Our first IA was conducted by a third party a few weeks ago. Our next audit is our registration audit in August. I'd say our next IA after August would be in 2008 in which we plan on having a third party come in again. Simply because nobody here at the organization is trained to perform any auditing duties.

Nothing is scheduled for 2008 regarding Internal Audits and I know in August, the registrar will want to see some kind of scheduling information regarding Internal Audits.

Any suggestions on how to go about this?

Well, if you have a process map of the organisation I'd start by using that to identify the main areas for audit. Decide which are the most important to you as a business and schedule at least 1 per process - perhaps more for the more critical processes. Consider also the results from the previous audits to help you to decide which areas (if any) require any special treatment.

You then need to consider other aspects of the system which may not have been automatically picked up by the process map e.g. management review, and schedule those in too.

One more thing I try to do is a matrix of the audits v the clauses of ISO 9001, just to let me know that all the clauses have been addressed at least once. Some people will point out that this is not essential but I like to do it anyway. It helps the auditor when preparing the audit and also informs the external auditor that the whole standard has been addressed.

Our first IA was conducted by a third party a few weeks ago. Our next audit is our registration audit in August. I'd say our next IA after August would be in 2008 in which we plan on having a third party come in again. Simply because nobody here at the organization is trained to perform any auditing duties.

Nothing is scheduled for 2008 regarding Internal Audits and I know in August, the registrar will want to see some kind of scheduling information regarding Internal Audits.

Any suggestions on how to go about this?

I am currently conducting internal audits for one of my Clients. (That makes me a 3rd party, I believe..). I had a planning meeting with the management staff, and we developed an audit schedule for the next 6 months. For logistics and resource reasons, all scheduled audits are about 4 hours in duration, and it will take me 8 visits to complete a first cycle of internal audits. A trained member of top management will audit the audit process (auditors shall not audit their own work). The Client is very happy and the CB was pleased with this arrangement.

You may want to arrange for this prior to August with your (contracted) auditor.

Hope this helps a little.

Stijloor.

Since you're not required to have any kind of 'calendar' for next year, I'd suggest that you set a 'frequency', say quarterly or monthly, and say in your procedure that you'll select a scope and criteria in the 30 or so days before the audit is to be conducted. Many of my clients have been doing it this way and not had a problem of not having a fully completed plan for a year. Perhaps the only 'fixed' events on that calendar might be an audit of what the registrar will be looking at, a month before their next scheduled surveillance.

Well I imagine our IA in 2008 will be very similar to 2007. We'll contract a third party to come out 3 days in a row to go through everything. This is why I'm finding it difficult to make a "schedule." Do we know when the next IA in 2008 will be? Not at all and we probably won't know until early next year. At which point the "schedule" will encompass everything surrounding our QMS. It's more cost effective to bring and house the auditor for 3 days rather than a day here and a day there.

We don't plan on contracting our IA forever, but just until some people in the organization get training.

Would a statement stating that until internal personnel receive adequate auditor training, all internal audits (minus the auditing of the process) will be conducted by a third party in which the schedule of areas to be audited will take place during their visit work? Or something along those lines...

We schedule each area (process and/or subprocess) once each year, and then as we audit, we will reschedule an area for later on if we feel we need to because of customer satisfaction issues, internal audit issues, certification audit issues, customer audit issues, or new equipment/practices. This has always worked well for us, and our QMS auditor (registrar) has no problems with it at all. Our audit results (as well as the other criteria) pretty much show that our system works.

On the other hand, our EMS auditor argues with me every time. No nonconformances on it to date, but I can tell that it really chafes her fanny. But, hey, what can she do if she cannot find nonconformances to back her up? (and believe me, she tries). I really feel that our EMS auditor is about 10 years behind the curve compared to QMS. It might just be that the standard is newer, or that there aren't as many registered companies?

How do you address the 'status and importance' issue of your audit programme?

