In this short article, I outline how organisations can transform their audit and inspection processes into a powerful integrated risk assurance system using proven ISO methods. It’s easier than you think.
Many inspection and auditing systems have understandably evolved separately, and therefore are incapable of providing board-members and senior-management an accurate overview of an organisation risk exposure.
This siloed approach to audit and inspection can also lead to unnecessary high auditing and inspection costs, process duplication, suboptimal decision-making and worse still, ill-informed risk taking.
A new risk-based focus to auditing and inspection promises to solve this problem i.e. risk-based auditing (RBA) and risk-based inspection (RBI).
But before an organisation can take full advantage of RBA and RBI it needs to modify its audit and inspection processes so they speak the universal language of risk i.e. consequence and likelihood.
Once this transition is made, an organisation has laid the foundation of a powerful risk monitoring, control and improvement system.
- The ability to reliably assess and benchmark risk levels organisation-wide i.e. processes, systems, groups, suppliers, etc.,
- More effective risk control by focusing an organisation’s limited audit, inspection and improvement resources on its areas of highest risk exposure,
- A significant reduction in the amount of time and resources needed to integrate audit and inspection results into intelligible management reports,
- A significant improvement in the capacity of process and system-owners to work more collaboratively in identifying and eliminating the causes of unacceptable risk performance,
- A significant improvement in stakeholder risk assurances e.g. board-members, senior managers, process-managers, employees, shareholders, suppliers, regulators, etc.
Modifying an organisation’s audit and inspection process so they measure risk, need not be complicated. The key is choosing a quantitative auditing and inspection methodology that can be applied organisation-wide.
The methodology also needs to be recognised as world-best-practice, conform to the new risk-based thinking requirements outlined in ISO 9001 and ISO 14001, and at the same time significantly improve audit and inspection efficiency and effectiveness.
As it turns out, such a methodology exists. It’s called “Sampling procedures for inspection by attributes”.
World best practice
Originally developed by the Bell Telephone Company in the mid-1920’s, the methodology has undergone a number of iterations and ownership changes, and is now published by most standard bodies worldwide; including the International Standards Organisation (ISO) i.e. ISO 2859.1:1999.
What the standard does, is it allows potential process failures (i.e. non-compliances and non-conformances) to be separated into different consequence categories based on their likely impact on organisation goals i.e. Critical, High, Medium and Low.
Each consequence category is then assigned a maximum failure-rate; which combine to form the organisation’s risk appetite.
The methods in the standard are then used to determine whether a process has exceeded the organisation’s risk appetite, by examining the type and number of process-failures found in a randomly selected sample.
If you’d like to learn more about how your organisation can use these world-best-practice methods to transform its audit and inspection processes into a powerful integrated risk monitoring, and control and improvement system, download my whitepaper and view the video by clicking here.