I am still being hung up on this process audit NC.
The original write up was 1) The existing audit schedule is based upon the 1994 standard, and does not yet reflect the ISO 9001-2000 process-based approach. 2) No evidence of internal audit plans or reports performed to verify system compliance to the ISO 9001-2000 requirements.
We got a major on this and since the write up I have performed an internal audit to verify our compliance to the new standard. That all went good, we found some problems, wrote them up and are working on fixing them.
But this did not satisfy our auditor.
He is now asking for evidence that we have scheduled and performed "process audits" meaninig they are totally 2 diferent things.
A process audit being specific to problem area or area of concern.
These can be generated from customer complaints, returns, scrap, ect..
And he said the new standard refers to them specifically as "process audits".
Meaning seperate audits althgether and in addition to the required Internal Audits.
I just can't seem to find this anywhere where it states we shall schedule and performs these mini process audits.
Has anyone else had to deal with this?
This is my 2nd company to be registered 2000 and with my last company I never had any problems with audits.

G.

About the closest I can find is: "An audit programme shall be planned, taking into consieration the status and importance of the processes and areas..." I think there is some direction in the rules for registrars, but I am not sure.

One way I would approach this is to ask for the "shall". Have the auditor show exactly where the requirment comes from. It might be a contractual thing between you and the registrar.

I'm an automotive supplier and the confusion may be interpreting the ISO/TS 16949 specification under section 8.2.2.2 Manufacturing Process Audit. "The organization shall audit each manufacturing process to determine its effectiveness. If you are in automotive you need to show evidence of addressing this, but I think, (bearing in mind it is early on Monday morning) ;) , it is automotive specific.

But this did not satisfy our auditor.
He is now asking for evidence that we have scheduled and performed "process audits" meaninig they are totally 2 diferent things.
A process audit being specific to problem area or area of concern.
These can be generated from customer complaints, returns, scrap, ect..
----
Has anyone else had to deal with this?

G.One single question: What clause did your auditor refer to? I can find no such requirement in ISO 9001:2000. Personally, I think your auditor is on a wild goose chase.

Over to the group.

/Claes

P.s. Bigfoot, welcome to the Cove. :bigwave:

It was written up under 8.2.2

How about that note at the bottom of the clause?
Also what about when it references 7.1?

I have looked at 7.1 but have not seen anything jump out at me.

I am about to raise the BS flag about this but I want to be sure.


G.

The process audits are a subset of your internal audits. Audit processes where you add value to your product or service. You only have to fix the system if numerous processes are signaling problems. Start with a process that is well mapped like your manufacturing process design output (7.3.3.2) on your highest volume job.

It was written up under 8.2.2

How about that note at the bottom of the clause?
Also what about when it references 7.1?

I have looked at 7.1 but have not seen anything jump out at me.

I am about to raise the BS flag about this but I want to be sure.


G.
Forget the note: The standards referred to have been replaced by ISO19011:2002, Guidance for quality and/or environmental management systems auditing, and 7.1 has (IMO) nothing to do with it (except from the need to audit what you have planned acc. to 7.1).

I think your auditor has managed to mix things up in a grand way.

/Claes

See Iso 9004, Guidelines for performance improvements

Para. 8.2.2, Measurement and monitoring of processes.

See Iso 9004, Guidelines for performance improvements

Para. 8.2.2, Measurement and monitoring of processes.
Yes, normally I would, but those are guidelines (and very sensible ones too), not requirements like in ISO9001...

/Claes

Gman2 said: ”The original write up was 1) The existing audit schedule is based upon the 1994 standard, and does not yet reflect the ISO 9001-2000 process-based approach. 2) No evidence of internal audit plans or reports performed to verify system compliance to the ISO 9001-2000 requirements.”

The auditor should have explained the NC before he left but I’ll try to read between the lines. If your audit programme is structured around the old standard then there are significant areas of the new standard that are not covered there. If he has been through your audit reports and there is no evidence that these new requirements have been looked at then they might call it as a major.

