2.0 AN INTRODUCTION TO PROCESS BASED AUDITING
Even though the change to process based auditing became the intended practice at the turn of the century, many organizations and some auditors still rely on a clause-based or a shall-based audit process. The problem with auditing ‘shalls’ or clauses is that the methodology can miss important elements of the process. This ‘Shalls’ or ‘Clauses’ approach often leads to the use of basic preprinted ‘Go-NoGo’ ‘Yes – No’ checklists. Typical checklists are 10 to 15 questions long and just cover the ‘shalls’. In the worst cases these checklists don’t change over time making the audit process no more than a repetitive and predictable exercise with very little if any value to the organization. Even when checklists are created as a onetime list, the focus on shalls or clauses relies on a short list of questions to discover actual causal factors related to poor performance. This approach is comparable to looking for a needle in a haystack by picking ten particular spots in the haystack in advance, looking there and expecting to find the needle (i.e. the non-conformance).
Process based auditing is designed to explore the interconnectivity of functions and activities within organizations. The process approach follows both a systemic investigation of the process and a PDCA (Plan – Do – Check – Act) approach. The systemic component of the audit gathers data about the process in a method that builds from the foundation on up gathering linked data as the audit continues. At each step of this analysis the auditor follows the PDCA of the process as a whole as well as following PDCA for components and activities within the process. This approach covers all activities in the process in a way that follows the process through in an organized structured manner while ensuring that all of the elements of the process are functioning effectively.
Process auditing follows the ‘story’ of the process. Best practice process auditing uses the ‘Turtle Diagram’ as its primary tool. It is important to note that the Turtle Diagram is not a form used for auditing, it is a process used for auditing. A Turtle Diagram Form if used, should only be used as a training aid for auditors to get used to the process, but once an auditor is comfortable with the process, the only ‘Turtle Diagram’ needed resides in the auditor’s brain.
Visit systemsthinking.works to purchase a ‘Process Audit Toolkit’ which includes a Turtle Diagram form and step by step instructions on how to use it for process-based audits.
How This Checklist is Different
This checklist first of all isn’t made up of yes or no questions they are evidence based questions such as: ‘Is there evidence of conformity?’ Second the questions are arranged to follow a Turtle Diagram methodology and PDCA cycles. And third there are a total of 1,248 questions with a minimum of 48 questions for any one process and as many as 100 questions so subjects are covered in depth. By conducting an audit using this checklist you are conducting an in depth assessment of your management systems using the Turtle process. But the Turtle and the checklist are only a part of a process-based audit. Preparation is important as is described in the next section.
Some Examples of Questions taken from the Checklist
63. Does evidence show that there is sufficient and effective measurement information to effectively monitor and control: (9.1)
•Product Conformity?
•Process efficiency and effectiveness?
•Customer Satisfaction?
•Suppliers of goods or services to the organization?
•The overall effectiveness of the QMS?
$30. For this process, has the organization determined manpower requirements needed in order to achieve customer requirements as well as requirements of other interested parties? (7.1)
R55. Is there a process for disposal of records? Does it comply with Statutory, Regulatory and /or Customer requirements? Do records show that it is effectively implemented? (7.5)
SR26. Have objectives been identified for this process that are consistent with the Mission of the organization, the strategic goals of the organization and the stated Quality Policy? (6.2)
The Process of Process Auditing
There are 5 steps in conducting a Process Audit. Four of those steps are preparation. 1 Determine the Scope, 2. Check Performance, 3. Review Documentation, 4. Plan your audit. Step 5 – Conduct Your Audit
Determine the Scope of the audit
o Where does the process (or processes) to be audited start? Where does it end? What is included? What is not included? Is it an audit of the complete QMS or specific contracts, part numbers or production processes?
o What criteria will apply to this audit? ISO 9001? Multiple standards? The organization’s quality management system? Specific Customer Requirements? All of the above?
o What is the purpose for the audit: conformance to the standard, compliance with customer or statutory requirements, problem investigation, review of the status of corrective action, contract completion or improvement action?
o What is the physical location for the audit? One building in one city? Multiple buildings? Including warehouses, sales offices etc.?
o What products, product lines, commodities or services are included?
Check Performance
o Look at recent management review activity. Look specifically at customer satisfaction performance, customer complaints, and any external or internal performance measures related to the process, processes or audit purpose that you will be auditing. This information will provide one of three answers.
Performance is good – Your audit will be focused on changes to employees, documentation, objectives and opportunities for continual improvement projects.
Performance is poor – Your audit will focus on finding causal factors that could be contributing to the poor performance.
Performance is intermittent. The process works well most of the time but occasionally there are significant issues – Your audit will focus on finding causal factors for the intermittent issues.
o Make a list of potential weak processes or weak functions within the related process or processes as indicated by the performance. For instance if delivery performance from a process is poor, consider functions within the process that directly affect delivery such as production scheduling, production efficiency, order make-up, pick-pack, etc.
Review Documents
o Review the QMS (Quality Management System) documents related to the process or processes that you will be auditing. Look specifically at parts of the process associated with potentially weak areas of the process as identified during your review of performance. Remember that there is no particular need (unless this process has never before been audited) to check documents to make sure that all related elements of the standard are covered not to mention that in modern quality management systems not every element of the standard needs to be documented.
o Make a list of steps in the documentation which if done incorrectly might cause the types of negative issues identified in your performance review. Find the appropriate questions in your checklist and make a note of your findings. This way when you get to that question you will have your previously identified evidence ready.
o Determine whether there are any (COPs) Customer Oriented Processes within the process you will be auditing. COPs in this context are small special micro-processes which are required only by specific customers. For instance a specific customer may want their corrective action format used or they may want their orders shipped by FedEx only. These are important aspects of customer satisfaction and therefore deserve special attention during audits. (See Customer Oriented Process – Section 4 of this document)
o Add notes on the identified COPs to your checklist as a reminder during the audit.
Plan Your Audit
o Allocate time to the audit. If the audit is to cover multiple processes, create a formal audit plan and bias your time toward those processes with poorer performance (i.e.: those processes which present greater RISK to the organization.)
o If your audit is to cover only one process, a formal audit plan is unnecessary but still bias your time toward those functions within the process which are most likely to be associated with the identified risk areas.
Conduct Your Audit
o Follow your checklist questions referring to your notes as you go.