Added value in auditing the management system
Add value during audits of management systems
We hear a lot about the importance of adding value during audits of management systems, but what does this sentence mean correctly?
Is it possible to add value in audits without compromising their integrity or providing some kind of advice? In principle, all audits should add value, but this is not always the case.
Here we will show how audits can add value to different stakeholders
And the various cases that are likely to be encountered in the context of second or third party audits.
Quality management systems and “added value”
There are several definitions of “value” in different dictionaries, but they are all agreed that it is something useful. So let’s agree that “adding value” is a way to make things more useful.
Some organizations have used the ISO 9000 series of specifications to develop quality management systems, integrate them into the business management methodology, and adapt them to achieve their strategic goals, in other words, making the specifications add value to the organization.
On the contrary, on the other hand, other organizations have developed a bureaucratic set of procedures and records that do not reflect the practical and realistic method of the organization’s operations, which has led to increased costs, without any benefit. In other words, it does not “add value”.
I think it is a question of methodology, for example the methodology that does not add value focuses on answering the question “What procedures need to be written to obtain ISO 9001 certification?”
While the methodology that adds value focuses on answering the question “How can we use an ISO 9001-compliant quality management system to help us improve our business?”
What is internal audit?
The purpose of an internal audit is to evaluate the effectiveness of your organization’s quality management system and the overall performance of your organization. Your internal audits demonstrate compliance with ‘planned arrangements’ eg the Quality Management System (QMS) and how its operations are implemented and maintained.
How to add value during the audit process?
How can we ensure that the audit process is “helpful” to the organization in implementing and improving the quality management system? Bearing in mind that there may be other points of view that must be taken into account.
In order to “add value”, third party auditing must be beneficial.
For organizations: By providing information to senior management regarding the organization’s ability to achieve its strategic objectives, by identifying problems and weaknesses that, if addressed, will enhance the organization’s performance, and by identifying opportunities for improvement and potential risks.
To the organization’s customers: by enhancing the organization’s ability to provide an identical product.
For international registration and accreditation bodies: By improving the credibility of third party audits.
The “value added” approach will often relate to the level of maturity of the quality culture in the organization, and the level of maturity of the quality management system, according to the requirements of ISO 9001.
We can characterize organizations into four different types, based on two criteria: “the level of maturity of quality culture” and “the level of maturity of quality management system applications”, as follows:
The first type: low maturity in quality culture, low maturity in quality management system applications, not conforming to ISO 9001.
The second type: maturity is high in “quality culture”, maturity is low in quality management system applications, not conforming to ISO 9001.
The third type: maturity is low in quality culture, maturity is high in quality management system applications, conforming to ISO 9001.
Type 4: High maturity in quality culture, high maturity in quality management system applications, conforming to ISO 9001
In this context, what is meant by the “level of quality culture” is the degree of awareness, commitment, and institutional behavior of the organization with regard to quality. What is meant by the “quality management system application maturity level” is the extent to which it meets and conforms to ISO 9001.
It is well known that cases of minor non-conformity may appear even in organizations that show a high degree of maturity in accordance with ISO 9001).
Type 1 organizations: Low maturity in quality culture, Low maturity in quality management system implementations, Not conforming to ISO 9001.
What should be done in audits to add value to the organization? She would like to receive advice on ‘how’ to implement a quality management system or ‘resolve’ any non-conformance that appears during the audit.
Here, the auditor has to be very careful, because such advice certainly generates a conflict of interest in third party auditing, and will conflict with the requirements of ISO/IEC 17021 for the accreditation of certification bodies.
What the auditor can do is emphasize on clarifying the requirements of the standard, and the reason for raising and recording a case of non-conformity whenever it appears, which enables the organization to understand that resolving this case will lead to improved performance, which leads to confidence and commitment to the audit process.
It is important, however, that non-conformances are mentioned in the report, so that the organization clearly understands what needs to be done in order to achieve the requirements of ISO 9001.
