Audit management is an area where enterprise quality management software (EQMS) has a solid history in harmonizing direct and indirect processes, and providing a strong ROI. Some might argue that audit management should take priority over other processes given that it has a correlation with performance, something we will discuss below.
Technology is no match for the critical, investigative thinking and layers of experience a skilled auditor brings to an organization, but that isn’t the goal of audit management. Its purpose is to eradicate inefficiencies, reveal, retain, and utilize all the promise great auditors and other quality-driven professionals (that’s all of us!) and those on the path to greatness provide to an organization.
A centralized, flexible audit management solution as part of EQMS drives sharing, learning, guidance and best practices, not to mention positive side-effects like that of a true corporate memory of all that came before. Thus when capturing and associating a finding, determining root cause and driving corrective and/or preventive actions, this does not become a buried and forgotten artifact.
In this post will take a look at some of the areas whereby audit management in EQMS drives a fertile improvement landscape, particularly with consistency and continuity. In the second part of this series, we’ll inspect the benefits of accountability, visibility and efficiency.
Consistency
To avoid a potential philosophical rabbit hole with regard to process-based auditing vs. using a checklist, we’ll clarify and settle on using the term ‘protocol’ as the guidance to outline or, if required, demand what will be assessed. In some cases, this encompasses everything from a simple audit area, list of audit areas, a set of processes, or single process all the way through to a full compliance checklist.
The point being that having a library of version-controlled protocols (remember this varies in scope) ensures that when executing an audit, we are doing it consistently ACROSS the business and in many cases beyond and into our supplier base. For compliance, this would be somewhat rigid—for more process-based audits, somewhat more detective-like. Beyond consistency in audit scope, elements, and so on, we also open the door to audit outcome and can conduct analysis across lines, departments, plants, business units, regions and so forth because we have our underlying framework for comparison.
With consistent protocols, we should also be weaving our learning for those young audit ‘Jedi’ rising through the ranks or just starting out, and preserving it for those yet to arrive. Guidance and supporting material need not be in a binder or training notes. Very specific or loose guidance per process can be used within the protocol for reference at the point of need (mobile options are particularly useful here). Imagine instantly pulling up a process diagram with auditor notes from the audit Yoda equivalent located geographically elsewhere. It is in a single controlled repository, yet globally available.
Where answer options are appropriate for protocols, outcome can be automatically generated; an automated finding and severity perhaps driven by the answer option selection. This is not meant to be a straightjacket and should allow for adjustment, but again a great way to guide those with less experience and an aide memoir for those who audit a particular element infrequently. If compliance-related though, an immediate flag (once verified) for those who need to know is a boon.
Scoring and weighting audits and assessments can be controversial but, as always, when considered in context, this can prove invaluable for the rolling up and analysis of audits across an organization or a supplier base. This does drive consistency for multiple assessments and offers good initial insight especially in compliance scenarios. It is generally a good idea for the scoring to be hidden from answer options for the auditor, not for secrecy but to avoid conscious or subconscious influence on perceived performance outcome.
Continuity
We will talk more about visibility of audits and audit outcome in the second blog post, but it is important to recognize that visibility contributes to continuity. For example, take a static report being delivered with a list of findings that are a collection of minor nonconformities and an occasional major but also a good mix of opportunities for improvement (OFIs). These, buried in a filing system pose a challenge for new leaders or team members. An exercise in tedious trawling through reports or multiple spreadsheets would likely deter or at the very least significantly hinder the most dedicated individual.
Being able to quickly interrogate previous audit reports using search terms, date ranges, scope, departments and more means that newcomers have a chance of being able to understand what occurred before they splashed down. This gives a fighting chance for being up to speed quickly and making informed decisions. Decisions that may include updating a protocol, guidance and/or an approach to root cause for example. An organization (as well as the employee) deserves this and should prepare for flux within their workforce without enduring significant yet unnecessary disturbances in ‘the force.’
We cannot and should not assume that an audit is executed by a single individual. This does frequently occur of course but so does the scenario whereby multiple members of an audit team are involved. Rather than writing up individually and compiling, for continuity’s sake it is ideal to have a centrally located, access controlled master audit record that stamps changes and additions with the user’s credentials and time of changes. EQMS vendors offer varying levels of locking of audit records so looking carefully for one that suits your organization’s needs.
Typically the audit record would go through a verification stage before being considered final and therefore driving outcome, but this is also an area where some flexibility is demanded. Immediate actions should be accommodated in addition to outcome going through root cause analysis to derive CAPA. This flow from audit to root cause analysis and CAPA should all be accommodated in an EQMS with the trail from beginning to end no matter which direction you come at it from being easy to understand, execute, navigate and interrogate (report on/analyze). There are acceptance workflows and verification baked-in and generally very configurable, but the net result is that this can be extremely efficient and transparent with the right platform.
We will continue this post in a second blog where the elements of accountability, visibility and efficiency are discussed.