Paul received a request to further describe the PDCA auditing approach from a recent conference attendee who is eager to explain it to the President of her company.
Hereâ€™s his reply:
You asked that I elaborate regarding PDCA auditing, so here goes:
The traditional way to audit was to pick a section of the standard, research the appropriate department or function within your company – the one or ones most likely to be involved with that section – and then perform the audit. The focus of the audit is to see if they are doing whatever they do according to the standard. This is usually called a compliance audit and too often has more to do with ISO than it has to do with the company or your customers.
The new way is to work with top management to decide what to audit in the first place. There is no mention of the standard here. You want to find out what keeps them up at night. Maybe they have a plan to expand operations somewhere in the future and need to confirm that the impacted department will be able to handle the new volume of work. Of course, they may know of a problem that never seems to go away, too, and that’s most definitely a good audit candidate.
Next, take a look at whatever you use to meet the requirements in ISO 9001:2000, sections 4.1 a) and b). Some use a flowchart to “determine the sequence and interactions of processes,” for example. Whatever it is at your company, there should be something that describes your critical processes and how they all are supposed to work together. Somewhere in that description is the area that you will need to audit to find what top management wanted to know.
Now that you know where you will audit, go through the normal research – process descriptions, (if any), prior nonconformance and audits, records you would expect to see, etc. This is just what you’ve been doing, I’m sure. But using the PDCA approach, you now audit using questions that move through the cycle. Some of these questions would be:
What is/are the risk(s) that this work is designed to control?
How does this work contribute to the quality objectives and customer satisfaction?
What is the Plan they use to control those risks?
Do they have criteria for measuring how and whether they are controlling these risks?
What tools do they use to accomplish this plan?
How are those tools working?
ISO has some ideas about this work, too, and would you (if they haven’t already) explain how your plan is similar to ISO’s in this department?
For example: Purchasing should have a plan for managing their suppliers, Shipping should have a plan for protecting the products in transit, etc.
Now that I know your plan, please show me how you go about doing the actual work.
Can I make copies of A, B, C, and D? I’d like to take these to the people who (sent or received them) to complete my audit?
Does the work they do match the plans they described?
Are competent people doing the work?
What do they say about the tools they have to do their work?
Are the checks described in the plan carried out accordingly?
What are those checks telling the department?
Do they indicate if the risks are being managed well?
Have they shared this information with others, especially, top management?
Have the results of checks been applied to improve the process?
How has the process improved as a result?
Have these improvements been shared with others to help them improve as well?
Input and Output Checks
(Now that you have all this information, go to the process(es) that provided input and the process that received the output of the audited department.)
Are you satisfied with the speed, accuracy, service, etc. you received?
Have things been improving?
Do you have any concerns or improvement suggestions?
Remember – every question above can be found somewhere in the ISO 9001:2000 standard! The difference is that you’re not auditing ISO, you’re using ISO to audit your company! If you use the “Audit Master” for these “generic” questions and the PDCA Guide to research specific questions, you actually audit more than 30 sections of ISO during any given audit! Both these tools are included in a CD wallet on the inside back cover of my book, by the way.
Finally, you write a one page “Executive Summary” to describe important strengths and/or weaknesses discovered. That’s what top managers are used to reviewing, so keep it brief, easy to read and with a minimum of “ISO speak!” My book contains an example of a Purchasing audit using this approach. The book goes into more detail, but this could get you started as far as describing the approach to management. The biggest pay off is in refocusing the audit program to monitor your company and not ISO 9001:2000. ISO is involved, of course, but it takes a back seat position, advising in regard to best practices when necessary. The new approach makes auditing automatically “Value added” because it answers questions posed by top management to help them make better decisions or to confirm that a prior decision did or did not have the expected return.
Now go for it!