Posted on September 24, 2009 by admin

This ISO Standard contains an element (8) intended to encompass a range of features which together support a mechanism to improve the performance of the management system. Internal audit forms part of this set, but only a part, yet is probably the only element readily recognisable to the average person. Internal audit is significant, not because of the results it delivers but because the ongoing registration process for ISO9001 companies ensures that Internal Audit is subject to regular scrutiny. It’s our point of view that the impact of internal audit on the majority of companies is minimal – and in most cases, to the point of being a complete waste of time. This is mostly due not to the process of audit, but to the way in which it’s managed and carried out.

Generalising, quality management processes are tolerated rather than being welcomed. They have become a fundamental part of the usual cost of doing business, mostly due to the failure of the systems to bring forth any solid benefit past the marketing advantage which is said to come from the registered status of the organisations. A calm examination of the detailed requirements built into the Standard should provide the assurance that the benefits of a controlled work environment will be achieved by following this text in a manner that matches the specific nature and ethos of the organisation. Unfortunately, it just doesn’t seem to happen. More specifically, it doesn’t happen often enough to provide the evidence of unfailing benefits for the adoption of the standard.

With a Standard which is clearly International in its origin and its application, how can this be so? To understand the reasoning behind this, it’s essential to look closely at the role of those individuals who see their position as that of policing the management system. Often carrying the title of Quality Manager, this individual (sometimes with a team of helpers) is held responsible for the integrity of the documented system and implicitly at least for the quality of the outgoing product or service. Quality Managers have their origins in a manufacturing function whose rough equivalent would have been similar to the time-honoured Chief Inspector. The name alone provides an indication of the status – perceived or actual – of this individual. He was unquestionably the final authority regarding the acceptable quality of the company’s product. Acceptance or Rejection was his decision. Without having actually been there to make a comparison, it still seems as if to many of today’s quality managers are behaving in a similar fashion. With very little actual understanding or appreciation of the management role – and certainly not the executive role, they’re unable to effectively communicate with their local leaders, with undeniable consequences.

It’s the responsibility of management to outline organisational objectives and policies, and management will organise – or have organised for them, specific systems to uphold these policies and objectives. Their need, although rarely put forward, is for some form of assurance that the systems are generating the specific controls and ongoing benefits they planned for. More than anything, they’re looking for reassurance. The Internal Audit should supply information which is specific to the operation of the management system and which is centred around this management need, but it rarely happens this way. Most of the time, the reports of internal audit functions have within them a multitude of insignificant failings termed as ‘non-conformance’, frequently to a requirement that isn’t specified or is completely imaginary in nature, and having minimal bearing on the actual needs of management. Is it surprising that Internal Audit is seen as a necessary evil, conducted to satisfy the ISO auditor, but having little relevance to life in the real world of commerce and industry?

When material such as this is provided to managers who see no real value in the investment, it is not just the audit that is ignored but the perpetrators of the audit also. A direct consequence of this failure to identify the audit customer’s need is a rejection of much that has a Quality Management implication. Managers and quality department staff universally complain of lack of management commitment (an ISO9001 requirement), and a general lack of personal advancement opportunities. But improvement is possible, even radical improvement, and it requires a change in strategy for both Executive Managers and those purporting to be Quality Professionals.

The change process:

1. The organisation must recognise that every manager and employee has a responsibility to perform in accordance with the requirements laid down for their work. Nobody else can be responsible for the quality of this work.

2. The title Quality Managers is clearly not a true indication of the function of this individual. Holding the QM responsible for a failure in product of service is clearly wrong unless that delivery was by its nature part of his (or her) normal function.

3. Internal audits should be a recognisable independent assessment of each business function, carried for the function’s manager and reported to that individual alone. (The functional managers have the responsibility for achieving a selection of business objectives, and it is they who need the information to support these objectives).

4. It follows that the auditors, while being independent of the function being audited, should also understand the role and responsibilities of senior managers, and speak at that level.

5. These changes require the dissolution of the existing audit regime, and some re-education of the management team who are responsible for allowing the adverse situation to exist.

6. Professional auditors with a wider experience than that obtainable within one or a limited number of organisations alone can provide the assurance and service level needed by an effective management team.