Content uploaded by Is Academy
Author content
All content in this area was uploaded by Is Academy on Jul 21, 2018
Content may be subject to copyright.
ISSN 2367-8127 (CD-ROM)
ISSN 2367-8151 (on-line)
35 |
Volume 4
Number 2
2018
Improving the Internal Auditing Procedure by Using
SIPOC Diagrams
Tzvetelin Gueorguiev1
Angel Kanchev University of Ruse, Ruse, Bulgaria
Abstract
Auditing is intended to provide a better understanding of a system and to provide insights on
the possibilities for improvement. The University of Ruse has implemented a management
system in compliance with ISO 9001 since 2004. Thus, for more than a dozen of years it has
experience in auditing its management system – both by internal and external audits. In 2017
ISO has published the draft standard ISO / DIS 21001 that defines the requirements for a
quality management system of any type of educational organization. This article presents a
proposal for improvement of the current internal auditing procedure.
Keywords: audit, SIPOC, Educational Organization Management System, EOMS, ISO 19011,
ISO 21001.
INTRODUCTION
The international standardization in the field of quality management systems (QMS)
is a success story of more than 30 years. The standard with requirements for quality
management - ISO 9001 (ISO 9001, 2015) is applicable to organizations of any size,
industry sector or country. The degree of conformity to the requirements of
management systems’ standards is assessed by audits. The self-assessment of the
1 Corresponding authors: Principal Assistant Eng. Tzvetelin Gueorguiev, Ph.D.
E-mail: tzgeorgiev@uni-ruse.bg
Journal of
Innovations and Sustainability
Journal of Innovations and Sustainability (2018) Vol. 4, No 2
36 |
QMS is called an internal audit, or a first party audit. The external audits could be
second party audits which are usually performed by customers, and third party
audits done by independent bodies, normally certification and re-certification audits.
ISO 19011 is the international standard for auditing management systems
(ISO 19011, 2011). It is applicable to all organizations that need to conduct internal
or external audits of management systems or manage an audit program. According
to Denise Robitaille (Naden, 2017), Chair of ISO/PC 302, the ISO project committee
responsible for the revision, “There are now MSSs that cover areas such as health and
medical, environment, services, information technology and more. In addition, the two
most popular MSSs – ISO 9001 and ISO 14001 – have recently been updated, so the
auditing of these systems needs to reflect the variety and number of standards being
developed”.
In the end of January 2018 the Final Draft International Standard of ISO 19011 is
registered for approval by ISO. The third edition of the standard is expected to be
issued in the middle of 2018.
The University of Ruse has established, implemented and continually improves its
internal quality management system. The first quality manual dates back to 2004. It
was the result of the efforts of a team of internal experts who were helped by other
partner universities. A project (Zhelezarov, 2003) and several other publications
(Zhelezarov, 2001a, 2001b) by Prof. Zhelezarov from the Technical University in
Gabrovo have facilitated the successful start of the system.
GENERAL LAYOUT OF THE RESEARCH
This research is the result from considering several scientific methods for quality
management, and aligning them with the requirements from a number of sources.
The main requirements for the higher education institutions (HEI) in Bulgaria are
mandated and controlled by the Ministry of Education and Science. Some of the laws
(Ministry of Education and Science, 2018) that define the operation of universities
are:
- The Law of Higher Education (LHE) (with latest update as of 1 January 2017);
- The Law for Promoting Scientific Research (with latest update as of 18 July 2017);
- The Law for Development of the Academic Staff (with latest update as of 2 August
2013);
- The Law for Crediting Students and PhD Students (with latest update as of
1 January 2015), etc.
ISSN 2367-8127 (CD-ROM)
ISSN 2367-8151 (on-line)
37 |
Article 6 of the LHE requires the universities to have an internal system for
assessment and maintenance of the quality of education and the academic staff. This
seemingly easy task remains a challenge to the development of Bulgarian HEI. This
is one of the findings in the paper (Terziev, 2017) who sees “Weaknesses in the
implementation of internal quality management systems” as an obstacle for achieving
compatibility with European higher education systems.
