Process-based Auditing



Similar documents
Process Mapping and Process- Based Internal Audits

Auditing Process-based Quality Management Systems. Charlie Cianfrani and Jack West

Quality Tools, The Basic Seven

A C T I V I T Y : U S I N G T H E F I S H B O N E D I A G R A M TO

ISO 9001:2008 Quality Systems Manual

Workflow and Process Analysis for CCC

Writing Reports BJECTIVES ONTENTS. By the end of this section you should be able to :

Application: See Individual project

The Big Assurance Picture

I S O T R AN S L AT ED I N T O P L AI N E N G L IS H 4. C O N T EX T

Strategies for Winning at Math. Student Success Workshop

Row Manufacturing Inc. Quality Manual ISO 9001:2008

Improving Management Review Meetings Frequently Asked Questions (FAQs)

Eagle Machining, Inc. Quality Management System

Table of Contents. Chapter 3: ESTABLISH A COMMUNICATION PLAN Discussion Questions Documenting the Communication Element...

(Effective for audits of financial statements for periods beginning on or after December 15, 2009) CONTENTS

Internal Quality Management System Audit Checklist (ISO9001:2015) Q# ISO 9001:2015 Clause Audit Question Audit Evidence 4 Context of the Organization

Brochure HP Workflow Discovery for FSI

White paper. Corrective action: The closed-loop system

SAMPLE EXAMINATION. If you have any questions regarding this sample examination, please

Check, Revise, and Edit Chart

Practical Experience Requirements Initial Professional Development for Professional Accountants

An Introduction to. Metrics. used during. Software Development

ISO 9001 Quality Systems Manual

OA4-13 Rounding on a Number Line Pages 80 81

The Business Value of Meetings: Test Your Knowledge Jack J. Phillips PhD Chairman, ROI Institute, Inc.

GENERIC STANDARDS CUSTOMER RELATIONSHIPS FURTHER EXCELLENCE CUSTOMISED SOLUTIONS INDUSTRY STANDARDS TRAINING SERVICES THE ROUTE TO

Lean Six Sigma Training The DMAIC Story. Unit 6: Glossary Page 6-1

A STRUCTURED APPROACH TO ORGANIZATIONAL IMPROVEMENT

Pigeonhole Principle Solutions

pm4dev, 2008 management for development series Project Quality Management PROJECT MANAGEMENT FOR DEVELOPMENT ORGANIZATIONS

Measuring instruments in industry.

Developing an Organisational Vision

EMA CMDB Assessment Service

FAILURE INVESTIGATION AND ROOT CAUSE ANALYSIS

CATIA V5 Surface Design

PERSONAL DEVELOPMENT PLAN. Understanding the PDP

Internal Audit Checklist

Notecard Question & Answer Technique

Certification criteria for. Internal QMS Auditor Training Course

Skills Knowledge Energy Time People and decide how to use themto accomplish your objectives.

INTERNATIONAL STANDARD ON AUDITING 220 QUALITY CONTROL FOR AN AUDIT OF FINANCIAL STATEMENTS CONTENTS

Assessment Management

DOING YOUR BEST ON YOUR JOB INTERVIEW

Certification criteria for. Food Safety Management Systems Auditor/Lead Auditor Training Course

ISO 9001:2008 Requirements Explained - An Adobe PDF File for Use on a Network System

Certified Quality Improvement Associate

COBIT 5 Introduction. 28 February 2012

Appendix A: Annotated Table of Activities & Tools

QUIZ MODULE 1: BASIC CONCEPTS IN QUALITY AND TQM

LESSON 7 Don t Be A Square by Michael Torres

Quality Thinking in other Industries. Dominic Parry Inspired Pharma Training. WEB GMP BLOG inspiredpharmablog.

Unit 6 Direction and angle

Chapter 6 Experiment Process

4. Business Accounting

APES 315 INTRODUCTION LIVE CHAT: QUESTIONS AND ANSWERS

5. Develop two test questions based on the first chapter:

OBSERVATIONS FROM 2010 INSPECTIONS OF DOMESTIC ANNUALLY INSPECTED FIRMS REGARDING DEFICIENCIES IN AUDITS OF INTERNAL CONTROL OVER FINANCIAL REPORTING

Common Tools for Displaying and Communicating Data for Process Improvement

THE PROCESS APPROACH IN ISO 9001:2015

Refining Informational Writing: Grade 5 Writing Unit 3

Micro Plastics, Inc. Quality Manual

LinkTech LLC 3000 Bunsen Ave. #A Ventura, CA 93003

Framework and Resources for Early Childhood Education Reviews

ISO 9001 (2000) QUALITY MANAGEMENT SYSTEM ASSESSMENT REPORT SUPPLIER/ SUBCONTRACTOR

SHAKESPEARE RESEARCH ASSIGNMENT

STRENGTHENING SUPPLIER RELATIONSHIPS: WITH COMPREHENSIVE AUDIT PLANING

Time needed. Before the lesson Assessment task:

