Afternoon everyone,

For those of you who coordinate internal audits (9K2K), when you have your audit schedule in place etc; and audits are pending do you :-

a) Expect your auditors to access the relevant procedures, previous audit findings themselves

or

b) Organise a "pack" of data for them (as you can probably do it quicker) and hand it to them.

Any thoughts ??

Regards,

Chris

As a lead auditor I would have the documents required already together.

Iwas also in the position to have a master audit file that for each element held any information gererated concerning that element.

A copy of corrective actions and customer complaints would be placed in the audit jacket at the time they were generated. Management review records and measurable results would be stored in the appropriate jacket so that all information needed by an auditor was at their fingertips.

With electronics and databases this type of preparation has been made much easier than keeping everything in a manilla folder.

MHO

I would have to agree with Al. The better the information is coordinated up front the easier the auditors will have in conducting the audit. This also gives them some up front information to help guide them in the audit process. :bigwave:

Danger of steering the audit though.

Naturally, you want the internal auditors to do most of the investigation on their own. But sometimes you have to steer the audit.

Typically, you are asking someone from Customer Service or anyone else who's full time job is another part of the organization to "volunteer" for this role to go through some training. Then participate only once every 6 months or however it maybe scheduled, and try to pick up the pieces from the last audit, mgmt. review, consumer complaint, etc. then you need to be able to help them get started and focused. :cool:

My plan was to coordinate the up front admin side for the little darlings.
Put together the blank forms required, copy of any previous audits, open NCR's (as if), perfomance indicators (KPI's) and any other relevant info/data that would be pertinent.

I know (we all know), that it can take some time to find your way around an unfamiliar process/product/departments documentation.

I would be quicker at this and I would rather have them spend more time familiarising themselves with the situation.

I don't believe that this would steer the audit but just speed it up.
Anyway, with a document set on there desk they might be less inclined to "forget".

Onto more serious stuff.

Role on the World Cup. I would just like to take this opportunity in wishing the USA team all the best (honestly).........how did you get ranked 13th in the world ??
I am not sure who your first match is against but good luck.
A bit previous I know but I am out and about + holidays and stuff.

Regards,

Chris May

Al Dyer said:

As a lead auditor I would have the documents required already together.

...

With electronics and databases this type of preparation has been made much easier than keeping everything in a manilla folder.

MHO

I have it all in a database as well.

But to answer Chris' question: Knowing that I have some very good lead auditors around me, I feel that I can safely go for alternative A. They are perfectly able to set the audit up themselves. This job is not always easy, but in that respect at least, I have no problems. :)

/Claes

I'm not certain it makes a lot of difference who assembles the data. It might be based on the auditors' abilities. but I think the most important thing management could do for auditors is to allow them enough time to prepare! Too many times I've seen auditors given a whopping 5 minutes to prepare!!!!

5 minutes????? :confused: ..Ouuuucch! And exactly what kind of audits did that result in? I agree db, give them time...

/Claes

M Greenaway said:

Danger of steering the audit though.

How could it be considered "steering" the audit if you supply the auditor with all the information required to do the audit?

When I say all the information required I am refering to:
Area to audit
Previous Audit with findings so they can verifiy effectiveness
I will assist them in scheduling the date to performm the audit.
It is up to the auditor to pull specific tests, procedures and any other documents to assess compliance to the departmental procedures as well as any regulations that area must comply with.

My auditors use the process "show me " approach. All auditors go thru a 16 hour course and we have at least a 1 hour session monthly. The lines of communication are open with memos,newsletters and face to face. We run 3 shifts and I make myself available to all if needed.

gpainter wrote
My auditors use the process "show me " approach. All auditors go thru a 16 hour course and we have at least a 1 hour session monthly

This is the best approach IMO, too often Internal auditors are thrown to the wolves regarding audit prep with absolutely no general focus or direction.
At my location, All internal auditors are fully trained and informed of current auditing practices, they are given freedom to deviate from the audit agenda if they discover evidence that suggests a potential major NC, Well of course, I'm stating the obvious, auditors are trained to act in such a way, no matter what organization they come from yet, I have found that, auditors who use the Task element approach to internal audits, have more success identifying the potential future problems that a visiting auditor may uncover.
The task element approach involves assessing Person, Item, Equipment, Information and Service, all of these elements have sub elements (Too many to mention at this time).
I adopted this auditing method a few years ago after reading Allan J Sayle's publication called Management Audits.
I found that audit prep time was lessened due to the task element approach, I knew what I was looking for as, the task elements and the sub elements allowed an audit to have a natural flow.
Wallace.

