The Value Added Audit Process

 Sustaining Edge Solutions, Inc. Newsletter

Performance Improvement Solutions for Your Business                                 December  2013


This Month
* The Value Added Audit Process
* Risk Management Guidance
* Successful Document Control
* In the News
* Training Courses


2014 Lean and Six Sigma Conference  Feb 24-25, 2014 Phoenix, AZ.  See you there!
AZTC Aerospace, Defense & Manufacturing Requirements Day March 6, 2014 Scottsdale, AZ.  We are a presenter and exhibitor.



Helpful Links…

Join Our Newsletter List!

What We Deliver 
  • Operational and Quality Systems 
  • Training
  • Internal Audits
  • Lean Enterprise 
  • Six Sigma
  • Kaizen Events
  • ITAR
  • Improved Profits and More!


Connect With Us

Our newsletters provide information on business management systems and process improvement methods.  These systems include ISO 9001 QMS, AS9100 Aviation, Space and Defense, ISO/TS 16949 Automotive, ISO 27001 Information Security, ISO 13485 Medical Devices, ISO 14001 Environmental Management Standard, and others.  Subjects include performance improvement methods such as Six Sigma, Lean Enterprise, and other topics of interest to our readers.

What subject are you interested in learning about next year?  As our readers, we want to KNOW!!  Have a subject of interest for a future newsletter, please let us know.  


Have a Wonderful Holiday Season and a Happy New Year!



The Value Added Audit Process        

As the end of the year approaches, many businesses are developing revised management system strategies and seeking methods for driving improved business performance in the coming year. One of the most important and underrated tangible methods for improving performance and saving cost is the internal audit process. 

We received some positive feedback from our readers on the October topic of effective audit techniques. We want to continue this momentum by discussing another internal audit topic –

What do we mean by “adding value”?

We hear so much about the importance of “adding value” during management systems audits, but what does this really mean? Is it possible to add value without compromising the integrity of the audit or change course from the internal audit checklist? In principle, all audits should add value, but this is not always the case. Truly effective audits don’t just concentrate on process weakness, but on process potential. 

Value-added” management systems


There are several dictionary definitions of “value”, but all focus on the concept of something being useful. “Adding value” therefore means to make something more useful.

Some organizations have used the ISO 9000 series of standards to develop quality management systems that are integrated into the way they do business, and are useful in helping them to achieve their strategic business objectives – in other words they add value for the organization. Conversely, other organizations may have simply created a bureaucratic set of procedures and records that do not reflect the reality of the way the organization actually works (example: template fill-in-the-blanks documented systems) and simply add costs, without being useful. In other words, they do not “add value”. 

It is a question of approach:


A non-value-added approach asks “What procedures do we have to write to get the ISO 9001 certification?”


A “value-added” approach asks the question “How can we use our ISO 9001 (or any other standard) based management system to help us to improve our business?” Another to consider is “Can we effectively run our business on just six procedures?”

How to add value during the audit process?


How can we ensure that an audit is useful to an organization in maintaining and improving its management system?


In order to “add value” an audit should be useful by: 

  • providing information to top management regarding the organization’s ability to meet strategic objectives
  • identifying problems which, if resolved, will enhance the organization’s performance.
  • identifying improvement opportunities and possible areas of risk
  • the organization’s customers by enhancing the organization’s ability to provide conforming product.

It is so important for an auditor to have a clear understanding of the organization’s strategic objectives, and to be able to put the audit within that context. The auditor needs to dedicate time for detailed discussions with top management, to define their expectations for the business, and to incorporate these expectations into the audit criteria.

A mature management system (low volume of nonconformities) might, for example, base its management system improvement on business excellence models, or tools such as Hoshin Kanri (Management by Policy), Quality Function Deployment, Failure Mode and Effect Analysis, Six-Sigma methodology, Lean and 5S processes, including Systematic Problem Solving.  Many of these tools can become integrated into your audit system. 