In its Art. 11, the LHE defines the National Evaluation and Accreditation Agency
(NEAA) as a specialized governmental body at the Council of Ministers which shall
‘perform quality assessments, control and accreditation’. The NEAA monitors the
ability of institutions, their main units and branches to provide high quality of
education and scientific research through an internal quality assurance system
(NEAA, 2018). Articles 32, 73, 75, 77, 78, 79, 83, 85, 88 and 91 also add to the
intended profile of a QMS of a HEI.
More specifically, Art. 78 requires that for a successful accreditation each HEI must
demonstrate how it ‘manages the quality of education’. Art. 79 allows partnerships
with foreign HEI only if they are accredited by an agency which is a member of the
European Association for Quality Assurance in Higher Education (ENQA), and/or are
listed in the European Quality Assurance Register for Higher Education (EQAR).
Being a member of the European Union, Bulgaria has to meet the Standards and
Guidelines for Quality Assurance in the European Higher Education Area (ESG,
2015). This has become reality by the adoption of ESG as a system of criteria of the
NEAA. The ESG defines standards and guidelines in the following 3 sets:
- 10 Standards for internal quality assurance;
- 7 Standards for external quality assurance;
- 7 Standards for quality assurance agencies.
The internal auditing reflects standards 1.9 and 1.10 of the ESG standards for
internal quality assurance.
When it comes to the international standards for quality management systems, such
as ISO 9001, HEI have tried for years to adapt the more general ideas to the realm of
education. The forerunner was the International Workshop Agreement (IWA)
approved in Mexico in October 2002 and published as IWA 2:2003. The purpose of
this agreement to assure the overall effectiveness of the quality management system
of an educational institution was confirmed 4 years later with the second edition -
IWA 2, 2007.
Journal of Innovations and Sustainability (2018) Vol. 4, No 2
38 |
After the revision of IWA2:2007, in 2017 ISO has published a Draft International
Standard ISO/DIS 21001 “Educational organizations — Management systems for
educational organizations — Requirements with guidance for use”. As of January
2018, this standard has moved to the Final Draft stage (FDIS, 2018).
PROBLEM AREAS AND KEY CHALLENGES
The current version of the Quality Manual of the University of Ruse has been
approved in February 2012. Thus, it meets only those requirements of ISO 9001:2015
which have remained unchanged from its 2008 edition. The quality professionals are
well aware that the fifth edition of ISO 9001 has introduced a different structure
based on Annex SL of the ISO Directives, ideas like context of the organization and
risk-based thinking, greater focus on services and relevant interested parties, etc.
The second version of the documented procedure also dates back to 2012. It is
10 pages long, including 5 annexes. The procedure is written in a descriptive manner
which makes it easy to understand. But in fact one of the key challenges is that some
of the requirements fail to achieve a smooth and complete flow of information.
This paper proposes to use the Suppliers-Inputs-Process-Outputs-Customers
(SIPOC) diagram as a tool to improve the current internal auditing procedure.
IMPROVING THE INTERNAL AUDITING PROCEDURE
The structure of the current procedure for internal audits follows the elements
recommended in ISO/TR 10013:2001 Guidelines for quality management system
documentation. Since this standard in significantly older than ISO 9001:2015, it
doesn’t reflect the most recent development of QMS.
It is proposed that the improved procedure follows the structure listed below:
1. Purpose- defined based on the requirements of ISO 9001:2015 and in the case of
the University of Ruse, the specific requirements of ISO/FDIS 21001:2018. The
criteria for defining the purpose are those for the so called SMART goals- specific,
measurable, attainable, relevant and timely.
2. Context of the process- it includes the process owner and his deputy, the internal
and external interested parties, the process interaction network and the turtle
diagram of the process.
3. Documented information- documents, forms and quality records of internal and
external origin.
ISSN 2367-8127 (CD-ROM)
ISSN 2367-8151 (on-line)
39 |
4. Description of the process- the SIPOC diagram of the internal auditing process,
described below.
5. Improvement of the process- the forms that are to be completed are provided as
annexes; a commitment to review the procedure at least once per year, and update it
as necessary; listing actions to address risks and opportunities.
The SIPOC diagram is a tool used in Total Quality Management (TQM) and in Six
Sigma projects. It closely resembles the logic of supply chain management but is
adapted to the QMS processes of the organization. The description of the process can
be done from right to left, or from left to right. If one starts from the right hand side,
the following elements should be completed:
- Suppliers - which employee of the organization or which external party is needed
to support the implementation of the process by providing resources (material inputs
and/or information) to the process owner;
- Inputs - the documented information which is necessary to manage the process;
- Process steps - the requirements of the standard (ESG, ISO 9001, ISO 21001, etc.)
are listed and arranged in logical order. Then they are compared to the activities
which are applied in the process according to the internal process of the organization.
