MODULE 7

Quality Control
ACELEC 332
 Overview
Internal auditors are in the quality business. They evaluate the design of processes
to determine if the structure is conducive to success. They also evaluate how
processes are functioning to determine if they are operating as intended. In either
case, the focus is the achievement of objectives, consistent execution with minimal
errors, minimal use of input given production levels, and stability over time so the
process is sustainable. With these objectives in mind, QC concepts and practices
provide a solid foundation to build upon.
Understanding Assertions and Using Quality Improvement Methodologies

▪ We can usually summarize our transaction testing by asking: Were all (i.e., completeness) transactions
processed according to the requestor’s instructions (i.e., accurately) and were these transactions consistent
with necessary business purposes (i.e., approved)?
▪ We can add other criteria in the form of financial statement assertions commonly used for financial reporting.
Assertions are affirmations or declarations; they are statements of fact regarding the financial activities of the
organization. While these are often associated with financial audits, the concepts and goals of most of them
are equally relevant during operational audits.
There are three main categories related to transactions, balances, and presentation assertions.
1. Transactions and events
▪ Occurrence: The business transactions recorded actually took place.
▪ Completeness: All business events and their related transactions that should have been recorded were
recorded.
▪ Accuracy: The transactions were recorded in the corresponding ledgers at their full amounts without
errors.
▪ Cutoff: The transactions were recorded in the appropriate accounting period; neither early nor late.
▪ Classification: The transactions were recorded in the appropriate general ledger accounts.
2. Account balances
▪ Existence: Assets, liabilities, and equity balances exist as shown.
▪ Rights and Obligations: The organization has rights to the assets it owns and is obligated as indicated in the
outstanding liabilities reported.
▪ Completeness: All reported asset, liability, and equity balances that should have been recorded were
recorded.
▪ Valuation: Asset, liability, and equity balances are valued and recorded at the proper valuation, and all
adjustments were recorded appropriately.
3. Presentation and disclosure
▪ Occurrence: The reported transactions and disclosures occurred.
▪ Rights and Obligations: The transactions and disclosures are related to the organization.
▪ Completeness: All disclosures that should be disclosed were disclosed in the financial statements.
▪ Classification and Understandability: Financial statements are clear, understandable, and present all
necessary information appropriately.
▪ Accuracy and valuation: All relevant information is disclosed at the appropriate amounts and reflect the
proper value.
The Link between Process Weaknesses and Internal Control