M Greenaway said:

Danger of steering the audit though.

Our Internal Auditors selected by Management are by catagories;
IT manager, CFO, Human Resources Mgr., Materials Resource Mgr, Project Engineer, Production Worker-Coater-Blaster-Painter, Designer, and me. As Lead Auditor I have the responsibility and the knowledge on where to send my Bloodhounds! After all, call it what you want, but I've been "Auditing" for most of my working life. Auditing used to be the word reserved for financial investigators. We called it Quality Control/Assurance, depending on what end of the socio-economical scale you resided. Our Auditors also had two days of structured training from an outside accredited institution. Will that replace the experience from their Lead Auditor or change their whole outlook on life and make them a instant sucessful auditor? They want to get back with what they know. Their careers! Trust me. Our Auditors look for guidance, steerage if you will, because they know this is not what they were hired for. If they had their druthers, it would not be Internal Auditors. Well, why don't you get somebody who has interest? Answer: Nobody does. They are too busy making money for the Company doing what they do best. What very few have shown interest, have all they can handle with finding their own timecard at punchout time.
So, no shame in being charged with steering the audit as far as I am concerned. Better that, than someone turning in a N/C because somebody chucked an applecore out in the drive way, thereby violating our requirement to have an acceptable work environment. Or an N/C because somebody had their day planner out on their desk and it wasn't a controlled document. :vfunny: Not everybody makes a living out of breaking balls.:agree:
:ko: :smokin:

Jim

Internal Auditing can be a very useful improvement tool, if done properly.

Unfortunately like most things people do the absolute minimum to retain their certification, and then whinge that they get nothing from it.

db said:

I'm not certain it makes a lot of difference who assembles the data. It might be based on the auditors' abilities. but I think the most important thing management could do for auditors is to allow them enough time to prepare! Too many times I've seen auditors given a whopping 5 minutes to prepare!!!!

db, I'm still a bit curious about this... Whatever happened to the audit plan (Schedule) in these cases?

/Claes

Claes Gefvenberg said:

db, I'm still a bit curious about this... Whatever happened to the audit plan (Schedule) in these cases?

/Claes

Claes

I'm not db, but I think that the audit plan is a separate issue. You lay out the areas you expect to audit, and when, because it's a requirement. When that area is due for an audit, you then feed your Auditor team with all the information they will need. You also tell them to look at this and that. As the one who painted the room, so to speak, you direct them to those areas where you know there are misses, insufficient coating or just a poor application. Use them to point out the need for improvement in the subject areas.
For example, the Auditors were auditing our Internal Auditing System, in accordance with our Audit Schedule, and could not find anything but nice things to say about their Lead Auditor. :biglaugh: I took one of them aside and told him to take a good look at the Auditing Checklist Form and Audit Report Form that they were using. Why? They were not controlled documents. I wanted them to cite it so we could put together an Action Plan for when it will be completed. Use them, as you will, to get something done that I knew was incorrect that others were waiting for me to correct. My plate is full and by "Steering" the Auditors to those areas that need work, it forces employee involvement. JMHO.
So, you can still steer an Audit and maintain an Audit Plan. Don't forget the "Special" or "Management Directed" Audits that can happen anytime.

Jim,

You can call the auditors anything you want. The standard requires Internal Audits. How you do it, what you call them really doesn't matter. You cannot do away with the requirement, no matter how creative one might be. As Howard said in another post, "A rose by any other name........." :bigwave: :ko: :smokin:

Jim Wade said:

Dear energy - we missed you

rgds Jim

I will be scarce, at times, because I am as* deep in our new drive for the badge!:vfunny: :ko: :smokin:

Hi, Energy,

What I meant about the audit plan was (Sorry for being unclear):

When I set the audit schedule all auditors and dep Mgrs know about it and have agreed to it. That means that they know about a planned audit long before it's due.

