If ISO 9001:2000 require at least 6 documented procedures for QMS. Can we to perform audit just using process maps ( flow chart) as work instruction or QAP?

I wouldnt know why you could not do it that way

BUT what rumors I have heard explain that even auditing methods will be changing....

What external auditors do now is "compare actions to standards requirements." Internal auditors compare actions to written procedures... and verify they are yes/no being satisfied.

The "new look approach" to auditing (big guess here ) is that effectivness of what the standards require or effectivness of what the proceedures are asking for will be the major consideration. NOT necessarily - are the same words used in the standards - used in the procedures - but is the intent of an effective outcome as esxplained in the standards being accomplished.

Its true that the traditional 'compliance' only auditing is considered to be a thing of the past. The requirement to audit effectiveness is now emphasised in ISO9001:2000, although it did exist in the 1994 version. Compliance auditing will still be an important element of the audit process, but blindly quoting non-compliance or compliance where the actual activity is effective or ineffective will hopefully die.

Auditing should now look at the process, consider the inputs, outputs, mechanisms and controls. A written procedure or a flow diagram might be one method of control - what the auditor must satisfy himself with is 'are the controls adequate so that the process performs effectively', clearly looking at the output of the process will be a major part of this assessment.

As a P.S. to the last post...

ISO9001:2000 now also explicitly states that audits are undertaken against the requirements of the standard. This was always considered 'best practice', and is the method taught by accredited audit training bodies.

So primarily your audit needs to address compliance with ISO9001:2000, therefore without a procedure or flow diagram there is still plenty to audit against.

Please remember that as flow charting is simple and may be easier to comprehend,however you will more than likely need to also supplement with words. Anything you write(flow chart) for you QMS must be understandable by your people who use it. Do not write(flow chart) for the registrar/auditors. Make a value added QMS for your users of the QMS .

Thank You Sirs

I agree both as about a new audit approach as the audit having focus on the effectiveness of output, since I am with advisor hat that look at not only standard compliance but add value to client process output too.
BUT, If someone is on auditor hat, mainly registrar auditors, could miss some information in a diagram flow, as WHO, WHEN, WHERE, WHAT, WHY, HOW, not necessarily all.
And I knowing very well what is a point of view of registrar auditor, for example, some registrars auditors say that is a paradox the standard require at least six written procedures or another auditor wants quality objectives measurable for ALL FUNCTIONS within organization, I would like to remake my question as:
Does anyone have experience with registrars auditors using only diagram flow to perform process assessment and these was accept as a work instruction?

Best Regards

AURELIO

We have used flow diagrams for years, and have been successfully audited against them.

Your auditor should be able to accept the format of your documentation whatever it is.

I've used flow charts to document procedures and had no problems with staff or auditors, in fact I find them easier to audit.

One more thing!:biglaugh:

I was given to understand by a BSI assessor that it would be prudent for an organisation to audit the QMS by selecting one of the quality management principles and using it as a theme for the annual audit plan.

Any thoughts?

Hi Laura,

I like the sound of that approach but I guess it would all depend though on how your system was documented. It could get ugly real quick.

I believe that there would be many processes that a business documents that would encompass all eight principles in one. I would assume then you would split it and then it could get really messy to establish and maintain any sort of audit schedule.

If your system is documented by a process, then audit it all but ensure that your auditors are aware of the eight principles. That way each process gets a thorough auditing without splitting it up into eight groups.

I feel that a sensible and simple audit schedule by process/procedure, based and assessed for frequency on a risk assessment would be more beneficial and easy to maintain.

My two bob! :D

Greg,

I agree with you. I felt at the time that to theme the audit plan would be ineffective as you may well be auditing against one principle and not finding that you are effective or otherwise against another principle until a subsequent annual audit plan.

Given the structure I propose for our QMS, I wish to audit the support processes that underpin the core business process, and review the core business process at frequent Management Reviews. At least this will enable me to ensure senior management committment at a process level!

Can anybody see a flaw in this?

Lau.
:cool:

Hi Lau,

Without knowing your business, or the processes and documentation involved, it sounds like a pretty good approach.

I think that would be a great approach to review audit findings at a macro level rather than reviewing every minor process audit and trying to gain the attention of senior management for the minor system details.

Give them the broad overview and let the system handle the system at the micro level.

I would be interested to hear how this progresses.

Bye for now :bigwave:

Hi Laura,

First of all, thank you

I’m not understanding very well her proposed, because the ISO 9000:2000 series are based on the eight quality management principles, so an ISO 9001:2000 audit implicitly is a review that 8 principles.
Please, could you explain more what is “an organization to audit the QMS by selecting one of the quality management principles and using it as a theme for the annual audit plan”?

