Internally or Externally Internal Audit?

Management systems (e.g. ISO 9001, ISO 14001, ISO/IEC 17025, ISO/IEC 15189, OSHAS 18001, ISO 22000, ISO/IEC 27001 and ISO 30301) were built on processed based approach that assimilates the commonly known PDCA/PDSA cycle, made popular by Dr W. Edwards Deming. The cycle describes that good practice of managing of any activity starts with the planning (P for Plan) on how to carry out the activity in order to achieve customer satisfaction. Usually target (objective) of the activity are set to reflect key perception of the customer that should satisfy the customer expectation. Subsequently, the plan is executed (D for Do), then it is evaluated (C for Check or S for Study) whether the execution was effective in achieving the planned objective. Subsequently, action (A for Act) is taken to improve the activity based on the evaluation findings to meet the original objective. Occasionally, the A will trigger a revised P for the next cycle of the activity. Hence the PDCA cycles continuous as long as there is an activity to satisfy the person who requested the activity, i.e. the customer.

One of the instrument of checking (C) or study (S) is by conducting Internal Audit, also known as "first party audit". The word "internal" reflects that it is initiated within the organization, especially by the owner of the activity. Knowing that self-checking by the person who conducted the activity is inadequate to build confidence, often another person who is very familiar with organization's implemented systems and the P (e.g. the procedure, time, objective) of the activity is engaged as the second pair of eyes (aka Internal Auditor) to evaluate the executed activity. In the event, the activity did not adhere to the organization's system or the predetermined P, the internal auditor would suggest doable actions (A) to correct and improve the activity while taking into consideration of the organization resources, priorities and limitations, which were the factors that influenced the initial P and D of the activity.  

 

For various reasons, there is an option to engage person outside the organization to perform the role of Internal Auditor on part-time basis, whereby the person only present at the organization during the audit sessions, often unaware the organization operational resource and progress. I call this Externally Internal Audit. In general, it is allowable but it may have serious disadvantages to the overall management system of the organization. Hereby listed some of the issues that I've seen while performing 3rd party auditing:

• The organization's human resource loses opportunity of job enrichment via internal auditing because they don't experience the whole activities within the management system in realizing the product.

• The organization's human resource lacks appreciation on the importance of their activity to entire management system because they can't see the impact to other activities throughout the organization.

• The organization's human resource lacks understanding on the mechanics of organizational continuous improvement in relation to preventive actions because they implement PDCA in isolation of their own activity.

• The organization's human resource i.e. the auditee sees the internal auditor as the "problem maker - fault finder" not as "problem solver" because the person is not considered as part of the "family" thus creating stressful and non-constructive internal auditing sessions.

• The internal auditor often performs audit (C or S) similar to the "3rd party audit" whereby only non-compliance is highlighted without advising actions (A) to be taken to resolve it.

• The internal auditor often recommends actions (A) without considering the organization's resources, priorities and limitations, consequently organization incurs expenses to remedy a non-compliance.

• The internal auditor tends to dictate/force the auditee to execute the activity (D) in accordance to his/her organization practice, even though the existing D meets the P, causing non-essential purchase of resources.

While maintaining the principles of auditing (integrity, fair, professional care, confidentiality, independence & evidence-based) as described in ISO 19011, whoever been appointed as the internal auditor (internally or externally), shall make themselves perceived as part of the family of the organization, "one for all, all for one" in the sole mission of improving the management system of the organization.

Practical Precision - Pricy Perfection

Few hours drive from Bangkok, Thailand, there is a unique wet market known as "train market". The market is assembled very-very close & on the the town's railway track near the Ratyatraksa road. 

Whenever, the train arrives, the stall owners, swiftly pull their stall's shades and re-position once the train passes-by. 

Interestingly their naked eye measurement in setting-up the stalls, product displays and shades are practical to handle and precise enough for the train pass-thru without hitting any of the stalls or their products. It looks impossible but it has been their life routines, they have a very good way in maintaining the "measurement uncertainty", everything is done manually without any automation, sensors or measuring tape, but it works.

 

Measurement is common in our daily life even at kitchen while perfecting recipes. For laboratory, quality of a measurement depends on the capability to perform the measurement at high level of accuracy. Whereby accuracy is dependent on the precision and trueness. 

When an instrument, e.g. weighing scale displays same value of readings in a series of repeated weighing of the same item, it is considered to be very precise. While trueness is reflected by the capability of the weighing scale to display correct value of weight, which is predetermined by means of calibration using standardized weights, also known as "standard stone". Normally, an equipment calibration service will cover both precision and trueness, often represented by the value named "uncertainty of measurement" stated on the calibration certificate.

Definitely, an accurate measurement is a must but the level of accuracy must fits the purpose of measurement. There is tendency for some customers, auditors and laboratory managers to over-emphasize the accuracy level by increasing the readability (e.g. the number of decimals). Without realizing it defeats the cost-effectiveness, which is the ground rule of organizational survival. 

Increasing readability does not necessarily increase accuracy. Let's compare a digital contact thermometer (CT) of 0.5°C readability that costs MYR50 to a digital infra-red thermometer (IRT) of 0.01°C readability that costs MYR500. Both will incur the same fee for calibration services, around MYR120. After calibration for use between 40 to 150°C, both are used to verify temperature of a stainless steel water bath being setup at 50°C, the CT displays 50.5°C and IRT displays 51.02 °C, which one is the best measurement? Knowing the control knob on the water bath shows increment of setting at 1 °C, does the water bath operation require accuracy of ± 0.01 °C or ± 1 °C is adequate for it's temperature setting?  Perhaps it is more convenient with style to use the IRT, but do double check the user manual, don't be surprised to read that some IRT not intended for measuring temperature of metallic surface.