What intrigues me is how (internal) auditors can possibly find themself in the situation described by db? With 5 minutes to prepare? Or am I missing something?

Apart from this "?" I agree with everything you said.

/Claes

[QUOTE] energy said:
I took one of them aside and told him to take a good look at the Auditing Checklist Form and Audit Report Form that they were using. Why? They were not controlled documents. I wanted them to cite it so we could put together an Action Plan for when it will be completed.
____________________________
Just curious, Energy. Why do the Auditing Checklist Form and Audit Report Form have to be controlled documents? Is this just your preference, something you stated in your internal procedures as a requirement? I usually keep blank reporting forms as uncontrolled documents so I don’t have to do a formal revision every time someone wants to make a minor change. Maybe my way is all wet.

Mike S.

Mike S. said:

[QUOTE] energy said:
____________________________
Just curious, Energy. Why do the Auditing Checklist Form and Audit Report Form have to be controlled documents? Is this just your preference, something you stated in your internal procedures as a requirement? I usually keep blank reporting forms as uncontrolled documents so I don’t have to do a formal revision every time someone wants to make a minor change. Maybe my way is all wet.
Mike S.

Mike S.

Just a preferred format. Because we file them electronically, the format lends itself to easy cut and paste for the final report to Top Management. They are templates that can be written on or created electronically in Word. It's a carry over from a previous place of employment. Otherwise, I would get the report on lined paper, paper napkins, old lunch bags, etc.:vfunny:
The checklists have some basic audits questions to use during their audits, but they are basically developed during their desktop audit preparation. There's only two so they are not cumbersome. They are also filed as back up for what eventually is stored electronically, in a secret archive:eek::ko: :smokin:

Jim Wade said:

Then it will be for me - and I'm sure I talk for many others - a pleasure deferred.

rgsds Jim

Like a moth to the flame, I'm drawn. Fly in and out when the opportunity presents itself. After all, how can I stay sharp if I don't keep up with the recent posts?:vfunny:

Jim, Defer this!:p :ko: :smokin:

energy said:
Like a moth to the flame, I'm drawn. Fly in and out when the opportunity presents itself. After all, how can I stay sharp if I don't keep up with the recent posts?:vfunny:

Jim, Defer this!:p :ko: :smokin:
__________________
Energy,

My chuckles when reading posts are down 20% over the last few days. I think it correlates well with your reduction in posts. That's bad for me. When I don't laugh I often cry (especially today -- what a day of screw-ups), so don't be too long between fly-ins!

P.S. I think it might be adversely affecting a few of the other guys, too, from some of the posts I've seen!

Mike S.:bonk:

Jim,

Could it just be that their registrar is of the type you often rant about being "for sale" or "just interested in keeping the client"? It seems that as long as it fits your philosophy, the registrar's integrity doesn't even figure into the equation. Tsk Tsk. Shame.
Have a sparkling weekend, Bubba.:p :ko: :smokin:

Jim Wade said:

Many companies, their senior employees, 'consultants' - and the registrars - are playing games to one degree or other just to get and keep a badge on the wall. You may know of such organisations.

Hey, that might be us

I think they are acting with integrity and I think that those that connive with the approach of "it's all about certification" are not acting with integrity

Hey, are you talking about my boss?

JMHO - shared by only a growing few - clearly not by you :(

Hey, I just work here!


rgds Jim



Jim,

Most of us, I assume, are not self employed and do not have the options of chasing dreams. Like, get me certified or get out. You call it playing games. I say it isn't playing at all. It's more like
Survival .

I think that when you make a lot of these lofty, idealistic posts, being self employed, you forget that many do not have those choices. Their choice is clear. If you don't like it here, hit the street. There are a lot of things in this world we would all like to see better. It's just a matter of (what it should be) vs. (what it is.)

And I still maintain that you should have a problem getting certified to ISO 9001:2000 when doing away with Internal Auditing unless there is collusion of some sorts between the Client and the registrar.JMHO:p

Now today is absolutely beautiful. I'll probably take a rake to Mother Earth's back, later on. See y'all later
:smokin:

Again I apologize,

All of these "quality", "production", "manufacturing", or whatever are a compilation of United Nations Edicts that propose that all companies have the same basic system in place so they are in the position of being taken over with minimal effort!

