The Problem with Auditing

Is there a problem with auditing?

How is the audit function managed within your organisation?

Is it a business function, or is it done because ‘ISO’ says so?

Internal auditing of a management system is a requirement of all ISO management systems standards, and perhaps this is where the problem lies. The task has become a requirement, and therefore it’s seen as something that has to be done to obtain certification. It’s yet another requirement.

However, if you think about it, auditing your own management system makes perfect sense. After all, why would you invite a certification company to come in & audit your system, if you haven’t checked it yourself?

Would it be viewed differently if we swapped the work ‘audit’ for ‘check’? Are there connotations attached to the word ‘audit’. Do we envisage people walking round with a clipboard, checking our work?

Of course, internal audits isn’t about checking anyone’s work. It’s about checking the management system – does it comply with the relevant standard(s), are we following it, and could it be better?

In my experience there are too many organisations getting little or no value from internal audits, and there are a number of reasons, including:

  • a lack of understanding regarding what audits are and why they are necessary
  • poor planning of audits & a lack of resource to do them well
  • little or no training of nominated auditors
  • inconsistent approaches to performing audits
  • inconsistencies regarding the reporting of findings & communicating audit results
  • not following up when NC’s are found

I also see small a number of companies who obtain a great deal of benefit from auditing:

  • confidence & peace of mind; knowing the system complies with the standard
  • uncovering opportunities to improve the business
  • simplifying how ‘things get done’
  • transparency in how work is done & how processes are connected
  • managing change positively and in a controlled manner
  • finding problems and treating them before they become issues
  • engaged staff

Indeed, I have clients now who perform audits even though they aren’t certified to any standards – they just get good value from doing them.

Auditing isn’t going to go away – so let’s get some value from them:

  • select auditors intelligently & invest in some proper training
  • provide the resources needed to perform the audit function – and get value back from it
  • create consistency in how audits are planned, performed & reported
  • perform audits regularly so that people get used to seeing auditors and being part of an audit themselves
  • Act on the results of audits – take NC’s seriously, take the opportunity to make improvements
  • Ensure NC’s are followed up approriately
  • provide opportunity for auditors to learn from each other

Auditing is a skill. Both performing an audit and being audited can be uncomfortable.

There is huge value to be gained though. One of my clients uncovered the fact that they were legally non-compliant and took swift action before it became an issue. Another made changes to their processes that resulted in a reduction in lead times by 15%, adding £20k to the bottom line. Remaining compliant to the appropriate standard and maintaining certification was almost secondary.

So, what will you do to make some positive change to your audit function?

You may want to attend a 1-day course that I run (more info here), that will re-establish the understanding, theory & best-practice of internal auditing.

NOTE: If you need formal IRCA-certified audit training; again, I can help – just get in touch in the usual way.





Back to Blog