Five Main Steps in an IATF 16949:2016 Internal Audit

It seems that the internal audit is seen by many as a waste of time, just another box to check to keep up with an organization’s IATF 16949 certification. The more optimistic of these people may believe that they are simply duplicating what the registrar will be doing, when the internal audit could be so much more – a more frequent and more thorough look at your processes than the registrar could ever have time for. On the negative end, the internal auditors are sometimes viewed as detectives looking for trouble, and employees feel the need to protect themselves by providing false data or hiding important information.

The internal audit process: 5 main steps

The reality is that the internal audit is invaluable to a process owner, bringing fresh eyes to look deeper into the process to find improvement opportunities – helping to create a faster, more effective and more efficient process. Read on to learn the five basic steps to an internal audit, and best practices to help process owners take advantage of areas of possible improvement.

1) Plan the audit schedule. Crucial to the success of the internal audit process is developing an internal audit program, or audit schedule, and sharing it with the process owners. The IATF 16949 standard requires all QMS processes to be subject to audit during a three-year period, and knowing when each process is scheduled for audit allows everyone to be prepared. The internal audit program needs to take into account the complexity and significance of each process, prioritizing based on past performance, risk, and level of importance.

But, like all good plans, the internal audit program needs to remain flexible. Complaints from customers, changes to processes, and nonconformities – both internal and external – could indicate the need to review and adjust the program.

2) Plan the process audit. Now that you have a basic outline of your audit plans, and roughly when each process is scheduled for audit, it’s time for the internal auditor to sit down with the process owners and confirm the best time to review each process. The auditor should look back at past audits to determine if he needs to follow up on any concerns or issues, and the process owner can point out any areas he would like the auditor to focus on. The process owner should see a benefit from the audit process – not worry about being “caught” doing something wrong.

3) Conduct the audit. Before beginning the audit, the auditor should again meet with each process owner to confirm that the audit plan is feasible, and that everyone is ready. Then, the auditor can begin to gather the information he needs through employee interviews, observation, review of documents and records, and analyzing key data from the process. The point of this information gathering is to make sure that the process follows what is written in the Quality Management System, and that it produces the desired results. Any areas that do not have evidence of proper functioning should be identified, and – even better – the auditor should make note of any aspects of the process that could be improved.

4) Report on the audit. Once the auditor has gathered and analyzed the required information, a closing meeting should be scheduled with each process owner to discuss any problem areas in the process, and also any changes that could be made to further improve the process. These findings need to be documented in record form right away for future reference and follow-up. When the auditor shares positive findings and possible improvement opportunities, and not just the nonconformities, the process owner will be more accepting of the results, realize greater benefit from the audit, and learn ways to improve the process.

5) Follow up on nonconformities or potential improvements. Of course, identifying problems and areas for improvement is of little value without appropriate follow-up. Once corrective actions have been taken, it is critical to ensure that any problems have truly been resolved. And, if aspects of the process have been improved due to opportunities discovered during the audit, then finding out just how much improvement has been realized will motivate process owners to aim for continual improvement.

The key to a successful internal audit? Focusing on process improvement.

When the internal audit is seen as a way to look for potential improvements to processes, rather than just another box to check to stay compliant, an organization can reap tremendous benefits. Process improvement is a crucial part of any Quality Management System based on IATF 16949, and it should be a key focus for any company that wants to implement and maintain an effective, efficient QMS – and realize savings in both time and money in the process. So, don’t think of the internal audit as a waste of time (or worse yet, a search for mistakes); think of it as one of the best ways to continually improve your processes.

If you want to learn more about IATF 16949 implementation, check out this free  IATF 16949 implementation diagram.

Advisera Strahinja Stojanovic
Strahinja Stojanovic

Strahinja Stojanovic is certified as a lead auditor for the ISO 13485, ISO 9001, ISO 14001, and OHSAS 18001 standards by RABQSA. He participated in the implementation of these standards in more than 100 SMEs, through the creation of documentation and performing in-house training for maintaining management systems, internal audits, and management reviews.