Tips for the auditor on how to add value


1)      Audit planning:

  • Understand the auditee’s expectations/corporate culture
  • Any specific concerns to be addressed (output from previous audits)? 
  • Pre-evaluation of statutory/regulatory requirements.
  • Appropriate audit team selection to achieve audit objectives.
  • Adequate time allocation.
  • Risk analysis of industry /specific to the organization  


2)      Audit technique:

Focus more on the process, and less on procedures. Some documented procedures, work instructions, check-lists etc. may be necessary in order for the organization to plan and control its processes, but the driving force should be process performance.

Focus more on results and less on records. In a similar fashion, some records may be necessary in order for the organization to provide objective evidence that its processes are effective (generating the planned results) but in order to add value, the auditor should be aware of and give credit for other forms of evidence.

Interested in moving your company process auditing system from compliance to improvement? Contact us and consider our process based internal audit courses. We do provide group discounts.   


Risk Management Guidance           


Risks affecting organizations can result in consequences in terms of commercial, financial, economic results, and environmental just to name a few. When risks occur, organizations always have to ask the question: “Is the level of risk tolerable or acceptable, and does it require further treatment ?”  

Many of us are aware that the future ISO9001:2015 standard will take a risk-based approach requirement to determine the type and extent of controls appropriate to each external provider and all external provision of goods and services. The proposed standard addresses risks which can affect conformity of goods and services as well as customer satisfaction.

ISO has just published a guidance document which aims to help organizations implement the ISO 31000 risk management standard.


The new 37 page document, entitled ISO/TR 31004:2013 ‘Risk Management: Guidance for the implementation of ISO 31000’ provides:   

  • A structured approach for organizations to transition their risk management arrangements in order to be consistent with ISO 31000, in a manner tailored to the characteristics of the organization;
  • An explanation of the underlying concepts of ISO 31000;
  • Guidance on aspects of the principles and risk management framework that are described in ISO 31000. 


The new ISO/TR 31004:2013,Risk Management – Guidance for the implementation of ISO 31000, will help organizations smoothly align their risk management practices to ISO 31000.  ISO/TR 31004 will help you establish or align a system to detect, understand and manage risk based on ISO 31000 – an internationally-recognized generic document on managing risk in organizations of all types and sizes.

Risk Assessment  

Risk assessment is an integral part of risk management which provides a structured process for organizations to identify how objectives may be affected. It is used to analyze risk in terms of consequences and their probabilities, before the organization decides on further treatment, if required.


Risk assessment provides decision-makers and responsible parties with an improved understanding of risks that could affect achievement of objectives, as well as of the adequacy and effectiveness of controls already in place.  It answers the following questions: 

  • What can happen and why?
  • What are the consequences?
  • What is the probability of their future occurrence?
  • Are there any factors that mitigate the consequences of the risk or that reduce the probability of the risk?

Risk assessment is not a stand-alone activity and should be fully integrated into the other components in the risk management process. ISO/TR 31004 will help you establish or align a system to detect, understand and manage risk based on ISO 31000 – an internationally-recognized document on managing risk in organizations of all types and sizes.

To purchase the ISO/TR 31004 and ISO 31000 standards, visit the ISO Store.   



Successful Document Control           


Software or a home grown system? Your choice will depend on your document management needs, your industry and company requirements, the need to integrate with current applications, and what you are willing to pay.   

Determine the scope of this initiative and define your business objectives. Is your company looking for a document management solution that spans the enterprise or can you focus on the needs of a single department or division? What business drivers are compelling you to get started-Loss of documents? Pressure from competitors? Requests from customers? To ensure buy-in and avoid surprises, be sure to involve key stakeholders up front, not just the document control department but all departments that will be affected by the solution. Prioritize your desired system capabilities. Make a list of must-haves, nice-to-haves, and bells and whistles.

Characterize the types of documents you want to control, as well as their owners. This doesn’t mean you need to conduct a physical inventory of every document. Rather, create a list of the different types of documents that require management control -for example, Web pages for a public website, product brochures, customer documentation, online forms, and the process each department uses to create, maintain, version, and archive documents.

