Harrington
Six Sigma
Godfrey
Townsend
Marash
Last Word


Donate to Disaster Relief

Red Cross
Salavation Army
 

 

Last Word
Greg Hutchins

The Next Big Thing!

Internal auditing can help companies anticipate trends--including disasters.

What's the next big, big thing? Six Sigma? Nope. ISO 9000? Not really.

 OK, then what's next? I've been talking to lots of people from Fortune 500 companies about what's coming down the path. I think the new Institute of Internal Auditors standards are going to change quality and quality auditing. Never heard of them? Read on.

 "Firestone Set to Pay $7.5 Million in Suit," shouts a New York Times page-one heading (Aug. 25, 2001). The article goes on: "Bridgestone/Firestone agreed to pay $7.5 million to the family of a woman who was paralyzed and suffered brain damage during a rollover crash in

a Ford Explorer sport-utility vehicle, settling the first of hundreds of defective-tire lawsuits to go to trial since the recall of 6.5 million Firestone tires a year ago.

 "Firestone tires have been linked to about 200 deaths and more than 700 injuries. Firestone has severed its ties with Ford, contending that the design of the Explorer makes the vehicle prone to rollovers. Ford has blamed Firestone for the crashes, saying that Explorers are safe."

 The New York Times uses words like "defective," "recall" and similar quality terms we don't much like to hear.

 The negative human impacts from this defect nightmare are inestimable. The financial impacts are huge. The known product recall costs for Ford topped $1 billion in 2000 and are reported to be at least $3 billion in 2001. And these don't include Firestone's and Ford's subsequent litigation costs.

 Why didn't the companies' quality systems work? This is a multibillion-dollar question that cuts to the heart of quality management's and ISO 9000's future.

 We know controls were in place that should have provided a heads-up that something was wrong. But all the trend lines from QS-9000 and ISO 9000 registrations, audits, corrective actions, preventive actions, design controls, rollover data, tire-shredding data, recall data, and inspections didn't point to eliminating the root cause of what now appears to be cascading catastrophic events.

 The IIA might have the solution, which might have possibly prevented Ford's and Firestone's problems: risk-management assessments, a key component of internal auditing.

 "Internal auditing is an internal, objective assurance and consulting activity designed to add value and improve an organization's operations," defines the IIA. "It helps an organization accomplish its objective by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes."

 The IIA is developing new auditing standards around risk management, specifically: "The internal audit activity should assist the organization by identifying and evaluating significant exposures to risk and contributing to the improvement of risk management and control systems" (IIA Performance Standard 2110).

 "Hmm. But what does this have to do with me?" you ask. Read on.

 Traditionally, internal auditing evaluated financial information's integrity, safeguarded assets and ensured compliance with financial laws. Now, just like quality, it's expanding its purview.

 ISO 9000:2000 expanded the standards family's scope to assess processes, develop metrics and focus on customer satisfaction. The IIA standard also expanded to include "effectiveness and efficiency of operations, improvement of risk management, control…," and "reliability and integrity of financial and operational information."  So why will internal auditing prevail over quality auditing and ISO systems auditing? Internal auditing is important due to its high corporate profile, mission and reporting level. In most organizations, the head of internal auditing is a senior vice president or vice president. This person usually reports administratively to the chief financial officer and reports functionality to the board of director's audit committee. The CFO and the board of directors authorize and sponsor internal audits. So, who reads and acts on your quality audits?

 Listen up, quality managers and auditors: The economy is soft. Boards of directors don't want surprises. They're looking to internal auditing to provide assurance that there aren't any "bet the company" surprises looming. All risks are going to be managed much more carefully.

 I'm also seeing a new position called the chief audit executive. This person is usually a vice president or above and handles all quality auditing, internal auditing, risk management and compliance activities.

 At the simplest level, the term "quality audit" is fading from ISO 9000 vocabulary. Quality auditors are becoming "business assessors" or "process specialists," much like our counterparts in internal auditing.

 So, this begs some questions: How are we going to add audit value? How are we going to differentiate ourselves from internal auditing? How are we going to synergize with internal auditing?

 The answers to these will affect or infect the future of all quality managers and quality auditors.

 For more information about the IIA standards, visit www.theiia.org.

 

About the author

 Greg Hutchins is a principal with Quality Plus Engineering in Portland, Oregon. Hutchins is the author of many quality-related books. He is working on the Standard Manual of Auditing, from which this editorial is derived. E-mail him at ghutchins@qualitydigest.com .

 

 

Menu Level Above

This Menu LeveL

Menu Level Below

[Contents] [News] [WebLinks] [Columnists]
[Harrington] [Six Sigma] [Godfrey] [Townsend] [Marash] [Last Word]
 

Copyright 2001 QCI International. All rights reserved.
Quality Digest can be reached by phone at (530) 893-4095. E-mail:
Click Here

Today's Specials