Let me know what you think.
There were a couple of areas that I was not sure of if they applied or not, like corrective and preventive action. I mean it's QA's and managements responsibility but ALL departments will be involved at some point or another depending on whether or not they get issued a CA.

Anyway, check it out, tear it up, rip it appart and give me advice!
(btw, this will be my new company's first internal audit with me holding the leads!)

Thanks

G,

A couple of quick things. I do not see anywhere that explains the color coding. Also, if it is for your facility, I would suggest some type of process integration. For example, actually placing the process being audited on the schedule as well.

I'm enclosing a quick one I use in training. We treat most of the standard as processes (such as resources - resource allocation and control are processes)

Hope this helps.

color codeing means it applies to the specific process/area (noted on top).
I already noted the processes on the top (quality, HR, Purchasing, ect..)
Will that not suffice?

G.

color codeing means it applies to the specific process/area (noted on top).
I already noted the processes on the top (quality, HR, Purchasing, ect..)
Will that not suffice?

G.

I think it could provided that you have enough information to show that you understand it and it works. An auditor might wonder why you have manufacturing as a single process, however. The answer might be as simple as you list it and audit it as a single process, but the actual audit will differentiate each sub-process individually.

Remember too, that a process is defined as a specific action(s) that has input and output. It is very specific. Human Resources, for example, may be too broad to call a single process. It may include the new employee orientation process, training acquisition process, annual review process, etc. The same goes for "Quality".

Just something to think about. :rolleyes:

It didn't strike me as process based. But you know how your system operates.

Remember too, that a process is defined as a specific action(s) that has input and output. It is very specific. Human Resources, for example, may be too broad to call a single process. It may include the new employee orientation process, training acquisition process, annual review process, etc. The same goes for "Quality".


Good thinking Rob, but it is possible to list HR as a large process for the sake of the schedule. The actual audit plan then could separate the different processes which fall under that process. So you could end up with three or four separate process audits under one HR umbrella.

Okay, I was thinking that this WAS our audit plan :(
I wAS thinking that the processes were listed above and anything under those were various processes and procedures. Now that's how I SEE that, but how do I SHOW that?
For now there is no additional audit plan, maybe I will have to break down the larger process into severy small processes that apply to that process and audit them?
If so I think I will have to have generate a new process audit form of some sort listing inputs and outputs and such.
I could probabaly make in generic that way we could fill it in on wheatever process we are auditing (Nonconforming material process, assembly, customer satisfaction ect...)
Am I on the right track at all?


G.

Okay, I was thinking that this WAS our audit plan :(
I wAS thinking that the processes were listed above and anything under those were various processes and procedures. Now that's how I SEE that, but how do I SHOW that?
For now there is no additional audit plan, maybe I will have to break down the larger process into severy small processes that apply to that process and audit them?
If so I think I will have to have generate a new process audit form of some sort listing inputs and outputs and such.
I could probabaly make in generic that way we could fill it in on wheatever process we are auditing (Nonconforming material process, assembly, customer satisfaction ect...)
We may be playing games with words. You can easily cover the smaller processes in your checklist, or other audit criteria. The audit plan I was refering to would indicate exactly what you were auditing when, for example, you would be auditing shipping at 9:30. This type of audit plan can be developed ahead of time and communicated through an email or memo. The audit checklist would outline how you were going to audit that particular process (such as HR). As far as the generic form, I have seen them in the past, and it can work quite well. I know there is a good one somewhere on the Cove.

Hey G -

Maybe this will help, the attachment is an old audit plan of mine. What you have posted looks like my audit schedule. When it comes time to audit, I put together this little planning form for whatever has been scheduled.

I don't have an electronic copy of the revisions for 9k2k as I did it by hand for our first process audits, but the format will still be similar. It will name processes rather than elements.

G

I think you are on the right lines. I will post my schedule in a couple of days when I am back at work, as it is generated in my MS Outlook 'tasks' folder.

Basically my schedule focusses on the 'product realisation' processes. The other business processes are in effect 'support processes'.

Where your product realisation processes form an end to end chain with the customer, typically your support processes cut across the product realisation processes at various stages.

So what i do is conduct the majority of audits by product realisation processes, i.e. design, sales, purchasing, manufactuing, despatch, etc, etc, and audit each support process during each audit of a product realisation process, as and when it appears.

For example, as you say CA/PA will be audited at each process audit.

