Tuesday, March 12, 2013

Auditor Development Process Approach


Sharing an old article, as presented at a conference in 2002. The standards have changed / evolved, i.e. QS-9000 is gone now, replaced with ISO-9001:2008/TS-16949, but the concepts discussed, i.e. developing professional internal auditors, remain valid.


10th Annual International Conference on ISO-9000
Feb 25-27, 2002

Title:  Harmonizing Internal Audits to Limit Work Interruptions
QS-9000, ISO-14001, and ISO-17025


Abstract

Since its original inception in 1996, the Internal Quality Audit process at Yazaki North America, Inc., established to address the requirements of QS-9000, has been consistently successful at identifying areas of concern, as well as continuous improvement opportunities.  The process has undergone several stages of improvement itself, and has been recognized in registrar audit reports as providing a benchmark due to the clear and comprehensive nature of the resulting reports and files.  When it was time to implement new standards, i.e. ISO-14001 and ISO-17025, we chose to take advantage of this success and extend the process to address them as well.
This paper reviews the steps followed to harmonize these systems by establishing a comprehensive, linked audit process.   We address how resource needs were identified and met, how a shared process could meet each standard’s specific requirements, and how process and data ownership were established.
Our efforts proved that the foundation for YNA’s audit process is suited to auditing in general.  We can utilize the concepts and techniques we’ve developed to conduct special process assessments, and we expect to be able to update our audit procedural documentation with minimal effort when needed to address new or changing standards.



Defining Resources: Audit Experts

            The Yazaki North America, Inc. (YNA) Quality Management System (QMS) audit process has been consistently successful at identifying areas of concern and corporate benchmarks, as well as continuous improvement opportunities.  This process has undergone several stages of improvement itself since its original inception in 1996.  In addition to developing into a critical function to the organization, it has been recognized in registrar audit reports as providing a benchmark in its own right due to the clear and comprehensive nature of the resulting reports and files.
            The success of YNA’s audit process is due in large part to the development and utilization of a limited number of audit experts, certified lead quality auditors who perform audits and provide internal consulting services on a full-time basis.  These auditors have developed into “experts” through regular experience and on-going training, including attendance at conferences such as the ISO-9000 International Conference and the ASQ-QAD Quality Audit Conference.  They understand the workings and linkages of the entire organization and are thus well equipped to assess the effectiveness of any single function or group of functions, as well as to assess all functions working together as a whole.  Further, their daily involvement with the YNA QMS regarding issues of conformance serves to continuously reinforce their knowledge of standards’ requirements, helping to ensure audit reports or recommendations are always prepared with benefit of prompt, logical and effective interpretive decisions.

Defining Resources:  Cross Training

            Although the expertise of our QMS auditors was based on a thorough understanding of the requirements of QS-9000, we recognized that their auditing process need not be limited to any one set of standards or requirements.  With this in mind, the decision to pursue registration to the ISO-14001 and ISO-17025 standards was followed closely by a decision to utilize the existing audit process to cover the additional requirements rather than risk the development of potentially divergent systems.   Some minor adjustments would likely be necessary, but were seen as productive improvements rather than cumbersome roadblocks.  As the owners of the process, the audit experts were tasked with making the necessary revisions and implementing an all inclusive audit system.  The first obvious step would be to provide these auditors with training on the new standards.
            Clearly we could not turn quality personnel into environmental and test systems experts simply by educating them on the new standards.  However, we already had experts in those areas, who, conversely, could not be rendered into audit experts simply by receiving training on the audit process.
            Cross training our auditors to the new standards and our environmental and test experts to the audit process was the first step in establishing an effective level of communication between these diverse groups of personnel.  If we wanted to extend our already successful audit process into these new areas with equal success, it was vital that we get our quality, environmental and test personnel all speaking a common language.  We’ve often found that auditors and engineers tend to speak apples to oranges, creating a language barrier that sometimes requires the intervention of “translators” in the form of other audit and/or engineering team members before appropriate, effective decisions can be reached.  We did not want to risk the possibility of introducing such barriers into this new, extended process before it had even been deployed.

Defining Process Ownership


            Defining ownership and authorities was another crucial step to ensuring the successful implementation of a comprehensive audit system.  Singular ownership, via the existing process owner and principle audit expert, i.e. the QMS Management Representative, would maintain the integrity of the already proven process.  However, joint ownership, including the EMS Management Representative and the test group’s ISO-17025 Representative, would ensure the stability of the process throughout its deployment into these new areas, as well as ongoing, future maintenance. 
Recognizing the value of both approaches, a compromise was established.  The QMS Management Representative would remain the direct owner of the procedure documenting the requirements of the process, and thus the direct process or procedure owner; yet documented approval from the other two representatives, in a shared role as process or procedure authorities would be required for the initial release of the revised procedure, as well as for any future updated revisions.


