Hi Everyone :bigwave:

Prior to posting this thread I have searched high and low through various threads and all throughout the free files directory. I'm still not grasping the idea of process based audits.

According to my consultant, we need to provide any third party auditor with a Process-Based Audit Form. All the forms I have seen thus far look different and keep racking my brain.

I have gone through a few departments over the past few months and have come up with hundreds of work instructions. We don't do nearly 70% of those work instructions on a daily basis. We have them for reference for people who need to do something or to train new people. Here are a few things we do everyday: Create Orders, Print Orders, Pull Orders, Calibrate Order Items, QC Order Items, and Ship Items. Those tie in together with Order Processing/Production/Shipping Departments. Would those be areas in the Process Audit? We have work instructions covering all those areas.

What about other departments? Such as Engineering, Accounting, Customer Service, IT, Quality Control?

Sorry if these questions have been asked and answered several times, but I used and abused the search engine and I'm still very unclear.

:thanx:

Hi Everyone :bigwave:

Prior to posting this thread I have searched high and low through various threads and all throughout the free files directory. I'm still not grasping the idea of process based audits.

According to my consultant, we need to provide any third party auditor with a Process-Based Audit Form. All the forms I have seen thus far look different and keep racking my brain.

I have gone through a few departments over the past few months and have come up with hundreds of work instructions. We don't do nearly 70% of those work instructions on a daily basis. We have them for reference for people who need to do something or to train new people. Here are a few things we do everyday: Create Orders, Print Orders, Pull Orders, Calibrate Order Items, QC Order Items, and Ship Items. Those tie in together with Order Processing/Production/Shipping Departments. Would those be areas in the Process Audit? We have work instructions covering all those areas.

What about other departments? Such as Engineering, Accounting, Customer Service, IT, Quality Control?

Sorry if these questions have been asked and answered several times, but I used and abused the search engine and I'm still very unclear.

:thanx:

First question - what are you referring to when you say audit form? a checklist? If so, you need to audit inputs, outputs, controls, etc.

As far as a process audit, take one of the processes you have mentioned, and audit the activities that take place during that process.

I think maybe your consultant could do a better job of explaining to you what s/he is talking about.:2cents:

According to my consultant, we need to provide any third party auditor with a Process-Based Audit Form. That is not correct. What about other departments? Such as Engineering, Accounting, Customer Service, IT, Quality Control?You need to stop think departments and start thinking processes. For example, the New Product Introduction process might involve functions from several Departments, such as engineering, manufacturing, purchasing, quality, etc...
If you are certified to ISO 9001 or a similar standard, your quality manual must have the macro processes of your quality system identified, because it is a requirement of those standards. So, check your Quality Manual. Also, see if the following documents are of any help to you:
Understanding the process approach (http://isotc.iso.org/livelink/livelink/3554122/APG-UnderstandProcessApproach.doc?func=doc.Fetch&nodeid=3554122)

ISO 9000 Introduction and Support Package: Guidance on the Concept and Use of the Process Approach for management systems (document ISO/TC176/SC2/N544 (http://isotc.iso.org/livelink/livelink/3554880/Process.doc?func=doc.Fetch&nodeid=3554880)

Thanks for changing the title of the thread. I didn't know how else to word it.

The action items list our consultant gave me just states "Process-Based Audit Form" along with other forms which I have. I imagine it can be in any format that works.

So then I know the standard doesn't mention the number of processes to audit, so would the fair amount be what we actually do on a daily basis? Each department may have 10-20 processes done every day. Would I need to develop a process audit form/checklist for each department listing all those different processes? What kind of questions would I ask about those processes? Even though each department has different processes, wouldn't auditing them all be done the same way? How would I incorporate any clauses from the standard?

Thanks for the links Sidney.
We just completed a team gap analysis and the next round of audits in a couple of months will be process based. I'll be sending these links to my audit team.

We are not certified yet, nor do we have a completed Quality Manual. I'm just trying to get everything situated prior to our audits in June/July.

Thanks for changing the title of the thread. I didn't know how else to word it.

The action items list our consultant gave me just states "Process-Based Audit Form" along with other forms which I have. I imagine it can be in any format that works.

So then I know the standard doesn't mention the number of processes to audit, so would the fair amount be what we actually do on a daily basis? Each department may have 10-20 processes done every day. Would I need to develop a process audit form/checklist for each department listing all those different processes? What kind of questions would I ask about those processes? Even though each department has different processes, wouldn't auditing them all be done the same way? How would I incorporate any clauses from the standard?


