Learn how to be an AASHTO lab 24/7

"“…if you do everything that the AASHTO accreditation requires you to do, if you execute all of the requirements of [AASHTO re:source], you will have a well-run laboratory."

Florida Department of Transportation

Tim Ruelke, P.E., Director, Office of Materials

55+ years of experience
PSP participants
samples shipped per year
laboratory assessments per year
accredited labs

Internal Auditing: Just the Facts, Ma’am!

By Tracy Barnhart, Quality Manager

Posted: April 2013


Internal-Auditing_WhatIt’s tax time, so hearing the word “audit” may strike some fear in you today. No worries – I’m not with the IRS! That being said, AASHTO R 18, ISO/IEC 17025, and various other quality management system standards do require that construction materials testing and inspection agencies perform internal audits. R 18 states the following: “Internal audits shall verify that the laboratory’s operations continue to comply with its policies and procedures and the requirements of this standard (i.e. R 18).” R 18 also requires that internal audits be conducted at least every 12 months.

But what exactly IS an internal audit? The terms “examination” or “review” usually come to mind when you hear the word “audit.” However, the official definition of an internal audit may scramble your brain: “A systematic and independent examination to determine whether quality activities and related results comply with planned arrangements and whether those arrangements are implemented effectively and are suitable to achieve objectives.” Now it’s crystal clear, right? Fear not – I will break it down into manageable pieces for you.

Internal-Auditing_WhereInternal audits, or 1st party audits, are audits that an organization performs on itself at that particular location. As a testing laboratory, you may be “audited” by AASHTO re:source, CCRL, and perhaps other external agencies. These are called external, or 3rd party, audits. Regardless of the type of audit it is, all audits involve some sort of review process. And, believe it or not, audits (at least in the internal auditing sense), don’t have to have a negative connotation. Quite the contrary, in fact! More on that in a moment…

Internal-Auditing_WhyGood Question!  Although the quick answer is “because you have to,” the meaningful answer lies in the goals of performing internal audits, which are: (1) verify that your quality management system has been effectively implemented and maintained, and (2) find improvement opportunities. Simply put… (1) are you actually doing what your QMS states you are doing, and, perhaps more importantly, (2) how can you do it better? All of this ties into the “determine whether quality activities and related results comply with planned arrangements…” part of that complicated internal audit definition.

You may be asking yourself why internal (1st party) audits are necessary if your organization is already subjected to multiple external (3rd party) audits by various agencies. The primary objective of 3rd party audits is to assess a QMS for conformance to standards, usually resulting in certification, registration or accreditation of the organization. These audits are performed by individuals independent of your organization. Alternatively, 1st party audits are generally referred to as “self-assessments.” The primary objective of 1st party audits is to improve an organization’s operations. Nobody knows your business better than you do, and that’s why you should perform audits too. Simply put, conducting internal audits is good business practice.

See, you shouldn’t start the internal audit process with negative thoughts like “What are we doing wrong?” or “Who screwed up this time?” Switch gears and think about the greatest benefit of the activity instead, which is making your organization the very best it can be. In other words (going back to that crazy definition again), is your QMS suitable to achieve your organization’s quality-related objectives? For example, if one of those objectives is to achieve 100% customer satisfaction, does your QMS have the “teeth” to get you there? If not, it’s time to make some adjustments. For more help on developing an effective QMS, see my three-part series on that topic (The Road to Developing an Effective Quality Management System (QMS): Part 1 - Why Bother?; Part 2, Getting Started; Part 3 – Finish What You Started).

Internal-Auditing_WhenAs I mentioned previously, AASHTO R 18 requires that internal audits be conducted at least every 12 months. That being said, you don’t necessarily have to audit your entire QMS all at once, every 12 months. This is particularly applicable to large testing laboratories that have separate testing facilities. It may be more effective to audit each testing area (soil, asphalt, concrete, etc.) and/or QMS area (technician training and evaluation activities, equipment records, etc.) separately throughout the year instead of trying to jam everything into one huge audit. This is perfectly acceptable as long as the laboratory’s entire QMS and all testing areas are audited at least once every 12 months.

Internal-Auditing_WhoBefore we get into the How, let’s talk about The Who. Anyone, even Roger Daltrey, can perform an internal audit. There are, however, some criteria to consider. First of all, since internal audits are 1st party audits, they should be performed by regular employees of your organization. Audits can be performed by one person or a team of individuals. Additionally, AASHTO R 18 requires that internal audits be conducted “by trained personnel independent of the activity being audited, where possible.” The training part is easy – internal auditors must be trained to perform audits. This can be done in many ways, from taking an external training course to providing training in-house by experienced personnel. Be sure that records of the training are maintained.

Now the hard(er) part – the auditor must be independent of the activity being audited. To maximize the effectiveness of the audit, the auditor must be as impartial as possible. In a nutshell, that means that the Soils Laboratory Manager should not be auditing the soils laboratory activities. Keep in mind that internal audits are not required to be performed by managerial or technical personnel. Administrative or other non-technical staff can certainly perform the audits as long as they are (1) trained, and (2) independent of the activity or area being audited, and (3) sufficiently knowledgeable about the area being audited. While most laboratories have ample personnel from which to select “independent” auditors, those words “where possible” may apply to laboratories that only have a handful of employees. In those cases, it may be difficult to find someone that is truly impartial due to their close association to the activities being audited. If so, the auditor should do their best to be as unbiased as possible when reviewing the QMS.

