PECB Webinar: Process based auditing
•
6 likes•2,632 views
The webinar covers: • Analysis of the 6 step approach to process auditing • How to define processes through Generic Processes Model • Overview of the process affecters 8 M’s, business processes and processes types. Presenter: This webinar was hosted by David Smart, PECB Certified Trainer and Managing Director of Smart ISO Systems / Smart Mentoring. Link of the recorded session published on YouTube: https://youtu.be/X5rUniMYV_U
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (13)
Similar to PECB Webinar: Process based auditing
Similar to PECB Webinar: Process based auditing (20)
More from PECB
More from PECB (20)
Recently uploaded
Recently uploaded (20)
PECB Webinar: Process based auditing
- 1. Process based auditing Presenter – David S Smart
- 2. What is an audit?
- 3. The 6 step approach to process auditing
- 4. Step 1 – define your products What does your organisation do?
- 5. What is “product? ISO9001:2015 - defines “product” as “the result of a process”
- 6. The four kinds of product • Manufactured goods (oil rigs, cars, fridges, etc) • Processed items (chemicals, food) • Software programmes • Service activities (transport, taxis, solicitors, etc)
- 7. What services (products) does a bank provide? Manages Money Receives/Makes cash transactions Processes cheques Provides statements Makes Loans Provides Business loans Provides Personal loans
- 8. Step 2 – define your processes by flowcharting them How do they make it?
- 9. What is a process? • A Process is: a sequence of related tasks triggered by an “event” and intended to achieve an objective. • It also uses resources and is subject to influences
- 11. Milk Grass Outputs Input PROCESS MODEL EXAMPLE – Dairy Cow Cowpats Measure of cow’s efficiency = amount of grass eaten/quantity & quality of milk produced Transformation – cow masticates grass in its stomach
- 12. What is a process group?
- 13. A bank’s “money managing” group processes
- 14. Linking products with their associated processes • Take the “money managing” process and tease it out into its individual processes
- 15. Selection of a single process
- 16. The “receiving of funds” process
- 17. Is there an easier way of doing this? • The simple four-box approach requires a significant amount of concentration • What about tapping into previous work on how processes behave? (e.g. cause & effect diagrams)
- 18. The process affecters - 8 M’s
- 19. Process affecters – definitions 1 • Methods: The instructions provided for doing the task • Materials: The raw materials used within the processes • Mother nature: The environmental influences that have an impact on the processes • Money: The money allocated to the process for wages, equipment, machines etc.
- 20. Process affecters – definitions 2 • Machinery: The equipment used within the processes • Manpower: The human competences needed to perform the task • Measurement: The checks that are done within the processes • Maintenance: The policies on maintenance along with competences of operators & engineers
- 21. Example Subassembly checklist – 8 M’s
- 22. The 3 kinds of business processes: - • Factory processes • Business support processes • External interface processes (Customers & Suppliers)
- 23. Factory processes Typical Examples: - •Assembling • Cleaning • Coating • Inspecting • Testing • Machining • Fabricating • Welding
- 24. Business support processes “They are all the production support functions” Departmental examples: - • Maintenance • Accounting • Information technology • Purchasing • Human resources • Product Designing • Quality Assurance • Production planning
- 25. External interface processes “They are the departments that interface with customers & suppliers” Typical department examples: - •Marketing • Sales • Customer support • Finished product shipping • Equipment/Raw material purchasing
- 26. The 2 process types: - • Continuous – factory production line • Transactional – sales order process
- 27. RECAP – PROCESSED BASED AUDITING STEP 1
- 28. RECAP – PROCESSED BASED AUDITING STEP 2 -1
- 29. RECAP – PROCESSED BASED AUDITING STEP 2 - 2
- 30. Step 3 – Study your processes using turtle diagrams Defining your information needs
- 31. Turtle diagram - generic
- 32. Turtle diagram - example
- 33. Subassembly process – equipment checklist
- 34. Step 4 – Gathering the facts together Collect “objective evidence” from your processes
- 35. Analyse your facts by sorting them
- 36. Equipment is not being routinely maintained • Jig storage area – a number of jigs were observed to be dismantled and others had parts missing from them (5) (14) •There were 6 fluorescent tubes not working out of 30 in production line 1 area (6) There were a significant number of service requests raised this month for equipment breakdown (20) Portable appliance testing had not been done in the last year on fans used to cool operators. (5) The operator’s thermometer used to test the solder bath temperature was not in the calibration scheme (1)
- 37. Step 5 – Reporting the findings • Be precise •Have the evidence to hand Don’t be argumentative Be firm but fair Don’t let the session drift on
- 38. Step 6 – Addressing the findings through effective corrective actions • Investigate to find the root cause, don’t just treat the symptoms •Invest in training staff in problem solving tools See it as an opportunity to improve the processes
