Hello everyone. I know our company is late getting out of the gate in migrating from QS to ISO, but key people left and were not replaced. This caused others (myself especially) to wear additional hats, with the result that we are just now getting our registrar audit done in a few weeks. :bonk:

Of course I want to do a great job on the Internal Audit, but have only audited by element, not by process. There is a difference between defining your processess and figuring out how to audit them. Our QS registrar's auditor would address all the elements during her audits, but would do so in a process-oriented manner. She would pick a part number, go to the raw material, and then work her way all the rest of the way back up the "food chain" covering all the requirements as she went.

Would I be incorrect in performing our ISO audit in the same manner? If all the required rocks got overturned in the process, the end result would be the same, would it not? I would also use a checklist I downloaded from their website to ensure I didn't miss anything. Any suggestions for improvement?

The way that I prefer to audit is to do a total audit. Start at the finished goods department, pick 2 or 3 items that are ready for shipping, and using those backtracing all the way to raw materials and incoming inspection. It usually gives a pretty good indication of the systems efficiency. If I know that there is specific issues or troublesome departments, then I don't mind singling out that specific issue and auditing it in order to clarify the problems that are specific to that.

It does sound like you have got the jist of it, so go for it, and remember: An audit is a dialogue, it is not about making people afraid of you, and it is not just about citing policies. The purpose should be to clarify if the system works, and if it can be improved. :bigwave:

Hello everyone. I know our company is late getting out of the gate in migrating from QS to ISO, but key people left and were not replaced. This caused others (myself especially) to wear additional hats, with the result that we are just now getting our registrar audit done in a few weeks. :bonk:

Of course I want to do a great job on the Internal Audit, but have only audited by element, not by process. There is a difference between defining your processess and figuring out how to audit them. Our QS registrar's auditor would address all the elements during her audits, but would do so in a process-oriented manner. She would pick a part number, go to the raw material, and then work her way all the rest of the way back up the "food chain" covering all the requirements as she went.

Would I be incorrect in performing our ISO audit in the same manner? If all the required rocks got overturned in the process, the end result would be the same, would it not? I would also use a checklist I downloaded from their website to ensure I didn't miss anything. Any suggestions for improvement?


Doing a reverse audit is a good approach, but you have observed it may not address or get to everything.

I would propose a 3 level approach, and it can be modelled with a checksheet to help newer auditors and still be a thorough process audit.

1. Audit the "report card." For each process, review the criteria for effectiveness (cl 4.1.c), process performance metrics and objectives. This will show the process is performing and give guidance to the auditor. Also, review the effectiveness of the inputs and outputs.

2. Audit the process itself. That is the part most people get right. Use your flowcharts, procedures, turtles, etc. to audit how the process works.

3. Also, audit the significant links to supporting processes. Training, doc control, records, calibration, maintenance, whatever is relevant to this process.

If you follow this format, you will do a cmprehensive audit of each process and should find many areas where each process can be improved.

Perhaps you can use the attached as input to your checklist for process auditing.

Your question piqued my curiosity, so I did a quick pass through ISO 9001:2000 and picked out all of the explicit process requirements.

The first thing I noticed about this list is that you can't use it to determine which supporting processes (training, document control, etc) apply to the processes in the stream of production. I guess that's part of what the organization has to figure out for itself, as part of identifying the sequence and interaction of processes.

Which leads me to conclude that the auditor shouldn't have to figure out the applicable supporting processes for himself - it should be part of the quality system documentation.

I am doing our first internal ISO9001 audit next week with my freshly trained audit team.
I am using this audit for two purposes:
1) As a training exercise for the new auditors.
2) To do a total gap analysis.

So we will be auditing to the standard and the audit will be broken up by clause.

Once that audit is complete I plan on doing another full in about 3 months, but this time focusing on processes. In this case one we will do a reverse audit with different teams focusing on particular processes - manufacturing, calibration, order entry/contrat review, design, etc.

After that one I will start an audit cycle

Discordian,

To get a total gap analysis from a freshly-trained (inexperienced, right?) audit team is a pretty lofty goal.

How do you plan on doing it, if you don't mind my asking?

Not saying it can't be done, but ...

Discordian,

To get a total gap analysis from a freshly-trained (inexperienced, right?) audit team is a pretty lofty goal.

How do you plan on doing it, if you don't mind my asking?

Not saying it can't be done, but ...

Well - I've already done a gap analysis on my own so I know what they should find.
Plus I'll be accompanying each pair of auditors to quietly guide them. I have 8 auditors, one of them has auditing experience and a four of them have beed audited every year for the last 8 by a CE marking notified body so they know that end. The guy with audit experience will be the one auditing me when I'm auditee.

I broke it up by clause - grouping things that make sense to group. We're doing it over 3 1/2 days so they audit sections don't overlap and I can be available for all of them.

Discordian,

To get a total gap analysis from a freshly-trained (inexperienced, right?) audit team is a pretty lofty goal.

How do you plan on doing it, if you don't mind my asking?

Not saying it can't be done, but ...


I think that since Dis knows what results he "should" get, it is a great way to train his internal auditors. We all have to start somewhere, right?

I think that since Dis knows what results he "should" get, it is a great way to train his internal auditors. We all have to start somewhere, right?

Plus - by throwing some outside eyes at my work I'm hoping that maybe they'll find some things I missed or may have gone too easy on.

Agree completely.

Do you plan to bring the auditors together as a team periodically?

It seems to me like there would be some benefit to having them share war stories, and you could reinforce their training.

Maybe even a bit of group think about checklist questions would be beneficial. In my observation, new auditors tend to ask very shallow questions.

What are your thoughts?

Agree completely.

Do you plan to bring the auditors together as a team periodically?

It seems to me like there would be some benefit to having them share war stories, and you could reinforce their training.

Maybe even a bit of group think about checklist questions would be beneficial. In my observation, new auditors tend to ask very shallow questions.

What are your thoughts?

This isn't a very large company so we all see each other every day.
But I've been having periodic meetings/refresher training sessions as a team and will continue to do so throughout the year.

We're doing the audit next wed, thu, fri. We'll be meeting on Monday to talk strategy and have them work on their question lists.

I'll also be having a meeting with all managers and supervisors this week to give them and idea of what they are in for as auditees.

Nice ideas so far. This is how we did it:

TRAINING: One day to tell the auditors what are the processes and the clause requirements + a rough idea of how to audit and how not. Day two - the trainer moves around and conducts audits with the trainees in tow. All write observation. End of day everyone sits together, writes NCs, discusses. Day three - The group moves around again with the trainees auditing and same day end session till everyone gets a chance to audit. Learning on the job.

Actual audit - A checkilist with process linkages and clauses / departments is kept for reference. The audit is covered over three fridays (choose your day). One team goes around, audits freely flowing across the departments / clauses as the process takes them. They submit their notes and NCs. Next week team II picks up links from these observations and audits remaining clauses / departments. So on till the whole organisation is covered in three weeks. The checklist is used to keep a record of what has been covered and what not.