 9001). The organization which provides the outsourced service or product needs the information in terms of clause 8.4.3 to perform to the total satisfaction of the statutory body. As such providing clear requirements is a vital role of the statutory body.

Once requirements are clear, then the organization providing a product or service will use these inputs to design their Policy (Clause 5.2 of ISO 9001) 5.2.1d. This policy would then ensure that the feedback loop will help to drive continuous improvement efforts of the QMS. This policy would then provide the framework for the “value-based metrics” which in Quality terms would be the measurable objectives in terms of clause 6.2. Both 6.2.1 and 6.2.2 would put the organization on the correct path to success. The statutory body would vigorously and regularly audit the correct implementation itself or by using an independent professional service provider.

In effect, what this means is that just being certified to e.g. ISO 9001:2015 is not enough for any organization. What is required is a functioning PBMS (process-based management system) based on the chosen standard and other criteria implemented by committed leadership and motivated manpower.

(The author Dr. IJ Arora, is the President and CEO of QMII)

SECURING THE MARITIME IoT FRAMEWORK

As technology advances, there are a growing number of providers that are developing products and services based on the IoT (Internet of Things) framework. In the maritime industry, it is increasingly common for vessel containers to be tracked from ashore and even machinery performance metrics, providing remotely automated readouts, to those ashore. With the increased use of technology, the risk of these networks being compromised also increases. There are a growing number of incidents in the maritime industry where systems were compromised leading to losses in millions of dollars.

On an average when these breaches occur it may take over 100 days before they are even detected! Various maritime organizations and associations have published guidelines on measures to be taken to prevent/deter such a compromise, but history has shown that the maritime industry tends to be more reactive than proactive. Even the ISM code now includes as an appendix a circular on guidelines for maritime security. As part of the implementation of the ISM Code measures for cybersecurity should be included in the system. From the security of networks to machinery to contingency plans in case of breaches occur.

The implementation of cyber-security measures includes the need for protection of three aspects of the system; the IT aspect, the human aspect, and the physical aspect. Organizations need to consider the cyber-security risks at the planning stage of the system and determine where vulnerabilities lie and how to address them. Instead of reinventing the wheel organizations may consider the implementation of an information security management system based on ISO 27001. ISO 27001 lays the framework for the IT security of the system. Once implemented and used, based on industry feedback the standard includes an annex of controls for implementation to secure the system. ISO 27001 has a total of 114 controls split across 35 control categories.

If an organization already has an ISO management system framework in place, for example, an ISO 9001 based system, integration of ISO 27001 into the existing management system would be a simple exercise. This integration has been made easier by ISO through the use of the High-Level Structure across standards. QMII has over 30 plus years encouraged its clients to “appreciate your management system”. As such we build upon your existing measures and documentation to fill the gaps for requirements set by the standard. This ensures continuity in system acceptance by the users, the changes to the system are minimal and easier to implement. For successful implementation of your system beware of templates that promise conformance to the requirements. They may enable you to gain certification but will not ensure any long-term success least of all cybersecurity.

Learn more about how you can improve your management system and integrate the requirements of ISO 27001 into your existing management system.

Monitoring Outsourced Processes is a Primary Responsibility of Every Organization

The international standards provide a world of wisdom enabling robust planning to achieve results by the organizations. In this global economy, often doing all the work in-house is not a cost-effective solution. Moreover, with super-specialized industry requirements, perhaps a lot of quality products and services can be procured at reasonable prices. Yet it seems organizations fail to act in the spirit of the standard when putting in place requirements for monitoring outsourced processes. Clause 8.1 of ISO 9001:2015 in operational planning and control has a sting in the tail with a clear whip requiring that “the organization shall ensure that outsourced processes are controlled.”

Statutory requirements are created to provide the required oversight, maintain customer focus and protect the interests of the customer when products and services are cleared for use. The caveat is that the statutory body should be well resourced, have the infrastructure, maintain organizational knowledge levels (Clauses 7.1.5.1, 7.1.3 & 77.1.6 of ISO 9001) with competent manpower (Clause 7.2). This often is not possible or with time not sustainable due to budgetary constraints, knowledge level dropping with time, Leadership forgetting their primary role (Clause 5.1.1) of taking accountability for the effectiveness of the QMS (Quality Management System). As such, the resources (5.1.1 e) needed for the QMS are not provided or budgets not available. The statutory bodies rationalize it by their helplessness since the government does not provide the funding and budgetary support for this.

Whatever the reasons, the question is who suffers? A ship is sunk, and aircraft with all on board has crashed, dangerous drugs are in use. It is the customer who suffers. In helplessness on their ability to do their duties, the statutory bodies outsource the work to contracted parties or worst to the manufacturer itself! The whole logic of creating a statutory body is lost with this.

