Crusader
Trusted Information Resource
I get my management informed and involved by including them in the weekly corrective action status report. They do get involved.
Does Your Organization Really Benefit from Internal Audits? Time for a Change?
- Thread starter AndyN
- Start date
I get my management informed and involved by including them in the weekly corrective action status report. They do get involved.
This thread has taken an interesting turn, thanks - I believe - to Roxane!
Most 'programs' don't succeed because management aren't behind it (for very long). We've all seen this in one way or another over the years.
Internal Audits simply must be made relevant to the performance of the business, including those concerns of the customer and regulatory compliance. This requires a whole different approach to the planning, scheduling and preparation of audits than is done by external auditors (simply because they can't be that focussed) Hence doing one or two 'mega-audits' a year is totally incorrect - even if it did get you registered!
In my estimation, internal audits should take into consideration (primarily)business performance issues in their scheduling - not abitrary issues like 'covering all the elements every year', all procedures, or similar. In much the same way, a rigid 12 month calendar of audits - which is then frequently adjusted - is a sure way to confuse management and make it appear that the audit manager isn't in control!
Rarely, in my 25+ years of experience, did an internal auditor ever sit down and plan/prepare audits with management, using language they understand - ISO terminology is too foreign - or focussing on things which they (management) are measured on, held accountable for and, hence, loose sleep over.
Of course, none of these things is taught (effectively) in any auditor course (especially the accredited ones!). Maybe my friend Helmut's class does!
It's very easy to read here, in many Cove posts, what issues auditors 'go after' - nothing that management get excited over, quite frankly! (viz document control, training records, calibration stickers etc.)
I'm going to suggest that where management claim to get benefit, their comments are mainly derived from their personal 'feel good' that they aren't responsible when the CB auditor come around, that they can claim in front of peers to be 'improving' or just to 'save face' - rather than anything else.
It's my firm belief that internal audits need a step change in their performance (with all that entails, training, implementation, etc.) and should be modelled along the lines of a (mini) 6 Sigma Project, with the auditors as the 'Green Belts'. When audits/auditors start delivering $$$ savings and assist in actual measureable improvements, rather than 'feel good', they will have arrived!
Most 'programs' don't succeed because management aren't behind it (for very long). We've all seen this in one way or another over the years.
Internal Audits simply must be made relevant to the performance of the business, including those concerns of the customer and regulatory compliance. This requires a whole different approach to the planning, scheduling and preparation of audits than is done by external auditors (simply because they can't be that focussed) Hence doing one or two 'mega-audits' a year is totally incorrect - even if it did get you registered!
In my estimation, internal audits should take into consideration (primarily)business performance issues in their scheduling - not abitrary issues like 'covering all the elements every year', all procedures, or similar. In much the same way, a rigid 12 month calendar of audits - which is then frequently adjusted - is a sure way to confuse management and make it appear that the audit manager isn't in control!
Rarely, in my 25+ years of experience, did an internal auditor ever sit down and plan/prepare audits with management, using language they understand - ISO terminology is too foreign - or focussing on things which they (management) are measured on, held accountable for and, hence, loose sleep over.
Of course, none of these things is taught (effectively) in any auditor course (especially the accredited ones!). Maybe my friend Helmut's class does!
It's very easy to read here, in many Cove posts, what issues auditors 'go after' - nothing that management get excited over, quite frankly! (viz document control, training records, calibration stickers etc.)
I'm going to suggest that where management claim to get benefit, their comments are mainly derived from their personal 'feel good' that they aren't responsible when the CB auditor come around, that they can claim in front of peers to be 'improving' or just to 'save face' - rather than anything else.
It's my firm belief that internal audits need a step change in their performance (with all that entails, training, implementation, etc.) and should be modelled along the lines of a (mini) 6 Sigma Project, with the auditors as the 'Green Belts'. When audits/auditors start delivering $$$ savings and assist in actual measureable improvements, rather than 'feel good', they will have arrived!
And what conclusions have been determined with the data since the original thread started in August 2006?
Absolutely. Unfortunately, internal auditors are indoctrinated in the stupid game of check of conformance. The type of conformance that could lead to life jackets made out of concrete, as long as this was in the specification..
Soon, we will have a sector standard that EXPLICITLY requires auditing for effectiveness. I suspect that many auditors will not be able to make the mental transition, required to satisfy the intent of the AS9101 Rev.D standard, just like many (and to this date) have not been able to understand the process-based approach to auditing.
I agree with Andy, as well. The vast majority of internal auditing courses send the wrong message, as well. Blind focus on conformance, rather than effectiveness assessments.
Mine does!
Jan.
Sorry, Jan - I overlooked that you did your own courses!
We discussed this just today in the accredited AS9100 class I'm teaching this week. We had a very lively discussion about requesting management direction/input for internal audits based on process measurements and management review information. Probably about the 5th time this week we've discussed similar topics...
Ah, yes - discussed it! Most course instructors I know always discussed it.........but they never trained on it!
If you research the accreditation requirements for internal/lead auditor courses there is almost nothing about audit program management. Indeed since most lead auditor courses are taught using a case study of an external audit (generally a registration audit), for which the audit planning topics are usually confined to planning a multi day audit (result = a schedule for each day) or personal preparation of checklists.
As a result there are no skills developed by the attendees which help them to make the business case for why an audit might be necessary or useful to management!
M
MIREGMGR
Our organization is imperfect and somewhat uneven in different players' prioritization of regulatory-compliance issues, as we try to continuously improve in a too-few-overall-resources-for-the-workload environment.
The Quality manager who runs the internal audit program, and I as Regulatory Manager, are finding our internal audit program to be a very useful tool for increasing the internal visibility of, and top-managerial pressure on, those individuals who haven't managed to schedule their resources to accomplish particular tasks that negatively affect our regulatory/quality status and/or might get us into trouble during future external audits. We just add those tasks to the internal audit schedule as soon as we think they should be done. If they're not done in time for the audit...well, heck, the manager involved should do something about fixing that NC.
The Quality manager who runs the internal audit program, and I as Regulatory Manager, are finding our internal audit program to be a very useful tool for increasing the internal visibility of, and top-managerial pressure on, those individuals who haven't managed to schedule their resources to accomplish particular tasks that negatively affect our regulatory/quality status and/or might get us into trouble during future external audits. We just add those tasks to the internal audit schedule as soon as we think they should be done. If they're not done in time for the audit...well, heck, the manager involved should do something about fixing that NC.
