Internal Auditing – How Often?
Any organisation/business is required to conduct internal audits to maintain its ISO9001 standard. The audit involves testing out company processes and procedures to determine the standard at which they operate when compared to how they should work. Audits are designed to help employees but the mere mention of the word can see your staff sent into a panic, scrambling around to make everything look perfect. However, communicating yourself well to your staff on the benefit of the audits, and letting them know that this is not a finger pointing exercise, can serve well to make these audits more positive.
Internal audits should be viewed in a positive light, a chance to take a step back and have your process reviewed by a fresh set of objective eyes. They are an ideal way to prepare for external assessment too. In some ways internal assessments can be more thorough as processes are examined more closely, more frequently and in greater detail than external auditors.
ISO 9001 does not specify how often internal audits should be conducted. Instead, the requirements are that organisations audit based on how important a process is, the risks involved and whether there is an existing record of previous concerns. Consideration should also be given to quality objectives as these can dictate audit frequency. At the least, internal audits should be carried out annually. There are two ways around this – auditors may decide to review processes in one go, or they may portion off aspects and have a plan which details the schedule over a number of months. Complex processes may require more frequent assessment and this should be built into an internal audit plan.
The audit plan removes the need for panic and helps eliminate an atmosphere of mistrust. It lets everyone know what will be happening and when, as well as allowing process owners time to complete any improvements that may be taking place. Although the audit plan is made general knowledge, the detail relating to timings should be confirmed with respective process owners as soon as is possible.
The internal audit should not be seen as second string to an external audit and for that reason it needs to be as thorough as possible. Appointed auditors may benefit from some training and development to support them in getting the best out of the process. Auditors should apply a variety of methods to test the process including talking to employees, reviewing data and relevant documentation as well as and perhaps most importantly observing the process in practice. Part of being thorough is keeping accurate documentation that is a true reflection of the findings, for both management and future audits.
The aim of the audit should not be to purely report non-conformance, but auditors should also use the opportunity to highlight areas of a process which may benefit from change. Therefore as important as the audit is the follow up. Follow ups are critical to ensuring that the audit cycle is closed off, and they are also a great motivating factor for further improvements.
Source Management 