Some Success Strategies For Internal Auditing

I applaud the insight provided by DeWitt L. Beeler in his article "Internal Auditing: the Big Lies" (May 1999, p. 73). I hope his irreverent delivery will awaken those quality champions who have attempted to adapt classical, adversarial auditing schemes to continuous improvement initiatives.

In support of Beeler's conclusions, I would like to point out a few success strategies I have found in facilitating effective internal auditing. I have trained hundreds of internal auditors, and the first requirement I exact is that they not be from the traditional quality gene pool. I request volunteers from the warehouse, information technology group, purchasing, manufacturing, and almost any discipline that has no preconceived notions about inspection and detection techniques.

My only prerequisite for an internal auditor candidate is that they be passionate about the success of the company. They can learn everything else. It is much easier to teach effective auditing to those who have few bad habits and quality paradigms.

In small companies, I attempt to enlist as many people as possible in the audit pool to minimize the time they spend away from their primary job, to bring as diverse an approach to auditing as possible, and to expose as many individuals as practical to what is happening in the rest of the company. The more workers know about how their companies operate, the more they will work to satisfy their internal customers.

In my internal audit training, I emphasize that there are four elements of a successful audit:

1. Assessing compliance with the written procedures. This is done from the perspective of "Are we doing what we documented or what we wish we did?"

2. Actively assessing the effectiveness of the process being audited. I usually suggest auditing processes instead of auditing to the ISO 9000 paragraph. The auditors have the prerogative of giving empirical evidence of effectiveness vs. stated intent.

3. Observe the activities surrounding the process being audited to determine if there are external elements that may contribute to the success or detriment of the process being audited.

4. Encourage the auditor to document exceptional performance, observed excellence or models of continuous improvement.

If your internal audits are lacking any of these elements, you are not realizing the true fruits of their labor. As Beeler stated, none of this has any benefit if the managers of the processes being audited do not buy into the fact that these audits are for their benefit.

I spend as much time training process owners in the win-win approach to internal auditing as I spend training the auditors. If they do not embrace the audits as process audits for continuous improvement that will directly help them in their quality and profit objectives, the entire exercise is pointless.

The secret to success here is to ensure that the only mention of individuals in an audit report is when you are praising them. Errors and omissions by humans are corrected by training, not punishment.

My final thought is to point out that the companies that benefit most from effective internal auditing are those that have no formal quality management infrastructure. Introduction of ISO 9000 to small companies (done correctly) often turns the ISO steering committee into the champion of continuous improvement. In this scenario, the internal auditors are often not only the compliance observers, but they are the champions of continuous improvement.

Certified quality manger, Productivity Resources, Virginia City, NV Chairman, Quality Management Systems Committee, ASQ Quality Management Division

More Kudos for Article On Internal Auditing

udos to DeWitt L. Beeler for telling the truth about auditing ("Internal Auditing: the Big Lies," May 1999, p. 73). I hadn't read straight talk like that since Allan Sayle's "Auditing: Time for a Rethink and Overhaul," which was presented at the ASQ Audit Division's conference in February 1995.

Despite the rhetoric about the importance of quality, over the past 15 or so years most quality assurance professionals still have the mark of leprosy within their organizations. Perhaps no other quality element is more responsible for that mark than auditing, especially in the world of ISO 9000.

It is incomprehensible how corporate America has allowed ISO 9000 registration to become an accepted requirement of doing business with little to no thought on how certification would truly benefit their organizations.

I spent four years with my previous employer escorting ISO 9000 auditors from one of the largest registrars in the United States. In that time they wrote 52 corrective action requests, all of which were "fixed" by changing a word, line or paragraph in a quality system procedure.

Not one of these corrective actions led to a real change in behavior or practice. Every one of these audits was of no benefit to our business operations. I'm convinced, based on my experience and discussions with others, that what I saw is the norm rather than the exception.

The only difficulty with compliance audits (or systems audits or management audits, and so forth ) is staying awake for eight hours.

Auditing should be an analysis process. It should probe deeply into the value of a manager's system. It should show the manager where his or her system is benefiting or not benefiting the organization.

Such meaningful analysis requires a broad range of technical and social skills. Training people in the mechanics of an audit doesn't teach those skills. Meaningful audits are hard, hard work.

A valuable internal audit takes a lot of time. It incorporates charts and graphs in the closing meeting, includes financial evaluations, provides recommendations on how managers can improve performance, supports commendations with data, includes organizational behavioral elements in addition to technical elements in the analysis, utilizes the auditor as part of the corrective action team, and tells the managers something useful that they don't already know.

Most, if not all of these statements are considered heresy and would be greeted by stoning at an auditor convention. But only through a radical change in philosophy can the audit profession undue the severe public relations damage it's done to itself and the quality movement as a whole.