I know third party auditors don't often make any deal of this aspect (do they know what it means?) but this is a vitally important link to management getting some value from audits, instead of doing them 'because ISO-says-so".

Doing anything once or twice a year isn't likely to address this requirement......

How do you address the 'status and importance' issue of your audit programme?

I know third party auditors don't often make any deal of this aspect (do they know what it means?) but this is a vitally important link to management getting some value from audits, instead of doing them 'because ISO-says-so".

Doing anything once or twice a year isn't likely to address this requirement......

And I'm sure we'll audit our processes more frequently when someone here has had auditor training. But until then we are forced to contract a third party. Which, at this point, is more cost effective to have all processes audited in one 3-day visit. I think my Internal Audit Schedule for 2008 will just state a 3-day visit sometime mid-year.

And I'm sure we'll audit our processes more frequently when someone here has had auditor training. But until then we are forced to contract a third party. Which, at this point, is more cost effective to have all processes audited in one 3-day visit. I think my Internal Audit Schedule for 2008 will just state a 3-day visit sometime mid-year.

If I were your registrar I'd probably write a nc against the audit program, and a lack of management commitment - for not extending the resources ($$) to either have your internal auditors trained or for paying the contractor to come in more often.............:mg:

Andy, with the level of lack of nonconformities we have set each area with the same importance. This wasn't always so, in the beginning there were areas scheduled twice and even three times. Plus, we review the areas during management reviews to allow for deciding to add extra audits to an area. We have yet to have a year where we stopped at the original "once per year" schedule, we've always identified something to look into another time (or two). So that is how we justify that we are scheduling accrding to "status and importance".

If I were your registrar I'd probably write a nc against the audit program, and a lack of management commitment - for not extending the resources ($$) to either have your internal auditors trained or for paying the contractor to come in more often.............:mg:

But on what grounds are we not in compliance? We will have an IA at least once a year, for 2008 it will be by a third party, and the schedule of that IA will be the entire QMS in a 3-day period.

There's no lack of management committment either. We actually have included in our registration pack a lead auditor course for one individual. The dates of the course may or may not work with that particular individual. But at some point we will utilize that course. At which point we'll be able to audit individual processes any time we'd like.

So I really don't see the nc here?

I guess, then, I have to ask the question - what does 'status and importance' mean when it comes to setting up your audit program?

Without a clear understanding of this requirement, then it's difficult to discuss.

What's your criteria for defining 'status and importance'?

I guess, then, I have to ask the question - what does 'status and importance' mean when it comes to setting up your audit program?

Without a clear understanding of this requirement, then it's difficult to discuss.

What's your criteria for defining 'status and importance'?

Andy, please allow me to butt in here for a moment.....

During my internal audit training courses, this is what I use as (reasonable) definitions:

Status: Maturity of the process. A more established, proven process will be audited less frequent then a newly implemented or recently modified process.
Importance: Direct impact of the process on customer statisfaction. Example: The human resources process will be audited less frequent then a manufacturing-type process.
In addition: "The results of previous audits." Example: Processes that have been audited previously and showing effectiveness and improvement, may be audited less frequent during the next audit cycle.

Not a math- or statistical (audit) problem, just a common-sense approach for planning audits. It has worked beautifully for my Clients.

Thank you Andy.

Stijloor.

Andy, Please allow me to butt in here for a moment.....

During my internal audit training, courses this is what I use as (reasonable) definitions:

Status: Maturity of the process. A more established, proven process will be audited less frequent then a newly implemented or recently modified process.
Importance: Direct impact of the process on customer statisfaction. Example: The human resources process will be audited less frequent then a manufacturing-type process.
In addition: "The results of previous audits." Example: Processes that have been audited previously and showing effectiveness and improvement, may be audited less frequent during the next audit cycle.

Not a math- or statistical (audit) problem, just a common-sense approach for planning audits. It has worked beautifully for my Clients.

Thank you Andy.

Stijloor.

Als u blijf, Stijloor.

