Hi Everybody,

We have been registered to ISO 9001:2000 for six month and want to execute the internal audit. Does anyone could help us about the internal audit preparation (such as form, etc.) ? Thank you.

Best Regards,
SKKeris

SKKeris,

there are several examples of audit forms and checklists available on this site, and can be found by doing a search on this site. Also, look at the bottom of this thread to see some links to similar threads for more information.

Since you are already registered to the standard, you "should" already have an internal audit procedure in place. What do you have in place now?

What do you have in place now?
Good question.

SKKERIS, can you post what you have? We'd love to take a look at it.

Hi Everybody,

We have been registered to ISO 9001:2000 for six month and want to execute the internal audit. Does anyone could help us about the internal audit preparation (such as form, etc.) ? Thank you.

Best Regards,
SKKeris


My first question: How did you get registered to ISO9001 without performing internal audits?

Preparing for the Internal audit involves some steps that I do when I am going to perform an Internal Audit.

1. Prepare the Internal Audit Checklist, defining the Scope of the Internal Audit.

2. Review existing Policies and Procedures to see if there were any changes since the last internal audit (but, I believe you have said that this is your first internal audit)

3. Review any corrective actions that may have been written from the previous internal audit to include your 3rd Party (Registrar)

3a. Send out notifications to the areas/processes' managers requesting them to attend step 4.

4. Prepare for an in-brief (pre audit) meeting with the parties involved, outlining your scope.

6. Have the in-brief meeting.

7. Perform the internal audit.

8. Have an out-brief meeting to discuss your finding and/or improvements

9. Finalize report with any Corrective Actions and/or improvements that have been generated.

10. Schedule next Internal Audit and follow the steps above.

This is just a general way to prepare and execute the internal audits in my opinion. However, you need to follow what your Internal Audit Procedure requires.

There might be some other people that may take different steps. Just Analyze, and determine which works best for you and your company.

I'd suggest modeling after the ISO standard 19011. How you actually do an internal audit (process, requirements, etc), who you use as internal auditors, your schedule (do you spread them out through the year or do them all in one shot one week as the external Registrars do) - all these decisions are made based on your company culture and who is the Audit Manager. The procedure is important but the execution is what is key to success.

I assume that you have a lead auditor trained - best an RAB Lead Auditor course - that is managing and leading your program. Training and consistant approach by auditors is another key factor.

My :2cents:
Linda

My first question: How did you get registered to ISO9001 without performing internal audits?That is a good question, but the original post is not clear. This thread is eerily similar to this other one (http://elsmar.com/Forums/showthread.php?t=11382) where I posted the following comment:
Based on your original post, it is still unclear if an internal audit had taken place, prior to your certification audit. However, IF your organization was awarded certification to ISO 9001, under an IAF signatory Accreditation Scheme, without an internal audit performed before hand, the Certification Body is contravening the requirements of ISO Guide 62. The IAF Guidance to ISO Guide 62 stipulates: “…G.2.1.43. Certification/registration shall not be granted until there is sufficient evidence to demonstrate that the arrangements for management review and internal audit have been implemented, are effective and will be maintained….”

While I can not ascertain if that was indeed your organization’s situation, I can see why some people could question the validity of your certificate, vis a vis the requirement mentioned above.

In my personal opinion, XXXXX jumped to a conclusion without definitive evidence, something that auditors should never do, and he knows that very well, since he teaches lead assessor courses. So you might want to clarify if your organization had had an effective internal audit prior to the external auditor assessment.

That is a good question, but the original post is not clear. This thread is eerily similar to this other one (http://elsmar.com/Forums/showthread.php?t=11382) where I posted the following comment:

You could be right Sidney. But as I look at the OP it specifically states:

" We have been registered to ISO 9001:2000 for six month and want to execute the internal audit. Does anyone could help us about the internal audit preparation (such as form, etc.) ? Thank you.

Best Regards,
SKKeris "

But this could be a Language issue.

SKKeris:

Could you please provide us with a more definitive answer to the use of the word "Registered" in your OP?

it could simply mean they had a consultant who performed the internal audits and are now ready to do it themselves...using their own tools....:cool: don't be so hard on him.

it could simply mean they had a consultant who performed the internal audits and are now ready to do it themselves...using their own tools....:cool: don't be so hard on him.


Well, this is true they could have had internal audits completed by an outside consultant. Laura M does this all the time:)
I suggest they definitately get some internal audit training and lead auditor as well if they can do it. Not that big of a deal or expense.

it could simply mean they had a consultant who performed the internal audits and are now ready to do it themselves...using their own tools....:cool: don't be so hard on him.

I don't think we/me was being hard on them. I provided the OP with my outline on how to prepare for an Internal Audit, and I did say that it could be a language issue on the use of the word "registered" and asked for a more definitive explanation of the word "registered" in the OP. My other question is a simple request for an answer to a question that I had regarding Registered without performing an internal audit.

I don't feel that was being hard on the original poster.:nope:

I don't feel that was being hard on the original poster.:nope:
Neither do I - I don't think anyone is being hard on him.

I think we've speculated enough. Why don't we just wait for SKKERIS to come back and answer some of the questions we've posed? Then we can all jump in and help him/her out.

Either this is someone that has absolutely no idea what he is talking about, or it's some type of major HS:horse: artist who is bored and wants to see me go off at on the original question and scenario presented.

Either this is someone that has absolutely no idea what he is talking about, or it's some type of major HS:horse: artist who is bored and wants to see me go off at on the original question and scenario presented.Other possible scenarios:
1. like already mentioned, they could have outsourced the IA prior to the registration and now they want to do it themselves.
2. the qualified people who did the internal audits prior to the registration left the company and took everything with them, including the internal audit procedure and forms...
3. they never had an internal audit prior to registration and the Certification Body was asleep at the wheel...
4. the original poster does not realize that the organization already has a procedure in place documenting the internal audit process...
or s/he heard of Randy's legendary short fuse and want to see you :blowup:
Indonesia should be opening for business soon. Let's see if we get a reply....:cfingers:

Kris, i ve been in your position before so i m going to tell you what i did at time.
1. we make a schedule for all areas or departments/ processes that we are going to audit for the whole year. we tabulated the schedule and give a mark for audit planned, audit completed, corrective action and audit closed so that we can see the status of the audit.

2. Based on that we give the intimation & audit schedule to all the areas to inform the time and date of the IQA that we are going to perform.

3. Prepare the Audit Observation Form & the NCR report form by giving information for the detail of NCR found , the Clause reference , whether it is major or minor and some space for corrective/ preventive action taken by the auditee and verification by the auditor.

4. If you have the checklist it will be better.

Hope this would be helpful for you,
Selamat melakukan Audit.

We have been registered to ISO 9001:2000 for six month …

If my perception is correct with SKKERIS meaning of “have been registered”,
I would like to add some info based on chicha’s input.

1. we make a schedule for all areas or departments/ processes that we are going to audit for the whole year. we tabulated the schedule and give a mark for audit planned, audit completed, corrective action and audit closed so that we can see the status of the audit.


If a History of Internal Audit Result is already available,
you can also consider to change the frequency/audit schedule
and prioritize your audit areas by simply tabulating the nos. of NC
per area/process. Areas with most no. of NC, the frequent they
would be audited i.e. monthly, quarterly and semi-annual, annually
for those with least no. of NC.