       
Defining the Shared Process

            The QMS Audit Manager, working on behalf of the QMS Management Representative, coordinated the efforts of the audit experts in reviewing the new standards, i.e. ISO-14001 and ISO-17025, for similarities with and differences to QS-9000.
The differences identified (see Table 1) were actually few in number and minimal in concept, thus were easily accommodated with little direct impact on the existing procedure.  In order to ensure the most stringent of the requirements are always met, regardless of the corresponding standard, we adopted these as corporate requirements for all associated systems (i.e. the Quality, Environmental and Laboratory Management Systems, or the QMS, EMS and LMS, respectively). 
As an example, while our QS-9000 based procedure describes levels of nonconformities utilizing the major/minor concept defined in the Quality System Assessment (QSA) manual, neither ISO-14001 nor ISO-17025 require such prescriptive identifiers.  Nonetheless, neither the EMS nor the LMS were allowed to be exempt from the QS-9000 requirement, which became the new YNA corporate standard.   Further, the identification of any nonconformity in either Management System requires the issuance of and response to formal Corrective Action Requests, ensuring that all nonconformities are acted upon in a timely manner, and that adequate verification activities occur to allow for timely closure.
In addition to a full procedure review and revision, all forms and records associated with the audit process were also reviewed for standardization opportunities.  This effort also proved highly successful, with the  single exception of specific audit checklists, each of which were designed to address an individual standard and individual Management System needs as determined by the associated Representative.

Table 1:  Specific Audit Requirements per Standard

QS-9000 – 4.17

ISO-14001 – 4.5.4
ISO-17025 – 4.13
Establish, Maintain
Documented Procedure
Establish, Maintain 
Programme/Procedure

Predetermined procedure 
 

4.2.1: Document procedures to extent necessary to ensure quality of tests/calibrations
>to verify whether activities & related results comply with planned arrangements
>determine effectiveness of quality system

>to determine if EMS conforms to planned arrangements
>has been properly implemented / maintained
To verify operations comply with requirements of quality system & ISO-17025
4.1.3.1: Management Review – include all elements of the entire quality system
Audit procedures cover audit scope
Address all elements of quality system, including testing & calibration
4.1.1: the responsibility, authority and interrelation of personnel who manage, perform & verify work affecting quality shall be defined & documented
Audit procedures cover responsibilities & requirements for conducting audits & reporting results
Responsibility: quality manager to plan & organize audits
4.2.1.2: Identify resource requirements & provide adequate resources, including assignment of trained personnel
Audit procedures cover responsibilities & requirements for conducting audits & reporting results
Audits carried out by trained & qualified personnel
Auditors independent of activity audited
* No specific requirement regarding independence
Auditors independent where resources permit
Scheduled on basis of status & importance
>Periodic
>Audit programme, including any schedules, based on environmental importance
Periodically, predetermined schedule
According to audit schedule updated annually
* No specific requirement regarding completion timing
Cycle should normally be completed in one year
Record results
4.5.3: Records maintained to demonstrate conformance to ISO-14001
The area of activity audited, the audit findings & corrective actions that arise from them shall be recorded
Results brought to the attention of personnel responsible in the area audited
Provide information on results to management
Notify clients in writing if investigations show that the laboratory results may have been affected
Management personnel for area audited take timely corrective action
4.5.2: corrective action shall be appropriate to the magnitude of problems & commensurate with environmental impact
The laboratory personnel shall take timely corrective action
Follow up activities shall verify & record implementation & effectiveness of corrective action
* No specific requirement regarding follow up activities
Follow up audit activities shall verify & record the implementation & effectiveness of corrective actions taken
Results of audit form integral part of input to Management Review
4.6: Management Review shall address possible need for changes … in light of EMS audit results
4.14.1: Management Review shall take account of the outcome of recent internal audits
Cover all shifts
* No specific requirement regarding shifts
* No specific requirement regarding shifts
Increase frequency:  internal / external nonconformities, customer complaints
Audit procedures shall cover audit frequency
* No specific requirement regarding frequency

           
The resulting procedure was comprehensive, as anticipated.  However, we did identify some concerns in our attempts to implement it as a truly comprehensive process, most notably with regard to Lead Auditor responsibilities.  As stated above, while an audit expert may receive training in other Management System types and associated standards documents, that auditor could not be considered an expert in the new systems without first achieving a sufficient level of experience.  Lacking sufficient experience and hence a sufficient level of expertise, our audit experts would no longer possess the key capabilities that have made our QMS audit system a consistent success.   We might expect audits of the new systems to be less thorough, and interpretive decisions would lack the knowledge-base that provides such a firm foundation in our QMS audit reports. 
We chose to address this concern by looking at the new audit process as one that links our Management Systems rather than as one that deigns to be all-encompassing.  Instead of assigning one Lead Auditor to oversee the entire audit and make all relevant decisions, we initiated a system of partnering.

