How to evaluate Internal audit effectiveness?
One of our auditor raised an improvement in the evaluation of internal audit effectiveness. Actually, what we are doing is to identify if the audit cycle is complete - ex: CAR completed, forms are filled out, etc.
Can someone please help how to evaluate if internal audit is effective?
is it a form of report? a checklist? quantifying the findings (ex: major and minor) and comparing them against previous audit result?
thanks. Will appreciate feedback.
I trend non-conformances annually, differentiation between documentary and implementation. Then it is compared to previous years results. This is then reviewed at the Management review Meeting.
I do the same with non-conformances from Hygiene audits , process audits, Complaints etc...
Well Teody,
You haven't said who was auditing so all I can offer is what we do. We were hit on internal auditing on our first FSSC 22000 audit so we adjusted our method some and it's going much better.
I run the internal audit program. I created a tentative schedule based on the code sections and assigned them to a month. Most months have 10 audits some have a few less during our winter season. I have an internal auditor meeting every 2 - 3 months and schedule the next 2 - 3 months of audits. Then the auditor goes out and performs the audit and returns the completed audit to the office manager. She takes it to the next Food Safety Team meeting and we review the audit and decide if any of the discrepancies are CAPA items or non-CAPA items that need to be fixed (CAPA - Corrective Action Preventative Action - being any item of direct food safety concern). Then we assign a due date for any deficiencies and someone responsible and we follow up every meeting on any change/correction. Then when it's closed out we note that in our CAPA system for CAPA items or just internally for non-CAPA items.
We review the internal audit system at management reviews.
I keep a RAG report of all non conformances, regardless of how they are raised (3rd party audit, internal audit, customer audit) and can trend from here any recurring issues. these become my priorities for any continuous improvement projects.
Caz x
The best way to look at it is to ask yourself the question "why are we doing internal audits?" The answer is your KPI.
Be careful not to get into the trap of doing audits for the sake of doing audits, or to search for nonexistant problems to keep the NC list big; these simply look at the activity and the immediate output, but ignores the value, intent and funtionality of the exercise. Look at it as an outcome based exercise - and how does the investment in the internal audit process add value to the company?
Typically the inernal audit program has two key goals:
- reduce the NC's on an external audit (certification or customer)
- reduce problems (non-conforming product, downtime, customer complaints, cost, etc)
The first is fairly straight forward, the second you may need to work on to ensure you have a valid measure (preferably internal audits are proactive, catching potential issues rtehr than non-conformances).
John
I have a column on my CAPA log that's (probably incorrectly) labeled root cause - and in this program there are three options- No program, ineffective program, and training. But really it's my "I am gauging effectiveness" column. If there is a program with a large amount of ineffective program items, that's the program I would focus on. So if I had quite a few items on my CAPA log for internal auditing not being completed on time, or major NCs being missed during an internal audit, that's when the program would become ineffective and need serious attention.
I'm not at an ISO factory now, so it's essentially useless, but I relied on it so heavily to determine which program to focus on that I still use it.
Now a days CAPA is replaced by CAR (corrective Action Report)
The best way to look at it is to ask yourself the question "why are we doing internal audits?" The answer is your KPI.
Be careful not to get into the trap of doing audits for the sake of doing audits, or to search for nonexistant problems to keep the NC list big; these simply look at the activity and the immediate output, but ignores the value, intent and funtionality of the exercise. Look at it as an outcome based exercise - and how does the investment in the internal audit process add value to the company?
Typically the inernal audit program has two key goals:
- reduce the NC's on an external audit (certification or customer)
- reduce problems (non-conforming product, downtime, customer complaints, cost, etc)
The first is fairly straight forward, the second you may need to work on to ensure you have a valid measure (preferably internal audits are proactive, catching potential issues rtehr than non-conformances).
John
Good points here John,
I would say that one of key goals of internal audits is to confirm compliance* which will ultimately lead to the two key goals you have identified which are certainly KPI's I would look at when assessing the effectiveness of internal audits.
Regards,
Tony
* Quote ISO 22000 Clause 8.4.1 Internal audit
The organization shall conduct internal audits at planned intervals to determine whether the food safety management system
a) conforms to the planned arrangements, to the food safety management system requirements established by the organization, and to the requirements of this International Standard, and
b) is effectively implemented and updated.
Thanks!
Good points here John,
I would say that one of key goals of internal audits is to confirm compliance* which will ultimately lead to the two key goals you have identified which are certainly KPI's I would look at when assessing the effectiveness of internal audits.
Regards,
Tony
* Quote ISO 22000 Clause 8.4.1 Internal audit
The organization shall conduct internal audits at planned intervals to determine whether the food safety management system
a) conforms to the planned arrangements, to the food safety management system requirements established by the organization, and to the requirements of this International Standard, and
b) is effectively implemented and updated.
The best way to look at it is to ask yourself the question "why are we doing internal audits?" The answer is your KPI.
Be careful not to get into the trap of doing audits for the sake of doing audits, or to search for nonexistant problems to keep the NC list big; these simply look at the activity and the immediate output, but ignores the value, intent and funtionality of the exercise. Look at it as an outcome based exercise - and how does the investment in the internal audit process add value to the company?
Typically the inernal audit program has two key goals:
- reduce the NC's on an external audit (certification or customer)
- reduce problems (non-conforming product, downtime, customer complaints, cost, etc)
The first is fairly straight forward, the second you may need to work on to ensure you have a valid measure (preferably internal audits are proactive, catching potential issues rtehr than non-conformances).
John
Thanks everybody for your input.
It becomes clear now how to approach it, trending NCs and looking at the weaknesses to focus give an accurate overview of how effective the Internal audit is.
Mr. Incognito - it is an internal audit (our team). I do the schedule and CAR monitoring and report them to Management review.
Linking the trend to its effectiveness makes an excellent point - thanks trubertq.
Thanks John --
We also have targets for external audits which i can see to be improving every year.
However, - "The first is fairly straight forward, the second you may need to work on to ensure you have a valid measure (preferably internal audits are proactive, catching potential issues rtehr than non-conformances)." < :shades:
thanks!