Next, the process flowchart is drawn based on the combined list of requirements and
activities;
- Outputs - the quality records and the results achieved as a result of the process
step;
- Customers - similar to the ‘Suppliers’, they can be both internal and external. This
last segment of the SIPOC lists the employees or other interested parties who are
informed about the results achieved and/or who expect them in order to begin an
activity or a process of their own.
Another approach to creating the SIPOC diagram is reversing its order, i.e. COPIS. It
is a Lean influence or the so called ‘pull’ system where one begins with the customers,
define what result (output) is expected, what process steps are necessary to achieve
this result, what resources (inputs) are needed for the given process element, and
who to obtain them from (supplier).
The development of the process continues with listing the ISO 21 001 requirements.
The requirements in the standard are listed below:
1) The organization shall perform internal audits at planned intervals to provide
information whether the EOMS conforms to the organization’s own requirements for
its management system and the requirements of ISO 21001;
Journal of Innovations and Sustainability (2018) Vol. 4, No 2
40 |
2) The organization shall perform internal audits at planned intervals to provide
information whether the EOMS is effectively implemented and maintained.
3) The organization shall plan, establish, implement and maintain an audit program,
including the frequency, methods, responsibilities, planning requirements and
reporting, which shall take into consideration the EOMS's objectives, the importance
of the processes concerned, feedback from relevant interested parties, and the
outcomes of previous audits;
4) The organization shall define the audit criteria and scope for each audit;
5) The organization shall select auditors to ensure objectivity and the impartiality of
the audit process. Auditors shall not audit their own work;
6) The organization shall conduct audits to ensure objectivity and the impartiality of
the audit process;
7) The organization shall ensure that the results of the audits are reported to relevant
management;
8) The organization shall identify opportunities for improvement;
9) The organization shall take appropriate correction and corrective actions without
undue delay;
10) The organization shall retain documented information as evidence of the
planning, implementation of the audit program and the audit outcomes.
Before creating the flowchart of the internal auditing process, the abovementioned
requirements need to be reviewed for duplicates or if multiple actions are listed in
one sentence. Therefore, requirement 3 consists of 4 verbs: plan, establish, implement
and maintain. They need to be separated in individual process steps. In the same
time, requirements 1, 2 and 6 can be merged because they all mean the actual
implementation of an internal audit, only using different verbs- perform and conduct.
Based on the resulting list, the flowchart of the internal auditing process is created.
Then it is inserted in the middle section of the SIPOC Diagram (see Table 1).
Table 1. SIPOC diagram of the internal auditing process
Suppliers Inputs Process steps Outputs Customers
Quality
manager,
Quality
inspector,
Secretary,
Lawyer
International
and national
normative
documents;
QMS
Audit program
Quality
manager,
Quality
inspector,
Dean of
Faculty
Quality
manager,
Quality
Normative
documents;
QMS
Audit plan Lead auditor
ISSN 2367-8127 (CD-ROM)
ISSN 2367-8151 (on-line)
41 |
Suppliers Inputs Process steps Outputs Customers
inspector,
Lawyer
Quality
manager,
Quality
inspector,
Dean of
Faculty
Nonconformity
report,
Corrective and
preventive
actions
Audit program
Quality
manager,
Quality
inspector,
Dean of
Faculty
Quality
manager,
Quality
inspector,
Dean of
Faculty,
Lawyer
Normative
documents;
Nonconformity
report,
Corrective and
preventive
actions
Audit program
Quality
manager,
Quality
inspector,
Dean of
Faculty
Quality
manager,
Lead
auditor, HR
Auditor
certificates,
Audit plan
Audit plan;
Order/
Mandate
Lead auditor,
auditors,
Dean of
faculty
Quality
