Category: Blog

Statistical Focus: Process-Focused Reliability Assurance — Summary

Reliability (“quality over time”) is central to customer satisfaction. Approaches that rely solely on catching problems at final inspection are too late; modern reliability emphasizes proactive, process-focused strategies supported by statistical tools.

Product-Level Testing Approaches

• Screening Test: Randomly selected products undergo accelerated aging life tests; potential failures are revealed prior to shipment. Helps detect issues arising from design or supplier changes early on.

• Burn-in: Aims to eliminate early-stage failures; all units are run under specific time/conditions. It is common in semiconductors; optimization of time/conditions is performed using statistical methods.

Process-Focused Reliability

The modern approach is to control upstream process variables that directly affect product reliability: raw material properties, equipment parameters, environmental conditions, and part characteristics. Tools such as measurement system analysis (gage R&R), design of experiments (DOE), process capability metrics (Cp, Cpk), and SPC are essential for identifying critical variables, establishing process windows, and ensuring stability.

Conclusion

An approach that integrates product testing with process monitoring enables a shift from reactive detection to proactive prevention. Identifying and controlling critical variables reduces failures and damage to brand reputation while increasing long-term customer satisfaction.

Expert Answers: QMS Gap Analyses — Summary

A QMS gap analysis compares the current system with the target state or new requirements; it reveals weaknesses and areas for improvement. It is particularly useful when implementing a new QMS, when the scope changes, or when standards such as ISO 9001 are updated.

Starting Point and Benefits

First, the scope, objectives, and methods are clarified. The participation of stakeholders such as top management, process owners, and area managers is critical; it provides insight and fosters ownership of solutions. Documenting each gap with evidence and its level of importance ensures transparency and prioritization.

Four-Tiered Approach

1) Compliance Check: Applicable standards and internal requirements are reviewed; compliance with procedures/instructions/records is documented.

2) Subsystem Review: The functioning of subsystems such as documentation, production, and CAPA is evaluated using flowcharts, metrics, and trends.

3) Inter-System Interactions: Inefficiencies arising from overlaps/duplications in process handoffs are investigated.

4) Stakeholder Review: Findings are validated, priority levels are agreed upon, and a closure action plan is created. High-risk issues (e.g., missing systems or regulatory requirements) are prioritized; effectiveness controls are embedded in the internal audit cycle.

Value

Although time-consuming, gap analysis is a health check for the QMS. It reveals strengths and weaknesses, guides continuous improvement, and prepares for external audits. As the QMS evolves with customer and regulatory demands, periodic reassessment maintains effectiveness.

Simultaneous Standard Revisions: The Latest Status of Four High-Impact ISO Standards

International standards undergo specific phases to remain compatible with evolving technology and needs. As of September 2025, four fundamental management system standards are undergoing revision simultaneously: ISO 9001, ISO 9000, ISO 19011, and ISO 14001. All four are at the DIS (Draft International Standard) stage, with publications clustered in 2026.

Quick Overview (status → next step → ETA)

• ISO 9001 (QMS—requirements): DIS → national comments & voting → Sep 2026

• ISO 9000 (QMS—fundamentals & terms): DIS → FDIS voting (Oct 2025) → Feb 2026

• ISO 19011 (audit guidelines): DIS → comment resolution & FDIS → early 2026

• ISO 14001 (EMS—requirements): DIS → comment resolution (Jun–Oct 2025) → Mar 2026

ISO 9001: What’s Changing, What’s Staying the Same?

While the 2015 structure is largely preserved, there are alignments with the harmonized structure (HS) and targeted updates. Over 4,000 comments were processed. Changes include: Terms (Clause 3), top management’s responsibility to promote a quality culture/ethical behavior (Clause 5), separation of risks and opportunities (Clause 6), simplification of continuous improvement (Clause 10), and explanatory Annex updates.

ISO 9000: Concepts and Terms

Ensures consistency of QMS concepts; synchronized with ISO 9001. Project approval (Nov 2023), CD closure (Jul 2024), DIS voting (Apr–Jul 2025), FDIS (Oct 2025), publication (Feb 2026).

ISO 19011: Guide for Remote Auditing

Post-pandemic remote auditing, cybersecurity, and outages are shaping the revision. No negative votes in the DIS vote. Aligned with ISO/IEC TS 17012:2024; the 2018 structure is largely preserved. Publication in early 2026.

ISO 14001: Clarifications, No Major Changes

Scope is limited; no new requirements are added or removed except for HS requirements. Changes include: a change management clause, consistency in expressions such as “documented information shall be accessible,” expanded scope for externally provided products/services/processes, and additional explanations such as the life cycle perspective. Management review inputs are made mandatory. Publication targeted for Q1 2026.

Summary

While continuity is maintained for users, alignment with HS, clearer terms, an emphasis on culture/ethics, and a modernized audit guide are coming. A synchronized update is expected in 2026.

Artificial Intelligence: Risks and Opportunities — How Can Internal Audit Lead the Adoption of AI?

Artificial intelligence (AI) is growing rapidly, with an annual growth rate of 36.6% projected through 2030. Like the internet and personal computers, AI will become central to how businesses operate. Organizations that fail to adapt will fall behind; internal audit units are uniquely positioned to help responsibly manage this transformation.

Opportunities

AI offers significant gains in efficiency and innovation. Studies show that developers using GitHub Copilot work 56% faster; consultants produce more and higher-quality output with AI support; and customer service efficiency improves by up to 45%. Breakthroughs are also seen in areas such as cancer prediction, wildlife conservation, and environmental research.

Risks and Failures

AI’s flaws are also noteworthy. Examples such as Air Canada’s misleading chatbot or McDonald’s’ failed ordering system create reputation and cost risks. Bias, privacy violations, cyber threats, lack of transparency, and excessive dependence on third parties are prominent issues. As Bill Gates pointed out, AI sometimes cannot distinguish fact from fiction, leading to unreliable results. Therefore, strong oversight is essential.

The Role of Internal Audit

Internal audit is a key player in AI governance. Risk-based audits ensure compliance, transparency, and accountability. Audits can be conducted as independent AI audits or integrated into areas such as information security, data privacy, enterprise risk management (ERM), and third-party risk management (TPRM). Teams should understand the unique risks of AI, work with subject matter experts, and develop customized audit criteria.

Standards and Frameworks

Guiding standards are rapidly emerging:

• ISO 42001:2023 — Defines AI management system requirements; integrates with quality and security frameworks.

• NIST AI 600-1 — Risk management framework for generative AI; covers topics ranging from content integrity to environmental impact.

• Industry-specific guidelines — Focused on fairness, transparency, and ethical use, particularly in finance and insurance.

These standards help internal audit design a layered governance approach.

Practical Steps for Implementation

Internal audit teams can start by automating routine tasks such as report summarization, data analysis, or executive summaries. This approach aligns with the practice of OpenAI’s Sam Altman and Nvidia’s Jensen Huang using AI for efficiency. Pilot projects accelerate learning and enable adaptation before scaling.

Clear procedures should be established and training provided to strengthen oversight. AI systems should be regularly monitored using key performance and risk indicators; alignment with compliance, ethics, and business objectives should be maintained through continuous evaluation.

Conclusion

AI holds as many serious risks as it does great promise. Organizations must adopt it strategically; internal audit functions must pave the way. By integrating AI governance into audits, applying global frameworks, and starting with practical use cases, internal audit can assume a trusted advisor role. How well organizations manage AI oversight will determine their success over the next decade.