December 2011 Online Exclusive

Auditing Quality


Internal auditors can provide a critical review of an organization’s quality control assurance system, an important part of the process to deliver a superior product or service.

 

Jacqueline A. Burke, PHD, CPA
Associate Professor of Accounting
Frank G. Zarb School of Business
Hofstra University

 

Ralph S. Polimeni, PHD, CPA
Professor of Accounting
Frank G. Zarb School of Business
Hofstra University

 

When a product is defective, it could result in customer dissatisfaction, reduced revenue from lost sales, higher product costs (warranty and rework costs), and potential product liability claims, all of which lead to profit reduction. An internal audit of quality control assurance systems will serve to identify and correct any problems in the system, thereby reducing the impact of product defects and improve the bottom line.

A periodic operational audit of a quality control assurance system is an important component of an internal audit of manufacturing and service organizations. A quality control assurance system, like any other system, is only effective if it is correctly designed and implemented to meet the needs of the organization. Operational auditors strive to determine an organization’s compliance to a system and should deficiencies be discovered, recommend corrective action. Internal auditors and organizations that have not performed an operational audit of their quality control assurance system would benefit from guidance.

QUALITY PROBLEMS      

Quality problems occur as a consequence of design and conformance to design problems and sometimes develop from efforts to reduce costs, occasionally resulting in recalls. For example, Michael Cusumano, professor at the Massachusetts Institute of Technology Sloan School of Management and School of Engineering, discussed Toyota’s recalls in his article, “Technology Strategy and Management Reflections on the Toyota Debacle,” in Communications of the ACM (January 2011):

 

“In terms of product development, including design and testing processes, Toyota has slipped a notch. The company seems to have tried too hard to reduce costs due to rising competition from low-cost but high-quality competitors such as Hyundai in Korea or new entrants in China. It is clearly a lapse in design and testing when accelerator pedals get stuck on loose floor mats, or when new types of plastic pedal materials become sticky after being exposed to moisture and friction. It is also a problem of design and testing when drivers feel that braking software or on-board computer controls and sensor devices seem to malfunction or operate crudely.”

 

Frank Fabozzi, Pamela Peterson Drake, and Ralph Polimeni (2008), in The Complete CFO Handbook, define a quality control assurance system as “a continuous system of feedback necessary for decision making to assure optimum product quality.” A well designed and appropriately functioning quality control assurance system is the first line of defense against product defects.

 

AUDIT STEPS

The internal auditor should develop an audit program with specific audit steps that evaluate each part of the quality control assurance system. The following are suggested general basic guidelines for an operational audit of a quality control assurance system and are not meant to be all-inclusive, but can serve as a starting point for internal auditors to modify or expand based on the particular needs of their organization.

 

1. Quality Mission Statement

A mission statement is an assertion of an organization’s purpose and helps a company effectively establish its goals and objectives.The quality mission statement — also commonly referred to as a quality policy — can be a separate document or it can be a statement included in the organization’s overall mission statement. A mission statement should be clearly thought out and periodically reviewed. Just as top management, in consultation with the heads of the various production departments, should establish an organization’s quality standards, they also should determine the quality mission statement. Involving all levels will ensure greater buy-in. While reviewing the quality control mission statement, internal auditors should determine if it:

  • Provides a broad but clearly defined statement of quality philosophy, role, scope, etc., for the organization.
  • Was developed in consultation with all levels of management.
  • Is compatible with company goals and objectives.
  • Is periodically reviewed by top management and department heads and continues to have their support.
  • Is realistic and achievable.
  • Reflects the current thinking of the organization.
 

2. Goals and Objectives

Ideally, all levels of management should be involved in the establishment of quality goals and objectives. Quality goals are broad outcomes established to achieve the quality mission statement while quality objectives are the details that provide the operational plan for the attainment of the quality goals. To be effective, quality goals and objectives must be woven throughout the organization and be visible and practiced at all levels. In this step, internal auditors should review quality goals and objectives for:

 
  • Achievability.
  • Cost effectiveness. 
  • Compatibility with the company’s quality mission statement.
  • Compatibility with the company’s cost goals.
  • Adherence to procedural processes set up to develop or revise goals and objectives.
  • Communication of the goals and objectives throughout the organization and proper mapping (tracing) to the appropriate departments.
 

3. Assessment Procedures

The internal auditor needs to develop an understanding of the procedures used in the quality control assurance system with particular emphasis on the quality control department, which is a major component of the system. The auditor should review any existing quality control department manuals and procedures and:

 
  • Determine how fluent and up to date the quality control inspectors are with all the assessment tools and procedures at their disposal.
  • Determine how quality control procedures are performed and controlled.
  • Review quality control training programs for new and existing quality control employees.
  • Ascertain if adequate records are maintained for the quality control department.
  • Determine how frequently quality control department meetings are held for individuals to share their experiences.
  • Check that qualified quality control inspectors are assigned to specific inspection processes. For example, an inspector who is inspecting an automated manufacturing process that relies heavily on robotics should have the necessary technical skills to review the operation and programming of the robotics.    
  • Determine that all inspectors are adequately trained to identify any weaknesses in Occupational, Safety, Health, and Administrative standards and environmental standards, and if production is being outsourced to a foreign country, the applicable laws and regulations in that country.
  • Check that a test is given after training to assess employees’ understanding of the material presented. 
  • Make sure those employees who score below acceptable standards go through an extra training program.
  • Check that any quality control manuals are periodically reviewed and updated when appropriate.
  • Check how often quality control testing equipment is inspected for accuracy and reliability.
 

