REVERSE AUDITING OF THE SYSTEM AUDIT DEPARTMENTS
Auditors Are Not!!!
• Inquisitors
• Fault Finders
• Rock Throwers
• Avenging Angels (Biased For or Against)
• Dishonest
• Overactive
I Believe An auditor is the custodian of the rules and regulations and processes and is the conscience of the departments. However a cursory look at the system department of any corporate departments will revel that there are no policy guidelines and procedures or any specific role assigned to the system department they think they are meant to audit only. Does it mean that the system managers thinks he has no specific role to play in the processes documentation before its implementation.
Unless they can talk-the-talk and walk-the-talk when it comes to defining the system and processes of all interrelated departments and quality how can they effectively and honestly audit them?
Questions to be asked to any company auditor and system manager : -
- How is the system department complying with the business model to the point that we would need procedures. How is the system department aligning the ISO standard to match our business model at this point to ensure the operation team met those requirements, but did not match our business model to the standard.
- What Quality System - Tools, methods, documentation, and processes that have been implemented and maintained to ensure your organization is able to consistently meet the needs of your Customer. When you meet all of the requirements of ISO 9001:2000, you have met the requirements for a Quality Management System.
- What are the Quality Procedure - which is a document outlining the who/what/why/when/where/how aspects of a process/task/activity. Within the requirements of ISO 9001:2000 Quality Management System, there are 6 requirements for Procedures (Internal Auditing, Corrective Action, Preventive Action, Document Control, Record Control, and Control of Nonconforming Product). Of course, ISO 9001:2000 also says that you should have a procedure (or document) where its absence could have a negative impact on your organization's ability to meet the needs of your Customer.
- Where is Doc & Records control, Competence, Awareness & Training, The challenge of competence is directly related to the differences between Operation management, HR/Financial Management and Quality Management. Do you have training in all of them? Do you have experience with all of them? Do you have a working knowledge of integration of all systems ? Do you have an understanding of Risk management? What experience do you have in product realization? The list goes on.
More pondering questions for the system manager : I am sure he will rectify the issues if requested
- Have you given birth to your procedure to make manuals, procedures, work instructions and any other documents that your company will be requiring
- Based on last audit have you focused on the symptom which could have been the result of out of date /non documents with the system departments
- Operation and financial manager depend on control processes defining the role, Where are the plans of the organization defining clear lines of operating and responsibilities.
-Are there any adequate adjustment structures including budgetary control, cost control as well as policy and manuals.
-What are the effective and streamline approvals and authorization processes.
- Are there any due processes ensuring strict compliance with the openness and competition and cost , accuracy and rules and procured that should guide contract
-Have you defined the competitive bidding conducted in line with the procurement and contract award
- How are you complying with ISO 9000 certification of the company? Or mere seeking ISO 9000 registration is enough and there no real intention to implement the system in the way it is intended,
- How are your polices and procedures structured in an ISO format,and where are the dedicated resources maintaining them
- How are the Procedures up to date or current, documenting what is being actually done at the floor (office, site or shop),
- How are you holding people responsible as a result of not having the correct document?" They won't have a clue what to fix and you can - but just telling them isn't helpful!
What is a system
It is a collection of interacting parts functioning as a whole where subsystem are working towards a larger system. It is a collection of processes that work to a common goal. A system is made of processes, a process is a systematic sequence of action to produce a thing or achieve an end
Every company is made of systems and processes and they interact and they also extend beyond the company walls. Thus an organization is a system , subsystem and processes.
I have defined our procedures/processes for system departments to be made:
Operation conduct Policy
Support Management to Operation
Regulatory Compliance
Objectives and targets
HR / Training, Awareness & Competence
Emergency Response
Corrective action to be defined by system
Documentation / Records of all departments to be defined by system
Internal Audits of all departments including of system first
Management Review
Process Engineering & Design Inputs (inc. change management)
TI /TSP/O&M /production
Maintenance
Tool storage
Waste control I
Some thing to ponder about by system AUDIT and all HOD:
What is the organizational step-up of the departments?
- Is the staff employed in the department adequate?
- Are the qualifications of staffs adequate?
- Is the staff competent?
- Is the staff independent?
- To whom do they report frequently and with what effect?
- Is there any internal audit manual?
- Is a program of internal audit drawn up before the commencement of the financial year?
- Does the program cover the audit of all the important transactions and records of the company including statutory cost accounting records?
- Is the scope of the internal audit wide enough to extend to areas such as management audit, operational audit and the system analysis?
- What is the system of reporting irregularities noticed during internal audit?
- Is prompt corrective action taken by the management on the basis of internal audit reports?
- Is there much duplication of work between the statutory audit and internal audit?