There are some other reasons - status includes not just established or recent/changed situations. What about processes which aren't performing to par? Management are more likely to be interested in that, since they are being measured on that performance. What better than to have the auditors 'diagnose' which part of the process is contributing to the issue?

Not all processes affect customer satisfaction. Cetainly, making those a priority (CTC) makes sense, but also regulatory compliance and impact on $$$ (CTB) is right up there just behind it........

I use this in the auditor training which I conduct........:lol:
Tot ziens!

Nothing is scheduled for 2008 regarding Internal Audits and I know in August, the registrar will want to see some kind of scheduling information regarding Internal Audits.

Any suggestions on how to go about this?

Hi Noboost,

The standards are quite specific in what you have to do to plan an Internal Audit Schedule or Plan...The first attachment, below, is a condensed version of the requirements for quick reference and for discussion purposes.

The second attachment is a matrix to provide your with a methodology to factor in all the requirements including:

1) The status (i.e. the performance status) and importance of the process
2) The frequency and nature of customer complaints
3) The results of previous audits (internal, external, environmental, limited scope, etc.)

It is a matrix, with guidelines and notes at the top, which demonstrates one approach to determining your Audit Plan, factoring in all the criteria, per the requirements. What you end up with is a ranking of "Process Performance", which then allows you to define and substantiate the resulting "Audit Plan".


The attachment below is not the AUDIT PLAN, it is a Worksheet which demonstrates how you justified your Audit Plan.

The actual Audit Plan might include some combination of the following:


Process to be Audited
Date
Meeting Times - Opening/Closing
Location
Audit Duration
Audit Teams
Team Leader
Team Members
Target Area
Auditees
Audit Interview Timing
Duration
Program/Project/Job No. Audited (as applicable)
Shift to be Audited


I haven't seen too many companies that can actually show me how they rationalized their "Audit Plan", weighing in all the criteria as mandated. If you adapted this methodology, or devised a similar one of your own, you'd be in good shape for planning your audits...and your auditor would be "mucho impressed".

Hope this sheds some light on your task.

Patricia Ravanello

How about manufacturing process audit schedule? How do I prepare for this schedule? Do I need to stick to my schedule or do I have to schedule the manufacturing process audit schedule based on the schedule of our manufacturing assembly? Please advise.
Best regards,
Raffy:cool:

Hi Patricia,
What is basically layered process audit? What is the relationship between LPA and Manufacturing Process Audit? Are they the same? Please advise.:frust:
Best regards,
Raffy:cool:

Hi Patricia,
What is basically layered process audit? What is the relationship between LPA and Manufacturing Process Audit? Are they the same? Please advise.:frust:
Best regards,
Raffy:cool:

Hi Raffy,
There are at least a half dozen threads on the Cove that deal with Layered Process Audits. Just use the "Search" feature above, and enter "layered process", and you will find the answers to your questions.

The critical difference between the two is that ALL levels of Management are involved in and perform Layered Process Audits. Sr. Mgmt "owns" the layered process audit".

This is off topic...you might want to continue your line of questioning on one of the other threads.

Regards,
Patricia

Hi Patricia,:thanx:
Okay, thank you very much.
Best regards,
raffy

Also see: How to schedule/plan and perform an ISO audit (http://elsmar.com/Forums/showthread.php?t=12243)

We just finished our ISO audit with a new registrar today. We switched registrars after 10 years. Our auditor reduced this to an observation but almost wrote up our internal audit system because we had not audited every clause within the standard within a year. I am not prone to arguing with auditors myself and I do respect their role as a guide to improving our QMS, however I asked several times where in the standard does it say that we must audit every clause within a year? Has anyone ever encountered this type of opinion before?

It may be in your contract...read it and see.

Basically you need to audit your system to determine if it has been properly implemented (which you only really need to do once) and whether it is being properly maintained and achieving planned for results.