By Who??? Anybody with a minimal education knows!

Remember Ayn Rand!

Why does Germany (Diamler) now own Chrysler?

Why are all the standards based on ISO (U.N. Edict)

Why are companies allowed to give QS-9000 registration but not TS???

Has anybody really talked to a big 3 rep and received a real answer? F### no.

------------------------------------------------

I'm now a man of few means and less work, but I still think we all know what is going on!!!!!!

First, sorry for the delay in my reply. this has been a very busy month for me, and June is also quite full. I'm not sure how often I will be able to post.

In my 5 minute scenario, the auditors and the auditees knew well in advance that the audit was going to occur, let's use on Thursday. The problem is the auditors have regular assigned jobs and cannot take time off to prepare. The have a checklist (like the QSA), but nothing related to the organizational documentation. They have 5 minutes to read the procedures for the departments they are auditing. The feeling is that 5 minutes is all they need to understand the procedures and they are expected to come up with audit questions on the fly.:eek:

Al wrote

All of these "quality", "production", "manufacturing", or whatever are a compilation of United Nations Edicts that propose that all companies have the same basic system in place so they are in the position of being taken over with minimal effort!

Good one Al, I don't believe however that your esoteric take (Which, I agree with) will go down well yet, We travel on the same road and come from the same direction.
Here's a question for you, Do Auditors assess or do Assessors audit?
Wallace.

I provide a list of current documents (specs, work instructions, SOPs, and forms) associated with the process, a process control plan, as well as a copy of the last audit report and RCAs.

Our internal auditors are trained to spend about 30 mins to read through a sampling of the documents and they are responsible for creating an objective checklist. The auditor is also tasked to ensure that previous RCA corrective action measures are still in place and have proven effective in the long run.

Our auditors are teamed up to combine technical expertise to make sure we cover all the bases effectively. Previously we would have one auditor for most audits. Now we use 4-5 of our 7 available auditors for each audit and audit by processes.

db said:

First, sorry for the delay in my reply. this has been a very busy month for me, and June is also quite full. I'm not sure how often I will be able to post.

In my 5 minute scenario, the auditors and the auditees knew well in advance that the audit was going to occur, let's use on Thursday. The problem is the auditors have regular assigned jobs and cannot take time off to prepare. The have a checklist (like the QSA), but nothing related to the organizational documentation. They have 5 minutes to read the procedures for the departments they are auditing. The feeling is that 5 minutes is all they need to understand the procedures and they are expected to come up with audit questions on the fly.:eek:

No worries about the delay db... That happens to all of us.

Anyway, what you describe sounds pretty much like mission impossible. Have the external auditors ever noticed that fact? I imagine they would have a field day if they did?

/Claes

[QUOTE]Jim said: BUT - you can meet those requirements without doing audits - just normal management/project reviews (plus process improvement activities and a simple desk check for the shalls) does the trick.

Jim,
I am intrigued about the concept of no audits however, I'm having trouble understanding how the "audit" system would look and operate as you describe. Would department managers need to keep records of process reviews that they did and any actions taken? Would the actions need to be handled as a corrective or preventative action? What exactly are "management/project reviews" and "process improvement activities" in your opinion?
I understand the desktop review but I can't get my head around the idea of having the managers do the "process audits".
Can you clarify?:confused:

I see most of this thread pertains to ISO, so let me clarify first that I'm discussing QS9000 that will migrate to ISO TS16949 in the next year or so.

My company wants to start an audit program that I am somewhat dubious about.

They want to have one person be the Audit Program Designer, Coordinator, Verifier and Lead Auditor doing all paperwork for all system audits. They foresee the Lead Auditor as having people on staff to pull from for their expertise. I.E. if I were auditing the Wave Solder, I would have the Wave Solder tech or Supervisor with me to assist auditing the area.

I have a couple concerns about this.

1) What about conflict of interest - how can the wave solder tech audit themselves?

2) My interpretation of ISO 10011 is that Audit Teams are required and that a cross section of expertise is required. As well as representation from across the company.

For instance, I know nothing about electrical mechanical parts, SPC, or various other areas. How could I be Lead Auditor for such audits? or for a program which requires such audits?

