Process Auditing and Techniques
by J. P. Russell
Process audits are highly focused, but their effective techniques are not always understood. Because there is no sanctioned process audit standard, anyone can claim to be doing process audits. Also, the use of process auditing techniques such as tracing is not limited to process audits or process based management systems.
What Is a Process Audit?
A few years ago when I was presenting information on process audits, a representative of a major corporation told me it had been doing process audits for several years. When I asked him to explain the auditors’ techniques, he said they took samples of the product at the end of the line, and then measured the length, diameter and weight. Based on results, they approved or rejected the lot.
Is that what a process audit is to you? I hope not, because what was described is more like final inspection or a product or service audit.
Two months ago another representative of a major corporation explained its auditors did process audits and did not use checklists. She sent a document used to audit one of her corporation’s processes. The auditing documentation was not called a checklist but was a list of regulatory and industry requirements by clause for a specific process, such as labeling. That sure sounds like a checklist.
Is auditing a process by clause requirements or elements a process audit? Probably not because most standards and regulations do not take into account the dynamic nature of a process. When the audit criteria are the specific requirements of a standard, only key elements or critical controls are verified.
Requirements may include:
- Written procedures.
- Record keeping.
- Verification of customer orders.
A list like this does not include evaluation of inputs being changed into outputs.
Quality related definitions of a process, such
as those found in ISO 9000 or the ASQ Glossary, as well as
general dictionary definitions, support the dynamic nature of a
process and what it would mean to audit a process (see
“Definitions of Process”).
Definitions of “Process”
- A progressive forward movement from one point to another on the way to completion: the action of passing through continuing development from a beginning to a contemplated end: the action of continuously going along through each of a succession of acts, events or developmental stages: the action of being progressively advanced or progressively done: continued onward movement. Webster’s Third New International Dictionary, unabridged. Merriam-Webster, 2002, http://unabridged.merriam-webster.com, April 9, 2006.
- A set of interrelated work activities characterized by a set of specific inputs and value added tasks that make up a procedure for a set of specific outputs. ASQ Glossary, www.asq.org/glossary.
- A set of interrelated or interacting activities that transforms inputs into outputs. ISO 9000, Quality Management Systems—Fundamentals and Vocabulary, third edition, 2005, clause 3.4.
A definition of a process I have used for more than 15 years is “a series of steps that lead to a desired result.” This may seem less eloquentthan the ISO 9000 definition, but not all processes are transformations. Many service processes entail only treating, assessing, informing, altering or moving stuff from one place to another.
Many standards and regulatory requirements are organized by an activity or process (such as labeling, inspecting, documenting and designing). Some may call auditing these individual elements a process audit, but such an audit is merely part of an overall system audit of the standard or regulatory requirement.
It is typical for organizations to schedule audits based on the elements of a standard. Some even combine several regulatory requirements for an area, but again, they are merely auditing a limited portion of the process.
I applaud regulated organizations that audit clauses in some type of sequential process order to better test linkages between requirements. However, conducting process audits using process techniques would add value beyond verification of regulatory and other external requirements.
By virtue of its name, a process audit is an audit of a process against agreed on requirements. It involves verification by evaluation of an operation or method against predetermined instructions or standards. It measures conformance to these standards and the effectiveness of the instructions.
A process audit may check conformance to defined requirements such as time, accuracy, temperature, pressure, composition, responsiveness, amperage and component mixture. It may involve special processes such as heat treating, soldering, plating, encapsulation, welding and nondestructive examination.
A process audit examines the resources (equipment, materials and people) used to transform the inputs into outputs, the environment, the methods (procedures and instructions) followed and the measures collected to determine process performance. A process audit checks the adequacy and effectiveness of the process controls established by procedures, work instructions, flowcharts, training and process specifications.1
A process audit is an evaluation of the sequential steps and interactions of a process within a system. The term is also used to describe techniques used when conducting an audit. For example, an auditor may use process audit techniques during a management system audit.