Don't get hung up on the form or checklist. Just because a consultant says you need one doesn't necessarily make it right.

I don't use checklists unless I'm doing a gap analysis. Neither do any of our external auditors for ISO or EU PED.

I start with a documented flow - like a flow chart or procedure or manaul or process diagram. If there is no documented flow I sketch one out as the process owner walks me through the process.
Then I review the appropriate parts of the standard to see if the process covers the requirements.

Hi and welcome to the cove. I agree that you should not get hung up about the actual form for a 'process audit' it should not differ from a standard audit. My company does not do formal audits of the standard, as such. What I mean is that we do not audit individual clauses like we used to in the 90's. The old standards prevailed upon us to audit criteria as laid down..i.e document control, records, contract review etc and it seemed that everyone (especially the registrars) concentrated not so much on what the business made but how they measured up against the paper war called the STANDARD. The standard did not really improve a business as if you made rubbish before being certified you could still make rubbish with certification. (IMHO)
The process approach lets us now concentrate on OUR business. It lets us value add to the process by reviewing and inspecting the actual process rather than worrying about documents and if the wording of a particular clause has been met to the utmost....A waste of time IMHO. I have always concentrated on WHAT we DID rather than WHAT we SAID!!!
I designed the Process Mapping (http://elsmar.com/Forums/attachment.php?attachmentid=810&d=1053052351) presentation to highlight the breakdown of Processes to my staff and employees. It also showed the audit team what we wanted to audit and the structure of a process.
As steel maiden said... We want to look at the three main parts of a process
INPUT - Including resources
PROCESS - The actual task
OUTPUT - Results
Now the presentation is more a training toll and exercise for people to understand a process but as I said it helps auditors understand how to break a process down for audit purposes.

INPUT: We look at raw materials, Customer input, Internal/External customer, specs, gap (the Grey area between where it came from and when it arrives - Transport, storage, handling etc),
PROCESS: How is it manufactured?, How are the raw materials inspected and utilised, streamlining the process, double handling, value adding, Downstream customer requirements, documentation, training
OUTPUT: Downstream customer requirements, handling, storage, packaging, docs etc

These are some of the things we look at and some auditors use a checklist, some use the work instructions and some flow chart the process as they follow the product or process flow...It is an individual thing.

Our Quality Steering Committee (Management Review group) sets the audit schedule three months in advance. They take into account problem areas (review NCs and CARs), new processes, last years audits results etc and establish the schedule. It concentrates on work processes from the work instructions PLUS they may say audit the gap between process areas to see if we can improve product flow or storage etc. They always look to improve the business rather than auditing for audits sake. We don't want numbers in a box we want results. Our Audits IMPROVE our processes they do not POLICE our processes.
Look at page 10 and 11 of my presentation and it shows you how we manage our processes and ask questions of it. We need to meaure it and part of that is the auditing
Here is our VERY simple yet VERY effective Audit Report (http://elsmar.com/Forums/attachment.php?attachmentid=6098&d=1165361370) and our equally simple and effective Audit Procedure (http://elsmar.com/Forums/attachment.php?attachmentid=4962&d=1144278913). I hope this helps in some way.:)

Hi Everyone :bigwave:



According to my consultant, we need to provide any third party auditor with a Process-Based Audit Form. All the forms I have seen thus far look different and keep racking my brain.



:thanx:

I am afraid that I do not understand what the consultant is doing. Advising which site to ask questions that you are paying him to answer.
He is supposed to be helping you set up a system, not confusing you more.
Change the consultant:rolleyes:

I am afraid that I do not understand what the consultant is doing. Advising which site to ask questions that you are paying him to answer.
He is supposed to be helping you set up a system, not confusing you more.
Change the consultant:rolleyes:


He's always on the move and it's hard to get a hold of him. The Cove has been such a wealth of information and very quick to respond it has outweighed picking up the phone to ask him. :agree1:

WHAT we DID rather than WHAT we SAID!!!

Well what about the work instructions then? If employees don't follow what the work instructions say, isn't that a noncompliance? I was under the impression that the work instructions must be followed verbatim?

Hi Everyone :bigwave:
I'm still not grasping the idea of process based audits.

What about other departments? Such as Engineering, Accounting, Customer Service, IT, Quality Control?

:thanx:

I think that a lot of it comes down to knowing what a process is designed to do, and assessing how well it does it. We developed the attached to describe how to define a process in the first place, but an audit would typically be aimed at ensuring that a process is doing what it is designed to do.