Accounting for innovation* The impact on technology companies of accounting for R&D activity under IFRS

Internal Control Systems and Maintenance of Accounting and Other Records for Interactive Gaming & Interactive Wagering Corporations (IGIWC)

SEPT EVIDENCE PRODUCT CHECKLIST For ISO Standard 9004:2009 Managing for the sustained success of an organization A quality management approach

Implementing an Implementation Strategy for ISO 15189:2012

towards a quality management system

ISO 9001: A Quality Manual for the Transition Period and Beyond

Tools to Use in Assessment

Assessing A Student s Need for Assistive Technology: Where to Start?

Intrusion Detection Systems. Darren R. Davis Student Computing Labs

Certified Six Sigma Yellow Belt

Auditing HACCP Programs

Evaluation Plan: Process Evaluation for Hypothetical AmeriCorps Program

Course Outline. Foundation of Business Analysis Course BA30: 4 days Instructor Led

Gates, Circuits, and Boolean Algebra

Technology Intelligence: A Powerful Tool for Competitive Advantage

WRITING EFFECTIVE ESSAY EXAMS

Chapter 3 Problem Solving

Questions from GAQC Conference Call The Impact of SAS 112 on Governmental Financial Statement Audits January 4, 2007

Risk Management Advisory Services, LLC Capital markets audit and control

EMS Example Example EMS Audit Procedure

Chapter 5 Transfer Pricing Methods

Object-Oriented Analysis and Design

ISO 9001:2015 QUALITY MANAGEMENT SYSTEM ***** ISO 14001:2015 ENVIRONMENTAL MANAGEMENT SYSTEM

University of Stirling. Records Management Strategy I. Introduction

HIV, STD & Pregnancy Prevention

Introduction to Systems Analysis and Design

ISO 9001:2008 Internal Audit Guidance

key evaluation questions

Transcription:

Process-based Auditing Dennis R. Arter The Audit Guy Columbia Audit Resources Kennewick, WA, USA, 99336 dennis@auditguy.net Summary Process-based auditing is a new name for an old topic. It requires an in-depth understanding of the business and control processes of the organization before the audit starts. It requires performance data from the activities being audited. Audit results must be presented in a form that promotes continual improvement. These are not new concepts. Before an audit starts, audit team members must first map and then understand the business, production, and control processes within the scope of the audit. They prepare individual (and unique) work papers to define audit criteria and objective evidence needs. Then they gather evidence through observations, interviews, and examinations. The data are assembled into findings, such that stakeholders have a desire to change deficiencies and continue good practices. Keywords Audit, process, improvement Audits provide information for decisions To audit is to compare gathered evidence to established requirements. The observations, both good and bad, are analyzed to form findings or positive practices. The sum of the information is further analyzed to form conclusions that stakeholders can use for making decisions. Thus, the purpose of any audit is to assist decision-makers in managing the enterprise. Rather than examine the operations to artificial criteria, such as document control or instrument calibration, auditors may assist the operations by examining business processes and how they are controlled. This requires seven steps. Step 1: What do they make? Every organization produces a product. In order to evaluate the controls used to make the product, the auditor must first know about the product. This is not just for manufacturing operations. Product actually comes in four forms: (Reference 1)

1. Tangible manufactured goods, such as autos and appliances 2. Tangible processed items, such as pharmaceuticals, plastics, and puppy chow 3. Software instructions for computers to use 4. Service activities, such as loaning and laundering The first step is to define the goods and services provided by the organization to be audited. This is usually fewer than a half-dozen things. Step 2: How do they make it? A product is the result of one or more processes. (Reference 1) The auditor must identify the various process steps used to make the product. A simple list of steps can suffice. Many auditors find the flowchart to be a useful tool. Try to diagram the process steps on a single sheet of paper, using eight to ten boxes. Keep it simple. Each box of the flowchart should start with a verb, to emphasize the transformation of inputs into outputs. String several processes together and you have a system. Step 3: Understand the processes There are three ways of examining processes for deeper understanding. The first is the simple four-box model: Inputs, outputs, controls, and resources make up the boxes. This is an elegant model and quite useful in getting the various process parameters defined. Unfortunately, it also depends upon the memory of the individual doing the analysis. Important aspects could be forgotten. The second model for analyzing processes leaves less to memory. This model examines the six universal process affecters, initially captured by Ishikawa (Reference 2) and used in the fishbone diagram approach to problem solving. These six affecters are: 1. Methods. These are the instructions we provide for the task. They are often called documents. 2. Material. There are the things used by the process. 3. Manpower (and womanpower!). These are the human competencies needed for the task. 4. Measurement. These are the data taken on the process and their use. 5. Machinery. This is the equipment used to perform the action. 6. Environment. These are the outside influences on the process. Manpower Machinery Material Process Methods Environment Measurement Figure 1: Universal Process Affecters

