Internal Audits – Introduction

I personally really appreciate internal audits. To me they are one of the most important parts of an ISO Management System Standard (on the system management side of things).

5 Items I Would Like to Discuss on this Topic:

  • Why I love internal audits
  • Internal audits are a powerful management tool
  • Internal audits don’t have to be hard
  • Internal audit training
  • A plug for our new electronic internal auditing program

I’ll deal with the first topic in this blog and topic 2 next week and so on.

Management systems and internal audits go hand-in-hand. In fact I believe that ISO management systems and its intent would truly be ineffective if it weren’t for internal audits.

History of ISO management Systems Standards

ISO management systems standards were developed with the intention to help an organization implement good management practice. You can see that pattern all the way through these standards [even though sometimes in practice consultants and auditors have misinterpreted the standard and implemented poor management practice]. Also, it was felt originally that management systems should be documented and therefore employees have something of substance with which they can follow and managers can have a standard against which they can manage. All good sound theory.

The question begs though: “How effective is an ISO management system that is not complied with?” The obvious answer is that it is not effective at all. In fact some would say such a situation could be damaging. I have personally often seen procedures, policies, and signs that were ignored. It’s a bad sign.

Internal audits (effectively performed and with the right attitude) help to bring about the compliance needed to make an ISO management system effective.

I often like to illustrate the benefit of internal audits to a client using the following diagrams. As below, blue equals “timeline”. Red is a representation of a straight and true management system that can be used as a standard for effectiveness. The black line represents the organization’s compliance to that management system.

1. What compliance to an organizations management system should look like:

2. Compliance to an ISO management system in reality:

Note: Every person I have asked to draw an expected compliance line has come up with a similar pattern represented below. The management system and compliance lines are never drawn perpendicular.

3. What Compliance Looks Like with an Internal Audit System in Place

Note: every person I have asked to draw the compliance line taking into consideration the effect of frequent internal audits has come up with a similar pattern represented below.

It is interesting to note the abrupt improvements in compliance and the leveling effect of regular internal audits.

What does this prove? It proves that we all assume to know human nature well enough to state that unchecked, humans fall away from a standard.

What it also illustrates however is that good internal auditing increases compliance.

Why is it important to increase compliance to a management system? The question almost does not need to be asked. A well thought out, planned, and prepared management system will only be effective if it is complied with.

Think about this. Most successful organizations without a written management system probably do well because of leadership skills, capabilities, and drive. While effective, it is only a short-term solution. What is needed especially as a business grows is a management system that is complied with. There will be less reliance on leadership skills [which are so important], and more and more reliance on culture and management system.

How many business owners and senior managers can afford to leave their business for a time? What if you needed to take a break or even sell the business? Only businesses with good management systems and an internal auditing process in place can afford such luxuries. There might be a few exceptions to that, but I am just trying to highlight the importance of management systems and internal audits.

Internal audits are not simply another compliance issue. Internal audits performed well and with the right attitude, fundamentally bring about compliance.