3) Where is the Management Support for such a program? Is reviewing suggested items for Continuous Improvement and Audit Results sufficient in itself?

Are there any other possible trouble areas that anyone can see?

X,

Are you saying that you would be unable to find a process expert in your company who is not part of the work that is being audited?

If this is the case, then who would you elect to be the Lead Auditor other than you ??

If there is a conflict simply in being a guide, then you are never going to find anyone who could be the auditor.

It looks like you're stuck. But consider this: you don't have to be intimately knowledgeable about the specifics of the tasks in the area you're auditing. You aren't doing quality control inspections. You are verifying that the workers are using the correct procedures, etc. as well as gathering information on the performance measures of the tasks against the quality objectives (or targets).

X
1) Wave Tech is a guide not an auditor
2) Wave Tech is your source of expertise
3) You tell me

MO auditors should have some knowledge of the mf. processes they audit, but be experts NEVER. This is where the I word comes in. Group of auditors is better than 1 for many reasons. Although, I have heard that many companies in Germany have 1 auditor and they AUDIT,AUDIT, AUDIT, .....

Xfngrs,

What you described about having to fulfill all those roles, in my experience, is typical. Especially, in smaller organizations.

1. It is ok to have a guide, as long as the guide does not become the auditor. Utilize the guide as you would the auditee. As was indicated earlier, you do not have to be a process expert and sometimes that is to your advantage. You may see things that they would take for granted, and may potentially be a nonconformance to the quality program.

In some organizations a representative from various functions act as auditors (which they would never audit their own function). The Lead Auditor would help them audit. This was a great practice for other functions to learn other parts of the organization. But that is all based on your organizations philosophy on quality management.

2. It is advantagous to have a cross representative team available if your resources allow. Again, they may see things that the experts may overlook. As the Lead Audior, the focus should be more on how to audit so you can effectively lead and train your auditors, then becoming a process expert. You already have them in your organization. Use them to your advantage. Learning how to effectively audit will allow you to be able to pull all this information together that works for you.

3. Reviewing is only part of the process. There needs to be management priority on the issues discovered, appropriate Corrective Actions, and effective follow up. Management needs to be a solid proponent or else this will fail before you start. :)

Jim,

I'm confused, as ever.

I like the idea of not using the audit approach, audit is a dirty words in a lot of companies and is often seen in a negative light, no matter how you conduct them or report on the results.

What confuses me is that the std states that 'the organisation shall conduct internal audits.'

I can see from the standard that you need to define the resp and regs for planning and conducting audits in a procedure.

So are you saying that if we chucked the traditional method of internal auditing in favour of a more effective tool, and documented this more effective tool in the procedure, then we would be in compliance with ISO 9K2K?

If nom how would you give internal auditing the spanish archer in favour of a new tool and comply?

Ido fancy this idea of getting rid, but am erring on the side of caution.

Some assessors may not take this 'new-fangled' approach. Especially our, shall we say, more traditional guys.

Lau~.

Jim,

"El Bow", spanish archer, get rid of etc;

Chris

Thanks for that, Jim.

I quite fancy that concept, but I think I may have a bit of a bu**er trying to get my lot to buy-in here.

BTW: Chris thanks for explaining Spanish Archer.

Hasta la vista ( Boil in the bag curry?)

Lau~.

On the other hand Laura you could employ a competent auditor, and then you might get some value out of your audit process.

ooh MG,

That comment could easily be taken the wrong way, but I'll give you the benefit of the doubt :agree:

Basically, I am the 'competent' auditor here, but as I've said before, audit has become a dirty word here (pre-me, that is).

People actually worry about audits and it doesn't matter how much I witter on about positive results and continual improvement, people are more concerned with non-conformances.

If there is a better way to measure the quality system, then of course, I want to hear about it.

Besides, I work in a changing business, and methodologies should change (as required) to suit this.



:smokin:

Laura,

What business are you in ??

Might help us to help you.............

Chris

Chris, if you run a search and look for a thread entitled changing a culture, you'll see the problems I encounter.

It's an age old problem in a service based environment.

Since I work for a small company our primary Internal Auditor is Me, Myself and I. We have one Auditor in addition to her "Normal" job duties conducts the audits for "processes" that I can't audit. I don't "provide" the information she needs. This is part of her responsibility to review the "related" current documents (specs, WIs, OPs, and forms) associated with the process she will be auditing, as well as a copy of the last audit report findings and any related Corrective Actions.

