What does preparing for accreditation and launching a rocket have in common? Answer: They both require system and performance checks to be successful. Let me explain.
First, before you attempt to launch a rocket, you need to be sure it will achieve its objectives. This is done by checking its systems i.e. fuel, navigation, engines, etc. to ensure they comply with internal and external standards.
Next, before your rocket leaves the ground, you also need to know whether its systems are working correctly. This is done by checking system outputs and ensuring they fall within specified targets and tolerances.
Finally, once your rocket is off the ground, you need to continually check its systems to ensure they are working correctly and that any problems are quickly identified and corrected Once again, this is done by carrying out a series of ongoing performance checks.
The same checks apply when preparing for accreditation. Except, rather than carrying out system and performance checks you carry out system and performance audits.
Let’s look and how these two types of compliance audits differ in their purpose and application when preparing for accreditation.
The purpose of a system audit is to assess the extent to which an organisation’s systems i.e. policies, processes, work practices, etc. are capable of producing compliant outputs e.g. products, services, activities, data-sets, etc.
To achieve this objective a checklist is used to determine whether an organisation’s systems have been developed, documented and implemented in accordance with government, industry and customer requirements, etc.
Unlike a performance audit, there is usually no tolerance for non-compliance with a systems audit. Accordingly, any identified gaps in an organisation's processes and work practices must be corrected before they are judged acceptable.
A system audit is often the first type of compliance audit an organisation needs to pass when being assessed for accreditation.
A performance audit aims to determine the extent to which an organisation’s systems are working as intended, i.e. producing compliant outcomes, e.g. products, services, activities, data, etc. It usually follows a successful systems audit.
Unlike a systems audit, which is often a document-focused audit, a performance audit is used to determine whether, and in some cases to what extent, an organisation's outputs comply with specified requirements e.g. size, colour, appropriateness, etc. over time.
Data collected from each outcome check is analysed to determine whether the organisation’s compliance performance falls within prescribed targets i.e. per cent-compliant-outputs, total-non-compliances-per-100 outputs, etc.
Because it’s usually impractical to examine every outcome for non-compliances an organisation's compliance performance is often estimated based on a much smaller sample. To learn more about how to select the best sample size for a performance audit click here.
Provided the number of non-compliances identified during a performance audit is small, and the associated risk low, an organisation will normally be granted accreditation provided it can demonstrate a process for correcting these and other non-compliances that occur in the future.
Just like a successful rocket launch achieving accreditation is just the beginning of an organisation’s compliance management journey. To maintain their accreditation most organisations have to pass a series of ongoing performance audits; some planned, others unannounced.
To pass a performance audit organisations must be capable of providing assessors evidence that their systems are working within acceptable compliance limits. This might include things like employee training records, product and service quality and safety assessment and inspection results, customer complaint records, continuous improvement actions, management meeting notes, etc.
Depending on initial results a performance audit may also include an evaluation of the adequacy and effectiveness of an organisation’s system controls including work instructions, flowcharts, training and process specifications.
Organisations that fail to produce acceptable compliance evidence can put their accreditation at risk and expose themselves to significant penalties, fines and reputation damage.
Proactive Accreditation Management
The most effective thing an organisation can do to maximise its chances of achieving and maintaining accreditation is to become more proactive in how it manages its compliance obligations.
Instead of waiting for an external accreditation audit to identify their compliance shortcomings proactive organisations maximise their chances of achieving and maintaining their accreditation by conducting their own in-house system and performance audits.
To learn more about how to build a highly effective and efficient in-house accreditation management system click here.