- 39. Conclusions !!!!! • Firstly you have to understand the business processes you are going to audit and how they relate to the objectives of the business • Next you have to gather the objective evidence on how these processes are being controlled (or otherwise) • Lastly you must present your findings in a manner that shows how the various strengths and weaknesses impact on the business (i.e. showing a balanced picture)
- 40. THANK YOU FOR YOUR TIME EMAIL: D.SMART18@YAHOO.CO.UK
Editor's Notes
- Comparison: In simple terms you are comparing the “observed practice” against the “documented procedures” . If there is a difference its called a non-conformance. Lagging Non-conformance: happens because either a the “observed practice” is lagging behind the “documented procedure”. This happens because of complacency (doing the job repeatedly,) de-motivation, or being pressured into doing the job quicker and taking short-cuts. Another way is a new manager deliberately circumventing the QMS and imposing his ideas on everybody Leading Non-conformance: happens when a better way of doing the job has been found, (the observed practice is in advance of the documented procedure). The problem is that either the person does not know how to ask for a change or is just lazy and can’t be bothered.
- Product example : I have taken this service example as everyone is familiar with it and has dealings with a bank . Process definition (Broad brush approach): this is the first level trawl showing the two main functions “Managing Money” & “Making Loans” , then drilling down into the sub-functions cash transactions, processing cheques, providing statements, providing both business & personal loans Organisation’s function: This is simplified to illustrate the method of determining what an organisation does. In the next slide we will take the top header “Managing Money” and see how the “money management processes” tie together as a process group
- Process triggers (i.e. events): An event can be an action, a thought, a decision or a diary date – so the process can be both reactive and proactive. Reactive example - responding to a sales enquiry Proactive example – recruiting new staff (by seeing the need beforehand) Process Resources & Influences: All processes consume resources and are subject to being influenced by a number of factors Resource: – People, Influencer: Policies
- Inputs/Outputs: - Every process has at least one input and one output Transformations: Between the inputs and outputs something is transformed into something else, value is added to the product (or should be) Controls: - We can also see that the process has controls over it. Examples of controls are checks & balances, documents – e.g. route card, work order etc, drawing dimensions. Resources: - Finally we have the associated resources. One way to look at resources is to use the 4 M’s – Men, Money, Machines & Materials. We then take them one at a time and break them down into sub-categories – Men (present competencies, induction to job, future training needs). This is followed by compiling a checklist of questions around each sub-category to ask during the audit interview
- I usually base this on the cow model as it is easily understood by lay people. I talk about us being in the country linking into green issues. I also say if the boy racers in the room want to think of it as an internal combustion engine then fine. I also use the opportunity to point out how inefficient the internal combustion engine is hoping they will relate it to the QMS. I start of by saying any process has an input, any process has a transformation and any process has an output
- Process Group: Consists of a number of single processes (operations) linked together. If the output from the previous process is not as it should be, then there will be a knock-on effect to the next process. This concept is called the “internal customer” concept where you don’t pass on your task until it is in a state that you would have like to receive it. Put yourself in the receiver’s position and define a set of criteria (contract conditions you impose on yourself) that you would be proud to be associated with, then work to them. Too often especially when people are under pressure or in an incentive scheme environment the work is just “lobbed over the shoulder” for someone else to inherit and fix.
- Money managing process: As I said in the previous slide we have only taken the “money managing processes” and teased them out. We could have done exactly the same for the “Loans processes” Onion principle: we peel of each layer to expose what is below it Next layer: We have drilled down and teased out the “money managing processes” showing where the sources of inputs are, the various transformations and how the funds are dispersed. The reporting side has also been covered
- Isolating the “receive funds” process: We have gone on to drill down to the next layer, taking the receive funds processes and defining the inputs, outputs controls and resources being utilised by it
- Single process development: We can see that in the money managing process the receive funds were inputs into the managing the accounts process. We have isolated the receive funds process and can see that it has inputs/outputs controls and resources in its own right.
