After introducing a quality management system (QMS), how does an entrepreneur know whether the elaborately developed system is actually still being used by employees? And what level of maturity has it now reached? Or whether the documented, binding regulations have all been written down, but the employees ignore them a year or two after implementation and do things the way they used to. This is exactly why quality management uses the “internal audit” tool. In this article I will explain to you what exactly an internal audit is, how valuable it can be and what you can achieve through it.
1. What is an internal audit?
The term “audit” comes from the Latin word “audire,” which means “to hear.” In a broader sense, it is about using surveys (listening), observations (seeing) and document checks to determine whether certain requirements, such as those of DIN EN ISO 9001, are being implemented.
The term “internal” expresses that it is the company’s view of its own organization. An internal audit can also involve people from outside the company, e.g. the IT system administrator from the IT system house, or it can be led by an external person, e.g. a management consultant. They all have an inside view of the company because they help to build, maintain and improve the structures. If defects are identified, they also help to eliminate them and are therefore not neutral. Involving a consultant or a service provider can be very helpful, for example to check whether data protection is actually guaranteed by certain technology settings. The “view from outside” puts you in a position to look at your own company critically.
In addition to the “internal audits” there are the “external audits”. These are the certification audits – usually following an internal audit. These are carried out by an independent third party, the external auditor of a certification company. The external auditor checks whether a standard requirement is being met or not. Accordingly, if the assessment is positive, the company receives a certificate. The internal audit can also be used as a test run for the subsequent certification audit.
The purpose of an audit is not to find errors and weak points - although these are often the trigger for improvements. Depending on what is being checked, the goal may be to determine the level of development on a topic (the so-called “maturity level”). For example, when it comes to data protection, there are minimum standards that must be adhered to. But there are also other helpful measures that protect the company even better against hacker attacks or data theft. They may go beyond the minimum standards. The German school grading system from 1 to 6 serves as a simple comparison: students with a grade of 1-4 passed, just with varying degrees of success. Students with a grade of 5-6 do not meet the minimum standards. Maturity models can alternatively be expressed in points or percentages (e.g. “1 out of 10” or “30% of 100%).
2. Planning an audit
Careful planning of the audit is essential in order to carry it out successfully and efficiently. This is the only way to eliminate ambiguities before implementation. Planning involves, for example, the following questions:
- Which area should be audited (audit scope)? The entire company? A department? A process? A topic (e.g. occupational safety, warehousing)?
- What should be audited (audit subject)?
- When should the audit take place (date, time)?
- Who should be present at the audit? Which contact persons should be available during the audit? (audit participant)
- Who will lead the audit? (auditor)
- Will there be one or more auditors (e.g. with different areas of expertise)? Can they audit in parallel or do they all stay together? (auditor team)
- How long should the audit be? (audit duration)
- Which documents should be checked? (audit subject)
- Who records the audit? And how? (audit report)
The final planning is recorded in the audit plan (also “audit framework plan”). The “audit schedule” can also be included there or as a separate document.
3. Conducting an audit
“In medias res” (jumping into the middle of the action) is a good way to start a novel. During an audit, on the other hand, it is helpful to wait until everyone involved is present and “arrived”.
After welcoming and, if necessary, introducing the auditors and participants, the process should first be discussed again. Not everyone may have read the audit plan, may have only focused on their section, or may have already forgotten the plan.
In the past, audits were often very feared because the employees of the department being audited were afraid of a bad evaluation, a domineering, seemingly arbitrary appearance on the part of the auditor, or a police-like interrogation with harassing measures. That has changed a lot. At the DGQ (German Society for Quality), where I did my training, the focus has long been on cooperative audits. Audits carried out by testing organizations are now also carried out in a much friendlier and more accommodating manner.
