Professional Documents
Culture Documents
I have a short,
punchy list of queries I invariably ask while evaluating a management system. Favorites aside,
though, what are truly the most important audit questions? What questions will reveal a system’s
effectiveness and an organization’s overall performance? I compiled a list of the top 10.
1. How do you contribute to achieving your organization’s objectives?
ISO 9001:2000 requires that organizations establish measurable objectives at relevant functions and
levels. Perhaps an even more significant requirement is that personnel understand how they
contribute to these objectives. This requirement doesn’t apply only to some employees; it applies to
everyone. All personnel must be able to communicate, in their own words, how they help move
objectives in the right direction. It’s conceivable that not all objectives apply to everyone in the
company, and in those cases, auditors would only expect that personnel understand the objectives
that apply to them.
This question directly reflects on an organization’s ability to communicate what matters most to its
success. Truly comprehending objectives means that people understand specifically what they can do
to improve the organization. They appreciate the significance of their roles and are prepared to carry
them out. This knowledge creates strategic focus throughout the organization. Instead of having a
limited view of activities and tasks, personnel begin to understand how their jobs link to the
organization’s larger mission.
During an audit, find some examples of nonconforming products—if any exist—and follow-up with
these questions:
What are the responsibilities and authorities related to dealing with nonconforming products?
What are the records of nonconforming products and actions taken on them?
It’s worth mentioning that controlling nonconforming products applies to services just as much as it
does to tangible goods. Reports, data, test results, and intellectual property, to name just a few
service outputs, can all be potentially nonconforming, in which case all the disciplines of this process
apply.
3. How do you access product requirements?
Everybody has a product of some sort. It might go to an external customer or simply to the next
process inside the organization. In all cases, though, personnel must understand the product
requirements. ISO 9001:2000 specifically requires that organizations identify product requirements
in four ways:
The standard additionally requires that information describing the product be available (i.e.,
documented). Asking how personnel access product requirements is an important audit question
because when requirements aren’t accessible, big problems often result. Employees don’t need to
know product requirements by heart, but they should certainly be able to find the current
versions of requirements and describe how they carry them out.
Specific points of inquiry related to product requirements include:
The most obvious way to generate preventive action is by analyzing data. Data analysis is a primary
job of top management, but it can happen at other levels of the organization as well. When an
organization openly shares data and encourages its analysis on a broad scale, then preventive action
becomes easy. Employee creativity and innovation can also be a valuable starting point for
preventive action. Savvy organizations look for ways to solicit improvement ideas from their
employees and provide feedback on the viability of the ideas. Another source of preventive action is
feedback from customers. Often, customers will provide ideas for improving the product in subtle yet
significant ways.
ISO 9001:2000 specifically requires that organizations define methods for obtaining and using
customer satisfaction data. This is another reason for relying on simple methods for capturing
customer perceptions. The more complex and resource-intensive your customer satisfaction methods
are, the less likely you’ll take action on what you learn. It’s a curious paradox. Many organizations
run out of gas before they get to the action phase, and the valuable opportunities afforded by
customer feedback are ignored as other problems arise.
What connections exist between customer satisfaction and the organization’s objectives?
Some of the best approaches to reviewing organizational performance are the most creative. Many
organizations design their reviews across a number of different forums and time frames, which is a
practical and realistic way to approach the process. Regardless of how the review is configured, the
three imperatives include data analysis, identifying opportunities, and taking action on them. Smart
organizations treat these three activities as inseparable.
How does the rest of the organization learn of actions and decisions that are determined during
reviews?
8. What evidence can you provide of continual improvement?
This question can be asked of everybody in the organization. In organizations that have developed
improvement tools and provided opportunities for their application, this is an easy question. In
organizations where improvement efforts are very narrowly applied, it becomes a much harder
question. There should certainly be some evidence of continual improvement within the scope of the
audit. Strategic improvements are impressive, of course, but all improvements have value. This
question actually summarizes many of the earlier questions into a single point of inquiry. The
ultimate purpose of a management system is to provide a means for improvement.
Just because one or two people aren’t able to provide evidence of improvement isn’t necessarily a
problem. It could indicate weak improvement efforts, though, and further investigation would
certainly be warranted. In very mature organizations, all personnel are involved in making
improvements, and proof of this happening is abundant.
These are some related lines of inquiry:
How are personnel made aware of the organization’s mission, values, and measurable objectives?
This question requires a great deal of skill on the auditor’s part because the information may or may
not lead to any logical conclusions. The auditor must have the experience and maturity to know when
an issue is worth exploring in detail. In other words, don’t allow this question to become an endless
fishing expedition. Explore the important elements of a job, compare what you learn against the
controls in place and cross-check the facts with other personnel doing similar jobs. It can produce
powerful insights.
What are some things you’d like to change about your job?
What should your manager know that he or she currently doesn’t know?
The 10 questions presented here represent only a slice of what might matter to a typical organization.
You will want to refine this list based on special concerns and risks faced by your company. Figure
out what matters most to your organization and focus your audit process on those things. There isn’t
enough time and energy to focus on everything. An audit process that monitors the organization’s
key success factors will always be relevant and always produce powerful results.