The "your system" is the key thing to remember. The system is all of those requirment you must fulfill...Remember those "shall" things? Are you effectively meeting them along with your own requirements? All you're being asked is to "show the beef".

Clause 8.2.2 states that the QMS has to be audited to determine whether it conforms to .... the requirements of this international standard .....

Now, if you cannot demonstrate that you have covered all of the clauses, how can you prove that you achieve the above requirement? I usually complete a simple matrix in order to demonstrate that this has been done.

We just finished our ISO audit with a new registrar today. We switched registrars after 10 years. Our auditor reduced this to an observation but almost wrote up our internal audit system because we had not audited every clause within the standard within a year. I am not prone to arguing with auditors myself and I do respect their role as a guide to improving our QMS, however I asked several times where in the standard does it say that we must audit every clause within a year? Has anyone ever encountered this type of opinion before?

It's not a requirement, and , as Randy suggests, it may be a contractual issue with the registrar organization. Having a schedule to cover all the elements of the standard is inappropriate IMHO, especially when trying to cover everything in a year. Maybe three years, but one? - no way! It's possible that some aspects of the standard are not even 'used' every year, and, depending on the size of the organization, it could become a huge undertaking.

It is legitimate that an external auditor must cover all requirements (usually in the period the cert. lasts, typically 3 years), but I believe it's a stretch to say that you have to and I'd recommend pushing back to his management.

If you adopt a process approach to auditing, it should be clear that many of the requirements of the standard are touched at each and every audit, so you could offer that. Perhaps you might look at the focus of audits and see if there's an opportunity there to improve how you're covering the requirements.

Colpart is correct in asserting the requirements of ISO 9001, 8.2.2 but that doesn't have to come from the audit schedule, it can be shown by other means.

I'd simply push back on their (mis)interpretation, however.........

How do you address the 'status and importance' issue of your audit programme?

I know third party auditors don't often make any deal of this aspect (do they know what it means?) but this is a vitally important link to management getting some value from audits, instead of doing them 'because ISO-says-so".

Doing anything once or twice a year isn't likely to address this requirement......

My most recent method for building a schedule included "scoring" audit results by assigning declining values for major, minor NC's, then Observations,and finally OFI's (opportunities for improvement). Whether by clause or by process, you can determine a hierarchy for your schedule; thereby deploying auditing where improvement is needed. :D

Patricia Ravanello

I LOVE the second attachment (Worksheet to justify your audit plan). It's like a FMEA chart for IA...brilliant!

I LOVE the second attachment (Worksheet to justify your audit plan). It's like a FMEA chart for IA...brilliant!

I too have looked at Patricia's chart and it certainly is a unique method, one I'm sure would knock the socks off most external auditors!

For purposes of clarification on its use, I have some questions regarding the ranking system for the 'status' and 'importance' aspects. What is data is 'behind' the selection of the 1 = low etc.? Who comes up with these?

If we could get a bit more background to the selection of the rankings, I think it'd probably be an awesome tool and one most non-quality management would like to participate in.:agree1:

Thanks, in advance, Patricia!:yes:

I too have looked at Patricia's chart and it certainly is a unique method, one I'm sure would knock the socks off most external auditors!

For purposes of clarification on its use, I have some questions regarding the ranking system for the 'status' and 'importance' aspects. What is data is 'behind' the selection of the 1 = low etc.? Who comes up with these?

If we could get a bit more background to the selection of the rankings, I think it'd probably be an awesome tool and one most non-quality management would like to participate in.:agree1:

Thanks, in advance, Patricia!:yes:


I was just reviewing it and was wondering that too. Seems very subjective for the "status" portion. I can kind of understand the "importance ranking" but IA is listed as a 1...?

I too have looked at Patricia's chart and it certainly is a unique method, one I'm sure would knock the socks off most external auditors!

For purposes of clarification on its use, I have some questions regarding the ranking system for the 'status' and 'importance' aspects. What is data is 'behind' the selection of the 1 = low etc.? Who comes up with these?

