There are different approaches to auditing; these can be performed by clause, department, tasks, etc. The most commonly used by auditors is the clause approach, where the auditor goes by each clause, usually with a checklist, searching for evidence of requirement conformance and writing nonconformities (minors or majors) if any are found.
These approaches tend to focus mainly on procedures and not on the performance, outcomes and results of the organization’s processes. Hence, audits result in the correction of minor problems and not in the improvement of the system and its processes.
The process approach to auditing focuses on reviewing the sequence and interaction of processes and their inputs and outputs. It analyzes the management system not just as if it were a set of documented procedures, but rather as an active system of processes that addresses business risk and its applicable requirements. The main elements that a process-approach audit reviews are:
- Process Owners
- Inputs and Outputs of the process
- Methods/ Procedures/ Instructions
- Controls/ Measurements/ Metrics
- Efficiencies/ Effectiveness
In order to take this approach, it is required to plan and perform the audits so they are based on the processes that achieve organization’s objectives. The audit needs to be conducted through business processes and across department boundaries; some of the processes that need to be audited are:
- Business management
- Marketing and sales
- Resource management
- Product / service production processes
Audits conducted with a process approach provide information on whether performance targets are being met, they identify opportunities for improving performance through a better control of processes and determine how processes can be more effective and efficient in meeting the applicable requirements. Some of the aspects that make this approach a valuable one are:
- It focuses on results, not on procedures.
- Determines the management system’s effectiveness.
- Evaluates the outcomes and results of the system.
- Evaluates linkages between departments and processes.
- Follows flow of work throughout organization.
- Determines if operations are under control and if controls are effective.
- Allows judgment on significance of findings.
- Helps determine depth of problems across organization.
- Focuses on benefits of correcting nonconformities related to improving organizational effectiveness.
Organizations that wish to comply with a standard have to meet the requirements established in it, but in some cases, just meeting these requirements does not necessarily add value to the organization. In order for an organization to be competitive and successful, its operational processes must work together in achieving its goals and objectives. A process based audit assists organizations in assessing the effectiveness of these processes; it serves as a tool to identify weaknesses and opportunities to improve the connections between policy, requirements, performance, objectives and targets, which will ultimately contribute to an organization’s overall success.
To the novice quality manager, ISO jargon can be extremely overwhelming. What is an NCR? What do you mean by OFI? Are we certified or accredited? But before you go and pull out your hair, let’s take a moment to go over some of the most frequently used terms and their definitions with regards to ISO and Management System Certification.