Featured Product
This Week in Quality Digest Live
Standards Features
Jón Bergsteinsson
Understanding the standard is essential
Stephanie Ojeda
The FDA’s new QMSR will harmonize with ISO 13485 for medical device quality management
Aymen Saidane
Addressing modern manufacturing challenges with advanced software
Steve Thompson
An excellent technological tool that improves quality and compliance
Delivering quality to the health industry

More Features

Standards News
Providing practical interpretation of the EU AI Act
Advanced Swiss CNC machining delivers precision for the tightest tolerances and specifications
Oct. 24–25, 2023, 8 a.m.–5 p.m. Eastern
Greater accuracy in under 3 seconds of inspection time
Showcasing the latest in digital transformation for validation professionals in life sciences
New models can test wide range of motor sizes on a single system

More News

Kurt Boveington


Internal Audits—A Preventative Tool

A tactical advice on a company’s approach

Published: Thursday, February 19, 2009 - 07:48

With all of the quality lingo over the years, “right-the-first-time,” “prevention vs. detection,” “total quality,” “Six Sigma,” “ kaizen, ” and “continuous improvement,” Intermec Media, a label converter in Fairfield, Ohio, has taken this to another level and applied these concepts to their own internal audit process. As with any process, it’s better to do it right the first time; hopefully the process will prevent problems from reoccurring, and allow itself to be continually improved so that it can adapt to an ever-changing business.


Most people equate internal audits with a witch hunt. The audit is done to find the negatives—“What am I doing wrong?” The audit is punitive in nature, a surprise attack, done when you least expect it, to catch you in the act of doing something wrong. Heaven forbid, if we published a plan, everyone would have time to sweep the dirt under the rug. Other misconceptions: ISO standards issues belong in the “ISO department” just as all quality improvements are owned by the quality department. Have you had enough, or do you want more? How about, “We are only doing the audit because ISO says we should.” “We are doing the audit to make management and our external auditor happy.” Obviously, all of the above are truly misconceptions. Periodic internal audits are necessary to adhere to the ISO standard, but more important, they are done to improve your operation, and ultimately, enhance the bottom line.

Accentuate the positive—start spreading the news.

Perhaps one of the reasons internal audits are shackled with misconceptions is that auditors at times forget the positives. Although the audit should expose processes that are out of control or below standard, it should also publish the positive results as well. Examples: “Audited 20 work orders and all 20 adhere to the standard,” “Reviewed 50 employee-training records and all 50 are up-to-date and adhere to the standard,” “Audited the new process for customer complaint resolution/cycle time. The improved process results in resolving customer complaints within five days from 78 percent to 96 percent.” Furthermore, internal audits are an opportunity to expose your company’s best practices. When exposed, other departments can study these and adapt where applicable. Keep in mind, the internal audit is not a failure, if all you have to report are positive results.

Current problem/situation

Intermec Media was first registered to ISO 9001 in 1996. Toward the end of 2007, the company started to look at their own internal audit process. Documented audit reports existed, however, there was little or no evidence of any formal audit plan. Audits were always planned and done at the time of the audit. They weren’t viewed as a continuous process. A number of factors may have contributed to this. As some people know, the role of the internal auditor isn’t the most glamorous or sought-after position in the company. Who wants to be the one to point out faults or transgressions? Thus, a number of people passed through this position over the years. Each person may have made an attempt at putting a formal plan in place. However, no one stayed in the position long enough to maintain continuity.

Plans are in the mind of the beholder

Just as “beauty is in the eye of the beholder,” “plans are in the mind of the beholder.” Many people plan, but unfortunately most people fail to put their plans in writing. Isn’t it ironic that the ISO 9001 slogan, “document what you do and prove that you are doing what you document” doesn’t apply to its practice?

Of course, having a plan isn’t enough. For the plan to be successful, all departments must be involved, which wasn’t the case at Intermec Media.

Given these factors, having an ongoing, documented audit plan became a priority for Intermec Media in 2008.

The solution—the plan

Faced with these problems, the company set out to change its course. As an internal auditor, one cannot view the audit as simply a date on the calendar. Even though the audits are scheduled three to four times per year, the planning should be occurring almost daily. A similar analogy can be made with performance appraisals. These usually occur once per year, but the appraisal isn’t fruitful or meaningful unless there’s continuous communication and feedback throughout the year between a manager and subordinate.

The first step in this process was to document a plan portraying all of the scheduled internal audits throughout the year, but more important, all monthly, weekly, and even daily duties and tasks. The plan also defined all inputs to the audit process. These included all the quality information, charts, and metrics maintained in the company.

As the above items were studied and monitored, questions were formulated and saved in a file for use in the next internal audit. These questions were then linked to the current policies (PY), procedures (PR), and work instructions (WI) in the following manner:

  • Is a problem/issue a result of a policy, procedure, or work instruction not being followed? (This shows a lack of training, communication.)
  • Is a problem/issue a result of a policy, procedure, or work instruction that is obsolete or out-of-date? (We don’t do “this” anymore.)
  • Is a problem/issue a result of a policy, procedure, or work instruction that is lacking or simply incorrect? (We need to add or revise a PY, PR, or WI.)

Let’s get down to Tactics

One of the goals of the audit plan was to assure that it would be modularized by department and transferable to any internal auditor. In this manner, anyone trained to assist the auditor could easily audit one or two departments. Furthermore, as internal auditors come and go, the plan, strategies, and tactics, could be easily understood, adapted, and maintained.