If we could get a bit more background to the selection of the rankings, I think it'd probably be an awesome tool and one most non-quality management would like to participate in.:agree1:

Thanks, in advance, Patricia!:yes:

Hello Gentleman,
I'm pleased that my Audit Planning "Tool" aroused some curiosity. You're both right, the justification for the "Status" ranking is not evident in the chart, so let me explain...

Just as a refresher...we know that ISO wants us to consider the following when planning an audit:

1) The status (i.e. the performance status) and importance of the process
2) The frequency and nature of customer complaints
3) The results of previous audits (internal, external, environmental, limited scope, layered process audits etc.)

First, to address the "Importance" question...this is definitely a subjective ranking (as noted at the top of the chart), and I encourage the Lead Auditor to rationalize the importance of each process. Perhaps ask yourself..."How important is this process to the overall success of the company"... or "What process could we live without, and still survive???... Or..."After the Customer-oriented Processes, which classifications are most critical?" (system-, support-, or management-oriented processes??) Whatever you decide, you just have to be able to rationalize it to yourself, and of course to your external auditor.

Secondly, to address the "Performance Status" of the process, I use the data in my "Metrics DASHBOARD". It's a Metrics Database which I created, wherein each of the metrics in the company is linked to one of the 12 Key Processes. The metric's performance is assessed, at least monthly, and a performance "Status" is assigned, based on 3 factors:
1) Current Period Performance against Plan (or objective)
2) Year-to-Date Trend Performance
3) Projected Trend Performance for the next 4 months

Based on company "Status" definitions of "Favorable" (Green), "Unfavorable" (Red) or "Needs Improvement" (Yellow), each metric is assigned a "Status". The respective metrics for each of the 12 Key Processes are then averaged together to give an overall "Performance Status" for that process. At the end of a 12 month cycle, the Process Performance is calculated for the past 12 month period, and a numerical value is associated with it for calculation purposes.

Since the standard expects you to consider "process status" as one of the factors to assess in setting your Audit Schedule, this was the best way I could see of doing that...and substantiating it mathematically...Most companies don't do it, and most Auditors don't ask how the Audit Plan was derived...and if they did, they would soon discover that, while some companies have a "partially justified rationale" for performing their audit...they will rarely find that all required criteria have been factored in.

I think this is the most comprehensive "kick at the cat" I can come up with...but I'm always in "Continual Improvement" mode...so I welcome any comments or criticism.

:thanx: and hope this answers your questions...:magic:...no magic really...I just like this little icon!!:magic:

Patricia:

Sweet! Thanks! Just what I wanted to read.......:agree1::applause:

Much appreciated.:yes:

Wow...that was fast!
Patricia

The first attachment, below, is a condensed version of the requirements for quick reference and for discussion purposes.

The second attachment is a matrix to provide your with a methodology to factor in all the requirements including... Are these in Excel? If so, any chance of your sharing the Excel files?

I too have looked at Patricia's chart and it certainly is a unique method, one I'm sure would knock the socks off most external auditors!Why? I think it is an excellent tool. As I said elsewhere in this forum, planning the internal audit schedule, taking into account the status and importance of the processes is one of the most disregarded requirements of the ISO 9001 standard. Patricia's method is spot on. I wished most organizations would use a similar method. Internal audit resources are limited and should be deployed wisely.

For purposes of clarification on its use, I have some questions regarding the ranking system for the 'status' and 'importance' aspects. What is data is 'behind' the selection of the 1 = low etc.? Who comes up with these?

If we could get a bit more background to the selection of the rankings, I think it'd probably be an awesome tool and one most non-quality management would like to participate in.I was just reviewing it and was wondering that too. Seems very subjective for the "status" portion. I can kind of understand the "importance ranking" but IA is listed as a 1...?The document contains the following text: In example below, process performance status is rated and weighted, giving more importance to customer-oriented processes and least to system oriented processes (Lead Auditor needs to rationalize importance ranking in their particular organization)

Are these in Excel? If so, any chance of your sharing the Excel files?

