I need some opinions here----

and I know this may not be "best pratice", but....

We want to change our internal audit schedule from quartly audits (auditing 1/4 of the manual per quarter) to anual audit of the whole system?

Thoughts?

Thanks,
CarolX

Carol, I see absoutley nothing wrong with that as long as you can show that your system is opearting effectivly. There is no requirement that audits be done monthly, bi-monthly, quarterly etc..., the only thing I would have a problem with is, if I was your registrar and when I come in I see lets of non-conformances. However, if I come in and things look pretty clean then that would suffice. You want to make sure you look at your system evaluate it and the areas where you see more problems occuring bump up the frequency of the audits for them. JMHO.

Carol,
Depending on the size of the company and the amount of internal inquisitors you have, you may want to back down in steps. Instead of quarterly try 6 months before jumping to 1 year. Just in the event that the first surveillance audit happens to find an increase in discrepancies. Just a thought, BTW we are at 9 month intervals and haven't had a problem.

Sometimes I think Stew and I are chasing each other around the Cove. Perhaps one of us talks (writes) too much!:D

Annual scheduling of audits can have some drawbacks and I encourage you to think about it. First of all, it does not necessarily meet the status and importance test. Secondly, audits might be spread out too far to react to changes in the QMS, or business.

One company I worked with solved both of the above by instituting "supplemental" audits. These audits are initiated 30 days after a triggering event, such as a major change in a process, or an update of a procedure.

Another company performs theirs at 6 months, three months after the survellience audts. This way audits are being performed quarterly, but only using the resorurces of semi-annual audits.

Don't be afraid to use the information of survellience, or 2nd party audits to your advantage!

We also audit each process once a year, but ensure that it is scheduled midyear to the period audit done 3rd-party.

As long as your programme is effective and you can prove it...it's your call!

Eileen

I think a 6 month schedule is the way to go. Schedule it so your schedule ends the month before your surveillance audit. This way you and the auditor are working off the same snapshot.

Carol

Audits should scheduled based on status and importance, not just routinely done at a prescribed frequency.

Martin said:
Audits should scheduled based on status and importance, not just routinely done at a prescribed frequency

I agree, as stated in my earlier post. However, just a not so random thought ...what if our system is fairly mature, and there is not a great need for change (a bit of a stretch). We could conceivably audit quarterly or even every six months (Is that bi-annually?) and still meet the status and importance requirements.

I admit that this is a stretch, and most organizations may shout this, but rarely will be able to meet the need.

I agree with M Greenway, status and importance must be included per the 94 ,although the 00 standard has lessened this by the words "taking into consideration" 8.2.2. All 3rd parties ask for the schedule and then ask what is in place for status and importance. For most the schedule is based on importance. Status can be tricky, trends id. during internal audits should be looked into during subsequent audits.

db

If all your areas of audit were of equal importance (i.e. criticallity to the business/quality), and equal status (i.e. all operating at the same performance level - however determined). Then you could do that - but its a long shot.

Carol X,
I audit one full cycle during the first half of the year. Mid-year I re-evaluate using 3 types of criteria: results of previous audits, results of Registrar audits and customer complaints/rejections. Using a company-set goal of internal audits - a department will be re-audited if their score (I use a scoring system) is below the goal. If a department has NC from the registrar, then they are re-audited. If a complaint/reject comes in - then that department is re-audited. All re-audits occur during the 2nd half of the year. I have been using this system for the past 5 years at one company (using 2 different registrars) and 1 year with another company I do side work for (yet another registrar) and have had very positive results/feedback from the various auditors. Between the 2 companies I work for and all of their plants, I sit through 11 audits per year and rarely have the same auditor.

I hope you can use this information in your audit planning.

JoAnn B.:)

Thanks everybody for your input.

Where I am going with this has a threefold input.

1) We are operating a mature system. 95% of what is in place has been so for 7 years (long before we went for certification).

2) We are a small company, less than 50 people. We contract out the audit, even though 94 would let me audit myself, I feel that is a really BAD practice.

3) We have been smacked pretty hard by this "economic slowdown". Our contract auditor has performed 7 audits and found no majors. I can reduce our auditing costs by 75% by switching to yearly from quarterly.

Thanks again all!!!

Regards,
CarolX

P.S. JoAnn B. - Welcome to the cove!!!!!!

:bigwave:

Then by all means SWITCH. IMO as long as you can evaluate the effectiveness of your quality system, there is no required time table.

Let's see where this goes -

As long as you audit all the elements within the term of the certification (3 years), and evaluate your system, IMHO you have met the requirements.

Although most people have "annual" stuck in their brains, I don't think you will find a QS requirement for it. The closest is in 4.17.1 where it states " conducted according to an audit schedule updated annually". Even if this were taken to mean a new schedule annually, there is no requirement to include all the elements in such a schedule. The only place it mentions "all elements" is in Management Review" which only states "at defined intervals sufficient to ensure its continuing suitability and effectiveness ...". If the defined interval is 3 years, and all elements were reviewed within the 3 years, and the system is judged suitable and effective, where is the nonconformance?

:bigwave: Pile on all. :bigwave:

Dave

CarolX,

I like the suggestion that “db” had about the Supplemental audits. In order to maximize the benefits of this strategy is it possible to address most of the requirements of clause 8.2.2? Let's see. For example, what if the audit program would state that audits are conducted, at minimum, twice a year (do not document any other time table, i.e. every 6 months … leave it flexible). With this type of flexibility you might run into a situation where for a given year the information from your two surveillance audits and a minimum of two supplemental audits satisfy your planned audit requirements. Some details are:

1- “Conduct internal audits at planned intervals” i.e. = planned intervals are defined by documenting the qualifying trigger event(s) such as a major process or procedure change. Planned intervals = an occurrence of a pre-identified trigger event.
2 – “The audit criteria, scope, frequency and methods shall be defined.” i.e. = frequency is again defined by documenting the trigger events. Frequency = audits are conducted 30 days after the occurrence of a trigger event.
3 - …”taking into consideration the status and importance of the processes and areas to be audited…” i.e. = the trigger event is once again keying into the problem area that most likely will affect the status and importance of the processes and areas. Status & importance = which department or process was the trigger event against ... that’s who/what you audit.

In addition, you can always perform audits whenever the need arises (i.e. in case no trigger events occur or an audit is just plain warranted), but under certain circumstances this audit program as defined may allow you to reduce your audit costs by not performing double work … i.e. allow similar efforts to be counted as an audit. My point is the potential for cost savings is documented into this type of audit program … if you get a chance to take advantage of it … good; if not … no harm is done. Just a thought.

M Greenaway said:

Audits should scheduled based on status and importance, not just routinely done at a prescribed frequency.

How does one say, "Been there done that" in spanish? I guess it doesn't matter.

Anyway, I used to schedule my audits every six months. My procedures read something like everything has to be audited at least once per year (is that mandatory?) and that audits are scheduled based on status and importance. Mr Auditor didn't really like that. He felt it didn't really show status and importance if they were all audited once per year. Really, are all elements of the same importance? I guess maybe for some people.

So, I just caution you on only auditing everything once per year. I guess it depends on the auditor. Good luck!

FG

FG

Scheduling should consider not only when they are done, but how often.

It seems your approach only touched the first point, i.e. when shall we do them. You should also audit areas that give you most problems more times then less 'critical' areas.