Thank You

AURELIO

PS: Do you Know if the IRCA ( International Register of Certificated Auditors) scheme or IQA published any paper about flow diagrams audits?

Aurelio,

Good question.

The assesor I spoke to suggested that you selected one quality management pronciple, say: Leadership.

As you audit the processes you look for areas of compliance where leadership is concerned. As you have said

"because the ISO 9000:2000 series are based on the eight quality management principles, so an ISO 9001:2000 audit implicitly is a review that 8 principles."

I agree with you.

This is why my preferred method of auditing my QMS would be to audit the support processes and leave the review to the business process to Management Review.

Re: IQA, yes there has been a lot published on processes. Go to www.iqa.org and you will find that they publish a mag called Quality World. I would suggest that you contact IQA for some back editions. I remember some good articles in 1999-2000 editions. I think there was even a whole edition devoted to processes versus procedures.


Hope this helps,

Lau.

Just wanted to add an opnion. When ISO 9000 was 94 most classes and articles contended that the conorstone of ISO was TQM. Audits were not conducted to the TQM principles that one used. After doing several audits to ISO and QS, it was easy to notice that those companies not embraced in TQM had a difficult time with their QMS. This will more than likely be the case for 00. Those companies not embracing the 8 QM principles will have a difficult time.

Dear Ms.laura

Actually the new standard specifies that the organisation can define the number of processes. If this is the case then each organisation will have processes to suit their business needs. The auditor has to verify whether the documented process is followed and look for objective evidence.

I would like to know whether are you aware of the standard BS15000

venkat

Venkat,

Not quite sure what point you are trying to make.

ANd no I am not aware of BS15000, should I be?

Laura,

I have just began creating the Internal Audit Work Instruction for our company. In looking for threads on this matter, came across this one.

Am I confused or just not clearly thinking here. You have talked about 8 QM principles. Where are these listed or am I just over looking them?

We are a small company with only two internal auditors (one of which is myself). In discussing this with the other auditor we've dicided that we are going to use a Audit Checklist and an Audit Summary Report. In our old system the checklist had pre-determined questions for you to audit. It is our opinion that these "canned" questions doesn't make for a very effective audit so we will have a generic checlist that we (the auditors) shall determine the questions. When the audit is complete we'll complete a Audit Summary Report which will be submitted to the proper personnel for notification of the audit results.

I'm having difficulty with the Audit Schedule doing it this way. Before you determined the elements to be audited per department. Now I can't determine how I need to set up the schedule. Also adding to this difficulty is the fact that the auditor can't audit which he/she has direct relation too. For me to be one of the two auditors this is difficult because as Document & Data Control it's hard to say that my job doesn't relate to any of this.

Do you have any suggestions or comments that might help? Really confused or my brain is just not awake!:frust:

Jamie,

Like you, everybody is familiar with the 20 Elements in the 94 version. My internal audit schedule will address the modules listed below. The numbering shown doesn't mean anything. You can use the section of the standard to match them up. This information is something that I obtained from our Consultant and I don't think he missed anything. The members will check this out and correct us if there is a problem. You can count on it.:vfunny:

ISO 9001 is comprised of 22 Quality System Modules:

1. Management Responsibility
2. Customer focus
3. Quality policy
4. Planning for quality
5. Document and Data Control
6. Responsibility, authority & communication
7. Management representative
8. Management review
9. Provision of resources
10. Customer communication
11. Design and development
12. Purchasing
13. Process control
14. Infrastructure
15. Work environment
16. Training, awareness & competency
17. Corrective and Preventive Action (Could be split, if you choose)
18. Control of measuring devices
19. Control of nonconforming product
20. Control of Quality Records
21. Internal Quality Audits
22. Continual improvement

Love those Patriots!



:biglaugh: :ko: :smokin:

Energy,

Thanks for the suggestion! :bigwave: What I've been working on at my desk this morning seems to be real similar to what you have. The only thing I have to do know is divide them out between myself and our other auditor ensuring not to take on ones I can't do. Thanks again.

Jamie

I'm not Laura, but figured she won't mind my beating her to the punch on this one :)

The QMS ISO Q9000-2000 - Fundamentals and vocabulary provides this list of management principles that can be used by top management in order to lead the organization towards improved performance.

1. Customer Focus
2. Leadership
3. Involvement of people
4. Process approach
5. System approach to management
6. Continual improvement
7. Actual approach to decision-making
8. Mutually beneficial supplier benefits

It goes on to provide information for each of the principles.

Eileen