The fact that the auditor is still not happy with your audits (“He is now asking for evidence that we have scheduled and performed "process audits" meaninig they are totally 2 diferent things.”) indicates that he feels you haven’t understood the process based approach to quality (see this thread in the cove). Presumably you have processes documented in your system and you have objectives and measures for these processes, if you can show that you have looked at the processes including objective setting and measures of process efficiency and effectiveness you should be able to convince the auditor you have covered the spirit of the audit clause requirement.

My concern with this (and other) threads and postings is that the spirit of the process based approach is being lost in the confrontation with the auditor.

See Iso 9004, Guidelines for performance improvements

Para. 8.2.2, Measurement and monitoring of processes.


These are shoulds though, not shalls.
I agree with Claes.
I don't see where the internal audits fail.
Our registrar had some concern about how I was planning my audits for next year, (more of a 1994 style) and recommended that I consider changing the focus to a process model bcause it is more efficient and would take less time than what I was planning.

I especially have a problem with the NC being a Major.

How many other NC's were written on your system?

James

These are shoulds though, not shalls.
I agree with Claes.
I don't see where the internal audits fail.
Our registrar had some concern about how I was planning my audits for next year, (more of a 1994 style) and recommended that I consider changing the focus to a process model bcause it is more efficient and would take less time than what I was planning.

I especially have a problem with the NC being a Major.

How many other NC's were written on your system?

James

8 altogether.
One note that I am not sure everyone is aware of, I just started this job a month and a half ago. The previous QM left this system a wreck! Nothing was updated and there were no internal audits performed for over a year and a half and none to the new standard. So I walked into a mess that I am trying to clean up in a hurry. So I had 8 reports to clear up. 3 Majors and 5 minors. All are done except this one, well it WAS this one :).
I just spoke with the auditor finally and got this all squared away. This is what he told me.
Exactly what I explained above he explained again.
I think Ben Sortin's post does a good job of summing it up. The auditor actually referred to 8.4 and 8.5.1 for analysis and continuous improvement.
And basically we already doing this with our management reviews and our corrective actions but he said we need to document this in a format that SHOWS we have done a actual "process audit" . He said our corrective action report was not enough. that we need a audit format that includes questions about inputs, personnel involved, material, equipment, training, and basically any other questions we need to find the root cause and that we need to come up with ideas for a solution. And those needed to be reviewed and followed up on during management reviews. He also mentioned using 8D forms for this.
Basically I still don't think there is a clause for this, especially if you are looking at this standard like it is the OLD standard. But I guess when you start looking at this standard as if there were no old standard and just reading it as if it were new and you had have no conclusions based on your experience with the old standard THIS one starts becoming more clear, or more confusing depending on how you look at it.
But I did not fight him on this for one major reason, I think it is going to be a very useful tool in helping to identify and correct major problems, it also is a tool that keeps management even more involved, and now I can tell them "well the standard SAYS we have to do it" and that just gives me more muscle to get things done. And bottom line, it's a good thing to do.
Do I like being REQUIRED to do it though is another question.
One more thing, he is asking for no formal documentation of this as of now, he feels I have a good grasp of what he is requiring now and he will view our progress at the next audit.
He closed all our findings out and now I am waiting on word from the registrar to give us our cert.
Woo hoo for me!

G.

First let me say that I'm not agreeing with the auditor, but here is how I think he was looking at it.

Under 8.2.2a it says to see 7.1. Okay, the first sentence is about planning the processes, now look at the 1st part of NOTE 1 under 7.1.

It's a stretch but it would allow a loose interpretation of the following:
A QMS is made up of specified processes and therefore an audit of the QMS is an audit of the specified processes.

I don't see a shall but under 0.2 Process approach it states "This International Standard promotes the adoption of a process approach . . . "

Those are the only 2 things that I can see.

Try on 7.5.5.1 Storage and Inventory for size (hint the quality record will contain the data neccesary to validate that your prototype process did not use obsolete material (try and sort for that). The standard says "detect." Ben's procedure (currently in draft) will say "prevent."

Try on 7.5.5.1 Storage and Inventory for size (hint the quality record will contain the data neccesary to validate that your prototype process did not use obsolete material (try and sort for that). The standard says "detect." Ben's procedure (currently in draft) will say "prevent."

Sorry Ben, but unless I missed something Gman is dealing with 9K2K and there is no 7.5.5.1.

