How to Get the Most out of ISO Internal Audits

We all know quality is a continual process that evolves as your company ebbs and flows.

Having processes in place to be able to monitor and track that continual improvement and make good decisions based on that information is critical to a business.

As economic times are continually changing, businesses have to be fluid and responsive to varying market demands.  This may involve reviewing your processes and realizing that things may not have to be done just because you have always done them that way.  Instead, take the opportunity to really ensure your processes are adding value to your organization.

One way to accomplish this is through reviewing your standard operating procedures and work instructions on a continual basis through an internal audit.  Internal audits benefit the immediate departmental team as well as the overall organization.  The departmental team benefits by taking time to review what they are doing, why they are doing it, and make necessary changes.  In the process, they are documenting the activity to demonstrate to an external auditor and/or customer that they are following the policies and processes that they have established to be the best at what they do.

In addition, internal audits are a way for other teams within an organization to get familiar with how various departments work and discover best practices that can be shared across the larger organization.  Typical agendas for internal audits include reviewing job descriptions, training records and processes to ensure they are doing what they say they are doing, and what they say they are doing follows the standard.

I recently had the pleasure of joining our internal audit team for our parent company, CCS-Inc.  Over my career, in multiple organizations, I’ve had quality responsibilities that included being a document control administrator, writing processes for my area, and making sure that job descriptions and trainings were documented correctly.  These activities helped to prepare the business for both internal and external audits to maintain ISO 9001 registration.

I have been on both the giving and receiving end of audits, using a variety of systems, including paper based systems, shared drive systems, SharePoint, and compliance management software systems.  These experiences have afforded me the opportunity to see how compliance management software can be extremely helpful to organizations automating this process.  It can also be the difference between significant findings versus stress-free audits.

Having a consistent process for planning, executing, and documenting internal audits is paramount to the integrity of the data that is being captured.

To guide internal auditors in our organization, our Quality and Compliance Manager has established the following best practices:

Review the organization chart, checking for the correct titles with job descriptions to match as well as their association, general, and job specific training tasks or checklists.

• Review any previous corrective actions to ensure they have been completed.
• Identify and review the processes associated with that area for review by the internal audit team.
• Develop questions to be presented to that department from the information gleaned from the above.
• Perform the audit and document all responses and any opportunities for improvement or corrective actions.
• Respond back to all parties involved and help develop any plans for continuous improvement.

Our Quality Manager leads the team and sets the audit schedule and initiates the automated workflow process in our compliance software. The initiated workflow contains information about who is responsible for the audit but also provides links to previous audits of the area, high-use procedures and any other applicable notes to provide continuity.  Our internal audit team is made up of representatives from all areas of the organization.  We meet quarterly to review the audits that have been completed and to collaborate on areas where the internal audit team can improve.

Can all of this be done without an electronic compliance management system in place? 

The answer is, yes. But having a compliance software tool makes it so much easier to be able to manage that process and then search and report on all of the information that is being captured. The end result provides evidence that the business is doing the right things, documenting what we are doing and working on the right priorities for continued success. Reporting on all of the information that is captured by the internal audit team members can be done very easily.

Some examples of how our Quality Manager utilizes reporting:

• Audit findings being recorded in the internal audit workflow, with a reference to a detailed workflow specific to each finding.
• The finding workflow includes full details from the audit trail, and responsible parties for assigning, completing, and reviewing the action plan within the designated time frame.
• The finding workflow includes reference to the sections of the standard which were not followed.
• Reporting features within compliance management software can ease the process for review of internal auditing and any findings. By using categorization when assigning internal audits by department, function or standard section, and also including the pertinent standard reference when detailing findings, such software can easily produce a snapshot of what sections have been covered and any weak areas.

A systematic approach for your internal audits has many benefits, including helping your employees develop the best procedures for their departments and setting the expectation of continual improvement throughout the entire organization.  

Want to talk internal auditing?  I’m always eager to learn from others best practices or hear how our process has helped you.   Here are a few resources you may find helpful:

• Audit Division of the ASQ
• Qualtrax LinkedIn Group
• FMI Internal Auditing LinkedIn Group

Categories: Agriculture, Audits, Calibration, Cannabis Labs, Co-Ops/Municipalities, Environmental, Events, Food, Forensic Labs, Forensics Supply, Manufacturing, Medical Examiners, Public Health, Testing Labs, Utilities, Veterinary

Download PDF