Process Auditing and Risk-Based Thinking for Improved Audit Performance

Afaq Ahmed, Independent Consultant, Afaq Ahmed Training and Consulting, Karachi, Pakistan

Keywords: High Risk Audits, Improved Audit Tools, Process Auditing, Risk-Based Thinking

Industry: Aviation/Space, Chemical, Energy

Level: Advanced


A properly conducted audit is a positive and constructive process. The 2000 version of the ISO 9001 standard was revised to introduce the process-based quality system approach. Consequently it brought greater prominence to the process-based auditing technique and practiced as a preferred system audit approach. The ISO 9001:2015 employs the process approach as well as the Risk-based thinking in deploying quality management system. While the process approach enables an organization to plan its processes and their interaction, risk-based thinking enables an organization to determine the factors that could prevent processes and the system to achieve planned objectives, to put in place controls to mitigate its effects, and to make maximum use of opportunities as they arise. As the ISO 9001:2015 quality management system standard has evolved, the process auditing technique also need to be supplemented with risk-based thinking to meet the management expectation in keeping the audit process dynamic. Using a case study, the assessment technique described in this presentation, blends the process auditing approach with risk-based thinking to provide a tool to conduct efficient and effective audits. Using this tool the auditor can carefully examine critical process characteristics; underlying potential risks and its effects on process output. The tool helps in identifying:

• Preventive controls to avoid or minimize negative factors associated with risk

• Interaction of processes with related functions of the organization e.g. human resources, procurement etc.

• System and process deficiencies at departmental boundaries due to silo affects