What then is the remedy? The essential rulemaking that implements compliance requires competence, resources, and infrastructure with a committed Leadership ensuring continuing suitability, adequacy and effectiveness of the system. When budgetary constraints do not allow this role to be fulfilled, the risk to the system along with the products and services it provides must be assessed and mitigated or the opportunity for improvement taken (Clause 6.1 of the ISO 9001).  This would require the authority to appreciate the FMEA (Failure Mode Effect and Analysis) and take measures to remedy this. If this risk is not appreciated as NC (Non-conformity) the CA (Corrective Action) will not take place nor will the government know of the consequences of underfunding or of recognizing the failure and finding alternatives/ considering options. If the manufacturer has the resources, the government may consider this an asset and avoid duplication of resources, thinking in national terms. Outsourcing to the manufacturer as has been seen can mean losing customer focus and is strict counter to the very philosophy of statutory work. It would call for aggressive, proactive and strict monitoring of the outsourced processes.

In my opinion, monitoring the outsourced processes diligently, as clearly prescribed in the standard is the answer. New options may not be necessary, if the existing clauses of ISO 9001 and related industry-specific standards, where applicable, are understood in the spirit of the standard and vigorously implemented.

  • Dr. IJ Arora

Environmental Best Practices in Vineyards

The number of vineyards in the United States, and abroad, have grown substantially over the last 20 years.  New technology and controlled stainless steel fermentation processes have improved the product of even relatively small vineyards.  Many of the best vineyards are also focusing on their environmental impacts to ensure sustainability.  They are finding that taking a hard look at some of their processes can reduce negative environmental impacts, and in fact, reduce operating costs. 

Implementing an ISO 14001:2015 based Environmental Management Systems can help a vineyard archive sustainability and reduce operating costs.  It can also get the organization recognized as a responsible business neighbor in the community with happy and proud employees.  It starts with the owner’s decision to implement an environmental management system, then getting all employees aware, and on onboard to help improve operational processes.  

Environmental Management Systems (EMS) address recycling, and water conservation. These are important elements that are common to all vineyards.  One company that was spending over $50,000 a year on recycling, not only reduced their recycling cost, they actually saved over $7,000 a year after introducing a new recycling program as a part of their EMS. The program included 95% of its solid waste, packaging, and recycling.  New approaches to water use and heat exchange were able to reduce water use by over 35%.  Water used in the winemaking process is now processed on site and used in the vineyards, instead of being flushed down the drain. 

An EMS gets organizations to address the environmental aspects of their business and the impact they have taken into consideration the business environment they operate in, the needs of the stakeholders and risks associated with their business. Let us consider the aspect of energy use and the impact it has on the business including the organization’s carbon footprint. Taking the example further installing solar panels on buildings reduces energy operating costs and produces no carbon emissions.   One company was able to use solar for 75% of its energy use. 

QMII, with its 32 plus years of experience, can help a vineyard educate its employees so they are aware of the requirements of the internationally recognized and accepted standard for Environmental Management Systems – ISO 14001. Our course will outline the next steps the vineyard can take to begin implementing an EMS within their business.  We offer introductory environmental management system courses that will help a vineyard conform and/or become certified to the Standard.

UPDATE ON STANDARDS

In the past year there has been a lot of activity in the development and revision of ISO standards. Highlighted below are a few key updates:

ISO 41001 – Facility Management

This new standard applies the concept of the Plan-Do-Check-Act cycle to the discipline of Facilities Management. This standard provides the requirements for a facility management system where an organization needs to demonstrate effective and efficient delivery of services. The standard is aligned with the High Level Structure adopted by ISO thus ensuring easier integration with other standards. Benefits of implementing this standard, per ISO, include improved productivity, communications, service consistency and costs benefits.

ISO 19011 – Guidelines for Auditing

ISO 19001 has become the primary guideline for all audits conducted globally. The FDIS was recently cleared and the updated revision is due to be published in July 2018. One of the main changes lies in the new auditing principle “Risk-based approach: an audit approach that considers risks and opportunities. The risk-based approach should substantively influence the planning, conducting, and reporting of audits in order to ensure that audits are focused on matters that are significant for the auditee and for achieving the audit program objectives.” This approach is evident in all the clauses of the standard which not follows the High level Structure. We will further update our readers as the standard is published.

ISO 9004 – Guidance to achieve sustained success

The standard has been updated to reflect the guidelines to achieve sustained success of and ISO 9001:2015 QMS. Per ISO, factors affecting an organization’s success continually emerge, evolve, increase or diminish over the years, and adapting to these changes is important for sustained success. The document addresses systematic improvement of overall performance and includes a self-assessment tool for reviewing the extent of conformity by the organization.

Month of May is International Internal Audit Awareness Month

The International Institute of Internal Auditors (IIA) is encouraging Internal Auditors around the world to actively promote internal auditing’s value during Internal Audit Awareness Month .

IIA is recognizing Internal Auditing.

QMII has over 30 plus years propagated the importance of internal auditing and the need to have competent internal auditors. Any tragedy can be connected back to a nonconforming product, which in turn is invariably the outcome of a failed procedure. Internal Auditors play a vital role in recognizing NCs (Non Conformities), and thereby enabling Correction and CA (Corrective Action) to NCs. Managements have to maturely understand the importance of recognizing internal NCs as an integral part of improving process improvement and continual improvement of the system. Internal auditors have a vital role in providing objective inputs at the C-check stage of the P-D-C-A cycle.

Share a video on your social media accounts about Internal Audit Awareness Month!

We want to hear from you—Comment below a way you have showcased Internal Auditing this month!