ISO 9001 internal auditors play a critical role in the success of the system. ISO 9001 internal auditors provide inputs to Top Management for continual improvement of the system. Internal audits, given the nature, can be more detailed and as such usually go into depth considering the limited scope of the audit. For audits to add value internal auditors should be trained in identifying the adequacy of resources and controls in a process to meet the objectives as defined. The five steps as listed below are inputs to enhancing your internal audit program as also supplementing the ISO 9001 internal auditor training.
Step 1 – Include risk in audit planning and preparation
In scheduling process audits, not all processes need the same amount of time allocated. Processes that are more complex and or have more problems may need more time to assess conformity. Processes which perform well could perhaps have their internal audit requirements met by auditing perhaps once a year. However, critical processes should be audited more often as also processes where customer complaints are received or where frequent issues are identified. There is no requirement per ISO 9001 to audit all processes within the timeframe of a year. Of course, in special industries like the maritime industry there is a requirement for annual audits.
In preparing for the audit the ISO 9001 internal auditor should determine priorities for the audit and select personnel they want to interview, the items they want to sample and quantity, as well as the questions they want to ask. All this will be based upon meeting of the audit objective and may change should there be a risk to meeting the audit objective. In interviewing of personnel auditors should choose a representative sample.
Step 2 – Use custom checklists
Checklists are a great tool for an auditor to go prepared for an audit. However, the purpose of checklists is not to limit the auditor. When standard checklists are used to audit a process over time the same areas of the process get identified while other areas get left out. Auditors may feel compelled to stay within the confines of the checklist unless advised otherwise. Auditees focus on “preparing” the areas of the process limited to the those that the checklist will touch upon.
Getting your ISO 9001 Internal Auditor to prepare checklists each time helps them to think outside the box and to perhaps change the sample and sample size selected. The auditee too now ensures that the entire process is working well and are not limiting themselves to perfecting to the “checklist” areas.
Step 3 – Choose your internal auditors from different departments
QMII recommends choosing and training internal auditors from different departments of the organization. At least 10% of the workforce should be trained as internal auditors. It is a small investment given that the company will now have a large pool of auditors to choose from. Choosing internal auditors from different departments enables cross-pollination of ideas and solutions. It also allows a better understanding of challenges being faced by the departments. Internal auditors from a different department using a custom checklist produce questions that are not normally asked, and the entire process is looked at from a fresh perspective.
Step 4 – Train your auditors in problem solving techniques
Training your ISO 9001 internal auditors in problem solving / root cause analysis is a unique skill that will allow them to see the big picture when conducting audits. Internal auditors when newly trained tend to focus on the minor issue not realizing that the issue may lie elsewhere. Problem-solving training gives them perspective into how the root cause of an issue may lie elsewhere and accordingly gets them to ask different questions and assess a process effectively. It also enables them to identify the problem (non-conformity) well to enable effective corrective action.
Step 5 – Evaluate both auditors and the audit program regularly
This is an important step that is often overlooked. Nearly all organizations will provide ISO 9001 Internal auditor training to their auditors, but rarely do they evaluate the effectiveness of the auditors or the effectiveness of the audit program. An organization needs to determine if its auditors are being too strict, too lenient, identifying the right non-conformity requirements, selecting the right sample, etc. Additionally, is the audit program as set up based on identified risks working well or do changes need to be made to the audit program. In our experience, companies follow the same audit program year after year. Auditors are rarely evaluated because there are only one or two trained and designated auditors. This step however plays an important role if the internal audit process is to be successful.
Authors Note: While the article is written from a perspective of ISO 9001 internal auditors the steps above are applicable to any internal auditing program.