We schedule internal audits to make sure that people follow procedures correctly. This schedule has auditors look at a few procedures one month, then move on to a different set of procedures next month, so that over several years most if not all the management system was looked at. Compliance auditing, we call it.
Many organisations still compliance audit and have developed standard checklists to be used with each audit. Over time auditors find less and less non-conformances and those they do find are usually to correct spelling or grammar in procedures. We know that compliance auditing does not prevent mistakes from happening or things going wrong that affect customers.
Businesses can have hundreds or even thousands of documents controlled within their management system. This number of documents makes it difficult, if not impossible to audit all management system procedures. Yet still businesses persist with these wasteful compliance audits. If yours is one of these, then stop them right now.
Instead, internal audits need to be scheduled around the highest risk processes and activities. This is likely to be where most things go wrong. As a consequence of risk-based thinking most processes do not need to be audited. There is no need to audit if process outputs are what customers want and the process measures are indicating that the process is operating within the prescribed limits. This frees up valuable time so auditors can focus on what is ailing the business.
The audit team needs to be refocussed from changing controlled documents, to improving processes, lessening the likelihood of something going wrong and when something does go wrong reducing the impact.
Stop just ticking the internal audit box, and direct your internal audit programme to add value to your business instead of being a waste.
Note: Google chrome users will need to install the RSS extension
Michael posts on topics relating to organisational growth and excellence
Sign up below to receive my future posts and offers