Using this second model, the six affecters, can be quite complex. The auditor could spend days in examining all the affecters in all the processes to be audited. Fortunately, there is a third model, which combines the simplicity of the four-boxes and the thoroughness of the process affecters. This third model is often called the turtle diagram because it looks (somewhat) like a turtle. The turtle diagram has six boxes for each process: 1. Inputs (List the things coming into the process.) 2. Outputs (What has changed and is being passed on to another process?) 3. With What (What are the materials and equipment used by the process?) 4. With whom (What are the people requirements for this process?) 5. How (What are the supporting processes and methods used for the transformation?) 6. What results (What are the performance indicators for the process?) With What? (Materials & Equipment) With Whom? (Competence, Skills, Training) Inputs Process Outputs How? (Support Processes, Procedures & Methods) What Results? (Performance Indicators) Figure 2. The Turtle Diagram Source: AIAG 2003 Step 4: Define objective evidence needs Every audit requires a set of work papers to assist in data gathering. These are the tools to guide the auditor in obtaining necessary facts while performing the audit. They should be objective and based on the requirements defined in step 3 (turtle diagram) above. A typical quality management system audit will use 30-40 pages of checklist questions. While it is fine to start from a common base, the final list should reflect the specific processes being examined. They should include questions drawn from external requirements, high-level internal requirements, process specific procedural requirements, and product specific specifications.

Step 5: Gather objective evidence This is the performance phase of the audit. (References 3 and 4) After a brief opening meeting, the auditor collects five kinds of information: Physical evidence, such as size, shape, color, and temperature Sensory evidence, from sight, sound, smell, and sometimes even taste Paperwork, including both documents (before the activity) and records (after the activity) Interviews, obtained by talking to people in their work areas Patterns, including percentages, trends and ratios The auditor will normally obtain this evidence through the use of tracing, a technique of following the actions (processes) from step to step. All this information is captured in the work papers, which act as auditor s field notes. Step 6: Analyze data by sorting Now, the auditor must review the field notes and identify observations. These are the facts gathered during the course of the audit. They may be good (requirement was met) or bad (requirement was not met). Make a master list of good facts and bad facts. Once the master list is made, sorting the data by problems and strengths. This is classic data chunking. Stack the bad facts on top of the related problem. Stack the good facts on top of the related strength. Amazing as it seems, there will always be one or two piles bigger than the rest. Ignore the small piles and focus on the big ones. Turn the piles upside-down and you have a finding or a positive practice. These are statements about the system weaknesses or strengths, supported by examples. (Reference 5) Placed on a single sheet of paper, they are called finding sheets (or positive practice sheets). Step 7: Present your conclusions Examine all the findings and positive practices, along with sights and sounds of the entire audit experience, to develop an overall conclusion. This is a one or two paragraph summary of the audit experience. Are processes defined and in control? Are operations safe and within regulatory boundaries? Are external and internal customer needs being met? Findings, positive practices, and conclusions are presented at the closing meeting and formally captured in the audit report.

Conclusion There are seven steps in the process approach to auditing: 1. Define the products 2. Define the processes used to make those products 3. Analyze and understand those processes 4. Develop objective evidence needs to explore the processes 5. Gather field data during the actual audit 6. Analyze the gathered data by sorting into piles 7. Present the information to the process owners In order to use the process approach, the auditor must first understand how the business processes relate to the objectives of the enterprise. Then data are gathered to see how these processes are being controlled. Finally, conclusions must show how the identified strengths and weaknesses affect the operation of the business. References 1. ANSI/ISO/ASQ Q9000-2000, Quality management systems-fundamentals and vocabulary, 2000, ASQ Quality Press, Milwaukee 2. Ishikawa, Kaoru, Guide to Quality Control, 1992, Quality Resources, White Plains, NY 3. Arter, Dennis, Quality Audits for Improved Performance, 3 rd ed., 2003, ASQ Quality Press, Milwaukee 4. Arter, Dennis, Auditorías de Calidad para Mejorar La Productividad, Tercera Edición, 2003, ASQ Quality Press, Milwaukee 5. Arter, Dennis, et. al., How to Audit the Process-Based QMS, 2003, ASQ Quality Press, Milwaukee

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information