We haven't perform an internal audit for the year and now, I'm trying to consider our process audit in exchange with the planned internal audit. Can we consider process audit as an internal audit since" in internal audit to determine that the QMS conforms to the planned arrangements (7.1),...and is effectively implemented and maintained" and process audit has an almost same meaning conform, effectively implemented and maintained? :confused: We perform process audit daily and randomly audit every department according the requirements of the customer and QMS.

Any feedback would be appreciated.
Thanks in advance.
Best regards,
Raffy

We have just been ISO 9001:2000 Certified - so I may be going out on a limb here, but a similar question came up about our auditing procedure. If it is stated in your procedure that either is appropriate, then you can state it. However, if your procedure does not address the matter - you may have a nonconformance.
Does that make sense to you?

HI

The question here is what are you auditing against.

For a process audit, you would be looking at the requirements of a specific process and the process' performance against these requirements.

For an internal ISO 9001 audit, you would be looking at the Quality Management System versus the standard.

They may look similar, but the aim is different. That said, in practice, I would say that many internal ISO audits end up being a hybrid of the 2 types...

Hope this helps

We just passed our "16949" surveillance audit and one of the "minor" findings was that our internal audits had to include the "Product realization" process (APQP). All we had been doing were "process" and "product" (dock) audits, also (we contract for the "System" audits).

Bill

Craig H. said:

---X---

They may look similar, but the aim is different. That said, in practice, I would say that many internal ISO audits end up being a hybrid of the 2 types...

Hope this helps

I agree. That's usually the case.

/Claes

Is it safe to assume that product audits in TS2 are the same as dock or final inspections - inprocess inspections?

Dawn asked:
Is it safe to assume that product audits in TS2 are the same as dock or final inspections - inprocess inspections?

Yes (per our registrar anyway)

Bill

Just wanted to add my two cents as this is a current topic of discussion for our team. I have found that senior management's perception of the internal compliance audit is that of a non value add activity. Over the past 8 - 12 months I have shifted our internal audit focus to business objectives and then translate the applicable ISO clause appropriate to the review. What I am beginning to see is a cliff at the end of the year where I will have to specificly target many clauses that did not come up during the year's review. I am still working on this model and hope to strike a more meaningfull balance moving forward.

Hi Tim,
Actually, it doesn't says on our spec and I've been thinking of that for days now and I would like to write a revision on our spec telling that a process audit can be an internal audit since we were audited by customers(this customers audits us on different Quality System, One in QS9000, One is ISO9001:2000 and the last one is based on SAC, which means Semiconductor Assembly Council; wherein this questions derived from different quality system namely, ISO9001:2000, ISO9004, TS16949:2002), Yes, they audit us with regards to process but some of the questions were derived from those quality systems. Our GM said that since we were been audited by different customers which is based on ISO, we could consider it....:confused:

Our Audits shows an Affirmative Result, there could be non-compliance, but we ensure that we track those issues to closure.

Hi Craig,
"They may look similar, but the aim is different. That said, in practice, I would say that many internal ISO audits end up being a hybrid of the 2 types... "
I agree with you on here, however, I was caught up again, we haven't have the planned internal audit programme in which the ISO is requiring and I need to make a decision in which how am I gonna document the process that we were been audited by our customers based on different quality system and I'm trying to have it resolve before the next ISO audit which would also happen this month and in my perception, since we didn't come up with an internal audit programme for the year, I would suggest that documenting all customer audit in exchange with the traditional internal audit :)

Hi Mainer,
"I have found that senior management's perception of the internal compliance audit is that of a non value add activity. "

I agree with this, because it was also the same response I got from our GM, is that "Why do I have to perform an Internal Audit, since our customer audit us against three different quality system? He says that it is redundant to conduct another audit and it hurts :frust: when your boss says that its a "Waste of Money" and "Time" Plus the "Effort" . We do make corrective actions for this audit done by our customer.

The question comes out now, "Can we show the audit to the ISO? We track all nonc-ompliance and ensure that all Open Items are closed. And we have documents to show that we did adjustments on our specs. The only problem that I'm dealing with is "How am I gonna include this on my specs? Can I write a provision saying that Customer Audit can be exchanged to Internal Audit as long as the audit they conduct is based on ISO standards? :confused: Can we also include that Internal Audit can be done based on business opportunities? :bigwave:

Hi Jim,
Speaking of continual improvement, can our process audit be part of the continual improvement? For example, we didn't conduct an internal audit on an area, for the sake of conversation its on Production Department, we are not going to conduct an internal audit on this area because, we randomly check their activities, systems, etc through out process audit and this audit is also track and follow-up to closure. How am I going to document this? Or as part of continual improvement? :confused:

Thanks to everyone.
Best regards,
Raffy

Jim

You cannot confirm compliance to ISO9001 from a desktop review of documents, particularly in this day and age of ISO9001:2000 where documentation has been somewhat relegated in significance, hence possibly wont be there.

Even in the days of the 1994 standard where we were told to have procedures the standard not only said to create them, but to implement and maintain them. How could we confirm compliance to implementation and maintenance from a desktop ?

Also internal audits need to cover the system, that is the interrelationship of processes - not just processes themselves.

Jim

How do you get over the problem that not all ISO9001 requirements will be documented in the QMS ?

It seems that the desktop review you talk of is just to confirm that certain 'documentation' exists. Isnt documentation just a very small requirement of the standard ?

