In the last couple of posts, I've talked about how organizations respond to internal and external audits. While we are on the subject, I thought it might be useful for me to show you some of the advice that I usually give organizations when they are preparing for an audit. Of course the details are always a little different each time. But there are certain common themes that always recur. I'll list them here (in bold), along with a few comments (in normal text) to explain what I mean.
Please note: I have created a PowerPoint presentation with this information and more, that you can use to train your organizations in advance of an audit. You can find it on my page of Downloadable files. Please adapt it as needed so that it fits your organization's specific policies and procedures. You might also want to copy it onto a template with your logo. 😀
What are these audits?
Our company undergoes audits to ISO 9001:2015.
- Internal audits by our own personnel.
- External audits by our external registrar.
These audits are a mandatory part of our Quality program.
They assess how well our system of business processes complies with:
- ISO 9001:2015
- Our company's rules and directives
- Our individual policies and procedures
The audits also look to find room for improvement.
What do I have to do before an audit?
Auditees are often nervous before an audit, so I explain that the only "preparation" they need to do is the same thing they do every day anyway. This helps them relax a bit.
Understand your job:
- What do you do? Why do you do it?
Everybody can talk about the work they do all day. So when I start by explaining that many of the questions really will be that simple, again, it helps put the auditees at their ease.
- What inputs do you receive? From whom?
- What do you do to those inputs?
- What are the outputs you generate? Who are the customers for those outputs?
For employees who don't normally think in terms of processes, questions like these help them frame their answers in terms that the auditor will understand.
- What are your risks? How do you mitigate them?
Of course risk is a major topic in the latest edition of the ISO 9001 standard.
- The things you do every day … are they working? How do you know?
Often the answer to these last questions will reference some kind of KPI. But sometimes it won't. The thing is, you still have to know if things are working, and most employees do know! They might just have to be reminded that they know it.
Know what policies and procedures govern your work, what they mean, and how you follow them.
Prepare some examples of your current work and be able to explain them.
What do I have to do during an audit?
Here is where the advice becomes more critical. Everyone knows his job already, but not everyone knows how to talk to an auditor in such a way that the conversation is helpful and makes good use of the time.
“Put the auditor to sleep” … that means, show that everything is being done the way it is supposed to be done.
I've already discussed at length what this does mean and what it doesn't mean. As a reminder, the real message is that you should make sure you are compliant to all your rules, and then just show the auditor proof of your compliance ... confidently.
Answer the question the auditor asks, not what you wish he’d ask.
I've seen a lot of auditees cause confusion because they didn't answer the question that the auditor asked. They wanted to talk about something else. But the auditor has a reason for asking every single question on his list, so the most helpful thing you can do is stick to the point.
Don’t describe what you think the process is supposed to be, or what it should be if only they’d listen to your advice. Describe what you really do.
Some people think an audit is a great chance to throw their boss under the bus for not listening to their brilliant ideas. But in reality this is never a winning strategy. On the one hand, the auditor will probably see what you are doing and won't write up an internal dispute. (I worked with one auditor who made it a categorical rule, "I never write up issues that are really company politics.") On the other hand, if you do try to throw your boss under the bus, how is your boss going to feel about that afterwards? Won't it make it harder to work together?
In short, if you do this, everybody loses. When the auditor asks how you carry out the process, tell him what you do today. If he then asks, "Do you have any ideas how to improve your process in the future?" of course then you can say "Yes."
Tidy your area.
This isn't a requirement of the ISO standard, but it is a courtesy to the auditor and it means your interview won't be derailed by irrelevant issues.
Feel free to say, “I can’t find that now but I’ll get back to you.” Then do it.
Some people get flustered if they are trying to find something while another person is watching them. Auditors understand this. So it is always fair to say, "I'm feeling flustered right now, but I know I can find the thing you want to see and I will get it to you soon."
Make sure you understand any findings before the auditor leaves.
This should be common sense. If you are going to have to fix something, you want to understand how it is broken.
Don’t argue.
Auditors love to think about the ins and outs of the standards they audit. So they have probably already thought of all the angles you are going to try. If you start arguing, they'll treat it like a game. Just remember, they live with the standards night and day. They should know the standards better than you do. So they are not going to lose the game.
Naturally if an auditor has misunderstood the facts, you are fully within your rights to clarify them, so that he has an accurate picture of what is going on. But arguing about the interpretation of the standard is not likely to get you very far.
I once worked with an auditor who put it this way: “Arguing with an auditor is like wrestling with a pig in mud. After a while you realize the pig is enjoying himself.”
Don’t guess or bluff. Don’t criticize.
Guessing or bluffing means you'll probably say something wrong. It never helps to do that. And criticizing anyone—your co-workers, your boss, the company's management, or the auditor—is guaranteed to be a losing strategy, as I described above.
Never lie.
"This above all," as Polonius says. Maybe I should write a whole post on just this one topic.
What do I have to do after an audit?
Here I describe what kinds of findings you can get out of an audit (Opportunities for Improvement, Minor Nonconformities, or Major Nonconformities) and what you have to do with each one. If you get an OFI, you should think about it but you are not obligated to go farther. If you get a Nonconformity, you have to analyze it to determine the root cause, and then build an action plan which will permanently correct it. Depending on the organization, there may be a variety of special procedures to use, but the overall structure that I describe for an 8D is generally a good one to apply. Then finally you have to be able to provide objective evidence to prove the effectiveness of your corrective action. I'm not giving many details in this post because I have discussed so many of these topics in earlier posts. But of course they are important! (The presentation on my Downloads page does go into more detail.)
This, then, is the advice I give to organizations as they prepare for an audit or a program of audits. I hope you find something in here helpful for your organization too.
No comments:
Post a Comment