Process Auditing Au
Naturel
By Mario David, Sales & Operations Manager -
Canada, NQA -
Canada
Process
auditing is a fairly new word for our vocabulary. It’s a term that has been bouncing around
since the release of 9001:2000, but only recently has there been any attempt to
flesh out what is really meant by the phrase.
It sounds right. I mean, ISO has
brought us to understand that a QMS is really a collection of interrelated processes
which together forms a management system.
It only follows that if we are auditing a set of interrelated processes,
we should be process auditing. But what
IS process auditing and is it really a new thing?
An
understanding of the concept and its application starts very simply with the
definition of process and of auditing.
Pardon the simplicity, but this cuts to the heart of the matter and
allows you to breath once again knowing that you may not be far off the mark to
your current method of auditing.
Process:
“Set of interrelated or interacting activities, which transforms inputs into
outputs”. (ISO9000:2000, par. 3.4.1).
Audit:
A systematic, independent and documented process for obtaining audit evidence
and evaluating it objectively to determine the extent to which audit criteria
are fulfilled. (ISO9000:2000, par.
3.9.1) (Note that auditing is a process itself).
Let’s
put it together now to define process auditing.
That would make it, “a systematic, independent and documented process
for obtaining audit evidence of a set of interrelated or interacting
activities, which transforms inputs into outputs, and evaluating it objectively
to determine the extent to which audit criteria are fulfilled.”
Sounds
pretty basic doesn’t it. That’s because
it is. Let’s look, for example, at a
process audit in its most basic form.
We
are going to audit the inspection process.
Now there may be one procedure or there may be 10 depending on the
organization size and a number of other factors, but for simplicity sake let’s
say there is one procedure that is appropriate for the task. An important consideration at this point is
to understand that not all procedures are written in a manner that reflects a
process. This procedure may be a list of
things to consider in the course of doing an inspection and in that sense it
clearly would not be reflective of the “process” of inspection, but merely the listed
requirements, more like a checklist. It
may, on the other hand, clearly reflect the process or flow, including inputs
and outputs and, according to our definition of process above, indicate how
those inputs are transformed into outputs.
Perhaps it is a flow chart or a word document reflecting a play script
format, but it is definitely reflective of the process flow.
For
this reason, the audit of a procedure does not equate to an audit of a process,
unless this procedure is written in a manner that captures the component parts
of the full process, namely the variation of inputs and outputs, the points of
interface as well as methods to ensure the adequacies of these inputs and
outputs.
If
we looked, for example, at the various types of inputs for an inspection
process, they would likely include, of course, a product or products ready for
inspection along with related records (4.2.4, 7.5.3, 8.1). Other inputs might include, appropriate
monitoring and measurement equipment (7.6), instructions related to the
inspections at hand (4.2.3), a trained/competent individual inspector (6.2.2)
with clear authority to reject product that does not meet requirements (8.2.4,
8.3). Here there are easily eight
interface opportunities to follow that you could follow-up on. One could also consider the infrastructure
and work environment that the work is being performed in.
If
we stop to consider each of these as they appear in the standard (which happens
to be a microcosm of a system) (You don’t have to follow them this way. I am just doing this to emphasize that the
standard itself is written as a process flow) you can see a series of questions
develop.
As
you can see when you look at things from a process perspective, it is necessary
to consider the interfaces or inputs to the process. But it is important not to
loose sight of the fact that you are still verifying compliance.
A
process Audit is not an alternative to a compliance audit. All audits attempt to verify compliance, but
process audits follow a given process or linked processes as the means to
verify compliance and are not confined by the pages of a procedure. (Yes, not all processes are documented) To be
truthful, there are probably 365,452 different combinations of process audits
and no one is necessarily superior to the other.
Observation
is the key, think process, go in asking how does this all fit together and wait
for the answers to come. You will be
surprised at how natural it is.
Mario
David can be reached at: (514) 242
2655, mario.david@nqacanada.ca, www.NQACanada.ca