A Temple QMS guide to effective auditing

Written By Ian Hughes

For any organisation committed to excellence, the audit is one of the most powerful tools in its arsenal. In simple terms, an audit is a systematic process to verify that a product, process, or system is operating in line with a defined set of requirements. These requirements may be set internally by your own procedures, by customers in a contract, or by regulatory bodies.

If your organisation holds a certified quality management system (QMS) such as ISO 9001, AS9100 or IATF 16949, then conducting regular internal audits is a mandatory requirement.

Audits are integral to a healthy QMS, providing vital feedback to management on compliance and highlighting opportunities to enhance the system itself. They are the mechanism for verifying that corrective actions have been effective, whether those actions were triggered internally or by an external party like a customer or certification body.

So, you've been tasked with performing an internal audit. Where do you begin?

Before You Start: Becoming a Competent Auditor

Before diving in, it's crucial to feel confident in the process. Start by reviewing your organisation's own internal auditing procedure and check the requirements for auditor qualifications. This might involve on-the-job training, shadowing a senior auditor, or completing an external course.

For a comprehensive framework, we highly recommend acquiring ISO 19011 the international standard for Guidelines for auditing management systems. This standard is an invaluable resource that provides guidance on developing an audit programme, qualifying auditors, and conducting audits effectively.

Once you have a firm grasp of the methods, you are ready to begin. A successful audit is built upon three distinct phases: Preparation, Performance, and Reporting.

Phase 1: Preparation

Thorough preparation is the foundation of an effective audit. This stage involves more than just scheduling a meeting.

  • Initial Research: Begin by reviewing key documents related to the department or process you will be auditing. This includes:

    • Relevant procedures and policies.

    • Internal and external audit reports from the previous year.

    • Any corrective actions raised in the last 12 months.

  • Develop the Audit Plan: Your research will inform the audit plan. This plan must define the audit's scope—its focus and the specific requirements you will be verifying. A clear scope keeps both you and the auditee focused. The plan should also include:

    • A schedule for an opening meeting to review the plan with the area's management.

    • A list of personnel to interview.

    • A plan to verify the effectiveness of previous corrective actions.

    • A schedule for a closing meeting to discuss the results, including any non-conformities and opportunities for improvement.

  • Assemble a Checklist: A checklist is an essential tool for ensuring you cover all the relevant requirements. It provides structure and a place to capture the information you gather, noting whether a process is compliant or if a potential non-conformity exists.

Phase 2: Performance

Performing the audit is about gathering objective evidence. It’s your opportunity to see processes in action and speak with the people who perform them daily.

  • Collect Evidence: Your goal is to gather proof of compliance or non-compliance. Evidence can take many forms: completed records, database entries, live demonstrations of a task, or interviews with staff. Use your checklist to record what evidence you have reviewed, noting document numbers, revisions, and specific examples (e.g., purchase order numbers, form references). This documentation is critical as it forms the evidence for your audit's conclusions.

  • Sample Effectively: To gain insight into the consistency of a process, it is good practice to collect several examples for each requirement you assess. Look at current activities as well as work completed several months ago. However, if a process has changed significantly, ensure your evidence is from after the change was implemented.

  • Handle Potential Non-Conformities: If you identify a potential non-conformity, discuss it with the process owner. It’s possible you have misinterpreted something or that evidence of compliance exists which you haven't seen. A true non-conformity must be linked to a specific requirement that is not being met. If there is no specific requirement, it is not a non-conformity but may instead be an opportunity for improvement.

Phase 3: Reporting

You've completed your interviews and reviewed the evidence. The final step is to create the audit report. Most organisations have a template for this. The report should be a clear and concise summary of your findings. It should include:

  • An overall summary of the process's performance and compliance.

  • A detailed list of any non-conformities identified, with links to the corrective action process.

  • A section for opportunities for improvement.

  • Notes on any strengths or positive practices observed. Auditees greatly appreciate positive feedback.

By following this structured approach, you can ensure your audits are not just a compliance activity, but a valuable driver of continual improvement for your organisation.

Find out about our latest training courses for Internal Auditors here.

Ian Hughes
Previous

Retail under siege: Pandora breach highlights urgent need for a robust security framework
Next

New Fire Risk Assessment Standard Strengthens Housing Safety