We are responsible for reviewing related data and then for creating an objective checklist, ensureing previous corrective actions have been closed and effective.

I can understand how it would be helpful to have all related information available for your auditors if they already have a "full" time job elsewhere in the company. If the company is anything like the one I work for, the QMS isn't on the priority list so getting the proper amount of time they'll need to conduct the audit for them will be almost to impossible.

I deal with a lot of the same things as Laura. It seems that "Audit" has become such a bad word. When I conducted my QMS training for the production employees they were all upset about what were the audits going to be over, what was I going to be asking, what was I going to be looking for. Trying to convince them this is no big deal and they shouldn't be that worried about it......that's a hopeless cause. I haven't been able to conquer yet. No matter how I enforce the same things you mentioned Laura. Everyone is more concerned with the findings and heaven forbid there be nonconformances. I can't seem to get people to NOT take them personally.

Anyway, my 2 cents worth. As most days in my situation, same day different stuff.

Jamie

:bigwave: :bigwave:

"Ok guys, we are going to do an Internal Audit on your part tomorrow".
Guys start to moan and wail.
"Hey Guys, I am doing a process review around this area tomorrow, can you help me for about an hour?
Guys, "Yes, not a problem. After lunch is best"

Actual conversation where I work, but an audit by another name.

Now this won't be true in all cases, but I thought I would try using a different approach instead of implying that the police were going to turn up and everyone acting as though they were about to get busted.

Our "realisation" processes are monitored in real-time anyway, and a weekly review is held informally to see how we are doing.
The "audit" for these processes are a once-a-month more formal review.......which appears to work for us.

Actually "auditing" a process every (say) six months could mean that you find you have been doing it wrong for 5.95 months.

Just my thoughts, FWIW
Regards,

Chris

Jim Wade said:


Why's that then, Lau? What are their arguments?

rgds Jim

Our organisation is all changed out at the moment. Since April 2001. the organisation has gone through some major changes which has made all the people here, more than cyncial, about any new initiative or process.

Anything new at the moment will spark a cynical, maybe apathetic response.

Lau~.

was skipping around this thread reading some (not all) comments and thought I would add a summary of what I was thinking.......

1st.....who sets out/collects the papers?
Whoever is responsible for determining the scope of the audit, and has the time. In most of my companies its the "Audit coordinator" (lead auditor/mgt rep etc...) that either lists or even sometimes gets the applicable documents.

2nd .......opposition.
Get the loudest opposers/auditees on the audit team, even as a support person, but even better when fully trained by an Outside Source (its all in their heads, but it works). Best approach I have used was to have all element/process owners trained as auditors.........they automatically become better auditees, and in most cases they audit their own areas before you get there as part of GMP...and therefore adds their own opportunity for Improvement to the Quality System.....not to mention ownership. Preventive Action instead of Corrective,,,if you will.....

3rd....scheduling
Plan an audit sweep day each Quarter....set up for lunch, invite all auditors, element owners...have all documents available, working papers, CA forms etc......You can plan as teams over morning coffee........It all gets done at once, you can even assign a team to follow up on last round CA closures. A consultant can be used here to help/lead/support the teams if resources are an issue...have a closing meeting at the end of the day to distribute/discuss reports (use lunch for "inprocess general discussion") Everywhere I use this has awesome success with it........and the registrars, DoD, FDA auditors love it.

Chris, a couple thoughts related to your original question...

Part of my audit plan for the year includes the scoping of each audit. That is published at the beginning of the year, so that everyone knows what the audits will consist of.

When the audit team comes to a mutually agreeable date with the auditee, an audit notification is published, again defining the scope. (mostly tier 2 work instructions + CAR follow-ups when required.)

All documentation is on-line, as are previous audit reports and CARs. No package is required. I tell them the scope, they pull the applicable work instructions and CARs to follow-up.

At the closing meeting I distribute an evaluation form to the auditee(s) and ask them to rate the audit in terms of its value and fairness. We have an Internal Audit Business Plan that lists the goals of the audit program, and bringing value to the organization is the key goal. We use the evaluation form ratings to determine the Audit programs effectiveness, and to address issues with individual auditors.