W.L. Gore and Associates, Flagstaff, AZ

Short-Run Control Chart Alternative Offered

n the Statistics Roundtable of February 1999 ("Statistical Gymnastics Revisited," p. 84) several respondents voiced the hope that better approaches to and improvement of the practices of statistical process control (SPC) would be forthcoming.

I would like to point out that certain advances in SPC have been made in the last decade of which many roundtable respondents seem to be unaware. As an example, I would like to describe an alternative to common short-run control schemes presented by Davis R. Bothe and Charles Quesenberry.

Consider the controlling of a process of symmetric independent observations on target. By subtracting the target value from each observation, the problem reduces to controlling for a deviation from zero. In order to circumvent estimation, regard the sequence of {sign and (sequential) rank of absolute value of each observation}. It is possible to construct a threshold A and a sequence of statistics {R(n)} based on this sequence so an out-of-control signal will be sounded the first time n that {R(n)} exceeds A.1

This is known as the G&P scheme. It is possible to set the threshold A so that the scheme will have an arbitrary average run length (ARL) to false alarm. Because the procedure is based on ranks, no parametric assumptions are necessary. The unknown variance is not a hurdle, and one doesn't need to assume normality.

sm_8table1.jpg (4946 bytes)Nonetheless, the procedure is quite efficient even relative to the cusum scheme when the observations are normal, as illustrated by Table 1 (taken from G&P Table 3), describing Monte Carlo estimates of the average delay to detection (from a true change point v to detection time N) for a one-sided change-of-mean detection scheme with 792 = ARL to false alarm (for both cusum and G&P). The G&P scheme does almost as well as the cusum scheme, which relies heavily on the normality assumption and on knowledge of the variance, if a change doesn't occur within the first 20 observations.

Even if the process is off target from the start, the G&P only needs three to six observations more than the cusum for the true mean values listed. A fast initial response modification can improve things if initially being off target is a concern. A similar procedure can be created for detecting a change of dispersion.

The drawbacks of the G&P scheme are that it isn't simple, uses expressions that are not as intuitive as X-bar or S and requires a computer for calculating R(n) after each observation.

Nonetheless, the first two sections of the G&P article describe the procedure in understandable terms, and include a 25-line computer program for implementing it.

A description of an application of a slight variant of the G&P scheme (the difference being that the initial baseline is not assumed to be known, and the problem is not control for a target but rather control for stability of the level) appears in Surveillance Schemes With Application to Mass Calibration by M. Pollak, C. Croarkin and C. Hagwood.2

The problem concerns monitoring the weight of mass standards of the National Institute of Standards and Technology, where a change in weight in any direction is cause for adjustment of the procedure used to calibrate clients' standards.

Both parametric schemes geared to the normal distribution, as well as nonparametric schemes, are applied. Neither of these assumes a known baseline. The nonparametric method relies on ranks, and the parametric method takes advantage of the shift and scale invariance structure of the problem to circumvent the need for direct estimation of the nuisance baseline (mean and standard deviation) parameters. The methods are shown to compare favorably with the Shewhart scheme, which relies on estimation of baseline nuisance parameters from historical data.

1. L. Gordon and M. Pollak, "An Efficient Sequential Nonparametric Scheme for Detecting a Change of Distribution," Annals of Statistics, Vol. 22 , 1994, pp. 763-804.
2. M. Pollak, C. Croarkin and C. Hagwood, Surveillance Schemes With Application to Mass Calibration, NISTIR Technical Report 5158, Statistical Engineering Division, NIST, Gaithersburg, MD.

Professor, Department of Statistics,
The Hebrew University of Jerusalem

Technology Assistance In Northeast PA

We at the Northeast Tier Ben Franklin Technology Center were delighted to see the article "Age of Agile Manufacturing Puts Quality to the Test" by Lehigh University professor Emory W. Zimmers Jr. and consultant Peter H. Christian in your May 1999 issue (p. 45).

The company profiles cited in the article are excellent examples of projects that are produced cooperatively by the Ben Franklin Technology Center, the Enterprise Systems Center at Lehigh University and staff from client companies.

The center is part of a four-center economic development initiative funded by the Commonwealth of Pennsylvania. The nationally recognized Ben Franklin program links Pennsylvania companies with universities, funding and other resources to help them prosper in today's highly competitive economy through innovation.

It is our hope that readers of your magazine who may benefit from our services contact us (610-758-5200) so they can work with them and leading experts like Zimmers and Christian.

Director of communications, Northeast Tier Ben Franklin Technology Center, Bethlehem, PA

Average Rating


Out of 0 Ratings
Rate this article

Add Comments

View comments
Comments FAQ

Featured advertisers