ISO Internal Audit Process Map

What Questions Are Used for a Process Audit?

The PDCA process approach is used for business process planning, Business Process Management (BPM), and for business process auditing as well. A process audit is focused on determining process effectiveness and the ability to achieve planned results. What good is a business process that is unable to deliver the planned result?

The plan for a process audit is to start out with some general process audit questions in order to determine what the scope of the process is, what the purpose of the process is, and how the process operates. Now that we understand what the definition of the process is, we can focus on process management audit questions. Then later we can drill down into product realization specific audit questions.

General Process Audit Questions

When auditing a business process it is important to determine how much process planning has gone into the creation of the process and the system of processes that it belongs to. Many business appear to throw their business processes together with so little planning that it is any wonder why it is so hard to achieve planned results.

Business process planning means that each element of the process has been determined. As an auditor we want to understand how much the process participants (employees) understand about their process. Using SIPOC + PDCA is a good place to start. The first two questions revolve around process definition.

1. (ISO 9001:2015 Clause 4.4) Describe the business process you operate and how it relates to the other processes needed for the quality management system? (i.e. Turtle Diagram, Process Map, flow diagram, other)

SIPOC

i. What (S) Suppliers do you have for your process?

ii. What (I) Inputs are needed for your process? (materials, information)

iii. What (P) Process steps transform the inputs into outputs?

iv. What (O) Outputs result from your process?

v. What (C) Customers receive outputs from your process?

 

PDCA

i. (P) Plan: What Policies, procedures, forms, records and other information have been developed for your process?

ii. (D) Do: What data do you monitor or collect? (8.7) What is a process defect or nonconformance? (7.5) How is it documented?

iii. (C) Check: What criteria, objectives, KPIs, or target requirements do you compare to the data? (9.1.3) How do you analyze your process data?

iv. (A) Act: What actions are taken to (10.2.2) correct process defects, waste or nonconformances from occurring?

2. (ISO Clause 7.5) How are these documents and records controlled as documented information?

Process Management Audit Questions

A well-defined process will have answers to all of your SIPOC and PDCA questions. Next we want to understand how the process we are assessing relates to other processes within a system of processes — your process system. The linkages within an ISO system stem from your quality policy and quality objectives, which are two key results of your management commitment. The next seven questions revolve around process system management.

3. (ISO Clause 5.2) What is your company Quality Policy?

4. (ISO Clause 6.2.1) What are your company Quality Objectives?

i. How do your process objectives relate to your quality objectives?

ii. (9.3) How often are your company quality policy and objectives reviewed?

5. (ISO Clause 7.2) What skills and training are necessary to operate this process?

i. (7.2) Where are the training records for your process?

6. (ISO Clause 7.1) What kind of safety, security, and environmental precautions do you use at the company?

7. (ISO Clause 9.1.2) How do you know your customer is satisfied with your process outputs?

8. (ISO Clause 9.1.3) What did the latest analysis of your process and systems data tell you about the process?

9. (ISO Clause 10.2.2) How do you know your corrective action process is working?

Product Realization Specific Audit Questions

An effective process management system is obviously well managed; otherwise it would not be effective. Next we drill down into manufacturing (or service) specific questions to understand what the production system looks like. The last six questions revolve around product realization or manufacturing management.

10. (ISO Clause 8.2) What are the customer requirements for an order that moves through your process system?

11. (ISO Clause 8.1) What is a process system defect or nonconformance?

i. (6.1) How do you test for process system defects and make sure nonconformances don’t happen?

12. (ISO Clause 7.1) What equipment do you use to operate this process?

i. (7.1.5) How is it calibrated?

ii. What do you do if you find it is out of calibration?

13. (ISO Clause 8.5) What process controls are in place to make sure nonconformances don’t happen?

14. (ISO Clause 8.3) How do you use design input, review, verification, validation, and change records to ensure your process system outputs meet requirements?

15. (ISO Clause 8.4) How do you communicate your process input needs and/or problem materials to purchasing?

The PDCA process approach is all around us. It is used for business process planning, BPM, and to determine the ability of the process system to achieve planned results — process effectiveness. We do this using a process audit, which starts with general process audit questions, expands to process management audit questions, and ends by drilling down into product realization specific audit questions. Quality assurance policy statement and procedures auditing is all about process effectiveness and the ability of the process system to achieve planned results.

Download free policies and procedures from each policy and procedure department manual. Examine 19 different samples to see how easy it is to use Bizmanualz pre-written templates. Or call to inquire about ISO Training Services for your organization.

8 thoughts on “What Questions Are Used for a Process Audit?”

  1. This is a clear and direct oversight to explain a process audit, the importance of this process for an auditor and a business prospective, to examine a business process(s). Thank you.

    1. I am always open to improvement, but lets look at your points to understand what is missing.
      1. Explain a process audit. “A process audit is focused on determining process effectiveness and the ability to achieve planned results.”
      2. Importance for an auditor. “When auditing a business process it is important to determine how much process planning has gone into the creation of the process and the system of processes that it belongs to.” and “As an auditor we want to understand how much the process participants (employees) understand about their process.”
      3. Business perspective. “The PDCA process approach is used for business process planning, Business Process Management (BPM), and for business process auditing as well.” and “What good is a business process that is unable to deliver the planned result?”
      Let me know what else you would like to see and maybe I can update the post to add more information.

      1. Some very important points were missing:

        1. What are the controls exercised on outsourced processes to ensure product conformance to customer requirement?
        2. Whether a quality plan is available and if so whether it is always followed in all inspections?
        3. Whether corrective actions are monitored for continual improvement sustenance?
        4. what steps the management takes to ensure business continuity from a customer point of view?

        1. You bring up some more detailed questions that could certainly be part of a process audit. Thanks for highlighting points that could be added, but is it missing from the post?

          1. Controls, see question 13 process controls.
          2. A Quality Plan is not required, but is part of question 1 PDCA or plan information developed for the process.
          3. Corrective action sustenance, see question 9 corrective action process working.
          4. Business continuity from customer view, see question 10. We could certainly elaborate more on this and it would make a great preventive action.

    1. For a process audit, we are looking for evidence that the process has been planned (sequence of steps, acceptance criteria, clear SIPOC), data is collecting through active measuring and monitoring, that nonconformances are recorded, and then actions are appropriate actions are taken to achieve planned results. That is the essence of PDCA. DMAIC is used in six sigma process improvement. Think of PDCA as basic quality and DMAIC as advanced quality. It is all a matter of the requirements your have to meet. Higher specifications or tolerances require more advanced quality methods and therefor dictate the methods needed to achieve results.

  2. THX for your sharing experience.
    Generally, carry out process audit from 6 aspects such as 5M1E, each aspect you can apply PDCA concept to examine the specific process,
    and sometimes I prefer to audit process as per control plan of specific product, it will be easy for auditing.

Leave a Reply

Your email address will not be published. Required fields are marked *