The document discusses the importance of adopting a process approach in internal auditing to improve the effectiveness of quality management systems. It critiques traditional auditing methods that focus on conformity rather than performance and emphasizes the need for a change in mindset across the organization. The process approach aims to ensure that audits evaluate results and facilitate improvements by linking interconnected processes and targeting organizational performance.

1. 1
So where in ISO is Process?
 Clause 0.2
 This International Standard promotes the adoption
of a process approach when developing,
implementing and improving the effectiveness of a
quality management system…. [ISO 9001:2000
page v]

2. 2
Why are internal audits conducted?
 Obtain factual input for management decisions?
---or---
 Produce data needed to receive certification?
 Improve documentation?
 Enforce conformity?

3. 3
The Old-Fashioned Way of Auditing
 Quality audits focused on procedures and not on
quality
 Auditors did not examine costs
 “Quality” was how well an outcome met the needs
of those for whom it was provided
 Good quality = satisfied the needs
 Bad quality = failed to meet the needs

4. 4
The Old-Fashioned Way of Auditing
 Companies ignored outcomes and customer
satisfaction when auditing
 Auditors were looking to “check the box” leaving
performance ignored and unchallenged
 Conformity auditing looking to establish if specific
requirement had been met
 Requirement may have focused on a task, not
performance result or output

5. 5
Document Review and Approval
 Auditor looked to see if documents had been
reviewed and approved by authorized person
 Did Auditor look for:
 Competency of approver?
 Why change was made?
 Did change improve performance?

6. 6
More Effective Methodology Needed
 Focuses on performance, not just conformity
 Management needs to know:
 Does performance meet targets?
 Are there opportunities for improving performance?
 Are there processes that do not support the workers?

7. 7
As an Auditor…
 If I invent your process then I am auditing my
version of your company… and that version
may NOT exist.
 Conflict of Interest!!!

8. 8
Process Approach to
Internal Auditing

9. 9
Process Input-Output Model

10. 10
Performance Process

11. 11
Performance Process Audit Plan

12. 12
What does you Quality Manual look
like?
 1. Introduction
 2. Scope and Exclusions
 3. Definitions and Acronyms
 4. Quality Management System Requirements
 5. Management Responsibility
 6. Human Resources
 7. Product Realization
 8. Measurement, Analysis and Improvement
 Appendix -- process maps or outlines

13. 13
Process Approach to Audit Plans
 Based on processes that achieve organization’s
objectives
 Requires auditor to know what the processes are
prior to conducting audit
 ISO/IEC 17021 (Stage 1 and Stage 2)
 Code of Practice for Registrars

14. 14
Process Approach to Audit Plans
 Common processes, for example:
 Business management
 Marketing and sales
 Resource management
 Purchasing
 Product / service realization processes are different
for each organization
 Plan shows audit trail through business processes
and across department boundaries

15. 15
Process Approach to Checklists
 Does not require detailed checklist
 Auditor can be guided by their understanding of
the Standard

16. 16

17. 17

18. 18
Process Approach to Audit
 Start with top management and business
management processes
 Continue with resource management processes,
establishing linkages
 Effective resource management processes will provide
competent employees and capable equipment to other
processes
 Continue with other processes from marketing to
delivery

19. 19
Value of the Process Approach
 Focuses on results, not procedures
 Determines effectiveness of the management system
 Evaluates the results the system delivers
 Tests linkages between departments and processes
 Follows flow of work throughout organization
 Determines if operations are under control and controls are
effective
 Allows judgment on significance of findings
 Helps determine depth of problems across organization
 Focuses on benefits of correcting nonconformities related
to improving organizational effectiveness

20. 20
The Process Approach requires a
change in attitude across the
organization!

21. 21
What the Process Auditing Approach
Provides
 Process Auditing provides:
 Data for managerial decisions on growth, technology,
staff development, products / processes based on
current performance, not just current conformity
 Information on whether performance meets targets
 Information on opportunities for improving
performance through better control of processes
 Information on making processes more effective and
more efficient

22. 22
Five Basic Questions
 Basic questions can apply even though the “specific
questions” will be different:
 What are you trying to do?
 How do you make it happen?
 How do you know you are doing it right?
 How do you know it’s the best way of doing it?
 How do you know it’s the right thing to do?

23. 23
Five Basic Questions at Three Levels
 Business Level – Audit results should make the
auditor confident that the organization:
 Knows what it is trying to do
 Knows how to make it happen
 Knows that it is doing the right things
 Knows that it is doing it in the best possible way
 Is managing performance

24. 24
Five Basic Questions at Three Levels
 Managerial Level – Audit results should make the
auditor confident that management:
 Knows what the process aims to achieve
 Knows how to design and cause processes to achieve
results
 Knows that it is doing the right things
 Knows that it is doing it in the best possible way
 Is regulating performance

25. 25
Five Basic Questions at Three Levels
 Operational Level – Audit results should make the
auditor confident that individuals:
 Know what they are supposed to do
 Know they are doing the right things
 Know they are doing them in the best possible way
 Are regulating their own performance

26. 26
Summary
 Internal auditing using process approach
 Can take internal audit team from mission statement to
employee contributions
 Identifies clear linkages between interconnected
processes
 Ensures requirements of the Standard fit with processes
 Eliminates weaknesses of other approaches
 Enables internal audit team to establish that the
organization is managing processes effectively