Some of you can help me?
Recently, we have gone through first transition audit to ISO 9001-2000 standard. One major non-conformity raised was, in our audit procedure, we have not defined the audit criteria and method of doing internal audit. We have demonstrated that audit program takes into consideration of customer complaints/repetitive non-conformances etc. Also all our internal auditors are trained by external agency, and they know how to do the audit. Why should I tell them the method of audits? In the procedure, we have mentioned about the preparation of check list on need basis. But it is not mandatory that every auditor use the check list.

However, I could not convince the external auditor. I seek your inputs in this regard.

Thanks in advance,

Jit

Hmmm tricky one.

The standard says that audit criteria and methods shall be 'defined'.

It then goes on to say 'responsibilities and requirements for planning and conducting audits, and for reporting results and maintaining records shall be defined in a documented procedure.'

Why are these two seperate sentences ? Can audit criteria and methods be 'defined' but not in a documented procedure ?

My guess is that your auditor is looking for the audit criteria and method in your documented procedure.

Strictly following the letter of the law he is incorrect.

If however he is just saying that it is 'not defined' he has a case. However if everyone appears to follow the same criteria and method you could argue that it is defined by 'custom and practice'.

This, in my opinion, is where ISO9001:2000 is weak compared to the 1994 standard in that it doesnt mandate procedural requirements. As such this kind of debate will undoubtedly be experienced by us all.

Thanks Greenway, for your comment!

Now I have to re-write the Internal Audit Procedure. Can you give me some hints, how I define audit criteria and method of audit? We talked about the use of checklist on need basis. The qualification of auditor is mentioned in our procedure. The status and the important of audit area have also been taken care of. What more to write?

Jit

If I am understanding you, your procedure tells who has responsibility for your audit system, how the schedule is determined, how they are conducted (as far as contacting the manager of the area to be audited to set it up), how the results are reported to the responsible party and upper management, what standards you are using to do the audit, time frame for responding to issues from the audit by the responsible person, what happens if scheduled audits can’t be completed, and how they are trained. I would say that’s all you need.

Yes, in our audit procedure, we talked about audit plan, status and importance of area to be audited, selection of audit team, audit notification(name of auditor/auditee/department/time of audit/ISO clause), reporting audit finding in audit reporting form, collection of audit report, closing of audit findings, and auditor's qualification.

However, the ISO standard, specifically calls for criteria and method of audit to be defined. I feel the external auditor wants, some kind of heading, Audit criteria, and I should write something under this heading. My problem is that what I write under heading, audit criteria. Method , I understand, I shall write about the use of need base Check list etc. Though I feel making mandatory use of check list is redundant. We have been ISO certified from 1998 onwards. Our internal auditors were trained in ISO 9001-1994 standard and have carried out numerous audits. They have been trained specifically for ISO 9001-2000 standards. Why I should tell them how to do the audit?

I can close the non-conformity and send it to external auditor. However, it should not come back to me saying that closing of non-conformity is not satisfactory. That is the reason, I want inputs from this forum to re-write my procedure.

Thanks,

Jit

The audit criteria is basically what you are auditing against. There are various types of audit, such as system, process, product, contract, etc.

For Internal Quality Systems audits the criteria will be the same for all of them, and can be a bland statement in your auditing procedure, or a declaration on your audit reporting system.

Basically the criteria would be auditing of complaince to the requirements of ISO9001:2000 and other requirements detemined by the organisation, and to detemine the effectiveness fo the quality system.

I think your assessor is being a bit of a split ass on this one. The criteria for internal audits to ISO9001:2000 is obvious, but like you say the standard does require you to state this !!

M Greenaway (posting from home on a Saturday night - I must get a life).

Audit Criteria (9000-2000)-set of policies,procedures or requirements used as a reference. This of course is associated with planning. You must define the policies,procedures,standards to which the audit is conducted. What standard are you auditing to? What system procedures are you auditing against,of course you must audit to those mentioned in 4.2 and any others. If you had no porblem with 94,should not have none with 00

Thanks Greenaway, for your inputs!

I will make up something and send to auditor. Hope it will work.

Jit

GGGGGGGRRRRRRRRRRRRRRRR
don't make something up to please the auditor!!!!!! What ever you do needs to add value to your system NOT HIS AUDIT!!!!!!

Your report lists the standard and procedures/rev audited against doesn't it? then thats defining the audit criteria....thats where you define it...just say so. As for the method, your audit trail notes are the record of the method (where, who, what reviewed/ interviewed etc....). The auditor training gives you the expertise to plan and determine the method on an audit by audit basis.

its your system not the auditors!!!!!


my pet peeve, can you tell???????????

I just reread your initial post....A MAJOR?

Damn......A major is a total breakdown or absence of a system

You need to stand up for yourself.......

Barb,

Quit sugar-coating things and tell us what you really think! :eek:

I'm not convinced that this situation meets the requirement of a Major either. I also agree with your comments. No where does it say where the criteria and methods need to be defined. I think that your checklist (if you use one) could also qualify as “methods”. I would also add that YOUR system must work! You can carefully outline, define and document your criteria and methods, but if they don’t work they are useless.

I am almost out of sugar...then we will all be in trouble

--------------just my crotchty old self ,,,,,,oops thats the age poll.....sorry, wrong post

Well said Barb

I agree entirely - but it looks like the auditor is looking for this clearly written in a procedure, or somewhere in the audit plan or corresponding report.

Like you say this isnt even an observation - let alone a major non-compliance. Its just an opinion of someone looking for an easy life.

Hello Everybody,

Good Morning! Our external auditor was quite judicious at many places. For example, our preventive procedure was inadequate. At the end of the audit, auditor (out of the way) suggested how to improve on preventive procedure and make it more effective. As we know, many external auditors also work as a Quality consultant. Regarding audit criteria, fault lies with me also. I made a bland statement in quality manual (copied from ISO 9001 standard) that audit criteria is defined in manual, which was not specifically defined in manual/procedure. I have already updated the internal audit procedure based on feed back from this forum. It should work now.

Thanks,

Jit

M...do you ever get tired of auditors trying to tell you the way it has to be? i know i get real testy about it...i can ...i am an auditor, so its ok.... LOL seriously there are too many experts that think their way is the only way.... i teach the QSLA and the IRCA 9k2k transisition auditor courses..and i really beat them up on that stuff... once they leave my course, they better understand there are as many acceptable ways as there are companies....the key is 'does it work?????'


whose caption is it here.?..'show me the shall!!!!" that says it all.... ;)

Originally quoted by Jit:
" One major non-conformity raised was, in our audit procedure, we have not defined the audit criteria and method of doing internal audit."
Hmm...major, woh that woould be a very disgusting, getting a major.....
Originally quoted by Barb:
"Damn......A major is a total breakdown or absence of a system"

I think a minor would be a considerate one. You have a specs however you haven't demonstrated on how to perform audits. And speaking of checklist, on our side we use a checklist that would serve as guide for auditors in auditing a certain clause on the standard.

IMHO what would you do is talk with the auditors who undergo training, discuss what were they learn from the training. Then apply it. Incorporate in your procedure.

Vash :cool: