Product, Process and System auditing has been used extensively in organizations for many years to track extent of implementation to established standards. It is also utilized to verify whether standards established are in line with global standard frameworks for eg., ISO, CMM etc.,.
In specific, compliance audits are often perceived by the workforce to be "policing" activity and most organization members find it a "plague to avoid" as much as possible. There are many reasons for this such as:
The way audit is positioned in the organization by top/senior management and the auditing functions (say Process/Quality/Operational excellence (or) Accounts (in case of financial audits)
The repetitive experience of employees over series of audits which primarily focus on finding "deviations and non-conformances" vs. established standards and makes employees feel like culprits.
Often "dictatorial" way in which audits are conducted. Hey, I am here for an audit, you should leave all your job and listen to me (or) Send an audit schedule weeks ahead of time and land on the D-Day to make the doers life miserable
Often in audit, the focus is on finding "objective evidence" of non-conformance to established standards or requirements. While this in itself is the intended purpose of any audit, the attributing causes / reasons for such non-conformance is generally left to the persons / team which operates the process to investigate and fix via a corrective action report or plan.
Quite often I notice auditors are inadequately trained (if someone has extra time, make him an auditor), unclear themselves on the width and depth of processes to be audited, become "one size fits all" auditors (if I get trained/certified once as an auditor I am now capable of auditing anything and everything in the organization) besides many other shortcomings.
While auditor training is extremely important and ongoing competency upgradation is a must (given that periodic changes in technology, tools and ways of doing business (for eg., outsourcing work to partners etc brings about major changes in the way organizations run businesses), I have frequently noticed the audit can much more effective if one takes into consideration the following elements.
I believe the audit process besides checking for compliance should seriously consider and help address:
How adequately is the standard defined and documented?
(If you look at most standards definitions and documents in the company (whether product/process/service/inspection/testing etc.,), they read like the "Constitution of India" - Boring/uninspiring and unappetizing to even pick up and read (Employees keep talking that "if you want to go to sleep, read our company's Quality / process manual). Making the organization standards and documentation easy and presentable to read can never be under-emphasized. Use of as many pictures, visuals, samples/illustrations, diagrams, photographs etc will induce better interest for employees to read through the standards and also quickly refer to it in times of need and this automatically improves the situation. Besides, doing a "failure mode" assessment of standards when they get defined to identify gaps in standard definitions and in its potential deployment will really help)
How well is the standard communicated?
In implementing standards, usually a few training sessions are held where batch of employees of the company are herded into conference room and are "downloaded" with "knowledge" about the standards. After that they are expected to "strictly" implement and comply with it. In this age and time when public memory is so short and there are hundred of priorities for employees to take care, it is unrealistic to expect employees to well remember the standards and follow it to the "t". The team which is responsible for such communications (for eg. CMM/SEPG/ISO team etc.) should make a detailed communication plan that well and truly ensures knowledge about the standards reach the employees not just in the beginning but everytime when there are changes, or new employees join or people get transferred across teams/groups/locations (or) join back after long leave/sabbatical etc., One should consider organization "standards" like a product being sold to prospects and plan to "market" it well within the company so that customers (employees in this case) will have high "standard (brand) recall". Communication strategies could include use of posters, technology tools (intranet alerts, standard of the day campaigns, e-mail/newsletter campaigns of changes to standards on periodic basis, quiz/contests etc.). Think like a marketing person and get innovative in communicating standards and I am sure compliance levels will be much better.
How well is the standard understood?
This is a very important step in order to achieve high level of standards compliance. Often employees are communicated but do not fully understand the purpose and import of the relevant standards. Activities such as "short and quick refreshers" (instead of long boring full day sessions), group studies (joint study and interpretation of standards - like we used to do in school/college of group studies!!), "Standards hour" where team members spend time addressing gaps in understanding of standards and identifying exceptions which requiring modification of standards, illustrative examples of "what is correct undertanding" and list of what is wrong understanding (based on past audit outcomes / instances and failure mode assessment data), multi-lingual training (if employees / lower level staff are not comfortable understanding things in English, nice quick e-learning capsules, quiz/test/contests, conducting events and entertaining workshops (where standards are demystified and making it easy for people to understand) are initiatives that can go a long way to help employees well understand and comply.
Remember it is essential that time and resources be budgeted along with a well developed strategy to make such things happen. Creating excitement in employees that standards are primarily help them to do a better and productive job (so that they can go home at 5.00 pm and enjoy both professional and personal life!!) is vital to get buy-in and high level of voluntary involvement in implementing standards.
How well is it complied?
This is the last but not the least element of good standard implementation. If the above explained aspects are well undertaken (I call them the "process" of deploying standards in the company), the result i.e, extent of compliance (or) #of non-conformances per standard audited will be much better. Such a transformation will take some months to achieve and will really start improving in the medium to long term for the betterment of the organization.
I am sure a structured approach to developing and deploying standards in the organization will largely take away the fear and anxiety that most employees have on the "AuD-Day" or the running around that companies do 2-3 days before an external audit as well as bring a sense of calmness and confidence to boldly get subjected to audits whether planned or surprise ones, whether internal or external and come out with flying colors.
These are based on my personal experiences both as an Auditor and Auditee to many organizations as internal / external consultant resource and I hope it is beneficial in a small way to our forum members.
I invite members of our forum to add your comments gained from experience as an auditee or auditor as it can further value add to this post and help our forum members greatly.
Home
Search
Login
Register