Hi Marc...
I'm flattered :o by the request, and being of a generous nature, I thought, "Why not? :yes: and almost posted it...but then I thought, "No...:nope: I've already given enough away".

However, if anyone wants to purchase the "Excel" version, I'm sure that a more than reasonable price :cool: could be negotiated.

Regards,
Patricia

Why? I think it is an excellent tool. As I said elsewhere in this forum, planning the internal audit schedule, taking into account the status and importance of the processes is one of the most disregarded requirements of the ISO 9001 standard. Patricia's method is spot on. I wished most organizations would use a similar method. Internal audit resources are limited and should be deployed wisely.

The document contains the following text:

Huh? Sidney, I was agreeing. Couldn't you hear me over there............??:rolleyes:

I agree the scheduling of audit is a poor relation in the overall scheme of things - too little emphasis is placed on this in auditor training
etc. So, that's why I thought Patricia's approach was so unique - no-one I've ever seen does anything close to this! So maybe I'll clarifyfor you....

THANKS PATRICIA, IT'S A GREAT TOOL AND I REALLY LIKE IT.........:lmao::lmao:

Huh? Sidney, I was agreeing. Couldn't you hear me over there............??Sorry. I misread your post. But the eye-opener would not be limited only to 3rd party auditors. Most consultants and people implementing and maintaining ISO 9001 QMS's take a dumb approach of scheduling internal audits without due consideration of past history and criticality.

But the eye-opener would not be limited only to 3rd party auditors. Most consultants and people implementing and maintaining ISO 9001 QMS's take a dumb approach of scheduling internal audits without due consideration of past history and criticality.

Sad, but so very true........and such an approach is ofen endorsed by third party auditors who when they see a schedule which emulates their own organization's approach (once a year, system wide, or every 'element' in 12 months etc.) they are happy......:bonk:

I did push back and it was probably the hardest that I had ever pushed back on any audit and apparently it worked as we received an excellent score. Whew!

Thanks to everyone for your input. We will be working on that schedule and develp a matrix as suggested by Colpart.

I did push back and it was probably the hardest that I had ever pushed back on any audit and apparently it worked as we received an excellent score. Whew!

Thanks to everyone for your input. We will be working on that schedule and develp a matrix as suggested by Colpart.

Hi AHoffman...
I think that using a Matrix as you plan to do is reverting back to the "element-by-element" approach to auditing. When you created your system, you should have employed the methodology illustrated in the attachment "Covering all the Elements" and then extended it into the creation of your flow charts shown in the 1st attachment, then you would already know that your key processes have covered all the elements (and so would the auditors). You don't have to do it again....but I know, Auditors love to see that sort of matrix because it gives them some demented form of comfort. (If you're only doing it now, it's like you put the cart before the horse).

If they (the External auditors) had performed a "meaningful and comprehensive" Document audit during Phase One/Document Review for initial certification, they would never have to revisit that topic. The comprehensiveness of your system would have been confirmed at that time. Thereafter, just auditing your processes would ensure that you covered all the elements. The sad truth is that many auditors are still using the element-by-element approach.

Just trying to save you some work....I'm basically lazy, so I resort to all types of pre-emptive and/or preventive strategies to minimize future work.

...just MH (but candid) O.
Patricia

Secondly, to address the "Performance Status" of the process, I use the data in my "Metrics DASHBOARD". It's a Metrics Database which I created, wherein each of the metrics in the company is linked to one of the 12 Key Processes. The metric's performance is assessed, at least monthly, and a performance "Status" is assigned, based on 3 factors:
1) Current Period Performance against Plan (or objective)
2) Year-to-Date Trend Performance
3) Projected Trend Performance for the next 4 months

Based on company "Status" definitions of "Favorable" (Green), "Unfavorable" (Red) or "Needs Improvement" (Yellow), each metric is assigned a "Status". The respective metrics for each of the 12 Key Processes are then averaged together to give an overall "Performance Status" for that process. At the end of a 12 month cycle, the Process Performance is calculated for the past 12 month period, and a numerical value is associated with it for calculation purposes.

