So you are now required to create an internal audit program, but where do you begin?
Where do you get your inspiration from and what is the best way?
What are the requirements and what are we trying to get out of this?
Who on our team has done this at a previous job and can we copy them?
The answers to these questions can greatly influence the direction that you take with the creation of your internal audit program. In many cases companies imitate whatever experience they have had.
Maybe experience comes from a certification body audit at a previous job. The problem is the source of requirements for internal audit requirements comes from clause 9.2 of the ISO 9001 standard, while the requirements for 3rd party ISO 9001 audits comes from ISO 19011 and AS9100 comes from AS9104 and AS9101.
Maybe experience comes from an internal audit team at a previous job. The problem is that the previous company might be very different from your company, and even if they are similar they might have copied a company that is very different to them.
You need an audit program that fit’s your company and doesn’t have you trying to meet requirements that don’t apply to you.
When planning your internal audit program it is critical to consider the following:
-
What are our requirements?
- Determining the scope, frequency and criteria of the audit
- Audit planning with consideration given to the importance of the process, previous audit results and recent changes
- Competence and independence of auditors
- Auditing the QMS against the requirements of the standard
- Auditing the implementation of the QMS processes
- Addressing nonconformance’s in a timely manner
- Evaluation of Conformance and Effectiveness of QMS processes
- Method of planning, performing and documenting the audit
- Method of reporting of audit results
-
What are we trying to get out of this?
- Do you want just to be compliant with ISO 9.2 of ISO9001 or AS9100?
- Could this be an opportunity to practice being audited, so that personnel become more comfortable and confident during certification audits?
- Auditors have the rare opportunity to move from process to process and site to site. It is rare that any one individual gets to sit down with people from every department and learn their job and how the receive, process and distribute information. Auditors get the chance to gain unique knowledge and understanding of how the process is intended to work, versus how it actually works in practice. They get a view of the entire flow of data throughout the business. Investing in your internal audit process can be one of the most valuable exercises a company can go through.
- When you contract external auditors, they come with experience from many other companies and can provide fresh ideas and point out inefficiencies that may not be obvious internally.
- Regardless of the path you choose for setting up your internal audit program, make sure it is set up around your business and not the certification body or after another company. If you do that, you wont gain the full benefits of the internal audit and it will feel like a valueless chore.