Partnering

            Through appropriate training, we developed an auditor pool consisting of:
    •  experienced QMS auditors, also considered audit experts, who are trained but inexperienced in performing EMS and LMS audits, and who could share their audit expertise with EMS auditors; 
    •  trained but inexperienced EMS auditors who could share their work experience and environmental expertise with the audit experts; and 
    •  trained but inexperienced LMS auditors who could share their work experience and laboratory expertise as area experts.
This sharing of experience and expertise is referred to as partnering, and applies most directly to QMS and EMS auditors working as Co-Lead Auditors in the performance of overall YNA corporate system audits.  Our LMS auditors are addressed slightly differently, as their audits pertain to only a small portion of the total YNA systems, i.e. the testing laboratory.
            In the planning stages of an overall YNA corporate system audit, the QMS and EMS Co-Leads work together to ensure all departments, locations and shifts pertinent to the subject business unit are appropriately and efficiently scheduled with minimal work disruption.  During the performance of the audit, this typically will result in a sort of “tag-team” auditing, with one Lead performing his/her portion of the audit, then passing the baton to the Co-Lead.  In instances where the standards state similar requirements, the second Lead might find some of his/her questions answered during the first half of the audit, and thus can move on to ask only those questions which have not yet been addressed.
            When the testing laboratory is scheduled for an audit, we take a slightly different approach.   The LMS auditor has requested to function as an Area Expert partnered with the QMS Lead Auditor, rather than as the LMS Lead.  This request came about due to his concerns about maintaining a sufficient level of independence and objectivity.  However, since the QMS Lead Auditor does not have laboratory expertise, the LMS auditor, officially referred to as the Area Expert, functions as a full partner during the audit, making sure all requirements are appropriately addressed in all applicable areas.
            Regardless of the system being audited, YNA’s internal auditors take extensive notes, which are later reviewed, classified and added to an MS Excel spreadsheet according to the classification, including general observations, continuous improvement recommendations, and issues requiring follow up (actions in process/not yet complete, questions the auditor needs to investigate, or other issues that may require review/re-audit at a later date), in addition to nonconformities requiring action.  This matrix is provided to the personnel within the business unit audited, as well as to other corporate executives, who may recognize and make decisions to act upon similar issues within their own units.
            At the conclusion of the audit, these matrices are analyzed and summarized into a final Audit Report.  The QMS Lead Auditor takes direct ownership of completion and distribution of the Report; however, the EMS Lead Auditor is responsible to add his/her own audit results, and the LMS Area Expert is consulted to ensure all relevant LMS issues are accurately identified. 
The Audit Report is written at a high level to allow a snapshot view of the audit results, with the resulting status of the audited organization identified using red/yellow/green indicators, and key concerns and other observations described in brief statements.  Details are also provided via the matrices noted above which are included as attachments during Audit Report distribution.

Defining Data Ownership

            While the QMS Lead Auditor is responsible to ensure the Audit Report is completed and distributed, final ownership of the resulting records is shared.   It may seem redundant to maintain multiple copies of the records; however, this decision was made to ensure each Representative has direct and immediate access to the audit results pertinent to the system he/she has responsibility over.   Further, external audits of the Internal Audit element for either of the three standards are performed with the responsible Representative at his/her office location.  This allows for more efficient external audits, without the auditors having to make excess treks throughout the various buildings at our headquarters campus.





New Standards

The foundation for the process developed at YNA is one suited to auditing in general, rather than something unique to an ISO standards environment.  With this in mind, we anticipate being able to utilize the concepts established here in other types of assessments as well, such as special process assessments that extend beyond the standards to which we currently subscribe.   In addition, the task of making continuous updates to address changing industry requirements and even the incorporation of new standards, such as ISO-9000:2000 or TS-16949, seems far less daunting than it otherwise might.
The concepts of auditing do not change, though the system requirements do.  Revisions to documented procedures, forms and reports are not only possible, they can be expected; however, the basic auditing techniques incorporated during the planning, questioning, and reporting of audit results remain stable.  It is for this reason that we strongly promote the development and utilization of audit experts to lead the audit process.

Deployment in Similar/Dissimilar Organizations

The YNA audit process is adaptable.  The basic concepts developed here could be deployed in other organizations, regardless of similarities – or dissimilarities – to YNA in size, scope and even industry.   We do recognize that many organizations will not have the resources available to assign full-time audit experts.   Nonetheless, personnel who are identified as auditors, even in a limited capacity, could still be developed through training and regular involvement in the applicable Management System.   Through such development and partnering with area experts and/or co-leads as described earlier, even part-time auditors could achieve a level of expertise sufficient to consistently identify not only nonconformities, but also areas of potential concern, continual improvement opportunities and even internal benchmarks, and thus add greater value to any audit program.


No comments:

Post a Comment