James

Gman,
Well considering what you walked into I'd say it could have been a lot worse. It sounds like your auditor is more interested in finding out what you know. By that I mean your understanding of the requirements. Went through the same thing here. Once they are satisfied that you know what you are talking about and really do want to get things squared away properly they sort of back off and work with you. (at least ours does)

From an auditors view, with three majors found, I would have to take a hard look at the internal audit program too. This program (or lack of) is obviously not effective, and that would be the crux of it. I might have taken a little different tack, but something would have to be done and quick to get it staightened out or the next audit would be another nightmare.

We are newly initiated to certification ourselves, and am finding that, at least in our case, the auditors are trying to be reasonable and work with us. Doesn't mean we haven't bumped heads now and then, but overall it's a good growth experience.

And by the way I agree 100% about the extra ammo that certification gives you. I've been able to get things done here because of the standard that would not havehappened without that "Outside Influence".

Congrats on getting it pushed through.

James :bigwave:

Please note that NOTES are not auditable and are for guidance. If the note is added to your system then it becomes auditable. The auditor may be looking at the second paragraph,first sentence. To write a major or anything is pushing it MO. Request a ruling from the registrars review board. Your plan is your schedule, could you post the schedule s/he looked at? This may help a bit.

Speculating a bit, it sure sounds to me like the auditor (despite being in
an ISO9000:2000 audit) thinks s/he is doing a TS16949 audit. Or
at least, the auditor went to a TS16949 class and listened to the IAOB's
latest approach to process auditing

There has been a lot of discussion both here and in the world at large about
the process concept in TS16949 circles. Some of it seems to be a superficial
understanding of the process concept. For example, a TS16949 seminar I attended last

week got into a long debate about "processes" replacing "procedures". Well,
I always thought that a "procedure" was a written definition of a "process".
Many participants, though, seemed to consider them to be night and day
different -- i.e. a procedure is not a process nor vice versa.

One nice thing about being in the automotive industry -- nothing succeeds
like excess.

Brad

Speculating a bit, it sure sounds to me like the auditor (despite being in an ISO9000:2000 audit) thinks s/he is doing a TS16949 audit. Or at least, the auditor went to a TS16949 class and listened to the IAOB's latest approach to process auditing.

I think that has becoming a running comment for many people. Our External Auditor has tried to repeatately give us a finding based upon TS16949 during an ISO 9001 audit. When we ask for the 'shall', she backs off.

Several of her Opportunities for Improvement are based upon TS16949, though. I point that out when reporting to Management on the audit results and clarifying any findings for them. If we have the time, the resources, and deem the OFI feasible and practical, we will accept it, otherwise, it's promptly rejected.

But my feeling is that many External Auditors are accredited to audit both ISO and TS, but sometimes, as happened in "Ghostbusters", they cross the streams and that's when inappropriate findings are issued, auditees complain, and auditors get defensive.

But my feeling is that many External Auditors are accredited to audit both ISO and TS, but sometimes, as happened in "Ghostbusters", they cross the streams and that's when inappropriate findings are issued, auditees complain, and auditors get defensive.
That would seem to be it, but if auditors just took the time to tag each finding to the proper clause in the proper standard I really don't see why this should be happening at all ??? Or am I missing something?

/Claes

That would seem to be it, but if auditors just took the time to tag each finding to the proper clause in the proper standard I really don't see why this should be happening at all ??? Or am I missing something?

No, you're not. That's why when the Auditor is about to issue the finding, if the Auditee does not feel it is valid, the question should be asked to have the "shall" and/or clause highlighted in the finding. If the Auditor is unable to do this, then the finding has no merit.

Auditors are people, too (or so I've been told), and can make mistakes. Auditees need to believe in their own systems, their own compliance, and not blindly accept what the Auditors say as being the whole truth.

While reading this thread I have come to the conclusion that third party auditors have not done the homework needed to understand the standrd like they should.
Our company has recently had two facilities registered to ISO9001:2000 and re-certified to QS9000, in combination. Now that was confusing!