- Simple 4 box approach: It is very demanding to keep your concentration going to drill down into each process and completely define it. Alternative approach: We can take the work of professor Ishikawa who developed cause and effect diagrams to solve process problems in the Japanese car industry. We will see in the next slide how the things that have an influence on the process are defined and use this as an alternative to the simple four box approach
- Process affecters: We can use the 8 M’s taken from cause and effect diagrams to think about the impacts each one has on the processes under audit.
- Methods: these are not just what is written down, but verbal instructions given by experienced hands, supervisors or process engineers or habits that have been picked up along the way especially bad ones and supposed short-cuts Materials: how material issued from stores, how it is stored on the lines , transported, controlled at every stage within the processes under audit Mother nature: any environmental factors which can impact on the process temperature, humidity, noise etc. Money: if insufficient funds are available to replace equipment or there is insufficient capacity to produce the requirements the process will suffer. Likewise if wages are below the accepted going rate moral will suffer with all sorts of associated problems
- Machinery: downtime, reliability, utilisation, cleanliness, tool storage are all areas that have a direct impact on the process Manpower: training, competence, utilisation, attitudes, knowledge Measurement: If you don’t measure you don’t control. Where are the checks carried out, are they in the right place, is all the criteria to measure the parts known either by knowledge (e.g. apprenticeship) or written down (critical dimensions highlighted on drawings). Sampling techniques and training in their use also come into play. This also involves equipment calibration. Maintenance: Is there a planned maintenance policy or is equipment left till it breaks down. Are operators encouraged to clean up their work station, take care of their tools. How competent are the engineers who maintain the equipment
- Process checklist: I have used the process of an electronic subassembly to show how a checklist could be developed taking the things that affect a process and asking questions to verify whether it is performing as it should be. This has deliberately been kept to two questions per affecter so that the diagram does not become too cluttered
- Differences: - you can’t see “transactional processes”, you can see and hear the production line running from the time it starts up, but if you walk into an accounts office you are likely to see a number of random people sitting at computer keyboards or working with pieces of paper. “Transactional processes” tend to be “discontinuous” The second difference is that people involved in “transactional processes” often choose to do bits of different processes (and different instances of the same process) at different times. “Transactional processes” are also selective in the way they are sometimes progressed. Sometimes “transactional processes” run alongside other instances of the same process (e.g. dealing with a number of sales enquiries) whilst other are maybe only performed once a year (preparing the annual business plan) Flowcharting & Auditing difficulties with transactional processes: It can be difficult when trying to produce a transactional process flow-line or observe a transactional process (System) from end to end during audits. One way round this during audits is to check completed work or work held in in trays and combine the various steps in the process from different periods of time with your observations on the part of the process the person is currently doing. As far as flowcharting is concerned you can interview someone familiar with the process to chart it and verify each step by observing it when the person is performing the task. You can also cross check it together.