4. Data and Collection Analysis

The quality control department normally handles the procedures used to collect and analyze data in a quality assurance system. The internal auditor should evaluate how effectively this data is gathered and analyzed. If deemed necessary, the internal auditor might consider hiring an outside statistical consultant to review current analysis techniques and make suggestions for improvement. When reviewing this area, the internal auditor also should determine that:

 
  • Results of inspections are recorded appropriately.
  • Inspectors check the reliability of each product line periodically.
  • Sufficient employees are specially trained in statistical modeling techniques.
  • Appropriate methods of analysis are used to interpret the findings.
  • Where appropriate, prescribed quality-trend charts are used.
  • Evidence gathered is compared to quality goals and objectives with any variances being noted.
  • Inspectors interact with each other regarding their findings.
  • Supervisors schedule department meetings periodically to discuss how to improve the quality control inspection process.   
 

5. Implementation of Results

Implementing improvements to correct deficiencies is an important part of any quality control assurance system. An operational audit must determine how effectively suggested improvements to enhance overall product quality are implemented. The loop cannot be closed if management ignores quality control problems and suggestions for improvement. The full benefits of an operational audit of a quality control assurance system can only be realized if recommended changes are implemented. During this step, the internal auditor should ascertain that:

 
  • The findings of a quality control department are disseminated to the appropriate departments and senior management in a timely manner.
  • Quality control reports are prepared accurately (i.e., represent what actually occurred).
  • Variance reports are sent to appropriate department supervisors and their superiors.
  • Procedures are in place to facilitate and encourage change.
  • Recommended quality improvements are implemented.
  • Recommended improvements are monitored to ensure correct implementation.
 

The above steps relate to assessing quality of in-house production of goods and services. However, it has become very commonplace for organizations to outsource part or all of their production process and therefore this fact should also be considered when reviewing a quality control assurance system. 

 

OUTSOURCING AND QUALITY CONTROL

Often organizations find it cost effective to outsource part or all of their production processes. Every attempt should be made to outsource only to companies that have an effective quality control assurance system. Ideally, the service provider should follow the International Organization for Standardization (ISO) 9000 standards, five international standards that have been adopted by more than 85 countries. Adherence to ISO 9000 “enables companies to effectively document and certify the elements of their production processes that lead to quality,” according to Charles Horngren, Srikant Datar, and Madhav Rajan in Cost Accounting: A Managerial Emphasis (2012).

 

Assuming that the third party has a quality control assurance system, the outsourcer’s internal audit department should audit it periodically. Internal auditors should follow the same guidelines used within their own organization for auditing a third-party quality control assurance system and determine that:

  • The company outsourcing is familiar with the governmental laws and regulations of the third party’s country and/or state including occupational, health, safety, and other labor laws and environmental regulations. 
  • The company outsourcing identifies increased risks from operating in another country, including cultural differences between the outsourcer and third party.
  • Any concerns are analyzed to consider the impact on the company outsourcing.
  • The internal auditor is copied on all third party quality control reports.
  • A separate quality control assurance system is established in the receiving department of the company to inspect the quality of finished goods.
 

The company outsourcing should require that an effective quality control assurance system be put in place before entering into a formal agreement.

 

COMPETITIVE ADVANTAGE

Many organizations advertise the “quality” of their products or services. Quality is one way a company can distinguish itself from its competitors. Poor quality can destroy a company’s reputation and cause irreparable damage. Since quality is such an important issue, every attempt should be made by an organization to ensure the delivery of a quality product or service, which includes an operational audit of a quality control assurance system. An appropriately functioning quality control assurance system is an important part of the process to achieve quality. By following the suggested steps, internal auditors should be able to determine the overall effectiveness and efficiency of the quality control assurance system and, where appropriate, provide suggestions for improvement.  

 

Quality Defined
Quality is often used to denote superiority or excellence. In The Complete CFO Handbook (2008), Frank Fabozzi, Pamela Peterson Drake, and Ralph Polimeni explain that product and service quality can be divided into three components: 

  1. Quality of design — adherence to proper specifications that are based on technical product requirements such as desired product life, fatigue resistance, and customer service expectations.
  2. Quality of conformance to design — degree to which the products manufactured and services provided adhere to quality design.
  3. Quality of performance — influenced by both the quality of design and conformance to design that will ultimately determine the overall quality of the product or service.
While quality has different meanings to different organizations, this definition should apply to most situations.

 

 


Internal Auditor is pleased to provide you an opportunity to share your thoughts about the articles posted on this site. Some comments may be reprinted elsewhere, online, or offline. We encourage lively, open discussion and only ask that you refrain from personal comments and remarks that are off topic. Internal Auditor reserves the right to edit/remove comments.

Name:

Email:

Subject:

Comment:

To make something bold:
<strong>Text to bold</strong>

To make something italic:
<em>Text to italicize</em>

To make a hyperlink:
<a href="URL">Text to link</a>

February 2012

CCH 2012-2