How you choose which process(es) to audit would depend (as usual) on which have most effect on your product, been recently changed, have a history of problems etc.

noboost4you, I think the covers are great and have a wealth of knowledge to impart to you. No disrespect intended to the way things should be done, however, there are times when one has the resources to do really good process audits investigate all the upstream inputs and downstream outputs but there are also times when one needs an immediate fix to save one’s bacon by satisfying the need of an external auditor or customer. The auditor probably wanted the process approach yesterday, but you don’t have the time nor do you have the knowledge.
The covers are trying to educate you first on the process approach and then have you come up with your own solution. I think that is great and the proper way to do things! However, I believe the world is a better place for having all kinds of points of view on how to approach issues. That being said I will give another approach that many will deem not proper, but will directly address your original post.
Quick Fix:
I bet your audit plan is made up of functional areas, put the word “process” in front of them. Take your audit plan that has a listing of all your processes and put them on the “Y” axis or vertical axis of yearly audit schedule and put the ISO clauses on the horizontal "X" axis as shown in the attachment. Like magic you have a process approach to an audit plan. It doesn’t mean a doggone thing but it will satisfy the auditor in the short term while you’re going through the cove trying to educate yourself on the process approach. For some reason the auditors I deal with really believe that changing the physical positions of the clauses and the audited areas (now called processes) on the yearly audit schedule makes that a process approach to auditing. Adding the acronyms COP, MOP and SOP really gets them hot (adds perceived credibility) too. This is only a short term solution until you have the knowledge, competency and resources to implement the process approach the appropriate way. Good Luck.

Good morning all.

I wanted to ask for some clarification and feedback from you all on process based auditing. We are a NADCAP (ISO/IEC 17025) accredited materials testing laboratory. Currently we comply with NADCAP requirements for monthly internal auditing:

18.5 Per NADCAP requirements, on the first Monday each month the Quality Manager shall select for audit not less than one job that was previously reported in the previous month from any client file to satisfy the acceptable codes listed in AS7101. The test codes must be audited on an annual basis.
18.5.1 The audit shall include verifying the following elements:
* Job Entry Process
* Test Procedures and Equipment
* Calibration and Certification of Equipment Used
* Recording of Test Results
* Audit of Test Results
* Clerical Transcription of Test Results

This audit process is performed post testing as a form of product audit, ensuring that all items were addressed appropriately for a specific test/analysis.

Over the next few weeks, however, I want to develop a process based periodic internal audit program for our facility which will include SOP, COP, and MOP processes. The idea is to have internal audits more involved with in process testing.

We have hundreds of different test procedures which fall under many various test types which we are accreditted for. For process based auditing, should these different testing types be generalized into a "testing" process. My thinking is that a lab section audit would occur, auditing the testing process in general.

This would take into account the inputs (specimens, data, personnel, etc), evaluate the process (what's done, how, where, when, etc), and the output (valid test results, test certificate etc).

I'm a bit confused however, as to how to approach this...since the function of a complete test passes through multiple departments and multiple processes...should the audit encompass the entire cycle, or should the processes be broken out and evaluated seperately? Some of the things that I need to consider:

1) Job Entry
2) Analysis Configuration Generation-(creating an electronic data set within our system that contains all applicable requirements-client/specification)
3) Instrument/Tool Calibration
4) Instrument/Tool Maintenance
5) Lab Test Supply Procurement & Control
6) Technical Support Review
7) Facilities Maintenance & Environmental Controls
8) Customer Services (client communication)
9) Shipping & Recieving
10) Materials & Documentation Retention
11) Document Control
12) Corrective & Preventive Actions
13) Final Inspection (Reports)
14) Training
15) Test Procedures (Validity vs Specifications/Client Reqs)
16) Management Review

There is a lot to consider, and to be quite frank I'm not entirely sure of how to approach it. My understanding is that each process is evaluated separately and in this way it is ensured that each process contributes appropriately to the testing function and interacts effectively with the other processes? Hoping for some advice/feedback from those of you more experienced with process based auditing.

:thanx:

...Like magic you have a process approach to an audit plan. It doesn’t mean a doggone thing but it will satisfy the auditor in the short term while you’re going through the cove trying to educate yourself on the process approach. For some reason the auditors I deal with really believe that changing the physical positions of the clauses and the audited areas (now called processes) on the yearly audit schedule makes that a process approach to auditing. Adding the acronyms COP, MOP and SOP really gets them hot (adds perceived credibility) too. This is only a short term solution until you have the knowledge, competency and resources to implement the process approach the appropriate way. Good Luck.

