An audit is just another type of inspection and in the case of internal audits, inspection of the systems and processes of the quality management system itself.
An audit simply compares how things are to how we believe they should be and how they actually are.
Audits assist in identifying areas that require attention and provide a chance to identify some opportunities for improvement.
It’s well known however,, that audits frequently cause the same level of stress as final exams, despite being so valuable and a massive contributor to making everyone’s life easier in the long run!
Understandably so, as a lot depends on the outcome of the external audit.. A solid internal audit procedure though, can lessen the pressure because you can identify the issues and fix them before the external auditor arrives.
Audits are necessary to track and report on the management system’s efficacy under the quality, safety, and environmental management requirements.
The ISO 9001 standard specifies that
“A documented procedure shall be established to specify the roles and requirements for planning and performing audits, establishing records, and reporting results.”
This process is one of the six documented procedures that must be in place. You must also maintain records.
How does the internal auditing procedure look?
Although each business or industry will have its variables, the general steps are the same:
- Create an audit schedule
Internal audits must be done at regular intervals to ensure the quality system is operating effectively and that it complies with requirements. For BCA’s the Building Regulations and the BCA’s own needs (i.e., its own procedures and policies) are both considered to be “requirements.”
You don’t have to audit all of the processes at once. Internal audits may be conducted as a series of “mini-audits”.
There is no mandated audit frequency, just the requirement that all regulations are audited at least once annually.
- Select your auditors.
An auditor should be impartial and unbiased. Processes that you personally manage or control cannot be audited by yourself. As a result, you will need to have two trained and ready internal auditors. Nevertheless, due to a lack of resources, or occasionally due to the frequent overlap of roles in smaller BCA’s, it might not be possible to have two independent auditors. This is where Co-Lab provide that independent aspect to over this requirement.
- Specify what is needed for each audit.
The audit area has already been identified in the schedule; the next step is to specify the audit criteria. This can occasionally take the shape of a formal checklist with pre-established questions. Additionally, you can use a copy of the audited procedure and annotate it with questions and points to confirm. To confirm the procedure, you must decide which records need to be examined.
The audit area’s previous results or problems should also be reviewed. As you get more experienced you will start to “follow your nose” if something is not quite right, even with pre-defined questions.
Instead of setting this up at the planning stage, you can define the audit criteria before each audit. The auditee should be informed of these needs (checklists, documents, records, etc.) well in advance of the audit itself. (Include the duration in your audit procedure; a week is appropriate.)
- Perform the audit.
An audit often begins with an initial meeting in which the auditor introduces themselves to the auditee(s), establishes the anticipated timeline, and lays out the audit’s methodology.
The auditor will go through the checklist or method step by step while conducting the audit, looking for proof that the process complies with the requirements. The checklist is frequently marked with notes and a brief finding, such as C for compliance, OFI for areas that provide opportunities for improvement, GNC for non-conformance and SNC for serious non-conformance.
Regardless of the conclusion reached, it is critical to record the exact evidence that was seen throughout the audit in order to support it.
Before recording a finding, the auditor will usually talk it over with the auditee. This can occasionally overturn the conclusion or alter it to one of a less (or more!) serious nature.
During the closing meeting, the lead auditor will provide a general overview of the audit and go over each audit finding to make sure everyone understands it.
- Record the audit’s conclusions.
A formal written report on the audit will be delivered to management by an external auditor a few days later, and it is typical for an internal auditor to do the same. Internal audits however, do not require the same kind of formal audit report. Simply make sure the results are documented and shared with management.
You must keep the audit’s records, which normally contain the following:
- completed audit checklists, or procedures with mark-ups
- examining notes on objective evidence and interviewing staff
- audit results (cross referenced to your Audit Summary)
- review report
- CAPA actions
Corrective actions must be taken in response to the findings raised by both internal and external audits. Preventative actions also ensure no recurrence.
The auditor will confirm that the corrective measures made were successful in bringing the management system into compliance at the subsequent audit. The next audit will confirm if the preventative actions were effective!