Hello

where could i find templates for internal audits specific to an integrated quality system (ISo 9001 , OHSAS 18001 , ISO 14001) ?


is it possible that we have an integrated (combined) process for the 3 standards ? and do the audit by process as usual ?


or we have to change the method of audit ? and how ?

Hi Libnani,

If you are asking for checklists that combine all three systems, no I can't provide because I don't use "canned" checklists.

However, there's no reason why you can't audit all three systems in the same rounds. So many things are shared: document control, policy, training, management review etc., that these can easily be covered in one audit for three systems.

Others, such as metrology, can combine the other two systems by simply adding the 14001 and 18001 items to the list of things to pay attention to. Hazardous material handling in the work area, safety controls being followed for the area, and a query for awareness of all three systems' aspects can be done in one auditing session.

Certainly there will be cases where an audit will focus on one system's needs. In such cases your program should allow you to be able to request corrective action for non conformances found in any system, even if that system isn't being audited at the time. For example, when finding an uncontrolled document or nonconforming product next to good product when looking at hazmat storage in receiving, you should be able to raise the quality system issue.

I think the real risk here is overlooking some areas. That should be manageable with scheduling. All in all, I think the matter of auditing all three at once is not nearly as complicated as it seems.

I hope this helps!

Libnani,

I have taken the liberty of moving your thread to the Internal Auditing forum (from the OHSAS 18001 forum) as it focuses on auditing more than one standard and you may receive more input from your fellow Cove members here.

where could i find templates for internal audits specific to an integrated quality system (ISo 9001 , OHSAS 18001 , ISO 14001) ?

I don't believe you will find an integrated checklist. I have asked this question before and all but received a resounding "Nope, don't have one" response. :rolleyes: Of course, that hasn't stopped me from developing one on my own.


is it possible that we have an integrated (combined) process for the 3 standards ? and do the audit by process as usual ?

In my opinion, yes, it is possible. Knowing how the standards align/overlap allows you to see the common requirements. From there, I set up the requirements against the PDCA foundation of our Business Management System.

The checklist that I developed for my organization is in a PDCA format, with a clear indication if the requirement stated applies to one, two or all three standards.

or we have to change the method of audit ? and how ?

We have not had to change the process in which we audit, other than our audits are more detailed than previously done. What was limited to quality or environment or safety, now encompasses all three - as appropriate - and we are assessing the conformance of our Business Management System to the necessary requirements.

It has helped to also determine the state of our culture or language. With so much overlap between those three standards, we have pushed for common tools to be used (e.g., document control is document control as Jennifer said) and there is no value added to the system if safety were to develop their own document control system that differered from environment or quality.

Unfortunately, I can not share my checklist with you as it does contain infomration that is confidential to my organization. On the plus side, the standards already tell you how they compare/align with each other...so you have a great starting point right there! :D

Hi Libnani,

If you are asking for checklists that combine all three systems, no I can't provide because I don't use "canned" checklists.

However, there's no reason why you can't audit all three systems in the same rounds. So many things are shared: document control, policy, training, management review etc., that these can easily be covered in one audit for three systems.

Others, such as metrology, can combine the other two systems by simply adding the 14001 and 18001 items to the list of things to pay attention to. Hazardous material handling in the work area, safety controls being followed for the area, and a query for awareness of all three systems' aspects can be done in one auditing session.

Certainly there will be cases where an audit will focus on one system's needs. In such cases your program should allow you to be able to request corrective action for non conformances found in any system, even if that system isn't being audited at the time. For example, when finding an uncontrolled document or nonconforming product next to good product when looking at hazmat storage in receiving, you should be able to raise the quality system issue.

I think the real risk here is overlooking some areas. That should be manageable with scheduling. All in all, I think the matter of auditing all three at once is not nearly as complicated as it seems.

I hope this helps!


I agree. Also, remember that the ISO 9001 portion must be process based audits. I have clients who combine their ISO 14001 into this, and audit that standard in a process approach as well. Same could apply to 18001.

Hjilling,

You said,
remember that the ISO 9001 portion must be process based audits

What would cause you to say that? 8.2.2 refers to "processes and areas to be audited," and, "The management responsible for the area being audited..."

Thank you,
Cliff Kachinske

Hjilling,

You said,


What would cause you to say that? 8.2.2 refers to "processes and areas to be audited," and, "The management responsible for the area being audited..."

Thank you,
Cliff Kachinske

The entire ISO 9001 program is based on a process approach. The QMS is to be defined along your processes, the Mgt. Review is to evaluate the performance of your processes, and the audits are to be auditing the processes.

While I wish the standard were more blunt, it is clear from reading the whole standard, as well as related documents form the CB's, the intent is to operate along the process lines. Audits to a clause based approach would be nonconforming. I'm a little surprised you would be asking this question. Is this not how your CB is requiring you to work?

Audits to a clause based approach would be nonconforming.

Agreed. But then, I never said clause based. The word in the standard is "area," as in, for example, a department or work group.

Are you saying that an audit program planned around departments or work groups would be nonconforming?

While I find the discussion of clause versus process versus area interesting, it does tend to be off-topic from the Original Poster's question. It is perhaps worthy of its own thread and discussion.

Please try to keep your comments related to the original question(s).

Thank you.

