Process Auditing and Techniques

by JP Russell

Process audits are highly focused, but their effective techniques are not always understood. Because
there is no sanctioned process audit standard, anyone can claim to be doing process audits. Also, the
use of process auditing techniques such as tracing is not limited to process audits or process-based
management systems.

What Is a Process Audit?
A few years ago, when I was presenting information on process audits, a representative of a major
corporation told me it had been doing process audits for several years. When I asked him to explain the
auditors’ techniques, he said they took samples of the product at the end of the line, and then measured
the length, diameter and weight. Based on results, they approved or rejected the lot.

Is that what a process audit is to you? I hope not, because what was described is more like final
inspection or a product or service audit.

Two months ago, another representative of a major corporation explained its auditors did process audits
and did not use checklists. She sent a document used to audit one of her corporation’s processes. The
auditing documentation was not called a checklist but was a list of regulatory and industry requirements
by clause for a specific process, such as labeling. That sure sounds like a checklist.

Is auditing a process by clause requirements or elements a process audit? Probably not because most
standards and regulations do not consider the dynamic nature of a process. When the audit criteria are
the specific requirements of a standard, only key elements or critical controls are verified.

Requirements may include:
• Written procedures
• Record keeping
• Verification of customer orders

A list like this does not include evaluation of inputs being changed into outputs.
Quality related definitions of a process, such as those found in ISO 9000 or the ASQ Glossary, as well as
general dictionary definitions, support the dynamic nature of a process and what it would mean to audit a
process (see “Definitions of Process”).

Definitions of “Process”
• A progressive forward movement from one point to another on the way to completion: the action
of passing through continuing development from a beginning to a contemplated end: the action
of continuously going along through each of a succession of acts, events or developmental
stages: the action of being progressively advanced or progressively done: continued onward
movement. Webster’s Third New International Dictionary, unabridged. Merriam-Webster,
2002,, April 9, 2006.
• A set of interrelated work activities characterized by a set of specific inputs and value-added
tasks that make up a procedure for a set of specific outputs. ASQ Glossary,
• A set of interrelated or interacting activities that transforms inputs into outputs. ISO 9000, Quality
Management Systems—Fundamentals and Vocabulary, third edition, 2005, clause 3.4.
A definition of a process I have used for more than 15 years is “a series of steps that lead to a desired
result.” This may seem less eloquent than the ISO 9000 definition, but not all processes are
transformations. Many service processes entail only treating, assessing, informing, altering or moving
stuff from one place to another.

Many standards and regulatory requirements are organized by an activity or process (such as labeling,
inspecting, documenting and designing). Some may call auditing these individual elements a process
audit, but such an audit is merely part of an overall system audit of the standard or regulatory requirement.

Organizations scheduling audits based on the elements of a standard is typical. Some even combine
several regulatory requirements for an area, but again, they are merely auditing a limited portion of the

I applaud regulated organizations that audit clauses in some type of sequential process order to better
test linkages between requirements. However, conducting process audits using process techniques
would add value beyond verification of regulatory and other external requirements.

By virtue of its name, a process audit is an audit of a process against agreed on requirements. It involves
verification by evaluation of an operation or method against predetermined instructions or standards. It
measures conformance to these standards and the effectiveness of the instructions.

A process audit may check conformance to defined requirements such as time, accuracy, temperature,
pressure, composition, responsiveness, amperage and component mixture. It may involve special
processes such as heat treating, soldering, plating, encapsulation, welding and nondestructive

A process audit examines the resources (equipment, materials and people) used to transform the inputs
into outputs, the environment, the methods (procedures and instructions) followed and the measures
collected to determine process performance. A process audit checks the adequacy and effectiveness of
the process controls established by procedures, work instructions, flowcharts, training and process

A process audit is an evaluation of the sequential steps and interactions of a process within a system.
The term is also used to describe techniques used when conducting an audit. For example, an auditor
may use process audit techniques during a management system audit.

By its very nature, process auditing implies an action such as transforming inputs into outputs. Dennis
Arter, quality auditor and consultant, has always linked process auditing to an action verb such as filling,
stamping, purchasing, reacting or cutting.2 Process auditing is evaluating the steps and activities that
create the action or transform the inputs into outputs. This is a very useful approach because it focuses
on the work cycle and deliverables instead of isolated requirements/controls.

The process model in Figure 1 shows inputs, outputs and sequential steps. Some process models also
show a feedback loop that is essential for control of a process.

