This ISO Standard has within it an element (8) which was created with the intention of it covering a host of features which all together provide support for a mechanism which was designed to improve the overall performance of the management system. Internal audit is a piece of this set, but only a piece, yet is – in all likelihood, the only aspect which is apparent to an average individual. Internal audit is necessary, not because of the end result of the process, but because the continuous registration process for ISO9001 organisations makes sure that Internal Audit is scrutinised regularly. It is our contention that the impact of internal audit on the average company is minimal to the point of being useless. This is mostly due not to the process of audit, but to the way in which it’s managed and carried out.
Speaking generally, quality management functions are accepted reluctantly rather than being welcomed with open arms. They are part of the cost of doing business, primarily due to the failure of the systems to deliver any tangible benefit beyond the marketing advantage said to arise from the registered status of the organisation. A calm examination of the detailed requirements built into the Standard should provide the assurance that the benefits of a controlled work environment will be achieved by following this text in a manner that matches the specific nature and ethos of the organisation. But it just doesn’t happen. More to the point, it doesn’t seem to put forth evidence of unfailing benefits for the adoption of the standard anywhere near often enough.
With a Standard that is International in both origin and application, how can this be? To understand this it is necessary to examine the role of those who see their role as one of policing the management system. Often carrying the title of Quality Manager, this individual (sometimes with a team of helpers) is held responsible for the integrity of the documented system and implicitly at least for the quality of the outgoing product or service. Quality Managers have their origins in a manufacturing function whose rough equivalent would have been similar to the time-honoured Chief Inspector. The name alone provides an indication of the status – perceived or actual – of this individual. He was without any doubt the final authority when it came to the acceptable level of quality of the organisation’s products. Acceptance or Rejection was his decision. Without having physically been there, to many of today’s quality managers behave in much the same way. With very little actual understanding or appreciation of the management role – and certainly not the executive role, they’re unable to effectively communicate with their local leaders, with undeniable consequences.
It’s the responsibility of management to outline organisational objectives and policies, and management will organise – or have organised for them, specific systems to uphold these policies and objectives. Their need, although rarely put forward, is for some form of assurance that the systems are generating the specific controls and ongoing benefits they planned for. More than anything, they’re looking for reassurance. The Internal Audit should supply information which is specific to the operation of the management system and which is centred around this management need, but it rarely happens this way. Most of the time, the reports of internal audit functions have within them a multitude of insignificant failings termed as ‘non-conformance’, frequently to a requirement that isn’t specified or is completely imaginary in nature, and having minimal bearing on the actual needs of management. Is it any surprise that Internal Audit is perceived to be a necessary evil, carried out to satisfy the ISO auditor, but having an insignificant amount of relevance to life in the actual world of commerce and industry?
When material such as this is provided to managers who see no real value in the investment, it is not just the audit that is ignored but the perpetrators of the audit also. A direct consequence of this failure to identify the audit customer’s need is a rejection of much that has a Quality Management implication. Managers and quality department staff universally complain of lack of management commitment (an ISO9001 requirement), and a general lack of personal advancement opportunities. But improvement is possible, even radical improvement, and it requires a change in strategy for both Executive Managers and those purporting to be Quality Professionals.
The change process:
1. The organisation must recognise that every manager and employee has a responsibility to perform in accordance with the requirements laid down for their work. Nobody else can be responsible for the quality of this work.
2. The title Quality Managers is clearly not a true indication of the function of this individual. Holding the QM responsible for a failure in product of service is clearly wrong unless that delivery was by its nature part of his (or her) normal function.
3. Internal audits should be a recognisable independent assessment of each business function, carried for the function’s manager and reported to that individual alone. (The functional managers have the responsibility for achieving a selection of business objectives, and it is they who need the information to support these objectives).
4. It follows that the auditors, while being independent of the function being audited, should also understand the role and responsibilities of senior managers, and speak at that level.
5. These changes require the dissolution of the existing audit regime, and some re-education of the management team who are responsible for allowing the adverse situation to exist.
6. Professional auditors with a wider experience than that obtainable within one or a limited number of organisations alone can provide the assurance and service level needed by an effective management team.
Ed. Bones is a chartered quality professional, an IRCA registered Lead Auditor, and is a senior partner with Meon Consulting Group, providing expert audit and consultant services for ISO9001 & ISO14001 management systems. The company web site provides detailed information, and includes the offer of FREE Advice.
- ISO9001 Internal Audit This ISO Standard contains an element (8) intended to encompass...
- Now That You Are Faced With An Irs Tax Audit One of citizens’ biggest fears is the threat of an...
- A Food Safety Audit Can Help Your Business You probably can’t skip regular sessions with a food safety...
- A Forensic Loan Audit in Commercial Real Estate By Commercial Loan Review Experts are discovering that 80 percent...
- Discover The Differences Between Internal Hyperlinks And External Hyperlinks In the event you want to promote your website and...