I have been asked by a client of mine what the “typical” auditing organization looks like for a large multinational service/software organization. I can’t find info on the web, and I’m hoping that you can help me out with some basic questions, like:
How many auditors/organization (so I can calculate auditors/employee)
are the full time, part time, or full time equivalents?
are they centralized (who do they report to) or decentralized (ditto)
what are the benefits and drawbacks of your system? What’s working well and what has holes?
Any info you can share with me would be most helpful as I try and craft an answer… please feel free to contact me offlist at processimprovement[at]gmail.com if you’d rather not post here… thanks!
There is not “one best” approach. It depends on the size of the organization, the degree to which it is regulated and/or has high risk processes, resources available, degree of desired employee involvement in auditing, overall goals of the audit program, …
I’ve worked with organizations that train a different group of auditors every year or so (representing a diagonal slice of the organization) to ones with a single auditor who conducts all the audits. Each has advantages and disadvantages.
Best approach for a particular situation is likely to be one that management will support and that will generate useful information from the audit process.
We have about 200 employees. Our main auditors are the QA Mgr., myself-QA Super, and a QA Tech. Our Dept. Supers also get in on the fun doing audits on their processes though these are not counted as ISO Audits. We decide what areas need auditing, do a Primary audit and then go back with secondary audits until we are satisfied any problems found have been fixed. Still working on the best way to handle this but it does work on the problems needing fixed much faster than scheduled audits everywhere. Much more payback!