Review, update, and reapprove as necessary. Conduct this chain of events on documents based on business triggers or real-world events that have the power to affect a document. Some examples include the introduction of new products, equipment and processes; change in business focus; technological breakthroughs; and improved methods or practices. Because this approach is driven by actual events that make document review immediately relevant, it introduces a sense of urgency that’s not present in the periodic approach. 

If an organization decides to use this method, it needs to define the business triggers and responsibilities clearly in the document control procedure. The document administrator will typically monitor operations for these business triggers and ensure that the relevant documents are reviewed, updated as necessary and reapproved. 

Use the internal audit process to review documents. Keep in mind, however, that internal audits are sampling processes. If an organization intends to use its internal auditing process to satisfy this requirement, then extra care must be taken when planning and scheduling audits to ensure that all documents are sampled during an extended period.


In the News      
The 5 myths about U.S. Manufacturing  

Don’t call it a comeback – Listening to the average American, it is easy see why so many believe that very little is being manufactured in the United States these days. The most visible products — iPhones, televisions, shoes, bicycles — are almost always made elsewhere.

Indeed, a study published this year by the Massachusetts Institute of Technology concluded that the loss of so much manufacturing capacity from the United States over the past decade has had a negative impact on the country’s ability to innovate — long considered to be the nation’s greatest economic and sociological strength. The United States no longer has the industrial “ecosystem” necessary to bring new ideas to the market, the study said.

Here are five myths about U.S. manufacturing and the realities.

2014 Baldrige Award – Time to Apply 

Applications are now being accepted for the 2014 Malcolm Baldrige National Quality Award, the nation’s highest Presidential honor for performance excellence. Organizations can apply for awards in three business sectors-manufacturing, small business and service-along with health care, education and nonprofit (including government agencies).

The Criteria focus on your results in the key areas of

  • products and processes,
  • customers,
  • workforce,
  • leadership and governance, and
  • finance and markets.

For general information and 2014 requirement changes visit the Baldrige Website.


Training Courses

To see the course description, schedule, and on-line registration click on the course title below. We deliver onsite training for all these courses and customized training to fit your specific needs.  We offer group discounts.  


View all our Courses

View Our Web Based E-Training Courses   

ISO 9001 Quality Management

Understanding and Implementing ISO9001:2008

ISO 9001:2008 Process Based Internal Auditor 

Documenting Your Management System

AS9100 Aviation, Space and Defense

Understanding and Implementing AS9100C (9110 &9120) Aviation, Space and Defense

AS9100C:2009 Process Based Internal Auditor

Documenting Your Management System 

ISO/TS 16949 Automotive

Understanding and Implementing ISO/TS16949:2009 Automotive

ISO/TS16949:2009 Process Based Internal Auditor
Documenting Your Management System 

ISO 14001 Environmental

Understanding and Implementing ISO14001:2004 Environmental
ISO14001:2004 Process Based Internal Auditor

Lean Enterprise and CI 

5S Five Pillars of a Lean Workplace Organization
Continuous Process Improvement
Lean Six Sigma
8 Disciplines (8D) of Problem Solving

ISO 13485 Medical Devices

Understanding and Implementing ISO 13485:2003 Medical Devices
ISO 13485 Process Based Internal Auditor 

ISO 27001 Information Security

Understanding and Implementing ISO 27001:2005 Information Security
ISO 27001 Process Based Internal Auditor 

All courses can be delivered at your company. Don’t see a course, location, or date that fits your needs?

Contact Us




Phone: 888-572-9642 toll free




One Response to “The Value Added Audit Process”

  1. It’s wonderful when you shared that internal auditing will help to provide information to the top organization about their ability to achieve strategic goals so they can prosper and improve themselves in the future. Besides, it also helps to identify improvement possibilities and potential areas of risk so the company will be able to plan the proper steps in order to strive. I would like to think if an organization is planning to improve themselves, they should consider hiring a service that can perform audit processes which in return can provide added value to the company.

Leave a Reply