Primeiro, as auditorias de conformidade: “the compliance auditor is examining an activity and comparing it to certain rules. As with inspection, the result is binary. Either the rules are followed, or they aren’t. These high evidence and low value judgment audits are an extension of the inspection. Often, the results are presented as a completed checklist of observed conditions.”
Depois, as suas lacunas: “Inspection is never perfect. Neither is a compliance audit. As a snapshot in time, the audit says, “At this time, these conditions are being met. It’s unknown if this will continue.” The compliance audit does not test the ability of the rules to achieve the organization’s objectives. The auditor assumes that the rules are good and leaves such analysis to others—”
Então, Arter começa a abrir o livro e a pôr o dedo na ferida:
”Sometimes the planning part of the plan, do, check, act cycle is not as good as it should be. Requirements are not clearly defined and the “big honkin’ manual” doesn’t really say much.”
“Regardless of the reasons for this lack of definition, the compliance auditor does not have a charter to say, “These are stupid rules. They don’t say anything.”
In an effort to be helpful, the auditor may augment these ill-defined rules through personal interpretation. Of course, that is in violation of a fundamental principle of auditing that says that we audit to standards of performance (requirements) that have been accepted by all parties before the audit started”
Para concluir “We need something more than just compliance audits”, é verdade, não estou sozinho!!! (E não esquecer este postal).
Precisamos de auditorias que avaliam o desempenho, que levam as organizações a reflectir sobre o que têm, e sobre o que precisam:
“People are beginning to understand that good products or services come from good processes, which come from good systems.”
“… performance audit. ”This type of auditing goes beyond compliance.”
“You need to explore patterns and the reasons things happen.” Tenho de voltar a pegar nesta deixa, naquilo que planeio venha a ser a quarta parte desta série.
“Management audits are most appropriate for internal, first party use. You have control over your own corporate destiny and the resources being used. You make market decisions. By analyzing patterns and connections, internal auditors can determine the causes of the observed nonconformities.”
“Management auditors need much more preparation than their compliance counterparts” e “A good rule here is one hour of preparation for two hours of fieldwork”
“The auditor must be able to show business trends. The investigative process only begins with the identification of a nonconformity—it is just a sniff of something deeper. Why is that problem happening? What are the patterns here? Again, those universal process affectors (material, methods, machinery, manpower, measurement and environment) must be explored. Certainly, the seven basic statistical tools are useful. Individual nonconformities are placed into piles (data chunking) to show the bigger picture.
Reporting. Audit reports should answer the “so what?” question, asking how these problems are affecting the health and profitability of the organization.
In other words, a finding should address both cause and effect. This is perhaps the most critical part of successful management auditing. If one can show the effect as pain, in business terms (cost, schedule, scrap, opportunity, risk, and so on), the offending control weakness will be corrected”
Uau, uma sintonia de ideias!
Por que é que mais gente não se revolta contra este tipo de auditorias “farisaicas”, ou ritualistas, que não trazem valor acrescentado?
A segunda referência… bem a segunda referência, ainda conseguiu ser mais eloquente do que a primeira!