For example the question of competency, we have no procedure on competency, hence a desktop review will not identify that we address this issue, and if we only audit procedures to determine implementation and maintenance, then again we will not touch on this issue.

Jim

If this 'compliance checklist' is only looked at by the desk checker, how do we determine implementation and effectiveness ?

You argument appeared to be that someone checks the documents to the standard, then someone else checks the working practice to the documents. This argument is based on 'documents for everything' which as you say is very old hat.

Also the statement 'we, (as part of normal good management) make sure that we are doing what we'd said', is based on the huge assumption of 'normal good managers' existing and doing their job properly, which is such a massively blind assumption you might as well spread the whole assumption to everyone and everything in the system, and not bother to audit at all, as it is the purpose of the audit to determine this (and other things).

Jim Wade said:
"The trick is to provide a document that the registrar considers 'part of the QMS' but we know it isn't really - because we don't need it for
our management system to operate well and no-one else (other than the desk-checker) will ever see it. That document slavishly spells out each 9001 requirement and specifies how we will handle it. It is essentially a compliance checklist."

Ours is called the Quality Manual. The old clause-by-clause approach has its advantages. The main user of this document is our third-party auditor.

Exactly Craig

Its a re-creation of the useless Quality Manual isnt it !

Why have such a document, and why have such a pointless audit ?

Jim

You say you only work with companies with committed managers, which I guess always do everything right, but our audit is also a statement of compliance (not just non-compliance).

So even if we have the best managers in the world who always do everything right, isnt it healthy to have someone independently confirm that everything is continuing OK ?

Is it healthy to think that our managers will always do everything right, even if they are the most committed people we know ?

Back to the original question, may I restate what I gather the problem at hand is and offer a solution?

If I have read this right, the problem is that Raffy's organization is about to get caught in an impending audit with no internal audits recorded. Right?

It is up to you, Raffy, to determine the frequency of internal audits (at least for 9000). So, why not do one big one, right now? Not only will you cover your requirements, you will have a chance to make sure the "shalls" are covered - sort of a preassessment. If you can do this along with having some "value added" findings, maybe you can sell upper management on the idea of more frequent audits.

I knew I was uncomfortable with the idea of relying on customer audits, but couldn't figure out exactly why. Now, I know - what are the customers auditing to? Their approach will be from their prospective, NOT what is best for your company and its QMS.

In a way, I wish we could call quality audits something different. The word "audit" conjures up images of the IRS (the US tax/inquisition agency) audit. In a way, quality auditing can be a more exact use of the "Management by Walking Around" management method, or am I oversimplifying??

Yes Jim, it is managements job, and the tool they can use is internal auditing - as the purpose of this is to report to management.

We cant just 'accept' that management do a great job can we ?

Here's my 2 cents...

I just had this very discussion with my auditor. He looked at how I had my internal audit procedure set up. He asked, do we run our business how the standard is layed out? Nope, not really. He recommended that we audit by process as it is more realistic. A series of processes is what we do. He suggested that we show that we are meeting the standard. It's ok to still do traditional internal audits but he felt that we would get more out of internal auditing if we audited by job traveler, purchase order, all kinds of different ways. As long as all the elements are being covered in some way shape or form... well done.

Fire Girl

If we add a product audit into the mix
Product Audits: Focus is on product compliance to established specifications and/or industry standards. Verification consists of an inspection of manufactured product against the requirements for that product.Were as Process Audits Focus is on the manufacturing process. Verification consists of a comparison of actual practices against applicable process documentation. Inherent to all process audits is an assessment of the competence of the Operator to properly and consistently execute the process using the system . Which leaves us with, Quality System Audits: Focus is on the application of Documented Systems that provide the umbrella of procedural support for the Company. Basically its a Level 1, 2 & 3 audit each used to monitor specific requirments of each level with the system audits being Level 1, and the Process audit being level 2, and the Product audit being level 3. All which are aimed at customer satisfaction thru continious improvment
:frust:
There is a distinct difference. Hope this helps....

Interesting document attached from the AIAG, who have a lot to do with QS9000, and now TS16949 (which is based on ISO9001:2000), regarding the 'new' approach to auditing processes.

As the third paragraph points out you now have to audit a process, and then check back to the relevant requirement of the standard, rather than trawl through the standard line by line looking for evidence of compliance.

Sorry, did I miss something ? That is how I have audited for years !!

I am currently trying to put all "system" based documentation e.g. procedures specs, calibration information and master forms onto a intranet system which would be accessable in all department of our plant. this would reduce the number of system audits and departmental paperwork (which is always uncontrolled) I would have to check and undertake.
Therefore giving me more time to conduct "Process" audits which I use to assess continual improvements in each department.
This helps me and the departmental managers run a smooth quality system.
Looking at my system TS, it states to use to or even three types of audit to comply to the standard, Process, System and product.

Question: Does anyone know how to get hold of Fords customer requirements, I dont have a password for the site?

Cheers

We are currently in process of switching from QS-9000 to TS16949-- does anyone have an example of a audit checklist that they would like to share? THere are some differences between managers how the "audit process" should work.

Any help would be greatly appreciated

The AIAG checklist is a document is only a tool to aid in determining the audit has been completed. Prior to starting the audit you should identify your customer oriented processes (COP's) and then use the checklist as a guide to asure you have addressed the applicable requirements of the specification.
This in itself does not constitute a process audit.
AIAG is presently in the process of revising this checklist to clarify the purpose.