I am just about done with training our Internal Auditors and when all done, we will have conducted three limited, ‘practice’ audits in which we all participated. After that, we will do our first complete Internal Audit.

I have divided the departments and operations among the four auditors, and each will do a complete audit of his/her areas. We will be auditing for the following:

A. How well does what we actually do match what the procedures we have just written say we do?
(As part of this, we will also be able to identify if a procedure, and not the activity per se, is at fault and the write-up is to be corrected.)

B. Are the ISO 9001:2000 elements applicable to any specific area properly met or satisfied?
(Here, we will also be able to identify if there are any elements of the Standard that we have not addressed at all.)

My concern is that after finishing the procedures, which I have written based on my interviews with managers, supervisors, and operators, I may have missed critical details. For example, in our Corrective Action procedure, I had forgotten to include a timing requirement for when a corrective action is to be completed. Another example is the lack of listing of some of the forms that we use within the applicable procedures.

I am presently seeking approval to have an independent consultant do a gap audit after our first internal audit. After that gap audit, I plan to do another internal audit, although perhaps not complete, and then we will be ready for the Registrar.

How else can I find out if I have dotted all the i’s and crossed all the t’s?

Thanks!

Alex

How else can I find out if I have dotted all the i’s and crossed all the t’s?
Thanks! Alex

Alex,

Don't look for perfection from the get-go. At some point ya gotta run with what you have, and use subsequent audits to reveal nonconformances and gaps. You have to show some thing from your audits.

I have a scheme that seems to work well for me (And my Swedish brother Claes),

1) group the nonconformances found by TS or ISO Section (4,5,6,7,8) and Paretoize the data. That will give you and indication of what major areas need shoring up.

2) Group the same data by TS or ISO sub-section and paretoize that. That will give you and indication of what processes need shoring up or procedure updates.

3) Group the individual noncon's by individual requirement. That will give you the gaps.

Hope this is of help. I programmed an Access database to do the grunt work. I even issue and track the CAR's through it.

I think you're off to a great start, Alex. Audits will be the strongest factor in determining if any areas have been missed...or not fully implemented. Keep that as an option to look for, as well...don't just look for "is it done or not"...look to see how well it has be implemented. Some organizations with shiftwork, focus on a crew or two and forget the others.

Something else to keep in mind is to perhaps get the feedback of the employees. They're the biggest users of the system...do they understand the concepts of it, do they apply it, do they believe in it?

There are also great attachments if you click the

The March - April 2004 Post Attachments Summary List

link on the top of this page and search for the word "internal" or "audit" -- many helpful tips and questions to ask.


I loved the use of the word paretoize by the way!

I loved the use of the word paretoize by the way!


You sweet talker you!

Alex,

Don't look for perfection from the get-go. At some point ya gotta run with what you have, and use subsequent audits to reveal nonconformances and gaps. You have to show some thing from your audits.

Well your on fire today Taz! :agree1: This is a great point. If you try to be perfect before you implement and conduct audits you will already be set up to fail. The program will develop as you audit. For example - we are on revision G of our procedure over 5 years. The program has developed into a very comprehensive one that has help to foster a positive continuous cycle of improvements.

Things change and you want to change with them. The best way to get a good solid system for auditing is to audit. You can have the best procedure in the world but if the auditors are not experienced and confident in their abilities your system will not hold up. Experience for the auditors will make them better auditors - will make your audit system better. JMHO.

Don't look for perfection from the get-go. At some point ya gotta run with what you have, and use subsequent audits to reveal nonconformances and gaps. Right. I see audits mainly as a tool for collecting improvement potential.

/Claes

It seems to me that your internal audit program is heavily focussed on compliance to documented procedures, and appraising whether or not your documented procedures detail exactly everything you do to the nth degree.

Perhaps a more fundemental and important question is 'are our processes effective in meeting our quality objectives ?'

Engineers always have been 'accused' of designing and redesigning to death before the product is released. Perhaps rightly so - but in my experience, it have always been able to save time and money. That having been said, I can honestly say that I am true practitioner of avoiding the 'paralysis through analysis' syndrome. ;)

Now that I got that off my chest... Yes, we will proceed with our internal and registration audits as scheduled. :yes: I just want to do as much work up front as possible.

M Greenaway- Bingo! :agree1:
We know that the procedures we use and the practices we follow work well for us. We also know that they can be improved, which is something we are working on. We did not, however, have the proper documentation or consistent records to establish a benchmark for comparison.

Writing the procedures will help us to continue to meet our Quality objectives including continual improvement, and to satisfy the Standard. Since the former is in 'pretty good shape' and the later is the 'unknown challenge', the former tends to become the squeaky wheel in this case.

Alex

It's nice to see that your IA process is designed to look for and address failure. (Not really, I'm just being myself)

You'd be better served focusing on the issue of how to identify things that could be adressed through preventive action (before they break or become a non conformance in need of correction). Lets call this a value added focus.

Improvement and growth come through proactive and not reactive measures...so is value whether real or percieved.

How does writing procedures help you meet your quality objectives ?

Do you have a quality objective to create documents for everything ?

The questions you need to ask are 'is the process effective' if not it is up to the process owner to take corrective action. He may decide as part of this to document something somewhere but the auditor should not, in my opinion, call the shots on what should be documented.

Otherwise we can fall into the old trap of non value adding audit activity which just serves to maintain reams of documents that no-one reads, apart from at audit time.

As for 'meeting your objectives, including continual improvement' and 'meeting the standard' I would say if you can prove the former the latter will naturally follow. After all that big box along the top of the ISO9001 model in the standard clearly states the objective of the standard - continual improvement.

Well your on fire today Taz! :agree1: This is a great point. If you try to be perfect before you implement and conduct audits you will already be set up to fail. The program will develop as you audit. For example - we are on revision G of our procedure over 5 years. The program has developed into a very comprehensive one that has help to foster a positive continuous cycle of improvements.

Things change and you want to change with them. The best way to get a good solid system for auditing is to audit. You can have the best procedure in the world but if the auditors are not experienced and confident in their abilities your system will not hold up. Experience for the auditors will make them better auditors - will make your audit system better. JMHO.


I was going to respond to Taz, but couldn't have said it any better. :agree1: Like riding a bicycle. At first you are shaky, but before long you are riding with no hands (and that's when you get hurt).

Our office has done a mediocre job of general QS training. We have not done any TS training yet.

But I need to train a new set of auditors (7) with various backgrounds. And I need to train them to audit to QS, but with TS in mind. I have put together a presentation on the major items in both, Core Tools and Customer Requirements.

My training plan consists of 8 hours of requirements, 4 hours of our system including filling out forms, using the QS-9000 series books, and a mini-fake audit; then 4 hours of an actual audit with experienced Team Leaders. (the 4 hours includes doing all the prep and post paperwork)

Besides Core Tools and Customer Requirements, what do others feel would be the major items to include? :confused:

I hesitate to emphasize Management Responsibilities because our past history does not include much top management involvement and the trainees response to it may just be, "yeah, right". :o