- Processed based auditing recap Last week we covered the first 2 steps of the 6 step process Step 1 summary Defining your products What is a product – ISO9000 definition – “the result of a process” The 4 kinds of products Manufactured goods Processed items Software programmes Service activities
- Process based auditing presentation recap Step 2 summary Worked example – we used the services a bank provides – two categories Manages money Makes loans Flowcharting the processes Process definition – sequence of related tasks triggered by an event which uses resources and has influences on it Generic 4 box process model – inputs/outputs, transformations, controls ,resources Example – Dairy cow Process group – number of single processes linked into internal customer concept Flowcharting High level group of processes – i.e. Money managing processes, then drilling down using “onion principle” (i.e. peeling the layers back) – developing the “receiving of funds” process
- Process based auditing presentation recap Step 2 summary continued…. Alternative approach – Cause and effect diagrams Process affecters – 8 M’s – methods, Materials, Mother nature, Money, Machinery, Man-power, Measurement, Maintenance Worked example – simplified cause & effect diagram using the 8M’s as the headers 3 kinds of business processes – Factory, business support & external interfaces with suppliers and customers Examples: factory processes – Assembling, inspecting, machining business support processes – Maintenance, HR, production planning interface processes – Product distribution, Marketing, Purchasing Process types – continuous, transactional Differences – Can’t see a transactional process in operation because of discontinuous steps and operatives are selective in how steps are performed Auditing transactional processes – prior flowcharting interviewing departmental staff, tracing back checking completed work from different jobs, checking in-tray work combining various steps to provide you with an overall picture
- Turtle diagrams: We are going to use them in defining what information is required from a process so that it functions correctly. We are going to use the information from the turtle diagrams to produce checklist quests that we can use during the audit to test and verify if the processes under examination are performing as intended
- Electronic subassembly building: In this example an electronic subassembly process has been selected. Input: - Kit of parts Output: - Process indicator - correctly assembled subassembly Box significance: - The four yellow boxes have then had their categories expanded e.g. the materials and equipment could again be broken down into Materials (jigs) : -route card, Equipment (tools) : - magnifiers, inspection mirrors, soldering irons, work station etc. As you can see the other 3 categories have also been broken down into their subcategories. The four brown boxes break the process down even further into its component parts Process Audit Concept: - The point here is to not just look at the procedure and compare it against the observed practice, which is a procedure or system audit. The idea (concept) of process audits is to take an overall look at the whole business and see how it performs. A single process is examined at a time. Always think of the customer and what the objectives of the organisation are, then look at the processes to see if they match with the customer needs and the organisation’s objectives
- Equipment checklist: We have gone a stage further taking the first box from the previous slide and developed questions we can ask when we do our audit. Process checklist completion: We would then gone on and take the other 3 boxes - (1 - Competences, skills & training), (2 - Support procedures and methods) and end with questions to check (3 – the process indicators )
- Objective evidence: This is a term we use when we are determining the facts. The audit interview should be like an interview for a job. Your checklist is similar to the candidate’s CV where you have previously highlighted points you want to discuss with them during interview on either their experiences or job knowledge
- Data chunking: The term used when we are collating the facts together. As we go along during your audit we will be gathering facts. These facts build together to show a much bigger picture. By analysing and sorting the facts, you have gathered you will see patterns emerging. Trends: will then become evident, where you show there is a general breakdown, not just one process, but across many processes. It snowballs, the knock-on effects from one process present themselves in the other processes. These trends may be trends you have seen before from other audits or they may be new ones.
- The Bigger Picture: The above findings are arrived at by analysing and data chunking of facts and shows examples of a similar problem i.e. “lack of routine maintenance” manifesting itself in more than one area.
- Be precise: Make your most important point first to grab the attention Have the facts to hand: support your claims with supporting evidence either by photocopied documentation or copious notes taken during the interview Don’t be argumentative: keep your composure, remain calm and don’t be drawn into projected discussions. You are only there to present the evidence not to offer suggestions on how to sort the problem. They should know their procedures inside out and also know the requirements of the standard under audit. Be firm but fair: If you have got it wrong by the company’s representative presenting more evidence then accept it and hold your hand up and admit it. Don’t try to waffle your way out of it, your credibility will be damaged if you do. Don’t let session drift on: Say your piece and close the meeting, it’s not a debating society, as an auditor you should know if there is a NCR, so should they. If you have presented your evidence in a nonbiased way then it should be self evident. You are not there to get into a points scoring session.
- Root cause analysis: All too often the audit findings are given the minimum of attention to clear down. One way to help get to the bottom of the problem and stop it recurring is to use the 5 why’s technique. Q. – Why was the postman late in delivering my mail this morning Why – he had too many letters to deliver Why – because there used to be two postmen doing the round Why – The royal mail went on an economy drive because it was losing money Why – Pressure is being put on it by the government to make it profitable Why – It’s a politically sensitive issue. Training Investment: Training budgets are usually the first thing that gets cut in tough economic times. There is an attitude of I’m not going to spend money on training people they will leave and get a better job. This is false economy firstly all you have to do is make it more attractive for them to stay or build a clause into their contract to stay for say 2 years. Also a lot of training can be done in house, investing in training managers to train their staff is very cost effective. Purchasing books, videos etc are all low cost. It starts with a change in attitude of a manager’s role “controlling & directing” or “coaching & mentoring” Improvement opportunity: The idea is to save money making the processes more efficient. A costing system driven by the accounts function should be put in place to standardise and cost the savings made in the deficient process