The auditor went to our Reidsville plant first and almost walked out when he found out that they were still auditing to the procedures. The auditor called me (I coordinated these activites for the plants) then I called our corporate Quality Manager, he called the auditor, who called his office, before this was cleared up.

The auditor said that the audits need to be "Processed based". The Corporate Quality Manager said that the Level II procedures are the processes.

Go figure.

We had less trouble when he came to our plant because of a process audit checksheet that I used that I found on the COVE.

Thanks you COVE!

It's going to be a long and bumpy road until all of the confusion is cleared up.
now we have to certify to TS next year.

Mike W

:bonk:

Auditors that I have dealt with in the past have always referenced the appropriate clause of the standard and/or section of the procedure for nonconformances and observations. Is this not typical? It seems to me that it would make the reporting process much easier.

We had less trouble when he came to our plant because of a process audit checksheet that I used that I found on the COVE.

dbzman,

Would you mind sharing the checksheet you mentioned in your response?

Thanks,
Doug

This is the first time I've tried to attach a document so here goes......

:biglaugh:

dbzman,

Thanks for the checklist! I see how it can be used for a system audit, but how do you plan to use it as a process audit?

Thanks,
Doug

I would hastily agree with the comments from mshell, rcbeyette, and Claes (sp?)
that it is appropriate to ask the auditor specifically "where is the shall"?
Yes, the auditors are human, and one perceived advantage of the element
checklist approach to auditing is that it takes a lot less homework to do the
audit. Now that this crutch has been removed, it will separate the sheep
from the goats in the auditor pool.


I have heard (second and third hand) reports that the IAOB task force
(owners of TS16949 for the non-automotive crowd) are stressing "process"
vs. "procedure" in their training. This may be the source of confusion.

To be charitable to those folks, it is possible
that the message has been garbled in the communication. On the other hand
it wouldn't be the first time that automotive folks have tampered with the
third party registration system.

Brad

This is the first time I've tried to attach a document so here goes......

:biglaugh:
Great checklist! Exactly the direction I have been headed and will definitely help with our audits.

Dear,

Thank you very much Mr. dbzman for nice guidline for internal audit

Dear,

Thank you very much Mr. dbzman for nice guidline for internal audit

May I add as a caution (to this old thread) that the UL checklist which was posted is (IMHO) not suitable or satisfactory for internal quality system audits. The document is created for and used by third party auditors, not internal auditors..............

It may be a useful tool in other ways, however, it has limited use as an internal audit tool.

Thanks for the kind remarks (Russ and meo786). That is the checklist that I used in 2003 (see the post date). I have a new list that I currently use to help facilitate my audits.

I belive that AndyN is correct about the list not being completely suitable for Internal audits since audits are now “Process” audits. However, this old list is still adequate as a “Guide” to help an auditor. My new list is design to help follow my companies processes.
Checklists do tend to become crutches if not used properly but (IMHO) they are still one of the many good “tools” that help during an audit. Along with turtle diagrams (another crutch), process maps, etc they help us evaluate the system (processes) and its measures.

Checklists got a bum rap during the QS9000 days when they were used exclusively to perform audits. Now that Internal Audits are designed and planned according to the process approach checklists are shunned.
That is too bad because a checklist, if used properly, can help record, guide, facilitate, and move the audit to completion.

:bonk:

James:

the process approach doesn't 'shun' checklists at all. The checklists which are shunned are the 'element' based ones, such as the 'old' UL one you shared waaaaaay back when.

You're very correct when you describe a checklist as a guide etc., but it's the canned variety, just based on the standard, which are to be avoided like the plague........

As in many other threads and posts here, a checklist based on the process being audited is very acceptbale and totally useful. I have developed a checklist format to support the process being audited, and it's here somewhere. Even Cliff K has used it!

AndyN,

Very true, very true...

However, even though the process approach does not shun checklists but some people do. Even an element based checklist has some value as long as it is used “with perspective” and not relied on totally for an audit. It does not tell you about the processes but it will allow you to look at the system as it related to the standard. I do not use them but I do not reject them either.
Using any type of checklist as a do-all-and-end-all is dangerous. A process audit is based on our evaluation of the processes and their links and we should always evaluate them as such. This is similar to the way that a doctor may evaluate the human body; as organs that affect each other.
I think that many of us have developed excellent process based checklists (such as the one you have posted) and they work very well; and I would suggest that if someone need a checklist that yours should be downloaded as an example.