Today I notice that employees are mostly just afraid of the unknown because they may have never experienced an audit before. That's why it's very helpful if the auditor doesn't just stubbornly ask questions and expect answers, but also explains what he wants to achieve with the question. Sometimes this is only possible after the question has been answered so as not to receive a distorted statement. The explanations promote the auditee's understanding of the overall situation and the willingness to provide further answers - and perhaps even to question the facts themselves. I have had very good experiences with this in the audits - after 10 minutes at the latest, the ice is broken and the employees, who were sometimes terribly nervous beforehand, enjoy the further process.
Basically, friendliness and politeness never hurt. This makes the review situation more pleasant between people, mutual respect shows that the conversation is being conducted on an equal footing, and even the discovery of major deviations (major deviations - opposite: minor deviations) can be better received by those being audited. If a team has significantly improved compared to the previous audit, this can also be expressed with a few words of appreciation. Dealing with mistakes positively and recognizing that you can learn from mistakes and often make significant progress in improvement in a very short time are also becoming more and more common. This makes employees more open to recognizing deficiencies and errors. They are also more willing to work on fixing them.
4. Follow-up to an audit
Every good audit includes a protocol or report that shows what was audited and what the results of the review were. A list of measures can also be part of the documentation. In this way, the deviation between the actual and target state can be reduced in a structured manner.
Über das interne Audit im Qualitätsmanagement
Als Experte im Bereich Qualitätsmanagement und interne Audits kann ich Ihnen detaillierte Einblicke in dieses Thema bieten. Das interne Audit ist ein wichtiges Werkzeug, um sicherzustellen, dass ein Qualitätsmanagementsystem (QMS) effektiv angewendet wird und welchen Reifegrad es erreicht hat. Es ermöglicht Unternehmen, durch Befragungen, Beobachtungen und Dokumentenprüfungen zu erkennen, ob bestimmte Anforderungen, wie die der DIN EN ISO 9001, umgesetzt werden.
Was ist ein internes Audit?
Ein internes Audit im Qualitätsmanagement leitet sich vom lateinischen Wort "audire" ab, was "hören" bedeutet. Es geht darum, durch Befragungen, Beobachtungen und Dokumentenprüfungen zu erkennen, ob bestimmte Anforderungen, wie die der DIN EN ISO 9001, umgesetzt werden. Es handelt sich um die Sicht des Unternehmens auf die eigene Organisation, wobei auch betriebsfremde Personen anwesend sein können. Die Einbeziehung eines Beraters oder eines Dienstleisters kann sehr hilfreich sein, um beispielsweise zu überprüfen, ob durch bestimmte Technik-Einstellungen tatsächlich der Datenschutz gewährt wird.
Planung und Durchführung eines Audits
Die sorgfältige Planung des Audits ist entscheidend, um dieses erfolgreich und effizient durchzuführen. Dabei werden Fragen wie der Audit-Geltungsbereich, der Audit-Gegenstand, das Datum und die Uhrzeit des Audits sowie die Anwesenheit von Auditoren und Ansprechpartnern berücksichtigt. Die Durchführung eines Audits erfordert eine kooperative Herangehensweise, um die Mitarbeitenden einzubeziehen und Ängste vor dem Unbekannten zu nehmen. Freundlichkeit und Höflichkeit sind dabei von großer Bedeutung, um eine angenehme Überprüfungssituation zu schaffen.
Nachbereitung eines Audits
Zu einem guten Audit gehört abschließend ein Protokoll bzw. ein Bericht, aus dem hervorgeht, was auditiert wurde und zu welchem Ergebnis die Überprüfung kam. Auch eine Maßnahmenliste kann Teil der Dokumentation sein, um die Abweichung zwischen Ist- und Soll-Zustand strukturiert zu reduzieren.
Das interne Audit im Qualitätsmanagement ist somit ein wichtiges Instrument, um sicherzustellen, dass ein Qualitätsmanagementsystem effektiv angewendet wird und welchen Reifegrad es erreicht hat. Durch eine sorgfältige Planung, kooperative Durchführung und strukturierte Nachbereitung kann ein internes Audit wertvolle Erkenntnisse liefern und zur kontinuierlichen Verbesserung beitragen.