I'm a great believer in being well prepared for important work activities. Sure, there are times when you have to fly by the seat of your pants, wing it, take a chance. But if you have the opportunity to prepare, then take it. Some say you need luck to succeed. More often than not, luck is what happens when preparation meets opportunity. So this month’s topic is about preparation, audit preparation to be specific.
There are many types of audit. I will be using a conformance audit in this article. Conformance audits provide management with invaluable feedback on what is actually taking place in the workplace as opposed to what the procedures/regulations say should be happening. Such information is vital as it allows management to manage rather than react.
When I am tasked with performing an audit, my first step is to understand what is involved in performing such an audit and to size the task so that I can make arrangements accordingly. I use the following MindGenius template in the planning stage of the task.
Most of these activities, though essential, are fairly straightforward. Once you understand the scope of the audit, the critical task is to identify what to look for - the specific activities you will need to review and assess when performing the audit.
To add to the challenge, compliance audits tend to be a one-pass event. You ‘walk the job’ (normally in the workplace) observing, asking questions, looking at records, identifying and following the trail of possible non-conformances and collecting evidence of conformance (or not) as you go. Once the audit is finished, it's usually finished. You don't really get to have two bites at the cherry.
Also, you may not be an expert in this field. You may be asked to audit in a strange environment, perhaps in an industry sector that is not specifically your area of expertise. For example ISO9001 auditors can cover a wide range of industry sectors and types of companies within these different sectors.
So how do auditors identify what to look for and prepare to actually perform the audit? The use of checklists is a well proven approach. I use an 'anatomical' MindGenius checklist approach. I develop a skeleton map from the standards, procedures etc that I identified when scoping the audit. This provides the framework for my audit checklist, the bones if you will.
As I perform the audit, I add my observations, comments and details of evidence to the bones. I flesh out my map.
Here's how I do it.
First, I break the applicable areas of the related standards/procedures/ regulations down into their main sections and construct the skeleton, or framework. Standards and regulations tend to be structured by sections. However an organisation’s own procedures may not be so well structured. If that is the case, I break them down into sections as best I can – you have to work with what is provided.
The main sections act as groupings which I break into further sub-sections if required. I add the text from the scope documentation so I can see specifically what the requirement is. I then add questions and evidence that would be required to demonstrate compliance with a stated requirement. This is particularly important if the scope documentation merges multiple requirements into a sentence or paragraph as it can be easy to miss a particular requirement if they are not separated out.
If detailed in the scope documentation, I assign a resource (the title of the person responsible) to the appropriate branch. This allows me to filter the map based on a specific job title. So if I meet with a specific individual, I have a map of all the specific activities that they should be performing and the questions I should be asking them.
Now that I have my skeleton map, I can use it to add my comments, observations, evidence and findings as I perform the audit. Essentially I am adding flesh to the bones of the skeleton.
That’s how I do it in its simplest form, but as you no doubt know, doing it for real can introduce some challenges that need to be overcome. So, having created my skeleton map, how do I use it as a checklist for the audit?
When ‘walking the job’ it can be impractical to use electronic devices. E.g. battery low, system hangs, high/low ambient light, etc. If it can go wrong, it will go wrong – Murphy’s Law. Also using an electronic device can appear rude to the auditees and can detract from listening and observing - key skills in performing an audit.
So I often use paper. Yes, paper. You use the tool that's best for the job to be tackled. I paginate and print out my skeleton map in usable sized chunks. As I do the audit, I make quick hand written notes. Obviously there is not enough room in a map to write an epistle. So If needs be, I write it in a notebook (or in an available area of space on the map) and assign a letter to it. I then put the letter on the map as flesh.
So what benefits does this give me?
• The paper based approach is often quicker and less intrusive than using electronic devices. Also no techno gremlins.
• Auditees, for their own reasons, would prefer to have a successful outcome to the audit, so they may 'dress' up what they show or tell you. The skeleton map helps to identify the flesh devoid of its dressing as it asks for specifics.
• I spend more time observing and listening
• Can talk to an individual about everything they do or follow a given process flow as I can add evidence as it occurs rather than having to follow a specific agenda/approach. If needs be, I can chop and change my approach to the audit on the day depending on what I find.
• Able to delve into a specific area of interest then come out, see the big picture and resume 'normal' activities
• Keeps me on track. Let's me know when I am deviating/going outwith the scope of the audit as there are no bones to attach the flesh to.
• If there are no bones to attach the flesh to, this could also indicate that there are gaps in the associated procedures.
• Audit goes more smoothly as the auditees see that I am prepared. I come across as more professional and knowledgeable in what I am doing, and also in what the auditees should be doing.
So that's my ‘anatomical’ approach to audit preparation. Develop a skeleton framework and add the flesh as you discover it.
This approach applies not just to audits but to any activity where you can identify a framework and need to identify if reality adequately fits the framework. So you can use it for inspections, reviews, assessments etc. For example when people review a document for approval they more often than not read what is there and assess what is present. But what about what isn’t there that should be there? A skeleton map of what the document should contain then fleshed out with the document content can significantly help you identifying such gaps.
I hope you found this article of interest. As ever, if you have any comments or queries, please don’t hesitate to ask Gordon.