You will encounter audits in several corporate contexts. They are used to checking compliance with legal requirements, standards or guidelines. They examine whether activities in the company are carried out correctly and in accordance with requirements. This can involve processes in the company or compliance with management systems.
Why are audits so important?
The word "audit" originally comes from Latin (lat. audire = to listen).
As important as audits are, they make some people uncomfortable. The reasons for this are obvious: audits are time-consuming, a lot of time is spent on preparation, and they last several days, depending on the type of audit and the size of the company. In addition, the company's processes and activities are scrutinized to identify any need for improvement. The company must explain and justify why things are run a certain way in the company. If nonconformities or errors are discovered, it can be unpleasant for companies. In the end, it is only beneficial for the company to find out how to continuously improve.
No fear of the auditor
An external control authority with sufficient distance, quasi a bird's eye view, can help you to take an objective and critical look at your company. In most cases, the aim is not to find someone to blame, but to identify errors and avoid them in the future. This is the only way to guarantee the recertification of a management system or the guarantee of smooth processes. Of course, it is unpleasant to be put to the test during an audit, especially if you have not prepared yourself sufficiently in advance. The requirements of a management system are extensive and unclearly formulated. However, the audit must not be ignored, as certification is necessary for many industries in order to operate successfully in the market.
What do you do after a bad audit?
Here's the scenario: An audit was conducted at your company and there were numerous nonconformities. The mood is down, and you are asking yourself "What should I do now to make the next audit a success?". Before we answer this question, let's clarify some outstanding issues.
How do internal audits differ from external audits?
Internal audits
The internal audit is, as the name suggests, a self-audit of the management system. The performance of an internal audit is prescribed by an ISO standard. In addition to checking compliance with standard requirements, the aim is to identify the company's need for improvement internally. Internal audits are not necessarily less costly than external audits, but they give you the opportunity to critically examine your company and its processes before someone else does. However, an internal audit cannot be carried out by just any employee; internal auditors should undergo appropriate training to be prepared for their role.
External audits
An external audit, on the other hand, is performed by a person outside the company. Here, a distinction is usually made between a supplier audit (2nd party) and a certification audit (3rd party).
Supplier audit
A supplier audit is carried out by a customer or an appointed auditor to check the supplier's performance. This audit is a way for the customer to determine if their requirements for the supplier have been met, if there are any weaknesses that the supplier can improve to maintain a good business relationship.
Certification audit
The certification audit is performed by an independent inspection body. Certification audits are necessary as soon as a company is certified according to one of the several standards, e.g. a DIN standard or ISO standard. These audits are carried out both during the initial certification and during the monitoring of compliance with the standard, whereby the procedures differ in detail.
What are non-conformities?
If you have ever come into contact with an ISO standard, you have certainly noticed the term nonconformities. Nonconformities are the deviations from the requirements of the ISO standard. During an audit, it is checked whether the company has complied with the requirements of the relevant standard or management system. As soon as a non-conformity is detected, it must be corrected. The company must initiate appropriate corrective actions to address the nonconformity that has occurred. These corrective actions must be in relation to the nonconformity, the problem must be corrected, but should not be overcorrected. In addition, any consequences of the nonconformity must also be identified and corrected so that the error does not continue to cause damage to the company undetected.
What do I do after a bad audit?
Look at your mistake as an opportunity. A bad audit may have occurred for a variety of reasons. Whether it's due to inadequate preparation or because requirements weren't clearly communicated or were misunderstood is beside the point, as long as you know what the mistake was. Evaluate with your team how to achieve a better audit. Integrating employees into this process is unavoidable, otherwise ambiguities will arise or nonconformities will not be resolved. Prepare not only yourself, but also your employees for the audit. If your employees cannot answer questions during the audit, or if a document cannot be found, this puts the entire company in a bad light. Use the time until the next audit to sustainably improve the organization of your company and do not start searching for documents or identifying weak points just before the next audit. Check at regular intervals whether improvements from last year have really been implemented.
Be honest with yourself, why are you afraid to complete the next audit badly? Have you internalized the relevance of your audit? This is not just about doing well in front of the customer or the certification body. An audit is an opportunity for your company to improve your business sustainably. If you constantly follow this premise and do not fall back into old patterns after surviving an audit, it will be easier for you to master the next audit.
How qmBase supports you during your audits
With the software solution from qmBase you have a tool that supports you in your audit management. From the planning of the audit to the documentation - with the app Auditmanagement from qmBase you are well-prepared for your next audit. When planning a new audit, you can invite employees directly via the software, provide you with necessary documents and evaluate and assess the audit afterwards. In the audit matrix, you have an overview of which audits are coming up and can prepare in good time. You can also document non-conformities and take corrective actions in the app. You have everything in view and can directly access all relevant information during your next audit. Furthermore, you save time, relieve your employees and will inspire your auditor.
Sources:
Brenner et.al, 2020,Praxisbuch ISO/IEC 27001: Management der Informationssicherheit und Vorbereitung auf die Zertifizierung. Zur Norm DIN ISO/IEC 27001:2017
Klaus Wübbelmann, 2013, Management Audit: Unternehmenskontext, Teams und Managerleistung systematisch analysieren
DGQ- Was ist eigentlich ein Audit?
DGQ - Von der Konformität zur ständigen Verbesserung, Qualitätsvorsprung durch Interne Audits
Share this Post