Since the standard expects you to consider "process status" as one of the factors to assess in setting your Audit Schedule, this was the best way I could see of doing that...and substantiating it mathematically...Most companies don't do it, and most Auditors don't ask how the Audit Plan was derived...and if they did, they would soon discover that, while some companies have a "partially justified rationale" for performing their audit...they will rarely find that all required criteria have been factored in.


Any chance you could depict how the dashboard works?? I've built my own audit summary similar to yours but capturing the ideas behind "status" would be awesome!!

:tg:

Any chance you could depict how the dashboard works?? I've built my own audit summary similar to yours but capturing the ideas behind "status" would be awesome!!

:tg:


The Metrics DASHBOARD, copyright May, 2003, Patricia C. Ravanello,
(designed in MSAccess), is a Management Tool which ensures the standardization of the way metrics are reported in an organization, and creates links to the actual data, as well as to any resultant "Action Items", which may be deemed necessary subsequent to Management Review.

The attachments give you an idea of some of the Benefits and Features of the Metrics DASHBOARD, but is not exhaustive. I have continued to add enhancements since it's original design, including calculations for the "Cost of Non-conformance", as well as several Management Reports and Charts.

Hope this helps - thanks for your interest.
Patricia

Since you're not required to have any kind of 'calendar' for next year, I'd suggest that you set a 'frequency', say quarterly or monthly, and say in your procedure that you'll select a scope and criteria in the 30 or so days before the audit is to be conducted. Many of my clients have been doing it this way and not had a problem of not having a fully completed plan for a year. Perhaps the only 'fixed' events on that calendar might be an audit of what the registrar will be looking at, a month before their next scheduled surveillance.

I happen to agree with this, but my auditors have different opinions. They all wanted to see an event already on the calendar, so that's what we did. We use software that has a section for management meetings with agendas and file upload and whatnot, so we put our scheduled third-party IA in there, complete with a 2008 date. That made them happy.

To fulfill the requirement and appease a couple of nitpicky customers, we created the following "schedule" (separate from having an actual IA scheduled on the calendar):

Areas to be Audited
• Document Control (Production) – contained in AS9100/9101C
• Record Control – contained in AS9100/9101C
• Program Control – contained in AS9100/9101C
• Management Review/Objectives – contained in AS9100/9101C
• Contract Review – contained in AS9100/9101C
• Purchasing – contained in AS9100/9101C and AC7116 and AC7116/3
• Training – contained in AS9100/9101C and AC7116 and AC7116/3 and GE S-1000
• Production Planning - contained in AS9100/9101C and AC7116 and AC7116/3
• Material Control - contained in AS9100/9101C and AC7116 and AC7116/3 and GE S-1000
• Calibration - contained in AS9100/9101C and AC7116 and AC7116/3
• Internal Auditing - contained in AS9100/9101C and GE S-1000
• Inspection - contained in AS9100/9101C and AC7116 and AC7116/3 and GE S-1000
• Control of Nonconforming Product - contained in AS9100/9101C and GE S-1000
• Corrective Action - contained in AS9100/9101C and GE S-1000
• Preventive Action - contained in AS9100/9101C and GE S-1000
• Workstation – contained in Nadcap AC7116/3
• Machine Maintenance – contained in Nadcap AC7116/3
• Shipping and Receiving – to Flows 7.4.3 and 7.5.5
• Supplier Approval – to Flow 7.4.1
• EDM Machine Calibration - contained in Nadcap AC7116/3
• Shelf-life product – WI 8.2.2.1a Internal Audit of Shelf-life Product

I added the specs just for our own information...that was above and beyond the scope of the requirement.