A Learning Roadmap for QMS internal auditors

In last month’s article I discussed some best practices for Quality Management Systems (QMS) internal auditing programs and auditors. For example, ‘good’:

• internal audit programs are based upon a risk centric approach as well as a robust and frequent set of management review activities that demonstrate compliance with all of the organization’s strategic, tactical, and operational objectives.
• auditors must become subject matter experts in the processes they are asked to audit.

In this article I discuss how a learning roadmap can be used to acquire the skills and experiences needed for being a ‘good’ QMS internal auditor.

Please note, the skills and experiences appropriate for QMS auditors was something that ISO 19011:2011 touched upon (but that guidance was removed in ISO 19011:2018 as its approving committee felt that a fair treatment of that topic space was not readily possible due to the large number of individual management system standards. Obviously, that is not a position that I agree with). 

What is a Learning Roadmap?

A learning roadmap is a method for mapping a training or career development plan. It describes the relevant skills and experience as well as demonstrates their importance/benefits. It also may also suggest the sequence or timing in which the training concepts or qualifications implicated can be acquired.

So, when you first think about a learning roadmap for a QMS internal auditor you might think it has them acquire the desired skills and experiences through the following role trajectory:  

• first as an auditor in training/observer
• then as auditor
• then as lead auditor 
• and then as ‘director/manager of internal audit program’

You might also think it has the QMS internal auditor first become familiar with the processes internal to the organization and then with those of its relevant external partners (e.g., suppliers and yes in some cases, even those of their customers). That is you might think a QMS internal audit should start with 1^st party audits then 2^nd party ones and then ultimately be engaged in 3^rd party audit activities. Note: the definition of 1^st, 2^nd and 3^rd party audits is found in in ISO 19011.

Finally, you might also think that the progression of the training to become a ‘good’ QMS internal auditor has to include a certification as an auditor from an (ANAB or otherwise) accredited personal QMS auditor training organization.

That kind of roadmap, however, is only a partial learning plan for becoming a ‘good’ QMS internal auditor role because it should also include insights into how:

• the core skills and experiences implicated can be developed and acquired (rather than just depicting a the ‘Junior’ > ‘Intermediate’ > ‘Senior’ job level classification used to provide an indication of the competency and reliability of the skills and experiences acquired). For example, it also needs to speak to what a QMS is and how to manage it. 
• to gain exposure to a ‘single site’ and ‘multisite’ organizations as well as their clients and suppliers. 
• to become an owner of a business or (minimally) an intelligent shareholder of one as well as a member of the committees that define the relevant (statutory, regulatory, or industrial) standards and best practices.

A learning roadmap can be constructed in many ways. For example, it can have many dimensions including but not be limited to:

• concepts
• examples
• tools

It also can provide (directly or indirectly) indications of the success criteria/results (e.g., “not yet”, “getting there”, “got it”, “wow – subject matter expertise”) that help you understand what skills you have learned and from what experiences. It can also provide insights into how that learning was obtained (e.g., formal classroom training, conference, e-learning, peer tutoring, one-on-one coaching/mentoring, self-training, on-the-job-training) and through what form/record (e.g., presentation, lecture, white-paper, blog/article, or actual job assignment/work assignments).

An example of more comprehensive learning roadmap for a ‘good’ QMS internal auditor is shown in Annex-1. I hope you find it useful towards achieving your own QMS internal auditor aspirations as well as an understanding of where your skills and experiences can come from as well as where they can carry you to.

What are the relevant skills of a ‘good’ QMS internal auditor?

Every role/job in an organization requires the person(s) fulfilling it to possess different skills – both soft and technical. So, let’s remind ourselves some of the key responsibilities of a QMS internal auditor before discussing the skills relevant to complete that role.

In short, QMS internal auditors are responsible for:

• creating and maintaining a master audit plan/schedule or minimally the audit plan for the process they are assigned to audit. For example, the QMS audit universe is typically depicted in a three-year master audit schedule/plan that has divided the effort to audit/risk assess processes into manageable units that cover of all (key) processes.
• executing audits (to the audit plan)
• producing audit reports

ISO 19011 provides guidance on best practices to these responsibilities to which I only wish to clarify that a ‘good’ audit report:

• provides management with clear, complete, and accurate indication of compliance with all of its business objectives that is based upon a statistically significant amount of objective evidence drawn from the “as is” executed process activities.
• is brief and of a simple style/layout so that it can be quickly communicated and easily understood.

Thus (to me) the essential soft skills of a ‘good’ QMS internal auditor are:

• organized and pro-active in the planning and execution of the internal audit program
• flexible as to quickly accommodate the schedule or priorities of those persons being audited, etc.
• integrity towards reporting audit findings accurately and timely 
• punctuality and reliability to start and then complete the audit/audit interviews as scheduled
• the ability to:
  1. start each audit with a fresh slate; i.e., to be unbiased by any of the process’s past performance/audit results OR any unsubstantiated perception or opinion of its current weakness
  2. be patient as to listen to the person(s) being audited especially whether or not they self-identify themselves as the process owner or key practitioner as to ensure that a consistent understanding of the process exists amongst those assigned to fulfill it
  3. communicate effectively in both verbal and written form to influence and/or build consensus with as well as to obtain approval of the audit findings/report from persons at various levels of authority and accountability in an organization 
  4. assess the appropriate and adequate amount of objective evidence as to affirm that a process is compliant or not with its implicated requirements
  5. adhere to the time allocated for auditing or reporting the results of the audit
  6. meet new people as well as to build and sustain trust and collaborative relationships
  7. delegate to fellow audit team members
  8. protect confidentiality and intellectual property
  9. remain calm and always use a positive and non-argumentative engagement approach even if management (excessively or forcibly) questions the veracity of the audit findings
  10. travel 