Huh? If your auditors get all "hot" over this crap, and consider this a "process approach" then maybe you ought to find some better auditors. Sprinkling the word "process" around the audit documents does not make it a process approach.

If his auditors buy that, then he has bigger problems than not passing an audit.

PS: I realize you are trying to help the fellow, and the rest of your comments suggest you actually do have a better understanding of the process approach.

However, teaching people how to hang window dressing, and auditors who accept window dressing, add no value to the ISO program, and both contribute to much of the negative cynicism expressed on this Cove. :cool:

If you're gonna do it, let's do it right!

Well what about the work instructions then? If employees don't follow what the work instructions say, isn't that a noncompliance? I was under the impression that the work instructions must be followed verbatim?


The work instructions, and the activities performed must agree. They must agree or it misses the point. Either the work instructions would need to be revised, or the activities be modified.

We are not certified yet, nor do we have a completed Quality Manual. I'm just trying to get everything situated prior to our audits in June/July.

If these things are not in place yet, perhaps it would be beneficial to postpone your audit. That is one of the earlier things that should occur when implementing a system.

Hi Everyone :bigwave:

Prior to posting this thread I have searched high and low through various threads and all throughout the free files directory. I'm still not grasping the idea of process based audits.

According to my consultant, we need to provide any third party auditor with a Process-Based Audit Form. All the forms I have seen thus far look different and keep racking my brain.

I have gone through a few departments over the past few months and have come up with hundreds of work instructions. We don't do nearly 70% of those work instructions on a daily basis. We have them for reference for people who need to do something or to train new people. Here are a few things we do everyday: Create Orders, Print Orders, Pull Orders, Calibrate Order Items, QC Order Items, and Ship Items. Those tie in together with Order Processing/Production/Shipping Departments. Would those be areas in the Process Audit? We have work instructions covering all those areas.

What about other departments? Such as Engineering, Accounting, Customer Service, IT, Quality Control?

Sorry if these questions have been asked and answered several times, but I used and abused the search engine and I'm still very unclear.

:thanx:

Your post asks very good questions, but it suggests you have not been given a good understanding of what the intent of a process approach is to be. If your consultant is just helping you put the pieces in place to get an audit done, you will get little benefit from ISO.

I will attach a PowerPoint link that may help, but you need to get some good grounding in this and then resume your efforts. You sound like a smart fellow, but you are trying to teach yourself how to swim. I believe you will feel much more confident when you get a better foundation and guidance. (PS: Jane B - I took the animation out!)

To elaborate on my previous post in this thread; I've been looking at some of the processes, in the basic stage of identifying key processes and potential for internal audits, and I wondered what you all think of this list. It seems a bit long to me, considering ISO 9k outlines only 6 key processes...mind you we are not held to the 9k requirements, but rather view them as a value added "hey that looks like it may benefit us" set of standards. When performing process audits do you all look at similar processes, does this list seem reasonable?

1) Job Entry
2) Analysis Configuration Generation-(creating an electronic data set within our system software that contains all applicable requirements-client/specification)
3) Instrument/Tool Calibration & Operational Checks
4) Instrument/Tool Maintenance
5) Lab Test Supply Procurement & Control
6) Technical Support Review
7) Facilities Maintenance & Environmental Controls
8) Customer Services (client communication)
9) Shipping & Recieving
10) Materials Handling/Storage Control (test materials from clients)
11) Document Control
12) Corrective & Preventive Actions
13) Reporting (Final Inspection, Revisions, Corrections)
14) Training
15) Test Procedures (Validity vs Specifications/Client Reqs)
16) Management Review
17) Test Errors (control of nonconformances)
18) Statistical Process Control
19) Section Correlation
20) Interlab Correlation (IPT (round robin) testing)
21) Specimen Preparation (Validity vs Specifications/Client Reqs)
22) Records Control
23) Technical Data Control & Electronic Data Storage & Protection
24) Software Control
25) Supplier Evaluation & Approval
26) Internal & External Audits

I'm thinking these should be reduced to more generalized processes with some of the items listed as subset activities which fall under the higher level process...but wanted some feedback, would that be more appropriate?

Please note important correction:
ISO does not define only 6 processes. It does not outline any. Clause 4.1 requires each organization to define their own processes. My clients average between 15-24 processes.

Your list is not bad, but some may only be subprocesses (depends on how you want to slice them.)

For example, do #4 and #7 belong together?
#1, 2 and 8 may have some overlap.
9 and 10.
2, 6, 15, 17.

You get the idea. You may combine a few of these if they justify it, or you may leave them separated. That is your choice. Plus, you can adjust it later after you try it out.