manager,
Lead
auditor
Audit program
NEAA report,
Audit report,
Audit plan,
QMS, audit
questionnaires
Lead auditor,
auditors,
Dean of
faculty
Lead
auditor,
auditors,
Dean of
faculty;
Inspector
in the
Faculty/
Depart-
ment
Normative
documents;
NEAA report,
Audit report,
Audit plan,
QMS, Audit
questionnaires
Audit report,
Audit
question-
naires,
Recommen-
dations for
improvement,
Nonconformity
report,
Corrective and
preventive
action request
Rector, Dean
of faculty,
Quality
manager,
Quality
inspector,
Lead auditor,
auditors
Lead
auditor,
auditors
Audit report,
Recommen-
dations for
improvement,
Nonconformity
report,
Corrective and
preventive
action request
Audit report,
Recommen-
dations for
improvement,
Nonconformity
report,
Corrective and
preventive
action request
Rector, Dean
of faculty,
Quality
manager,
Quality
inspector
Rector,
Dean of
faculty
Audit report,
Corrective and
preventive
action request
Corrective and
preventive
action report
Lead auditor,
auditors,
Quality
manager,
Quality
inspector
Rector,
Dean of
faculty
Suggestions,
Nonconformity
report,
Corrective and
Register of
risks and
opportunities,
Action Plan
All relevant
interested
parties
Journal of Innovations and Sustainability (2018) Vol. 4, No 2
42 |
Suppliers Inputs Process steps Outputs Customers
preventive
action request
Lead
auditor,
auditors
Audit program,
Audit plan,
Audit
questionnaires,
Audit report,
Suggestions,
Nonconformity
report,
Corrective and
preventive
action request,
Register of risks
and
opportunities,
Action Plan
Audit file
(containing all
inputs of A4 in
the form of
paper
documents
and/or digital
archives)
Quality
manager,
Quality
inspector
Rector,
Dean of
faculty,
Quality
manager,
Quality
inspector,
Lead
auditor,
auditors
Audit program,
proposal for
updating the
audit program
Audit program
(updated)
Quality
manager,
Quality
inspector,
Lead auditor
CONCLUSION
The SIPOC diagram (Table 1) presents the updated and improved sequence of process
steps and information flow. It is based on the most recent statutory and regulatory
requirements, the system of criteria and guidelines of the ESG and the NEAA, and
the requirements of ISO 9001:2015 and ISO/FDIS 21001:2018.
The SIPOC model has been used as a gap analysis tool to uncover the deficiencies in
the process description. The improved internal auditing procedure has been approved
by the Quality Manager of the University of Ruse and is proposed to be adopted by
the Quality Council.
REFERENCES
ESG. (2015). Standards and Guidelines for Quality Assurance in the European
Higher Education Area (ESG). http://www.enqa.eu/wp-
content/uploads/2015/11/ESG_2015.pdf/.
ISO 9001. (2015). Quality management systems – Requirements.
ISO 19011. (2011). Guidelines for auditing management systems.
ISSN 2367-8127 (CD-ROM)
ISSN 2367-8151 (on-line)
43 |
ISO/FDIS 21001. (2018). Educational organizations – Management systems for
educational organizations – Requirements with guidance for use.
Ministry of Education and Science (MES). (2018). Laws.
https://www.mon.bg/?go=page&pageId=7&subpageId=57/.
Naden, C. (2017). Taking auditing to new level with International Standard under
revision. https://www.iso.org/news/2017/01/Ref2149.html/.
National Evaluation and Accreditation Agency (NEAA). (2018). Criteria and
procedures. https://www.neaa.government.bg/en/pamc/criteria-and-
procedures/.
Terziev, V, N. Nichev, P, Bogdanov. (2017). Prospects for development of higher
education in Bulgaria. International E-Journal of Advances in Education, Vol.
III, Issue 9, December 2017, pp. 438 - 449.
Zhelezarov, I. S. (2001a). A system for assurance and management of the quality of
education. AMTECH 2001. Sozopol. 2001. Vol. 4, pp. 83 - 88.
Zhelezarov, I. S. (2001b). The quality management system of TU - Gabrovo.
Proceedings from the ХІІ-th scientific and practical national conference with
international participation ‘Quality- for better life ’2001’. Sofia 2001, pp. 76-81.
Zhelezarov, I. S. (2003). Documenting the information of the universities’ quality
management systems. Informational bulletin 1. Project ‘Improving the
universities’ systems for quality management if education. Ruse. 2003.
pp. 82-110. ISBN 954-712-211-8.