Next (and to me) the essential technical skills of a ‘good’ QMS internal auditor are:

• innovative in their approach and methods used to gather and assess objective evidence for its compliance with the implicated specifications
• competent; i.e., possess an appropriate level of awareness and/or curiosity to the standards, guidelines as well as the best practices for the people, processes, systems/tools, and technologies being audited and the methods needed to audit them. For example, a ‘good’ auditor must be able to quickly discern the big picture from the details and not loose track of either. This includes having a penchant for also knowing when and how to describe an opportunity for improvement (and not just how to document a non-conformance).
• proficient at

1. describing what the problem is; why it is a problem as well as the problem’s severity (based on the facts pertaining to the implicated process, product, customer, supplier, tooling/equipment, or material). 
2. making sound judgements upon what they observe. For example, problems/findings are described with an excellent perspective to their impact on the organization’s level of customer satisfaction, business process effectivity, finances, or knowledge base.
3. using online meeting and collaboration tools.

What are the relevant experiences a ‘good’ QMS internal auditor should possess/acquire?

The relevant experiences of a ‘good’ QMS internal auditor are those that will be gained by completing the various jobs that exist for each process the organization operates/sustains. To that very point and strategically speaking, the key process interaction diagram is an excellent asset for helping to identify the relevant experiences a ‘good’ QMS internal auditor should acquire/possess. 

Yes, it is hard for a QMS internal auditor to acquire all the experiences from all such jobs/duties of all the organization’s processes, but a ‘good’ internal auditor is always open to and challenging themselves to grow 😊.

Summary and Conclusion

In summary:

• a learning roadmap is tool that can help a QMS internal auditor to ‘fit the part and the environment’ they are going to audit. For example, the learning roadmap:
  1. can be used to help ensure that the skills and experiences for creating a ‘good’ audit report are regularly cultivated/stimulated.
  2. must provide insights (if not literal guidance) towards the intended levels of the internal auditor’s performance, knowledge and understanding
• a ‘good’ QMS implies that the organization has ‘good’ QMS internal auditors that are executing a ‘good’ internal audit program. To the later point, a ‘good’ QMS audit program exists when the results of it are:
  1. increasing the organization’s effectiveness and its reputation
  2. identifying (if not delivering) risk appropriate improvements to the capability, durability and reliability of the products or services offered by the organization
  3. enhancing the competency, morale, and safety of everyone implicated

To conclude, a ‘good’ QMS auditor is one that:

• strives to be just as knowledgeable as the champions and practitioners of the processes they are auditing. If they are not, it is possible they might be fooled into thinking compliance exists between the process being audited and the objective evidence presented for it. More practically speaking, auditors who do not understand the process nor its risk to and value with the organization’s objectives will likely create audit findings that do just as much damage to that organization’s culture of quality than the amount of benefit obtained when those findings are corrected/prevented.
• has experience in the technologies that their respective workplace is built upon or being improved with. As an example, today’s industrial revolution within the engineering and manufacturing workplace is known as “I4.0” (e.g., autonomous robots, simulations, systems {vertical and horizontal} integration, IOT, Cyber Security, Cloud Data computing and storage, additive manufacturing, augmented reality, and data analytics). When members of the QMS internal audit team are also contributors to the business’s I4.0 capabilities then their QMS internal audit findings, recommendations, SWOT statements, and scorecards will be a very much welcomed input into the management review and continuous improvement activities of that organization.
• has expertise knowledge of and hands-on experience with many aspects of the product development methodology used by the organization.
• has excellent communication skills (like a public speaker) and is effective at gathering and analyzing objective evidence. Specifically, a ‘good’ QMS auditor does not just take someone at their word but also ensures that the evidence being presented is suitable and adequate for demonstrating compliance.
• embraces change. For example, sometimes the QMS internal auditor and/or audit program manager are also the owners of the organization’s quality manual. As such they need to be proficient at identifying redlines to the quality manual (and underlying procedures, work instructions, forms, etc.) as well as using the organization’s document change control practices and tooling in a timely and effective manner.

And now, a sneak peak into my next article

In my next article I will discuss some of the overall strengths and weaknesses of the QMS standards (e.g., ISO 9001, AS9100) as I have encountered in my own work. That is hopefully we all agree QMS standards are meant to be like the QMS quality manual itself … organic (e.g., candidate for continuous assessment and improvement) so I hope to share a few of the ideas of such improvement opportunities.

Annex-1 … Example Learning Roadmap for Acquiring QMS Internal Auditor Skills and Experiences

The goal of a learning road map is to show how to gain credible and sustainable knowledge along with a professional set of work behaviours that are relevant/appropriate for the role implicated.

Below is a learning roadmap for a ‘good’ QMS internal auditor; suffice it to say a person doesn’t have to start their career by first acquiring the core knowledge/concepts; rather they can start in any of the areas of work experience depicted and then become a QMS internal auditor. They can also acquire various certifications and subject matter expertise without having first started their career in a QMS internal auditor role. For example, persons who acquire new roles via horizontal as well as vertical job changes are often better suited to be ‘good’ QMS internal auditors.