Auditing by Element
Auditors use various auditing techniques to collect evidence based on the audit scope and objectives.
Auditing a process or system by element verifies compliance or conformance to requirements. The value
in this type of auditing technique is the direct linkage to license, contract or regulatory requirements.
Auditing a process by element ensures people are aware of the requirements and the organization is
adhering to them. It helps prepare employees for external audits using the same criteria.
Auditing by element also ensures a state of readiness and compliance or conformance to external
requirements. It is a management tool for sustaining conformance to safety, health or environmental and
quality requirements.

This is good, but for management this technique defines auditing in the cost of doing business category.

Auditing by Process
Auditing a process or system using process techniques verifies conformance to the required sequential
steps from input to output. Process auditors use models and tools such as simple flowcharts, process
maps or process flow diagrams.
In the process diagram (see Figure 1), the boxes in the center could represent a flowchart of the
sequential steps. Flowcharts typically identify inputs, people, activities or steps, measures and outputs.
The auditor normally gets this information from a procedure or flowcharts provided by the audited
During the first part of the audit, auditors should record current customer names, order numbers, routing
numbers and project numbers so they can link and verify process steps during the audit.

Processes can be described using the process elements I call PEEMMM (see Figure 2):
• People involved
• Equipment needed
• Environmental requirements
• Measures to test or monitor
• Methods to follow
• Materials used or consumed

The process elements are used to ensure all aspects of a process are being evaluated and serve as an
aid in developing a flowchart. These same process elements (also called causal groupings) are used to
create cause and effect or fishbone diagrams for evaluating the causes of problems.
A way to link the process elements and standard elements (requirements) is to create a tree diagram (see Figure 3),
so named because of the branching effect.

Another tool is a turtle diagram (see Figure 4), which combines the process diagram with the process elements.
It looks like a turtle with a head, tail, and four legs.

When auditing a process, the auditor should also look for the plan-do-check-act (PDCA) cycle, which is a
good test to ensure the process can be controlled with or without a written procedure.

Auditors determine whether there is a plan or predetermined method—do people know how to do the
activity, is there is a check or measure to determine acceptance and is action taken when outputs are not
right? Typical interview questions are shown in Figure 5 (p. 73).

The use of process techniques is a natural steppingstone from conformance to performance auditing.
When collecting evidence, auditors also will observe performance issues that would be of value to

Auditors should report process performance indicators that support improvement efforts. These include:
• Waiting
• Redoing
• Deviating
• Rejecting
• Traveling excessive distances

All process performance issues should support improvement programs such as lean, ISO 9001, or Six Sigma.

Most organizations still are auditing a process or a group of processes by element or clause and missing
out on the value of process auditing and techniques. Process auditing provides added value by evaluating
how processes flow, their controls and risks and the achievement of objectives.

Auditors and management can benefit by using process techniques to better test and evaluate system
controls. For more information on process auditing, check the ASQ website ( for books,
e-learning classes, and instructor-led classes.

1. J.P. Russell, editor, The ASQ Auditing Handbook, third edition (formerly called The Quality Audit Handbook),
ASQ Quality Press, 2005, p. 17.
2. Dennis Arter, Quality Audits for Improved Performance, third edition, ASQ Quality Press, 2003.

About the author
J.P. Russell is an ASQ Fellow and a voting member of the American National Standards Institute/ASQ Z1
committee. He is a member of the U.S. Technical Advisory Group to Technical Committee 176, the body
responsible for the ISO 9000 standard series. Russell is the managing director of the internationally
accredited Quality Web-Based Training Center for Education,, an online auditing,
standards, metrics, and quality tools training provider. A former RAB and IRCA lead auditor and an ASQ
Certified Quality Auditor, Russell is author of several ASQ Quality Press bestselling books, including
Process Auditing Techniques; Internal Auditing Basics; ISO Lesson Guide 2015: Pocket Guide to ISO
9001:2015; and he is the editor of the ASQ Auditing Handbook.

Reader comment:
I participated in my first audit several months back and was so disappointed and felt the entire effort was a waste of
my time and the auditees. It wasn’t a process focused audit, it was simply a waste. What is described here is exactly
how I foresee proper audits being done… completed in a way that is not threatening to those being audited. The
methods described here related to process improvement, I fully support this approach.
–Megan, 06-06-2014

This article was first published in ASQ Quality Progress Standards Outlook column June 2006.

To develop process auditing skills, enroll in Process Auditing and Techniques from our course catalog: