Venture Knowledgist Quality Integration
INNOVATIVE REALIZATION OF INTERNAL
PROCESS AUDITING FOR PERFORMANCE EXCELLENCE
auditing is an essential topic in Quality Management (QM). The important conceptual
and methodological reference for auditing is ISO 19011 standard. Very often, however,
in practical cases auditing methodology is misunderstood and applied very ineffectively.
It is used only for quality assurance or as a reactive tool for searching for
nonconformities and not understood as a key element for a proactive QM. Internal
auditing is very different from the external auditing.
An innovative approach
is to audit business processes reflecting business-like aims of QM and performance
excellence. Also the scoring principles according to the performance excellence
models may be applied with auditing. This modern approach is harmonious with the
ISO 9000 standards, too.
This methodology is based on lessons learnt through
benchmarking best practices in different companies and countries and many years'
encouraging practical experiences by using this methodology.
Comprehensive quality approach established
by a company-dedicated QM model
A corporate-wide QM model (performance
excellence management infrastructure) consists of activities on four levels of
business responsibility: 1. Corporate (cultural and normative issues),
2. Business areas (strategic issues) 3. Processes (operational issues)
4. Individuals and teams ( personal and human issues)
and actions (plan, do / control, improve and assure) take place on all these levels.
used methodology and tools that are essential from the QM point of view are developed
and supported on the corporate level. Auditing procedure and process management
model are very representative examples.
Because process approach is the
most practical and effective basis for a comprehensive QM, therefore it is also
very essential aspect from the auditing point of view. That means that the business
processes are objects of auditing, and audits themselves are carried out and managed
according to company's process practices. Management of business processes consists
of: - Process plan (definition of the process owner, activity flow, and measures
and indicators), - Process control, - Continual improvement - Quality
Internal auditing is a support process of business management
defined by appropriate procedure documents. Items being audited consists of company's
business processes according to corporate's process management framework that
includes customer processes, market processes, support processes and management
Internal performance assessment, an
essential part of QM
Performance management includes that business
performance is assessed internally by company's own resources for performance
improvement and also for quality assurance. Both strategic and operational assessments
are needed. Aiming at performance excellence requires that also relevant references
of competitors and best practices and benchmarks in other organizations are taken
into account in the assessments.
Strategic assessments cover business units
and their businesses as a whole. They are made as self-assessments by the management
teams of the units. Malcolm Baldrige methodology and its criteria originated in
the American national quality award form the rational methodology used for that
purpose. Audits are empirical internal assessments of the performance of individual
business processes. Thus audits are more operational than Malcolm Baldrige assessments.
Audits are made by people who are independent from the processes being audited.
Self-assessments are made by the responsible business leaders. The both methods
support well each other.
Auditing is based on the international
standard definition and principles
Internal auditing is a comprehensive
task that should be both reactive and proactive by nature. Its purpose is not
only to search for nonconformities (nonfulfilment of specified requirements) or
defects (nonfulfilment of intended usage requirements or reasonable expectations
under the existing circumstances) but there is a broader business related scope
in auditing. Also performance strengths of the business processes should be noted
in internal audits. It is useful to comply with the recognized international definition
and principles of auditing. The formal definition for audits has been recently
reconsidered in the new standards ISO 9000 and ISO 19011.
the above mentioned standards internal audit is understood as a systematic, independent
and documented process for obtaining records, statements of fact or other meaningful
data relevant to the criteria of business performance enhancement. These criteria
are both qualitative and quantitative and relate to policies, and procedures/processes
including their outputs and performance results. Requirements for business management
and thus naturally also for internal audits consider need or expectation that
is stated, generally implied or obligatory taking into account company's all interested
parties (i.e. persons or groups having a interest in the performance or success
of the company). Thus in auditing the business aspects of effectiveness and efficiency
are being considered. Particularly performance excellence issues are necessary
in internal audits within a company operating in severe competitive business environments.
In general and very often external auditing, e.g. third party auditing
for certification or registration, does not comply with the broad range and business
views of the above-mentioned standard definition of auditing.
are carried out within the different business areas of the company as process
audits examining business processes and related results whether they comply with
planned arrangements, and whether these arrangements are implemented effectively
and efficiently and are suitable to achieve objectives from the business point
of view. Auditing is for improvement of the business process performance as well
as for quality assurance. Auditing is a major means for quality management.
processes are more practical object-entities of auditing than quality (management)
systems. In many organizations quality (management) systems are too artificial
and vague. In a modern quality thinking quality management must be integrated
with business. Thus in fact the real "quality system" is equal with
the quality of a management system consisting of a network of interlinked business
processes. Therefore separate concept of quality (management) system is no more
needed. Also according to ISO 9000 standards quality management system is more
a concept or a "mental system" for a systematic approach towards a business
integrated quality management than a distinct system.