I think the real risk here is overlooking some areas. That should be manageable with scheduling. All in all, I think the matter of auditing all three at once is not nearly as complicated as it seems.

The one downside I've experienced while conducting integrated internal audits at my side is the lack of experience of the auditors...or rather, their lack of familiarity with the standards. Not everyone lives and breathes them like I do (note to self...get a life when the new job starts in July :D )

Several years back, I had an auditor actually say to the auditee in a production area "I've already asked this before because of ISO 9001...but I'm going to ask it again because of ISO 14001."

The auditor hadn't quite grasped the concpet of how the two standards and the requirements in the area aligned. That was what prompted me to develop our integrated checklist.

One the reasons for integrating our system was to effectively manage our resources. Having auditors who were unable to blend the requirements wasn't helping us in this manner and it became a focus for last year's round of auditing - which, fyi, was much smoother.

This year's internal audit - scheduled for next month - will be my last one here at my current location. I'm determined to make it the best darn integrated audit they've ever had! I've got a new group of auditors - 4 of the 6 have less than one year at this location and 2 of them are fresh out of school! - which should make the whole experience interesting.

But integrating the audit allows them to see the system from a high level, to see the linkages and relationships and the flow of the inputs and outputs. I'll leave behind a group of people who have the ability to see the system as a whole instead of individual silos. Definately worth the head ache of developing an integrated checklist!

Agreed. But then, I never said clause based. The word in the standard is "area," as in, for example, a department or work group.

Are you saying that an audit program planned around departments or work groups would be nonconforming?


Processes and departments are similar but different. Processes frequently cross beyond departments, and is the better approach. It has been well documented and discussed throughout ISO land that the expectation is that your ISO program follows a process approach. That would apply to your internal audits as well.

Hello

where could i find templates for internal audits specific to an integrated quality system (ISo 9001 , OHSAS 18001 , ISO 14001) ?


is it possible that we have an integrated (combined) process for the 3 standards ? and do the audit by process as usual ?


or we have to change the method of audit ? and how ?

I'm not certain of what your "Integrated" system looks like, but if you look at the attached, it might help you to see how you are auditing to all "standards" when you conduct an audit. As mentioned in previous responses, each company would have to have its own unique "CheckList"...but if your Process Flow Charts are comprehensive, and your auditors trained, that shouldn't be a problem.

In the attached example of an "Integrated System", you will see that there are three color-coded boxes containing standard/customer/company etc. requirements which are placed next to the process that they relate to:
Yellow box - ISO/TS 16949 Requirements
Green box - ISO 14001 Requirements
Red Box - Customer-specific requirements.

When I integrate a "new standard, specification, or requirement", like MMOG, I simply go to the existing procedure and determine where the new standard would impact on the process, and edit existing text, or add new text, as required (and add a colored box with a reference to the standard to help the internal auditors).

Then, when the internal auditors audit, they are verifying compliance to all requirements (TS/ISO 14001, CSR, etc). They don't really need check lists, because the narratives in the procedures are descriptive enough for them to formulate questions, and the evidence they request is listed in the "Input" and "Output" sections (located on right and left respectively of process).

In preparation for an audit, each auditor should review their process, and plan the questions which they want to ask, just by reading the flow chart. Observations and notes from the audit can go right on a copy of the flow chart.

...Just another possibility for you to consider...

Patricia

I'm not certain of what your "Integrated" system looks like, but if you look at the attached, it might help you to see how you are auditing to all "standards" when you conduct an audit. As mentioned in previous responses, each company would have to have its own unique "CheckList"...but if your Process Flow Charts are comprehensive, and your auditors trained, that shouldn't be a problem.


In the attached example of an "Integrated System", you will see that there are three color-coded boxes containing standard/customer/company etc. requirements which are placed next to the process that they relate to:Yellow box - ISO/TS 16949 Requirements

Green box - ISO 14001 Requirements

Red Box - Customer-specific requirements.
When I integrate a "new standard, specification, or requirement", like MMOG, I simply go to the existing procedure and determine where the new standard would impact on the process, and edit existing text, or add new text, as required (and add a colored box with a reference to the standard to help the internal auditors).

Then, when the internal auditors audit, they are verifying compliance to all requirements (TS/ISO 14001, CSR, etc). They don't really need check lists, because the narratives in the procedures are descriptive enough for them to formulate questions, and the evidence they request is listed in the "Input" and "Output" sections (located on right and left respectively of process).

In preparation for an audit, each auditor should review their process, and plan the questions which they want to ask, just by reading the flow chart. Observations and notes from the audit can go right on a copy of the flow chart.

...Just another possibility for you to consider...

Patricia


I think that is a great approach, and a darn good explanation of it, as well. Then, by auditing the procedure, you have the checklist you are seeking, and are able to perform a semi-process approach to boot (if the procedure is written well.)

I think that is a great approach, and a darn good explanation of it, as well. Then, by auditing the procedure, you have the checklist you are seeking, and are able to perform a semi-process approach to boot (if the procedure is written well.)

Thanks hjilling,
You're right...what I've described here is only semi-process approach...along with this, and, as a starting point to the process audit, the auditors need to begin the audit with a review of the "Metrics DASHBOARD", to assess the effectiveness and efficiency of the process. That should give them some clues about where to go for some "deep dives" in the process and sub-processes which they are about to audit.

Patricia