The first step was to create a spreadsheet file for each department. Within each file, a number of tabs or sheets were set-up to store applicable document indexes, surveys, and other information unique to the department. The key, however, was that a sheet was established for each audit to store the formulated questions for that department. On an ongoing basis (daily, weekly), as the inputs mentioned above were monitored, the questions were entered and stored direct to this tab. The end result was that the auditor had a list of specific questions targeted to specific job descriptions ready to go at the time of the audit. Furthermore, since there was a tab/sheet saved per audit, anyone could go back and review a history, what questions were asked, and which issues were addressed over the past several audits.

Help! I can’t do it alone.

Another tactic employed was a periodic survey sent to all department managers asking for their help. The purpose of the survey was to act as a preventive tool to identify any trends or new events within the company that may trigger the need to audit a particular function in the near future. Also, it can be used to alert other departments to review specific procedures or work instructions as a result of a trend or new event. The surveys were specifically tailored to each department. The results of the surveys triggered questions and/or issues that needed to be documented in the appropriate department files for the upcoming audits.

Unless your company is very small, no one can possibly know everything that’s going on in all departments. Also, one cannot assume that department A is communicating with department B on all relevant issues. How many times have you heard, “No one told me they changed the specification on this,” or “I didn’t get the memo on that.” The internal auditor, with these survey results in hand, acts as a carrier of pertinent and timely information between departments. One example: The survey results from R&D and purchasing departments indicated that new product development had resulted in the purchase of new raw materials. The survey results from the receiving department indicated some employee turnover within the incoming receiving function. This combination raised a flag and generated a notation for the audit file: Do the new employees in receiving understand the procedures for separating and inspecting the new raw material?

Check this and check that

In addition to the above, incorporated into the audit plan were many checklists. Some people like checklists and some people don’t. Checklists are an excellent way of making sure you have covered all bases. After your car is serviced, doesn’t it give you a nice, secure feeling to look over the checklist of services and see “brake lines, shoes, and pads thoroughly inspected?” Especially when making a hurried stop at the next busy intersection. The checklists encompassed all the data-gathering activities throughout the year right up to the time of each audit.


Haven’t I seen you here before? Do you come here often?

After each quarterly audit, there’s usually a big sigh of relief—especially from the auditee. Many auditors have heard comments as they walk out the door, “I’m sure glad that’s over,” or, “Thank God we won’t see him again for three months.” What must they think when, one week after the audit, the auditor shows up at their department’s doorstep? At Intermec, the results of the quarterly audit warranted additional mini weekly audits or spot checks in some key areas. Keep in mind, some problems are real while other problems are perceived. No one knows for sure until you collect some data, chart the data if needed, and analyze the results on an ongoing basis. This can’t wait until the next internal audit, which is three months away.

Even though nonconformities or corrective action reports (CARS) were written, some areas needed more attention in the form of these mini audits. These audits were carried out in five separate departments for different reasons and objectives. Each audit only took about 15 to 20 minutes per week, but gave management more data to see if corrective actions were carried out and their effect on the business. The duration of most of these audits lasted just four to six weeks. For example, from one quarterly audit an issue was raised regarding the revision levels of our raw material specifications. There were some inconsistencies between the hard-copy documents and some of our database files. After four weeks of sampling the raw material specifications, we found that we simply had too many databases storing the same information. Sometimes the obvious isn’t so obvious until you look at the data. In this case, we picked the low-hanging fruit and eliminated the raw material specifications from one of the databases.

In another example, a quarterly audit raised the question of whether operators were performing the proper quality checks on the production lines. In this case, production records were randomly sampled weekly for 25 weeks to see if the proper checks were done. This raised awareness of the importance of the quality checks. At the end of this duration, errors in production dropped about 18 to 20 percent, and there was about a 10-percent drop in customer complaints. Other factors may have contributed to these statistics, but the weekly, mini audits helped.

Elementary, my dear Watson

Whether you are an internal or external auditor, you’re always fighting the battle of paper-trails and traceability. Auditors are always faced with the task of connecting the dots. Paperwork and documents flow through a company bureaucracy like it’s nobody’s business. Sherlock Holmes, had the unique ability and memory to connect all facts logically. Unfortunately, we aren’t all so lucky. Each department in a company has its own documents—hard-copy and digital. The employees in each department know exactly what they do to their documents. However, not everyone knows how all documents in the company are interrelated or connect to one another.

To address this issue, a number of systems were set-up within the company. These included a complete paper-trail audit system with instructions to connect most documents as well as a database routine that linked all documents to the appropriate ISO 9001 standard element, e.g., “Control of Nonconforming Product.” These systems proved to be big time savers.

Where do we go from here?

This article explains how one company tackled the plan, strategically and tactically, with respect to the internal auditing function. When it comes to tactical advice, there’s plenty of information in this journal, other trade journals, consultants, registrars, and even from other companies in your industry. Investigate, seek, and explore for ideas, but don’t duplicate. What works for one company, may not work in another. All companies are unique and may adapt in their own way to ISO 9001.

Intermec Media has made considerable progress in one year and is now facing the new ISO 9001:2008 revision, which was released in November 2008. Although the experts say the changes are minor in nature and emphasize clarifications, the company will be heading into the next year with the mindset of continuous improvement. At least we’re facing it with a plan in place, rather than no plan at all.


About The Author

Kurt Boveington’s picture

Kurt Boveington

Kurt Boveington works in the quality department at Intermec Media and performs many functions including internal audits. He has worked in or consulted with more than 30 companies in various capacities including quality, business development, product management, sales/marketing, manufacturing, and warehousing. He holds a BBA from Kent State University and an MBA from the University of Dayton. His master’s thesis, “Personnel Development, Training & Education” was published in several trade journals.