Some support processes are audited in their own right if, for example, I cannot audit them (such as internal audit itself), it is an area of weakness (such as training), or it doesnt fit neatly into any other product realisation process audit, such as monitoring of customer satisfaction.

Oh, and I dont do detailed plans, much more informal and flexible than that !

yer 'tis

PS its slightly incomplete - but hopefully you get the idea

This has worked for us.

M Greenway,

How did you create the plan in OUTLOOK?

I would like to do this also.

Thanks!

Mike W

:bigwave:

I created a sub-folder in the 'Tasks' folder.

I created categories based on the major ISO9001:2000 section titles.

I then added columns to this task sub-folder based on the major ISO9001:2000 clause references as simple yes/no data. I then also added a simple text column to identify the auditor and the audit report reference.

Then I created each audit as a 'Task' using the normal MS Outlook method, and selected the category for each audit at the bottom of the 'Task' window - then 'Save and Close'.

Set the 'View' to 'Group By Categories' and then simply click each clause reference you want to address for the audit.

Hope this helps, if you want more detail let me know.

Hey G -

Maybe this will help, the attachment is an old audit plan of mine. What you have posted looks like my audit schedule. When it comes time to audit, I put together this little planning form for whatever has been scheduled.

I don't have an electronic copy of the revisions for 9k2k as I did it by hand for our first process audits, but the format will still be similar. It will name processes rather than elements.

Cari,

Didn't you also have a cool calendar that went with this? I'm sure you posted it in another thread.

Greg B

Sorry All, but I don't use an Audit Plan with so much detail and I don't audit against the standard. I tend to leave deliberate audits against the standard to the registrar (that's what they are paid for).
I audit MY process' not the standards process' eg: Mining: What are the Inputs, Outputs and Controls. Do we mine it the way we say we do in the Procedures and Work Instructions? How do we control our Documents and Records? How do maintain control and Traceability of our product and NCs? How have they rectified old NCs and CAPAs? The mine has many procesess but I don't list them all. I just state that I am going to Audit the Mine or One of the production Streams.

So my audit plan is usually planned around our Quarterly Quality Management meetings where we work out our risk areas, Non Conformances, CAPAs and so on to decide what areas require auditing etc. I then draw up a list of the areas to be audited, the date of audit and audit number (I only do 24 audits maximum a year) and they last about one or two days total. At the next Meeting we work out a new plan. I never have to look at the standard and work out if I have asked enough questions about 8.5.1 or 4.2.2 etc It's a lot less stressful. I have had Processes that have not been internally audited in five years as they have never had a problem and passed all annual 3rd party audits. I'd like to eventually get to Randy Stewarts stage of NO AUDITS.

Greg B

Cari,

Didn't you also have a cool calendar that went with this? I'm sure you posted it in another thread.

Greg B

Yes - here it is, I had to do a little revising. I used to distribute and post memos for each meeting. Now I plan to distribute this once and be done with it. Also attached is my audit schedule for 2002-2003, my current one lists processes and documents to be audited, but it is kinda scribbly and done by hand right now. I'll post when I'm done.

LOL I have to say that I totally stole your calander idea! (with a few small tweaks of course). That is a very good idea and everyone here loves it, it's hanging in the offices of everyone I gave it to.

G.

...everyone here loves it, it's hanging in the offices of everyone I gave it to.

G.

I'm glad you guys like it. :agree: Our people like it better than all those meeting memos here too. I was trying to get myself organized to get an idea of how I would be scheduling management review for the frequencies our team decided on - without conflicting with the auditing schedule (internal and external), hunting season, month end, short months or holiday months - anyway, it turned out kinda neat so I decided to distribute and control it.

Now if we have customer visits, etc., the people scheduling such things with the outside party can work around our schedule. If for some reason we can't work something like this around our schedule - at least I'm given plenty of time to reschedule instead of finding out a week before!