AndyN,

Very true, very true...

However, even though the process approach does not shun checklists but some people do. Even an element based checklist has some value as long as it is used “with perspective” and not relied on totally for an audit. It does not tell you about the processes but it will allow you to look at the system as it related to the standard. I do not use them but I do not reject them either.
Using any type of checklist as a do-all-and-end-all is dangerous. A process audit is based on our evaluation of the processes and their links and we should always evaluate them as such. This is similar to the way that a doctor may evaluate the human body; as organs that affect each other.
I think that many of us have developed excellent process based checklists (such as the one you have posted) and they work very well; and I would suggest that if someone need a checklist that yours should be downloaded as an example.


Checklists per se, are not bad. But, rookie auditors given a 20 question checklist tend frequently to just ask the 20 questions, and not follow the links, metrics, sequence and inputs/outputs.

I have created a checklist that I use in my trainings, that is more of a series of open ended reminders - go look at the metrics, are they effective, review the inputs and outputs, how well are they working? Which processes link to this one, and explore how robust they are. Questions like that can keep the auditor on track, but not become a prescribed checklist.

James:

the process approach doesn't 'shun' checklists at all. The checklists which are shunned are the 'element' based ones, such as the 'old' UL one you shared waaaaaay back when.

You're very correct when you describe a checklist as a guide etc., but it's the canned variety, just based on the standard, which are to be avoided like the plague........

As in many other threads and posts here, a checklist based on the process being audited is very acceptbale and totally useful. I have developed a checklist format to support the process being audited, and it's here somewhere. Even Cliff K has used it!

Andy, I appreciate the shout out, but I'm not sure citing me is going to help your credibility.:tg:

That said, the concepts behind Andy's tool are a terrific aid to a process-based audit. It reminds you to think about the supporting processes as you audit the real money makers for the company. If you use it right, you can get a real feel for how well the supporting processes work.

Also the thing resembles a turtle diagram enough to satisfy an auditor who believes that silly BS about turtles being the only tool for process auditing.

I have made a few changes to Andy's tool, some to suit my own audit techniques and some at the suggestion of clients.

Search the cove for "manufootball" without the quotes to find the thing Andy's talking about.

I can't (sorry) let this thread go by without getting in a little rant about TC 176' lack of clarity regarding process audits.

Now I think process audits are a great and wonderful thing. I support 'em wholeheartedly, teach 'em and do 'em.

But where do I find, within the four corners of ISO 9001:2000 (or 2008) the clearly stated requirement to utilize a process approach where appropriate? I do not, and neither does anyone else.

Instead we have to rely on fuzzy supports like "the intent of TC 176" and "the spirit of the standard." This is not a good situation when dealing with standards.

I think the spirit of the standard should have spoken a lot more clearly on the topic of process audits. Even a note would have been helpful.

ISO 9001:2000 does NOT require process audits because it does not [U]require[U] the "process approach. As stated:

0.2 Process approach
This International Standard promotes the adoption of a process approach when developing, implementing and improving the effectiveness of a quality management system, to enhance customer satisfaction by meeting customer requirements.

Thank you for quick response & guide. I hope you will send us your new checklist.

Thanks in advance.



Thanks for the kind remarks (Russ and meo786). That is the checklist that I used in 2003 (see the post date). I have a new list that I currently use to help facilitate my audits.

I belive that AndyN is correct about the list not being completely suitable for Internal audits since audits are now “Process” audits. However, this old list is still adequate as a “Guide” to help an auditor. My new list is design to help follow my companies processes.
Checklists do tend to become crutches if not used properly but (IMHO) they are still one of the many good “tools” that help during an audit. Along with turtle diagrams (another crutch), process maps, etc they help us evaluate the system (processes) and its measures.

Checklists got a bum rap during the QS9000 days when they were used exclusively to perform audits. Now that Internal Audits are designed and planned according to the process approach checklists are shunned.
That is too bad because a checklist, if used properly, can help record, guide, facilitate, and move the audit to completion.

:bonk: