Process Auditing

Why do people think that this is something new?

Presented by

Kevin Gilson, Orion Registrar, Inc.

For the ASQ ISO Users Group

October 8, 2008

Orion Registrar, Inc. 2

So where in ISO is Process?

Clause 0.2 This International Standard promotes the adoption

of a process approach when developing, implementing and improving the effectiveness of a quality management system…. [ISO 9001:2000 page v]

Orion Registrar, Inc. 3

Why are internal audits conducted? Obtain factual input for management

decisions?---or---

Produce data needed to receive certification?

Improve documentation? Enforce conformity?

Orion Registrar, Inc. 4

The Old-Fashioned Way of Auditing Quality audits focused on procedures

and not on quality Auditors did not examine costs “Quality” was how well an outcome

met the needs of those for whom it was provided Good quality = satisfied the needs Bad quality = failed to meet the needs

Orion Registrar, Inc. 5

The Old-Fashioned Way of Auditing Companies ignored outcomes and

customer satisfaction when auditing Auditors were looking to “check the

box” leaving performance ignored and unchallenged

Conformity auditing looking to establish if specific requirement had been met

Requirement may have focused on a task, not performance result or output

Orion Registrar, Inc. 6

Document Review and Approval Auditor looked to see if documents had

been reviewed and approved by authorized person

Did Auditor look for: Competency of approver? Why change was made? Did change improve performance?

Orion Registrar, Inc. 7

More Effective Methodology Needed Focuses on performance, not just

conformity Management needs to know:

Does performance meet targets? Are there opportunities for improving

performance? Are there processes that do not support the

workers?

Orion Registrar, Inc. 8

As an Auditor…

If I invent your process then I am auditing my version of your company… and that version may NOT exist.

Conflict of Interest!!!

Orion Registrar, Inc. 9

Process Approach to Internal Auditing

Orion Registrar, Inc. 10

Process Input-Output Model

Orion Registrar, Inc. 11

Performance Process

Orion Registrar, Inc. 12

Performance Process Audit Plan

Orion Registrar, Inc. 13

What does you Quality Manual look like?

1. Introduction 2. Scope and Exclusions 3. Definitions and Acronyms 4. Quality Management System Requirements 5. Management Responsibility 6. Human Resources 7. Product Realization 8. Measurement, Analysis and Improvement Appendix -- process maps or outlines

Orion Registrar, Inc. 14

Process Approach to Audit Plans Based on processes that achieve

organization’s objectives Requires auditor to know what the

processes are prior to conducting audit ISO/IEC 17021 (Stage 1 and Stage 2) Code of Practice for Registrars

Orion Registrar, Inc. 15

Process Approach to Audit Plans Common processes, for example:

Business management Marketing and sales Resource management Purchasing

Product / service realization processes are different for each organization

Plan shows audit trail through business processes and across department boundaries

Orion Registrar, Inc. 16

Process Approach to Checklists Does not require detailed checklist Auditor can be guided by their

understanding of the Standard

Orion Registrar, Inc. 17

Process Audit Worksheet # Verify exclusions (if applicable) Company: Location: Date:

Process: Standard Clauses: Auditor Name:

Documents Reviewed

Personnel Interviewed (incl. Qualifications)

Inputs and Linka ges from Other Processes

Outputs (incl. Records Generated)

Evidence of Measurements Related to Strategic or Process Objectives (as applicable)

Audit Notes (addÕl pages as required)

Resource Requirements (incl. Equipment Requiring Maintenance and/or Calibration)

Orion Registrar, Inc. 18

Customer and/or Regulatory Requirements

Nonconforming Product Control (incl. Corrective Actions)

Strengths

Opportunities for Improvement

Major Nonconformities

Minor Nonconformities

Orion Registrar, Inc. 19

Process Approach to Audit

Start with top management and business management processes

Continue with resource management processes, establishing linkages Effective resource management processes

will provide competent employees and capable equipment to other processes

Continue with other processes from marketing to delivery

Orion Registrar, Inc. 20

Value of the Process Approach Focuses on results, not procedures Determines effectiveness of the management

system Evaluates the results the system delivers Tests linkages between departments and

processes Follows flow of work throughout organization Determines if operations are under control and

controls are effective Allows judgment on significance of findings Helps determine depth of problems across

organization Focuses on benefits of correcting nonconformities

related to improving organizational effectiveness

Orion Registrar, Inc. 21

The Process Approach requires a change in attitude across the

organization!

Orion Registrar, Inc. 22

What the Process Auditing Approach Provides Process Auditing provides:

Data for managerial decisions on growth, technology, staff development, products / processes based on current performance, not just current conformity

Information on whether performance meets targets

Information on opportunities for improving performance through better control of processes

Information on making processes more effective and more efficient

Orion Registrar, Inc. 23

Five Basic Questions

Basic questions can apply even though the “specific questions” will be different: What are you trying to do? How do you make it happen? How do you know you are doing it right? How do you know it’s the best way of doing

it? How do you know it’s the right thing to do?

Orion Registrar, Inc. 24

Five Basic Questions at Three Levels Business Level – Audit results should

make the auditor confident that the organization: Knows what it is trying to do Knows how to make it happen Knows that it is doing the right things Knows that it is doing it in the best possible

way Is managing performance

Orion Registrar, Inc. 25

Five Basic Questions at Three Levels Managerial Level – Audit results should

make the auditor confident that management: Knows what the process aims to achieve Knows how to design and cause processes

to achieve results Knows that it is doing the right things Knows that it is doing it in the best possible

way Is regulating performance

Orion Registrar, Inc. 26

Five Basic Questions at Three Levels Operational Level – Audit results

should make the auditor confident that individuals: Know what they are supposed to do Know they are doing the right things Know they are doing them in the best

possible way Are regulating their own performance

Orion Registrar, Inc. 27

Summary

Internal auditing using process approach Can take internal audit team from mission

statement to employee contributions Identifies clear linkages between

interconnected processes Ensures requirements of the Standard fit with

processes Eliminates weaknesses of other approaches Enables internal audit team to establish that

the organization is managing processes effectively

Orion Registrar, Inc. 28

Orion Registrar, Inc.7850 Vance Dr., Ste. 210

Arvada, CO 80003303-456-6010

www.orion4value.comWestminster, MD

410-857-1748kgilson@orion4value.com

410-884-9165