Hi All
I am working in a small (200 people) design services company and we plan to go for certification next year.
We have defined procedures, and now we are asking engineers and their leads to follow that.
To giude implementation and review the progress of ISO implementation, we are conducting informal audit sessions.
Please guide me with approaches and checklists, and other tools that can help me do this first review efficiently. Also, pls advice how we can make them adopt new Quality Management System with more zeal.
Thanks in advance,
Sanjo

Hi All
I am working in a small (200 people) design services company and we plan to go for certification next year.
We have defined procedures, and now we are asking engineers and their leads to follow that.
To giude implementation and review the progress of ISO implementation, we are conducting informal audit sessions.
Please guide me with approaches and checklists, and other tools that can help me do this first review efficiently. Also, pls advice how we can make them adopt new Quality Management System with more zeal.
Thanks in advance,
Sanjo :)

Yes - here it is, I had to do a little revising. I used to distribute and post memos for each meeting. Now I plan to distribute this once and be done with it. Also attached is my audit schedule for 2002-2003, my current one lists processes and documents to be audited, but it is kinda scribbly and done by hand right now. I'll post when I'm done.

Any chance of getting a copy of your "Engineering Drawing Control procedure TCP.05.02? Thanks! It would be mucho helpful...:bigwave:

Sorry All, but I don't use an Audit Plan with so much detail and I don't audit against the standard. I tend to leave deliberate audits against the standard to the registrar (that's what they are paid for).
I audit MY process' not the standards process' eg: Mining: What are the Inputs, Outputs and Controls. Do we mine it the way we say we do in the Procedures and Work Instructions? How do we control our Documents and Records? How do maintain control and Traceability of our product and NCs? How have they rectified old NCs and CAPAs? The mine has many procesess but I don't list them all. I just state that I am going to Audit the Mine or One of the production Streams.

So my audit plan is usually planned around our Quarterly Quality Management meetings where we work out our risk areas, Non Conformances, CAPAs and so on to decide what areas require auditing etc. I then draw up a list of the areas to be audited, the date of audit and audit number (I only do 24 audits maximum a year) and they last about one or two days total. At the next Meeting we work out a new plan. I never have to look at the standard and work out if I have asked enough questions about 8.5.1 or 4.2.2 etc It's a lot less stressful. I have had Processes that have not been internally audited in five years as they have never had a problem and passed all annual 3rd party audits. I'd like to eventually get to Randy Stewarts stage of NO AUDITS.

Greg B

WOW Greg, that is so on the money, as far as my ideas go. I see too many organizations scheduling audits based on some detailed calendar of things that only one person comes up with - and leaves the management team out in the cold. As a result, the internal auditors end up asking questions (especially ISO questions) which management have no (real) idea how to answer and are generally not focused on the issues they are having with the process!
In the example first given, what consideration is given to the 'status and importance' (there's another thread about this somewhere) of the process? AKA 'risk' and 'impact'????

Andy

Sorry All, but I don't use an Audit Plan with so much detail and I don't audit against the standard. I tend to leave deliberate audits against the standard to the registrar (that's what they are paid for).
I audit MY process' not the standards process' eg: Mining: What are the Inputs, Outputs and Controls. Do we mine it the way we say we do in the Procedures and Work Instructions? How do we control our Documents and Records? How do maintain control and Traceability of our product and NCs? How have they rectified old NCs and CAPAs? The mine has many procesess but I don't list them all. I just state that I am going to Audit the Mine or One of the production Streams. Greg B


Congrats, that is pretty much how it is supposed to be done. You are auditing your processes. The registrar auditors are required to do that also, not audit to the standard. I do trust that over time, you are indeed auditing all of your processes...that was the only part I was not clear on from your post.

Any chance of getting a copy of your "Engineering Drawing Control procedure TCP.05.02? Thanks! It would be mucho helpful...:bigwave:
No problemo.:D I've also attached a couple of forms I thought you might like to see. The engineering guide is for while we are processing the new job so the engineers know what components need drawings. The very bottom is where I determine the amount of processing time as a percentage of our lead time - one of our efficiency measurables. If you have any specific questions, I'll split off this thread into a new one for you in the documents forum.:bigwave:

Greg B's Post is pretty right on, as told to me by our auditor. I once lived in the world of element based auditing too with QS 9000, it was difficult for me at first to grasp the new idea of auditing per the process approach.

Our auditor suggested that we only do an internal audit when we receive negative customer feedback, or focus on internal performance issues where our company is not meeting our goals. Internal auditing should be used to reduce costs, improve quality of outputs for a process.

I had a little trouble at first with grasping the idea that I may only have 1 intrenal audit per year or may have 200 in one year. It will vary. But, I am liking it much better!

there are other times when an audit might be required too, not just when something goes wrong. Another aspect you might want to consider is when there's something new or changed in the QMS. Quality Planning is supposed to look after the way the QMS is used to control changes/new items of significance (new product intros, new customers/requirements/new process/new organization/people etc.) All this can lead to the QMS becomeing obsolescent, so an audit might be in order to 'head off' any issues and give management some 'validation' that the situation is under control!
Just a thought - sounds like your 3rd party auditor might have actually done you a favor! (even if it was only part of the story!!)