▪ Since there is such a strong link between operational

results and financial health, internal auditors should
remember that as per the definition of internal
auditing, the objective is to help our clients achieve
their objectives. This process, which is very similar to
the process improvement process and consists of the
following:
▪ Where do we want to go?
▪ Where are we now?
▪ How do we get to where we want to be?
▪ How do we know if we are making
progress?
▪ Internal controls enable the achievement of operational objectives by helping to mitigate the risks that can
jeopardize the achievement of those objectives. It is unfortunate, however, that many people think of
internal controls as “getting in the way” and impeding work from getting done. The reality is quite the
opposite. Unchecked risks can derail the achievement of objectives. So, by mitigating the likelihood and or
impact of these negative events, objectives are more likely to be achieved.
▪ Internal controls, then, support existing processes by helping to protect the organization against risks that
threaten the achievement of objectives. Formally documenting, establishing responsibility and accountability
to perform these activities, and ideally linking the performance of these controls to the organization’s
rewards mechanism, will go a long way toward making sure that negative events are held in check.
Six Sigma and Lean Six Sigma
▪ Six Sigma is a process improvement methodology designed
to make sure that a process will deliver its output within a
prescribed tolerance range.
▪ It is a business and process improvement methodology
used to improve processes by using statistical analysis to
identify the sources of error and determine the best way to
eliminate them.
▪ It is a collection of management tools and methodologies
to reduce variation, errors, and increase the speed of
execution, while focusing on eliminating mistakes, rework,
and waste.
Mike Harry and Richard Schoeder define Six Sigma as:
“…a business process that allows companies to drastically improve their bottom line by
designing and monitoring everyday business activities in ways that minimize waste and
resources while increasing satisfaction.”
▪ The term Six Sigma is based on statistical modeling, whereby the maturity, stability, and conformance with
expected accuracy yields is described by a sigma rating (as shown below). This yield relates to the percentage
of total production that is defect-free. The ratings are as follows.
▪ It is evident that a Six Sigma process is one where it is
performing at near zero error rates. It is important to
note, however, that given the limited resources
available in many organizations that can be allocated
to quality improvement, it could become prohibitively
expensive to achieve precision at the Six Sigma level.
Furthermore, is it necessary?
▪ It simply means that organizations must allocate
limited resources, and this must be done judiciously
based on cost-benefit considerations. Despite this,
organizations should create a general culture and
related operating practices where the pursuit of
excellence and perfection is constant, and efforts are
made in the most cost-effective and pragmatic way
possible to reduce error rates.
The most common methodology in Six Sigma is DMAIC.
▪ D—Define the current process, system, high-level
project goals and capture details about customer
requirements and expectations (i.e., the voice of the
customer).
▪ M—Measure key aspects of the current process,
collect relevant data, and determine the capability of
the process in its current state (i.e., the “as-is” process
capability).
▪ A—Analyze the data to investigate and verify cause-
and-effect relationships.
▪ I—Improve the current process based on the data
analysis performed.
▪ C—Control the future state process to ensure that any
deviations from the performance targets are
corrected before they become defects.
In general, the DMAIC methodology is used for existing
processes, while DMADV (DFSS – Design for Six Sigma) is used
when building a new or highly modified process or product.
▪ D—Define design goals that are consistent with customer
needs and wants and verify that these are aligned with the
organization’s strategy.
▪ M—Measure and identify those characteristics that are
critical to quality for the customer, measure product
performance capabilities, measure production process
capability, and identify and measure risks.
▪ A—Analyze available information to develop and design
alternatives.
▪ D—Design an improved alternative to the existing product or
process that is most appropriate given the analysis
performed by optimizing the design. Plan for design
verification and run simulations if possible.
▪ V—Verify that the design meets customer and business
requirements, set up pilot runs, implement the production
process, and transition the process/product to process
owners.
ISO 9000
▪ According to the ISO, the ISO 9000 family of standards
address various aspects of quality management. This is
only one set of the more than 20,500 international
standards the organization has published and that are
widely embraced around the world.
▪ Standards in the ISO 9000 family include
➢ ISO 9001:2015—It sets the requirements of a quality
management system
➢ ISO 9000:2015—Addresses the fundamental concepts
and language
➢ ISO 9004:2009—Focuses on how to make a quality
management system more efficient and effective
➢ ISO 19011:2011—Provides guidance on internal and
external audits of quality management systems
This standard is based on seven quality management principles,
namely:
➢ Customer focus: The primary objective of any organizational
activity should be to meet or exceed customer requirements
and expectations. Organizations exist because of their
customers, so they must identify, attract, retain, and please
their customers. Organizations that understand this achieve
higher levels of customer satisfaction, loyalty, repeat business,
increased sales, and bigger market share.
➢ Leadership: Leaders establish unity of purpose, set the
direction for the organization, create the conditions, and
promote the practices that result in meeting the organization’s
quality objectives. Leaders align the organization’s strategies
with the organizational structure, establish policies, build
processes, and assign resources effectively to achieve its
mission.
➢ Engagement of people: Knowledgeable, engaged, and
empowered workers are essential for the creation and delivery
of value to stakeholders. Competence is fundamental to the
effective functioning of any organization. But beyond
competence, employees at all levels must be involved and
respected.
➢ Process approach: When activities are designed, understood,
and managed as part of a coherent integrated system, it is
more likely that the organization will achieve consistent,
predictable results. The efficient allocation and use of
resources, breaking down silos, and understanding process
limitations will enable process owners and those working
within the processes themselves to better anticipate problem
areas, acquire and share critical information, and manage the
risks that can hinder productivity. Well-developed, integrated
and managed processes are better equipped to deliver
according to established expectations and meet quality
standards.
➢ Improvement: Winning organizations embrace the concept of
continuous improvement. Inertia can be dangerous in today’s
world, so organizations must constantly examine how they are
structured and operating, identify, and react promptly and
effectively to both internal and external changes. In fact, by
focusing on early identification of changes and applying root-
cause analysis to understand the triggers of these changes,
organizations can anticipate and react appropriately to
changing conditions.
➢ Evidence-based decision-making: Desired results are more
likely to be achieved when decisions are data driven and based
on the careful analysis of information. When cause and effect
relationships are understood, the organization will be more
likely to make better decisions. Excessive subjectivity and the
inability to justify decision-making often results in opinion-
based decisions, politicized practices, and a general inability to
demonstrate the effectiveness of decisions.
➢ Relationship management: For long-term success,
organizations must manage their relationships with their
stakeholders, especially suppliers. Organizations don’t operate
in a vacuum, and as such, they must manage the impact that
their stakeholders have on them. Opportunities and threats
may arise from the pool of stakeholders, quality-related risks
may be caused by vendors, shipping companies, or
distributors. In general, vendor problems can disrupt the
organization’s supply chain.
ISO 31000
▪ ISO 31000 provides a level of reassurance in terms of
economic resilience, professional reputation and
environmental and safety outcomes. In a world of
uncertainty, ISO 31000 is tailor-made for any organization
seeking clear guidance on risk management.
▪ The ISO Quality Management Principles provide a useful baseline to examine the structure, conditions, and
practices within the designated scope area to determine if the criteria are sound and if the practices are
conducive to successfully meeting the expectations of the organization’s stakeholders.
▪ Internal auditors can use the principles, and the aspirational tenets within them to construct audit programs
that probe for the presence and functioning of the mechanisms that will enable the program or process to
achieve them.
End of Module 7