This concept of verifying compliance was picked up by the quality profession in the 1960s and applied to the military and the nuclear power industry. The application of a compliance audit results in stability and assurance that rules are being followed.
Auditors serve three customers: the auditee, the client and the organization. The client (the person who commissions the a
udit), in contrast to the auditee, is accountable for the auditors' actions and reports.
Rule 1: Serve your customers
Audits provide information. All affected parties need to know if product, process and system controls are present and being applied, and obviously it doesn't hurt to know whether these controls actually work.
Rule 2: Use qualified people
Auditors must be able to carry out their assignments in an impartial and objective fashion. This means that they cannot have a vested interest in the activity being audited. If they developed the rules, they cannot impartially evaluate the effectiveness and application of those rules.
Rule 3: Measure against agreed criteria
Auditors are not allowed to make up the rules--they must audit against performance standards that are already in place and accepted by the auditee. This is the planning part of the plan-do-check-act loop. The highest level of requirements includes corporate policies, management system standards and regulatory requirements.
Rule 4: Use facts to form conclusions
Auditing is fact-based; conclusions are drawn from the data. Facts can be good (a requirement was met) or bad (a requirement wasn't met), but no judgment or opinion should taint them. These facts, also known as objective evidence, can come from five sources.
By associating the negative facts with missing or weak controls, the auditor rises to the system level of analysis. This has lasting value, because the system affects the process, which affects the product or service.
Credit : Dennis R. Arter for qualitydigest.com (January, 2000)