Audit by Process Instead of By Clause

Internal audits are often scheduled, and therefore conducted, according to the ISO 9001:2000 clause structure. These audits are more focused on judging conformity than evaluating effectiveness. Looking clause by clause, the quality management system may appear conforming, yet be fragmented and ineffective.

Auditors should adopt the process approach and assess the quality management system through its natural workflow. Of course, this requires understanding the business and its process linkages. Audit planning and interviews should identify for each process:

  • Inputs: What, when, and from whom?
  • Resources: With what people, materials, equipment?
  • Methods: How done (procedures and instructions)?
  • Controls: How monitored and controlled?
  • Measures: What are performance indicators?
  • Outputs: What is delivered, when, and to whom?

The traditional “process” audit has been a short, detailed evaluation of a single process within a department. The audit scope may not have included the process interactions outside the functional area. ISO 9001:2000 requires an audit of the entire system, either at one time or spread over multiple subset audits. This broader view must address the process linkages to evaluate the overall system. To be less disruptive, and maintain quality awareness, audits of individual processes may be scheduled each month until the full system is covered.

Process audits can be conducted horizontally or vertically. A horizontal audit follows a process trail across multiple functional areas. It is good choice for assessing the process interfaces between departments. A vertical audit covers all the key processes within a functional area. This approach is good at examining the interfaces within a department, but may miss the interactions with other departments.

ISO 9001:2000 uses the Plan-Do-Check-Act methodology. As a result, one logical requirement may be addressed in multiple clauses. Auditing by clause defines an artificial audit scope. A process may span different departments and a department may have multiple processes. So, audits should be scheduled for vertical (process) or horizontal (department) coverage. If scheduled by department, ensure interfaces with internal suppliers (upstream) and internal customers (downstream) are included. Whether auditing horizontally or vertically, remember audits must still address all the applicable clauses (requirements) over the annual audit schedule.

Auditors should view the quality management system as a set of integrated processes (by understanding the interfaces and interactions). Adopt the process approach for your audits. Add value by looking at more than just conformity. Evaluate the linked processes for their “effectiveness”. Verify their controls and identify any process risks. Also, determine opportunities for improvement.