Internal-Auditing_HowGetting started isn’t as hard as you might think, and there are tools you can use to make the internal audit process much easier. Since internal auditing is a continuous improvement process, the Deming cycle of PDCA (Plan-Do-Check-Act) is a great way to manage the process. [For those of you that aren't familiar with Deming, the late Dr. William Edwards Deming (1900-1993) was one of the foremost experts in quality control in the United States.] Let’s start with the planning part of the cycle.

Internal-Auditing_PlanPlanning an internal audit involves scheduling the audit date, selecting the audit team, preparing an audit plan, and reviewing the applicable documentation. Audits should not be a surprise to those involved. Select a mutually agreeable date and stick with it. Preparing an audit plan or agenda lets people know when you will be working in their area(s), preventing wasted time from potential backtracking and repeat visits, and leading to a more efficient audit. Prior to the audit, be sure to gather and review the documentation for the specific areas that you will be auditing. This will help you develop questions to ask while simultaneously familiarizing you with the processes to be audited. Does the quality manual include all documentation required by R 18 and other applicable quality management system standards? Don’t forget to review the previous internal audit report and any corrective actions resulting from those findings. Prepare checklists during this review process to help map out your audit trail. Checklists take the guesswork out of what you need to review and what questions to ask during the audit, and can be retained with the final audit report as part of the audit record.

Internal-Auditing_DoNow it’s time to actually conduct the audit. During this process, you will be gathering objective evidence upon which you will base your final audit findings. Objective evidence is information about the QMS that can be verified by observation, measurement, or test. DORS are the primary sources of objective evidence – Documents (reviewed before and during the audit), Observations (of work activities), Records (that are examined to determine conformity to requirements), and Statements (made by personnel during the audit). Keep in mind that auditing is an exercise in sampling. It is not necessary (or logical) to check every single QMS process step-by-step, review each and every record, or interview every employee. Random samples should be selected by the auditor, not the auditee, for review. If you are satisfied with what you see, and the laboratory is doing what it says it is doing, move on. If not, look at some more examples before you draw any conclusions. Ask open-ended questions, such as “Can you describe the sample log-in procedure?” rather than “Are samples logged in?” Open-ended questions give the auditee a chance to explain processes step-by-step, allowing you to determine if those processes are described accurately in the QMS. Check randomly drawn samples of records for activities such as: technician training and evaluations; corrective actions; equipment calibration, standardization, check, and maintenance; and test reports. Is the information being recorded as described in the QMS? Are records retained for the applicable period of time?

Internal-Auditing_CheckWhat’s next? It’s time to draw some conclusions, or findings, based on the objective evidence you have gathered. This is the Check part of the PDCA process. Your audit findings must be factual statements that can be substantiated by objective evidence. At this point, you may need to follow up on your notes and observations to ensure your conclusions are based in fact. Findings are usually categorized in two ways – nonconformities and observations. Nonconformities are just that – something that is not in conformance with stated requirements. Observations can be improvement opportunities, recommendations, or even statements of excellence. Be sure that improvement opportunities and recommendations are based on requirements rather than just the opinion of the auditor. Nonconformities should include three parts: (1) the requirement [i.e. what AASHTO R 18 and/or the laboratory’s QMS requires], (2) the finding [a description of the nonconforming issue], and (3) the objective evidence that backs up the finding. Here is a simple example:

Nonconformity #1:

Requirement: The competency of technicians shall be evaluated once every two years, as required in Section 5.5.2 of the laboratory’s QMS.

Finding: Current competency evaluation records were not presented for John Smith and Jane Doe. The most recent records were dated August 2008.

Objective Evidence: Review of (1) the laboratory’s QMS requirements, and (2) the competency evaluation records on file in the Laboratory Manager’s office.

The internal audit report should include other important information such as the audit date, the standard(s) on which the audit is based (such as AASHTO R 18), the name(s) of the auditor, the names of the employees that were interviewed, etc. Once the findings have been presented to the laboratory’s applicable management staff, it’s on to the last stage of the internal audit process…

Internal-Auditing_ActWhat to do with the nonconformities? Act on them! AASHTO R 18 requires that corrective action be taken for nonconformities noted during internal audits. Findings categorized as observations typically won’t require corrective action. The corrective action task is often assigned to the “owner” of the process identified in the nonconformity, such as the Laboratory Manager in the above example. A description of the steps that have been taken to correct the nonconformity must be documented. Additionally, R 18 requires that all corrective actions begin with an investigation to determine the root cause of the nonconformity. Eliminating the root cause of the problem should ultimately prevent the problem from recurring. For a more detailed explanation of root cause analysis, see my article (Get to the Root of the Problem: Root Cause Analysis (RCA) Explained). Depending on the nonconformity, the corrective action process may also involve follow-up audits to ensure effectiveness of the actions taken. For example, the technician competency evaluation records could be reviewed again in six months to double-check that the activities are being performed in accordance with stated intervals.

Internal-Auditing_endIt is a fact that the true intent of internal auditing is to verify conformance to requirements – “Are we actually doing what we say we are doing?” However, auditing also allows you the opportunity to do something just as important – identify weaknesses within your QMS. Fixing those weaknesses will drive continual improvement throughout your organization, and will ultimately help ensure that all of your goals are being met. So, the next time you hear the word “audit”…SMILE!

Printer Friendly Version