If you are part of a company which has ISO management standards implemented, you are only too aware of the need for Internal audits as part of your ISO management system. However, if you are one of the large number of companies that sees no value in the Internal Audit, and as a result, the SHEQ manager, or Quality Managers seems to get landed with doing all the audits, it’s time to take a fresh approach.
There are some basics that you have to have in place of course. You must have an Internal audit plan, you must have competent auditors, and you should have a management review process that is working.
In our experience, a good Internal Audit programme starts with the Management Review. If your management team are engaged with the quality system, you can have a good discussion to plan the audit activity. (Note though that the length of time you plan ahead is yours to decide, although you should have a good idea that over the course of a three year certification period, you will aim to look at all the processes in the scope of the system, and also check that you meet the requirements of the ISO management system).
If the management review team can have a good discussion about the areas they want to audit, they will be more enthused to see the outcomes of the internal audit. For example, if they see or perceive problems in a certain area, then an internal audit (which is an investigation) will help bring clarity to the situation. (Depending on the amount of material you get through, this could occur at the review meeting, or as a separate discussion which is signed off at the MR)
For each internal audit you agree to carry out, you can then decide the things you are going to look at. This will help inform how is going to audit, and how. For example, if the area being audited is very technical, then you should have someone who understands what’s going on do the audit. If they are not trained, have them accompany the auditor. The critical thing is that you gain useful and practical information to report back to the management team.
Big tip here; if you do this for each audit activity, and detail it on a table, you’ve just made a really useful audit programme.
Go and do the audit. Remember that good planning is important; find out what you can about the process or area beforehand, plan and list out what you want to check, discuss it with the auditees and then follow it through.
There are multiple findings from an internal audit. From the details of what you’ve seen, you need to be able to detail what’s going on according to the planned arrangements (e.g. process maps, procedures, or other requirements), and also what is not following those arrangements. In addition, there may some observations that you see; things that you or the auditees think could improve, or things that don’t go well but no one has done anything about to correct.
Now this next suggestion may prove challenging to some; DO NOT DECIDE ON THE NON-CONFORMANCES AT THIS STAGE. After all, your management review team wanted this audit to take place, so take the findings back to them and discuss them. Let them decide whether or not the situations you found are non-conformances. (Note again; this might be at the management review meeting, or at a separate working session depending on what you have to get through - you don't want the Management Review meeting to get bogged down in detail)
At this stage, you are going to take the audit findings back to the management review team. Take a relevant person from the area or process you audited as well, and then you can discuss what you have found. This is a great way to short cut a lot of delays that many organisations find in closing out non-conformances because if the management decide it needs fixing, it will be fixed. They will help prioritise the activity.
Now go and repeat Step 1.
Spedan ltd can help with your internal audits, as well as support you and your management system. For more information, contact us on 01908 255 525 or email firstname.lastname@example.org
Contact Spedan to request further information about our services.