By Caleb Guedes-Reed on April 27, 2021
In our latest webinar with our partners at A2LA, we heard from Jonathan Fuhrman, their product certification program manager, about best practices for conducting an internal audit.
A little about Jonathan’s background: he supports the day-to-day operations of accreditation by assisting A2LA clients in obtaining and maintaining accreditation to ISO/IEC 17065, ISO/IEC 17025, and ISO/IEC 17020. As a member of the Electrical and Product Certifications team, he works with Electrical and Mechanical testing laboratories and Certification Bodies operating in fields such as Construction Materials, Energy Efficiency, Halal, and Wireless device certifications. Prior to joining A2LA, Mr. Fuhrman served in Quality Assurance, Market Access, and Factory Surveillance roles and has over a decade of audit experience working with organizations such as A2LA, NVLAP, IECEE, OSHA-NRTL, and Standards Council of Canada.
While this blog will serve as a general overview of the webinar, I recommend you watch the full recording available here. The full recording provides a lot of information in great detail and includes a 20-minute Q&A session at the end full of great questions from your peers in the industry. You don’t want to miss that!
So, with that said, let’s dive in!
There are multiple reasons that your organization might need or want to conduct an internal audit. First off, the audit records can serve as an objective picture of where your organization stands in respect to quality and compliance goals. Beyond that, audits can be an investigative exercise to look for opportunities for improvement.
One major reason for conducting internal audits is to meet third-party requirements (like from your accrediting body!).
You could also use the results of internal audits to serve as a status report for management. It’s going to give them insight into where the organization stands and where it’s headed in relation to its goals. It can give management an idea of how to steer the organization moving forward.
According to Jonathan, there are a few main ideas to think about that will help keep things simple:
The internal audit cycle can be divided into as many parts as is appropriate for your organization. However, Jonathan breaks the cycle down into four core phase that occur over time:
One thing to think about when putting together that audit schedule is to address all elements of the management system and the technical activities. That includes all policies and procedures. This needs to be done each year and should include risk analysis when applicable. The schedule should also define when each element will be audited and who is responsible for each audit.
After you’ve planned and scheduled, the next step is to figure out who is going to perform the audit. Keep in mind — you can have the best possible plan in place but if you put the wrong auditor on the job, the value of the audit can be diminished.
Jonathan says you need somebody who has a solid understanding of the management system and the objectives. They also need to be familiar with the history of the company and a background in the areas of the audit. You want someone who is going to be able probe and analyze without giving off an interrogative vibe when they’re interviewing the team. Positivity and objectivity are important. The auditor needs to maintain independence throughout the audit – so you don’t want people to be grading their own work. Audits are about finding facts, not faults so the auditor should really focus on verifying compliance. Audits shouldn’t give the auditor “joy” when writing deficiencies.
An ideal auditor also needs to have strong communication skills. They need to keep it simple by being clear, brief, direct, and focused. It’s also important to realize that there are three ways of receiving information: seeing, listening, and experiencing (spend most of your time listening). They also need to know how to express comments and questions in a positive way.
Here’s another typical audit sequence that Jonathan recommended during the webinar:
There are also a couple different ways you can go about gathering information and evidence:
During the interviewing, your auditor should also be asking key questions like:
There also needs to be a method behind your sampling of records. So, discuss the process and pick some records along the way. This is the best option when the process is simple, and records are few. If, on the other hand, the process is complex and there are many documents, start with random selection of records and then discuss the process based on the records.
The outcome of the audit needs to be documented. The contents of the report need to include a factual description of the audit activities it covers and provide a fair and accurate picture of the quality system audited. Jonathan also recommends including a discussion about the planning and sampling methodology.
The audit report summary should contain:
This is where you’re going to establish next steps and present the outcome of the audit. Jonathan recommends to avoid delivering surprises during a closing meeting. You should try to communicate any potential issues early on so no one is surprised. Set the expectations as you go.
You need to address the corrective actions that are required. This involves:
Once the audit report has been approved, the audit team’s responsibilities are completed. From there, corrective actions are initiated for all non-conformances (deficiencies) identified in the intern audit report. The follow=up activities and effectiveness of corrective action is later verified at the direction of the Quality manager.
In preparation for the company’s next internal audit, the following should be considered for placement on the audit schedule for the next internal audit:
Internal audits are compliance based and all deficiencies must directly relate to the relevant standard, method, etc and they must be supported by objective evidence.
Be sure to plan and prepare for the internal audit and use the right people for the job.
You also need to record audit finding and follow up on issues.
Like I said before, this blog was only meant to serve as a general overview of the webinar but to get all the great information Jonathan shared with us, you need to watch the full webinar here! In the webinar, you will have access to Jonathan’s presentation, a brief demo of Qualtrax, and an in-depth Q&A session with your industry peers. If you’re interested in A2LA’s training information, you can visit their website here.
Categories: Audits, Compliance Management, Quality Managers