One of the steps to prepare for a successful second party customer audit or a third-party registration audit is to conduct several first-party internal audits. Establish a cross-functional internal audit team and train them in the company’s audit procedure, policies, and specific elements of the standard relative to the third-party certification. The internal audits conducted should align with your industry’s best practices. All audits are objective evidence and a snapshot of compliance to written policies, procedures, and instructions. This objective evidence should be discussed in regularly scheduled management review meetings with representation from all areas of the company. Senior management should be present at all opening and closing audit meetings because if senior leadership is not committed to this process, then no one else will be.
Most auditors prefer scheduled audits. Yes, all companies strive to be “audit ready” every day; however, auditors are more effective and productive when the correct personnel and resources are available to interview and observe throughout a set schedule. Internal audits should not be an annual event but timed around work schedules and focused on critical areas. Third-party audits must be scheduled with a registrar months in advance to allow for the selection and deployment of auditors with knowledge of both the standard and the company’s area of business and to reduce the auditor’s travel expenses.
Start with an internal audit
Internal audits should cover the full spectrum of the company’s processes and be designed to close the loop between the industry’s standards, customers’ specifications, and the company’s people, processes, and product. Checklists are often helpful in training internal auditors and ensuring consistency with internal audits over time. Checklists also can remind auditors to focus on items that require more intense examination. Prepare checklists to align with the elements of the standard to which your company is registering. This ensures the internal auditors comprehend the standard’s elements and how the company is interpreting compliance to these elements.
Auditors should evaluate the metrics used by the company to evaluate quality and productivity of the process and the product. Key performance indicators (KPI), trends of customer complaints and customer satisfaction, and non-conformances observed in previous internal audits will provide the required objective evidence to be documented.
Experienced auditors focus internal audits on “what has changed” between the scheduled internal audits. Personnel and equipment changes can be opportunities for improvement. However, implementation of the changes must include effective personnel training and documented validation of equipment. Evaluation of the associated documents will provide objective evidence that the change(s) were effective or identify areas requiring improvement.
Corrective action and review
Another area to evaluate is corrective action reports issued because of internal and/or external customer complaints. Trends of a company’s corrective action reports can focus on repetitive events and the top three issues requiring correction. Auditors can provide insight into whether the root cause investigation has discovered the true failure to prevent another occurrence of the non-conformance. Re-training is never the correct preventive action.
Once the review of documentation, observation of the processes, and interviews with company personnel is completed, an internal audit report is prepared within a scheduled timeframe. This audit report should recognize areas that are meeting customer specifications and areas that are compliant with company’s policies and procedures, and industry standards. Internal audits should also focus on opportunities for improvement and can be reviewed in the next scheduled internal audit when documented.
Ongoing evaluation
As previously stated, the results of all internal audits should be reviewed during regularly scheduled management meetings. During the review, personnel can discuss ongoing metric evaluation and use past internal audit information for future internal audits. It is important to keep all personnel and departments focused on the same objective—creation of a climate of performance excellence and successful second and third-party audits.
Internal audits are the cornerstone of an effective and mature quality management system. Organizations with quality management failures, customer dissatisfaction, and unsuccessful second- and third-party audits can trace the failures back to an ineffective internal auditing program. Once you have a comprehensive audit program in place, you will be prepared for the third-party certification program.
Jan Eudy is a technical resource for ESD, cleanroom, food, and healthcare garments and products. At Cintas, she directs the quality system and ISO registration for cleanrooms and supports validation and sterile services. She is President Emeritus and Fellow, Institute of Environmental Sciences and Technology.
This article appeared in the October 2013 issue of Controlled Environments.