I've attached the evaluation form and business plan as examples.

Here's the evaluation form

Rosie,

Thanks for that. Most useful.

Thanks for taking the time.

Regards,

Chris.

Rosie

Just wondering how your targets for internal audits relate to your companies objectives for quality ?

In other words if our internal audit programme meets all your targets what effect does this have on the overall improvement in the operation of the business ?

Dear "M",

The tie in to company quality objectives is very close, as I am involved in both programs. After the objectives are set each for the year, I factor them heavily into my audit plan.

My main objectives with the Business Plan was to 1. educate my audit team on their role in bringing value to the organization, (Many thought it was to be the audit police) 2. reduce the fear and loathing surrounding audits in the past, and 3. to move the audit program from being primarily remedial to being both remedial and improvement focused. I did lose two auditors after a year of auditing to the new biz plan. Both were "gotcha!" auditors and they didn't adapt well to the new focus.

When I joined this company 2.5 years ago, I was immediately struck by the "silo" effect. There were very few cross functional meetings, so I set out to break some of those barriers down, and the first one I tackled was my own Internal Audit team.

The results have been good. We have done a better job meeting company objectives, and we got through 4 ISO surveillances without any findings. (I did have several improvement notes when we did our 2000 upgrade, however) I thank my audit team every year at an appreciation luncheon. They do a great job!

Here is our evaluation form

Ooops-here it is-I hope.

I also use the same methods as some of the others ... post all of the appropriate data on the company Intranet, and let the auditor pull whatever they require.

Looks like the subject of "audit" being a four-letter word has come up in this thread too. A common problem. I'm looking at resolving this issue by conducting what I term as a "continuous audit (or review)". No more twice a year or four times a year formal audit. Instead I would conduct reviews whenever I got the chance such as talking to an employee during the course of the normal business day, or using the data obtained from other meetings to count as an audit of the QMS. Keep a log of all issues rasied, problems encountered, suggestions made, etc.. Every 3-4 months use the log notes to create a formal audit report (cut-n-paste) and process this report as normal.

This way information is captured continuously instead of only every 6 months. Continuous improvement requires continuous data and information if the QMS is truely to be providing value to the company ... instead of keeping some registrar employeed.

I've posted the attached draft generic continuous audit plan on another thread, but I'll add it here just in case anybody is interested. I think this method adds real value to the QMS. Comments???

How do you ensure that you cover all the requirements of the standard ?

I'm curious how your ISO auditor reacted to your plan? It's interesting...

I cover all the requirements because:

1. Audits are conducted at planned intervals. The interval is defined as continuous.
2. Based on status/impportance and previous audit results. Information gained on any given day will be used as input to plan and conduct the next review (audit).
3. Develop an overall plan. See attachment.
4. Conduct follow-ups and document. Auditing on a continuous basis allows for follow-ups. Documentation requirements do not change.
5. Requirements for auditor qualification, impartiality and not auditing their own work is the same as before ... no change.
6. Documented procedure. Is creatted from the audit plan (see attachment).

Did I miss any???

Have not received input/comment from registrar yet. More to come.

I would be concerned that such an 'ad hoc' system would fail to cover the entire requirements of ISO9001 in the audits. Also the 'audits' appear reactive to comments picked up in passing rather than preventive by looking at everything. I would use a seperate corrective action system for problems found from day to day.

An audit should be more of a holistic approach to assessing the entire process/system.

Still the proof of the pudding will be in the eating as they say !

I don't agree that this type of audit is "reactive more than preventive". Problems can be prevented by finding out about them sooner than waiting for 6 months to pass to conduct the next formal audit. Now every employee is expected to report known problems under either audit system (traditional vs. continuous) but its during a question and answer session (i.e. an audit) where some problems that aren't apparent usually come forward. So the very nature of continuous is preventive if planned and managed.

I also contend that "ad hoc" does not automatically imply "not looking at every requirement". A good system of recording the daily findings (i.e. database) will always enable one to plan the next days work based on the previous data to avoid missing a requirement. Even continuous audits must be properly planned for effect.

But I do agree its in the eating of the pie that the final proof lies. So I hope my pie is good.