Process Auditing Au Naturel

By Mario David, Sales & Operations Manager - Canada, NQA - Canada

Process auditing is a fairly new word for our vocabulary.  It’s a term that has been bouncing around since the release of 9001:2000, but only recently has there been any attempt to flesh out what is really meant by the phrase.  It sounds right.  I mean, ISO has brought us to understand that a QMS is really a collection of interrelated processes which together forms a management system.  It only follows that if we are auditing a set of interrelated processes, we should be process auditing.  But what IS process auditing and is it really a new thing? 

 An understanding of the concept and its application starts very simply with the definition of process and of auditing.  Pardon the simplicity, but this cuts to the heart of the matter and allows you to breath once again knowing that you may not be far off the mark to your current method of auditing.

 Process: “Set of interrelated or interacting activities, which transforms inputs into outputs”. (ISO9000:2000, par. 3.4.1).

 Audit: A systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled.  (ISO9000:2000, par. 3.9.1) (Note that auditing is a process itself).

 Let’s put it together now to define process auditing.  That would make it, “a systematic, independent and documented process for obtaining audit evidence of a set of interrelated or interacting activities, which transforms inputs into outputs, and evaluating it objectively to determine the extent to which audit criteria are fulfilled.”

Sounds pretty basic doesn’t it.  That’s because it is.  Let’s look, for example, at a process audit in its most basic form.

 We are going to audit the inspection process.  Now there may be one procedure or there may be 10 depending on the organization size and a number of other factors, but for simplicity sake let’s say there is one procedure that is appropriate for the task.  An important consideration at this point is to understand that not all procedures are written in a manner that reflects a process.  This procedure may be a list of things to consider in the course of doing an inspection and in that sense it clearly would not be reflective of the “process” of inspection, but merely the listed requirements, more like a checklist.  It may, on the other hand, clearly reflect the process or flow, including inputs and outputs and, according to our definition of process above, indicate how those inputs are transformed into outputs.  Perhaps it is a flow chart or a word document reflecting a play script format, but it is definitely reflective of the process flow. 

 For this reason, the audit of a procedure does not equate to an audit of a process, unless this procedure is written in a manner that captures the component parts of the full process, namely the variation of inputs and outputs, the points of interface as well as methods to ensure the adequacies of these inputs and outputs.

 If we looked, for example, at the various types of inputs for an inspection process, they would likely include, of course, a product or products ready for inspection along with related records (4.2.4, 7.5.3, 8.1).  Other inputs might include, appropriate monitoring and measurement equipment (7.6), instructions related to the inspections at hand (4.2.3), a trained/competent individual inspector (6.2.2) with clear authority to reject product that does not meet requirements (8.2.4, 8.3).  Here there are easily eight interface opportunities to follow that you could follow-up on.  One could also consider the infrastructure and work environment that the work is being performed in.

If we stop to consider each of these as they appear in the standard (which happens to be a microcosm of a system) (You don’t have to follow them this way.  I am just doing this to emphasize that the standard itself is written as a process flow) you can see a series of questions develop.

 As you can see when you look at things from a process perspective, it is necessary to consider the interfaces or inputs to the process. But it is important not to loose sight of the fact that you are still verifying compliance.

 A process Audit is not an alternative to a compliance audit.  All audits attempt to verify compliance, but process audits follow a given process or linked processes as the means to verify compliance and are not confined by the pages of a procedure.  (Yes, not all processes are documented) To be truthful, there are probably 365,452 different combinations of process audits and no one is necessarily superior to the other.

 Observation is the key, think process, go in asking how does this all fit together and wait for the answers to come.  You will be surprised at how natural it is.

Mario David can be reached at: (514) 242 2655, mario.david@nqacanada.ca, www.NQACanada.ca