Andy

No problemo.:D I've also attached a couple of forms I thought you might like to see. The engineering guide is for while we are processing the new job so the engineers know what components need drawings. The very bottom is where I determine the amount of processing time as a percentage of our lead time - one of our efficiency measurables. If you have any specific questions, I'll split off this thread into a new one for you in the documents forum.:bigwave:

Mucho Gracias! good stuff...HAPPY HOLIDAYS!!!!!!!!!!!!!!! :applause:

Danada(?) Happy Holidays to you too.:bigwave:

Danada(?) Happy Holidays to you too.:bigwave:

I thought for a second that you had misspelled "Canada.":lol: I think "de nada" (it's nothing) is what you were looking for.:D

Thank you, Jim. I always thought it was one word meaning you're welcome - I've learned my something new for the day.:D

Our auditor suggested that we only do an internal audit when we receive negative customer feedback, or focus on internal performance issues where our company is not meeting our goals.


WHOA!!! You might want to go back and check that with the auditor, and check the standard as well. That approach would not comply with ANY ISO based standard, especially TS.

You have to audit all the processes in your QMS or EMS. The auditing of customer problems etc, is over and above the regular, process based internal audits. It is mentioned when deciding how to weight you time and schedule, but you cannot exclude the regular stuff.

Our auditor thinks we are performing too many audits:mg:
What do you guys think?:confused:

Our auditor thinks we are performing too many audits:mg:
What do you guys think?:confused:

It does look excessive (although it's not evident what the shaded/not shaded designations mean). Frequency of audits should be driven by audit results, and the importance of dealing with audit results in a timely manner. It's a question only you can answer: what would happen if audits were less frequent (good or bad)?

Only you can say whether you have scheduled too many audits.

1. Can your resources handle this amount?
2. Do previous audits reflect the need for this amount?
3. Do your company measures indicate the need for this amount?


Do what you have to do to create great customer satisfaction and to maintain a great Quality System!


:D

Our auditor thinks we are performing too many audits:mg:
What do you guys think?:confused:

Do you audit between the processes? How does the product pass between services or areas of responsibility? Does it meet the next 'Customers' requirements? Is it on time? Is it in spec? Are they holding too much stock? do they speak to each other (survey each others requiremenst?). You may have the greatest individual processes in the world but they may not work as a whole. We audit things such as Waste (Time/Product/Labour/Rehandling etc). They may not come under the heading or scope of a normal Process but who says we have to audit to an area manual or process. We audit those areas where we think we can improve and save money (Bottlenecks, Waste, Improvements etc). Audit as much as YOU think is necessary not to prove a point to the registrar. It is your company.

Thank you, Jim. I always thought it was one word meaning you're welcome - I've learned my something new for the day.:D


It is used in the same context as we use "You're Welcome." Jim's reply is the literal translation (and corrected spelling).

Perhaps a good example is when we sometimes say "No Problem" instead of "You're Welcome." It would appear strange if translated to another language.

But it is intended as the same thing.

Our auditor thinks we are performing too many audits:mg:
What do you guys think?:confused:


Based on what I see in your schedule, I would probably also comment that "it seems like you are doing an awful lot of audits." It is common for that to come up in an audit.

However, that does not mean I as the auditor want you to do less. That is just up to you.

It is however, an observation that would lead down an audit trail to determine whether you are getting good results, etc. from your audits. Remember, an auditor is supposed to determine if your system complies to the standard, AND, if it is effective.

So, if from the audit interview, it is clear that the audits are beneficial, you have meaningful, beneficial findings, the volume of paperwork is manageable, the audits are being completely more or less per schedule, then it would appear to be a good schedule.

However, with this kind of schedule, I often see that there is a lot of paperwork to process, but with little results. Few findings, process owners feel annoyed, and don't feel any benefit from the audits. CA's are constantly overdue, the audits are a disruption, not a benefit, etc.

If that scenario were to be the case, then doing less audits, but getting more value from each one, may indeed be a more effective approach.

I certainly can't speak for your auditor's observation, but I have had the conversation outlined above a number of times. Then the client decides what is the better approach for them.