By its very nature, process auditing implies an action such as transforming inputs into outputs. Dennis Arter, quality auditor and consultant, has always linked process auditing to an action verb such as filling, stamping, purchasing, reacting or cutting.2 Process auditing is evaluating the steps and activities that create the action or transform the inputs into outputs. This is a very useful approach because it focuses on the work cycle and deliverables instead of isolated requirements/controls.
The process model in Figure 1 shows inputs,
outputs and sequential steps. Some process models also show a
feedback loop that is essential for control of a
Auditing by Element
Auditors use various auditing techniques to collect evidence based on the audit scope and objectives.
Auditing a process or system by element verifies compliance or conformance to requirements. The value in this type of auditing technique is the direct linkage to license, contract or regulatory requirements.
Auditing a process by element ensures people are aware of the requirements and the organization is adhering to them. It helps prepare employees for external audits using the same criteria.
Auditing by element also ensures a state of readiness and compliance or conformance to external requirements. It is a management tool for sustaining conformance to safety, health or environmental and quality requirements.
This is good, but for management this technique defines auditing in the cost of doing business category.
Auditing by Process
Auditing a process or system using process techniques verifies conformance to the required sequential steps from input to output. Process auditors use models and tools such as simple flowcharts, process maps or process flow diagrams.
In the process diagram (see Figure 1), the boxes in the center could represent a flowchart of the sequential steps. Flowcharts typically identify inputs, people, activities or steps, measures and outputs. The auditor normally gets this information from a procedure or flowcharts provided by the audited organization.
During the first part of the audit, auditors should record current customer names, order numbers, routing numbers and project numbers so they can link and verify process steps during the audit.
Processes can be described using the process elements I call PEEMMM (see Figure 2):
- People involved.
- Equipment needed.
- Environmental requirements.
- Measures to test or monitor.
- Methods to follow.
- Materials used or
The process elements are used to ensure all aspects of a process are being evaluated and serve as an aid in developing a flowchart. These same process elements (also called causal groupings) are used to create cause and effect or fishbone diagrams for evaluating the causes of problems.
A way to link the process elements and standard
elements (requirements) is to create a tree diagram (see Figure
3), so named because of the branching effect.
Another tool is a turtle diagram (see Figure
4), which combines the process diagram with the process elements.
It looks like a turtle with a head, tail and four
When auditing a process, the auditor should also look for the plan-do-check-act (PDCA) cycle, which is a good test to ensure the process can be controlled with or without a written procedure.
Auditors determine whether there is a plan or
predetermined method—do people know how to do the activity,
is there is a check or measure to determine acceptance and is
action taken when outputs are not right? Typical interview
questions are shown in Figure 5 (p. 73).
The use of process techniques is a natural steppingstone from conformance to performance auditing. When collecting evidence, auditors also will observe performance issues that would be of value to management.
Auditors should report process performance indicators that support improvement efforts. These indicators include:
- Traveling excessive distances.
All process performance issues should support improvement programs such as lean, ISO 9001 or Six Sigma.
Most organizations still are auditing a process or a group of processes by element or clause and missing out on the value of process auditing and techniques. Process auditing provides added value by evaluating how processes flow, their controls and risks and the achievement of objectives.
Auditors and management can benefit by using process techniques to better test and evaluate system controls. For more information on process auditing, check the ASQ website (www.asq.org) for books, e-learning classes and instructor led classes.
- J.P. Russell, editor, The ASQ Auditing Handbook, third edition (formerly called The Quality Audit Handbook), ASQ Quality Press, 2005, p. 17.
- Dennis Arter, Quality Audits for Improved Performance, third edition, ASQ Quality Press, 2003.
J.P. RUSSELL is president of J.P. Russell & Associates, Gulf Breeze, FL, and managing director for Quality Web Based Training Center for Education at www.qualitywbt.com. He is a Fellow of ASQ, voting member of the American National Standards Institute/ASQ Z1 committee and member of the U.S. technical advisory group for International Organization for Standardization (ISO) technical committee 176. Russell is an ASQ certified quality auditor and author of several Quality Press books, including Process Auditing Techniques, Internal Auditing Basics and the ISO Lesson Guide 2000.