“What a headache” – that’s surely what every employee think to himself when they receive the massage of an internal audit approaching. There is a reason why. They know that someone is coming to poke their deeds… The internal audit chapter is included under chapter 8.2 – Monitoring and measurement. So it is clear that the purpose of the internal audit is to perform Monitoring and measurement within the organization. Internal audits, sometimes called first-party, are conducted by, or on behalf of, the organization itself for internal purposes and can form the basis for an organization’s self-declaration of conformity. The organization is required to conduct the audits within scheduled time frames to ensure that the quality management system is:
- Maintained according to the ISO 9001 Standard requirements
- Maintained according to the organization’s requirements and audit’s criteria
What are an audit’s criteria? Set of policies, procedures or requirements used as a reference.
We believe that in the end of the day the internal audit is actually an internal inspection that the organization conducts upon itself. Within the organization structure, it is hard for the top management to view of what is going on down the organization. It’s not enough to step down to the manufacture halls, logistic centers or service centers and view the employees or the goods on the shelves. It is necessary to sample processes and to examine whether they hold against pre defined criteria. Only high resolution sampling can provide with the real organization’s status. What are the criterions? The ISO 9001 standard requirements, working procedures, quality plans, quality objectives – the characteristics of the quality management system.
Since the internal audit topic is very serious and wide, we would not include it all in one article. In this article we will focus with the ISO 9001 Standard requirements for maintaining internal audit system with reference to the ISO 19011 Standard – a guide line Standard for auditing quality or environmental systems. The Standard was published in 2002 and besides outlining guideline for conducting audits, it also refer to the auditor’s skills and activities. Unfortunately, the ISO 9001 Standard sets requirements but it does not guide us how to conduct an effective audit – one that would not only apply the requirements but would also assist the organization. We would deal with that in another article (we just can’t give you all the secrets in one article. Sorry. Company’s policy).
The ISO 9001 requirements for internal audit interanl audit procedure
The ISO 9001 Standard requires that you maintain a documented procedure describing the method for conducting an internal audit process. This is not a recommendation but a requirement. The documented procedure must define:
- Who must conduct the audit – who is responsible for executing the internal audit process.
- What organizational units are under the scope – departments, specific processes, activities, sites, function, etc.
- Describing the process itself – who meets with whom and where and what should everybody bring with them.
- The supervision after the internal audit plan (don’t get excited, we will go into details soon). Where the audit’s evidence are documented.
It is possible to add as annex the audit’s Cannabis Lab Auditing plan and all sort of forms and documentation regarding to the process.
The auditor must be objective related to the organizational unit he is auditing. This is a hard thing to achieve, when the quality manager is the auditor. Then he is part of the organization. He will always conduct an audit to his colleagues (the ones he sits and eats lunch with, drinks coffee or smokes a cigarette). Besides that, the auditor must be skilled for conducting an audit and document the situation correctly. Remember, an audit is an emotional event where the employees are examined about the quality of their performance. The audit’s approach is highly important for the audit’s progressing. Beside his personal approach, the audit must have a minimum acquaintance with the field, in order to evaluate the processes and their quality beyond the working procedures (the documented criteria). That kind of knowledge can give him the ability and the consideration to evaluate the situation while he identifies any nonconformities or faults. Within the ISO 19011 Standard there is a specification for the auditor’s qualities required:
- Ethics – credibility, integrity and honesty.
- Open minded – willing to listen, learn and accept new ideas.
- Diplomatic – polite with high manners to his colleagues – after all he is working with people and he is the representative of the top management.
- Observer – owns the ability to recognize what he sees and understand without interrogating.
- Perspective – owns the ability to evaluate situations beyond appearance and with a wide systematic view of things – has the ability to understand the organizational consequences of his evidence.
- Versatile – owns the ability to mobilize from one situation to another without losing direction.
- Persistence – must be persistence with his objectives and to not stray away.
- Decisive – ready to make decision