Figure 1. The auditing process
The internal auditing procedure defined
by an auditing process
The internal audits are carried out according
to the auditing process (see figure 1). Thus auditing practice is defined and
documented through the process documentation of the auditing process and managed
according to company's general process management model. This approach is along
with the ISO 19011 standard.
Detailed principles and practices of internal
auditing have been created and developed during the recent past decades in practical
company cases. The auditing process is established through the methodology development
and process owner nomination. Typically a group of internal auditors have been
trained within different business units by internal training courses for auditors
on regular basis.
The general aim is that all the major business processes
are being audited at least once a year. Individual audits are carried out by about
3 to 5 persons including the lead auditor. Additionally 3 to 5 persons have been
actively involved from the process being audited. Process description and performance
documents and records as well as practical operations and facilities on site are
examined by the auditors. A process audit itself normally takes about one day.
Additionally time is needed for auditor's briefing and preparing the report and
communication with the owner of the process being audited. Facts for the audit
report is drafted immediately after the audit by the team of auditors, and a representative
from the audited process may attend the drafting meeting as an observer. This
makes the report and its basis better understandable for the process improvement.
Auditing covers all the relevant business
aspects of a business process
A process examination of auditing
covers six relevant business related areas (see figure 2) to address: 1. Customer
issues (i.e. external and internal customers of the process), customer needs,
products ie. the outputs of the process, customer relationships, and customer
satisfaction results 2. Process entity as a whole, internal process activities/tasks,
flow of information and material, process-internal performance and related measures
and indicators, measurements, target values and related performance results
3. People issues including responsibilities, knowledge, competences and skills,
education and training, learning, participation/involvement, innovation communication,
and people satisfaction 4. Tools, methods, information systems including documentation,
and work facilities and environments 5. Suppliers, supplier relationship/partnership,
and supplier performance measures and indicators and related results 6. Process
management, process plan and target setting, control, quality assurance, and improvement
items as environmental management issues and corporate/information security issues
within the process are also examined within the six examination areas as necessary.
In addition to general process audits, specifically directed audits for these
specialized areas have been performed, too, using the same general audit methodology.
2. Examination areas for address in process auditing (C = customer, S = supplier).
The numbered items are explained in the text.
A set of detailed questions
for all above mentioned examination areas have been developed for guidance of
practical audits and for training purposes. They are based e.g. on the general
process management principles of the recognized QM references including ISO 9000
standards. Of course, also company's process management model is considered as
a general reference model when the business processes are being audited. However,
the key point is that always these general models are understood and interpreted
from the business needs relevant to the process being audited.
Audit report as a basis for performance
improvement and quality assurance
Audit report prepared by the
auditing team consists of both pure observations (i.e. objective evidence) and
proposals or recommendations (i.e. auditing team members' subjective issues for
the process improvements). Both strengths and weaknesses of process performance
are noted in the audit report.
In addition to textual information, the auditing
report includes also a quantitative scoring of the overall performance of the
process. The scoring (see figure 3) is based on the principles tailored from Malcolm
Baldrige scoring rules and tables taken into account approach/deployment and results
of the process.
3. Reporting performance scoring based on the audit observations
Auditing process is also being continually
The auditing process is also regularly evaluated and
improved. The auditing is assessed in a broader business context as a support
process through Malcolm Baldrige assessments. The auditing process itself should
be audited, too. The process owner is responsible of the improvements.
benchmarking a lot of good ideas relating auditing has been learnt from different
companies and professional experts. All these should influence to the further
development of the auditing process/procedure.
auditing, when used effectively and efficiently, is a proactive management means
for QM: - It is an activity within the company-dedicated QM model, - It
is an assessment tool for performance of business processes supporting consistently
both quality management and quality assurance. - It is managed through the
normal business process management practices. - Audit reports include both
qualitative (textual) and quantitative (scoring) information. - Auditing procedures
are continually evaluated and improved.
Internal auditing is an excellent
tool to create company-widely a systematic and also critical thinking for the
business performance improvement. It is also positively influencing cross-organizational
learning within the corporation. Thus auditing is enhancing the company's business-integrated
J. (1999). "Systematic integration of quality into management: Practical
experiences from Sonera Ltd and generalized conclusions" Quality for business
transformation, New Delhi: Institute of Directors 2. Anttila, J. (2000). "Using
ISO 9000 standards for innovative learning" The best on quality, Vol. 11,
Milwaukee: ASQ Quality Press 3. Anttila, J and Vakkuri J. (2000). Good Better
Best. Helsinki: Sonera Corporation. 4. ISO 9000. Quality management systems
- Fundamentals and vocabulary. 5. ISO 19011. Guidelines on quality and environmental
management systems auditing. 6. National Institute for Standards and Technology.
Malcolm Baldrige National Quality Award, Award Criteria. Washington: National
Institute for Standards and Technology
material has been presented in different forms in differerent international seminars
or conferences, e.g. at EOQ Annual Congress in Trondheim 1997]