While some organizations may not be satisfied with audit results that do not lead to international registration and accreditation (certification), the organization’s customers (who receive products and services) will make sure of the “value” of the audit, and this is from their perspective.
From the perspective of international registration and accreditation companies (certifying bodies), not mentioning cases of non-conformity in the report, and providing guidance on how to implement the quality management system, will affect the credibility of the audit profession or the third-party audit process, and therefore does not add the required value.
We must emphasize that these proposals are mainly related to third party audits. There is no objection to “adding value” in the second party audit (evaluation of suppliers, for example), by providing guidance to the organization on how to implement the quality management system. In this case, this directive (if well displayed), will undoubtedly be very beneficial to the organization and its customers.
Type 2 organizations: Maturity is high in “quality culture”, maturity is low in quality management system applications,
Not conforming to ISO 9001.
These organizations expect from the auditor and from the audit process similar and sometimes even higher expectations than those of the first type.
To add value here, the auditor must have a good understanding of the method and practices applied by the organization to meet the requirements of ISO 9001. In other words, understand the organization’s operations in the context of ISO 9001, and not, for example, insist on reformulating processes and documents to keep pace with the structure or clauses of the specification.
Where the organization can, for example, adopt a management system based on business excellence models, or TQM tools such as policy management (Hoshin Kanri), or Quality Function Deployment (QFD), failure mode analysis and effects analysis), Six-sigma methodology, S5 programs, Systematic Problem Solving, Quality Circles, and others. In order to add value during the audit process, the auditor must, at the very least, be aware of the organization’s methodologies, and be able to see how effective the organization’s methodology and approach are in meeting the requirements of ISO 9001.
It is also important that the auditor not be “intimidated” by this high degree of application. While an organization may use these tools as part of an overall philosophy of quality, there are bound to be gaps in the method adopted.
Therefore, the auditor must be able to identify any deviations or weaknesses and raise appropriate non-conformities. In these cases, the auditor may be accused of excessive exaggeration or bureaucracy, so it is important that the auditor be able to prove the relationship of the non-conformities raised to the requirements of the specification.
Type III organizations: maturity is low in quality culture, maturity is high in quality management system applications, conforming to ISO 9001.
This type of organization may be certified in ISO 9001 for a long time and may be able to demonstrate a high level of compliance with ISO 9001, but at the same time a “quality culture” is not applied throughout the organization.Quality management system is often implemented under pressure from customers The application is centered around the requirements of the specification only, rather than on the needs and expectations of the organization itself.
As a result, the quality management system works in parallel with the organization’s methodology in implementing its routine operations, which leads to redundancy and inefficiency.
In order to add value to auditing with this type of organisation, the main objective of the auditor should be to motivate the reorganization of the quality management system based on ISO 9001, and to integrate it into daily and routine operations.
Although the third party auditor cannot make any recommendations on how to meet the requirements of ISO 9001, it is acceptable and good practice for the organization to encourage (without pressure) implementations beyond and above the requirements of the specification.
The auditor can provide valuable information to the organization on how the quality management system can be more effective and useful through question selection and delivery techniques.
While identifying “opportunities for improvement”, the auditor can point out ways to enhance the effectiveness of the quality management system, but can also identify opportunities to improve this effectiveness.
Type IV organizations: high maturity in quality culture, high maturity in quality management system applications, conforming to ISO 9001.
With this type of organization having a high maturity in Quality Culture, and being ISO 9001 accredited for a long time, their expectations of value added in auditing will be challenging for the auditor. A common complaint among this type of organization is that “periodic audits” are “routine visits” and add nothing to them.
In this case, senior management becomes the main client of the third party audit. Therefore, it is important for the auditor to have a clear vision and understanding of the organization’s strategic objectives, and to be able to manage the audit process in this context.
The auditor should be given the opportunity and time to have detailed discussions with senior management, to define their expectations of the quality management system, and to incorporate these expectations into the audit standards.