Re: Internal audits 3 year plan?
Set your cycle to correspond with the registrar...just provide seperation. If the registrar audits twice a year set your audits halfway between theirs.
All you have to show is effective planning, performance and results
Or apply what the registrars have to apply when doing multi-sites
From old Guide 62............
4. CRITERIA FOR SAMPLING
4.1. Methodology
4.1.1. The sample should be partly selective based on the factors set out below and partly nonselective,and should result in a range of different sites being selected, without excluding the random element of sampling.
4.1.2. At least 25% of the sample should be selected at random.
4.1.3. Taking into account the criteria mentioned hereafter, the remainder should be selected so that the differences among the sites selected over the period of validity of the certificate / registration is as large as possible.
4.1.4. The site selection criteria may include among others the following aspects:
a) Results of internal audits or previous certification/registration assessments,
b) Records of complaints and other relevant aspects of corrective and preventive action,
c) Significant variations in the size of the sites,
d) Variations in the work procedures,
e) Modifications since the last certification/registration assessment,
f) Geographical dispersion.
4.1.5. This selection does not have to be done at the start of the assessment process. It can also be done once the assessment at the central office has been completed. In any case, the central office shall be informed of the sites to be part of the sample. This can be on relatively short notice, but should allow adequate time for preparation for the audit.
4.1.6. The central office shall be examined during every certification/registration audit and at least annually as part of surveillance.
4.2. Size Of Sample
4.2.1. The certification/registration body shall have a procedure for determining the sample to be taken when auditing sites as part of the assessment and certification/registration of a multi-site organization. This should take into account all the factors described in this annex.
4.2.2. In the event that application of the certification/registration body’s procedure results in a smaller sample than would result from the application of the guidance set out below, the certification/registration body shall record the reasons justifying this and demonstrate that it is operating in accordance with its approved procedure.
4.2.3. The following guidance is based on the example of a low to medium risk activity with less than 50 employees at each site. The minimum number of sites to be visited per audit is:
Initial audit: the size of the sample should be the square root of the number of remote sites: (y=√x ), rounded to the upper whole number.
Surveillance visit: the size of the annual sample should be the square root of the number of remote sites with 0.6 as a coefficient (y=0.6 √x), rounded to the upper whole number.
Reassessment: the size of the sample should be the same as for an initial audit. Nevertheless, where the quality management system has proved to be effective over a period of three years, the size of the sample could be reduced by a factor 0.8, i.e.: (y=0.8 √x), rounded to the upper whole number.
4.2.4. The central office shall be visited in addition.
4.2.5. The size of sample should be increased where the certification/registration body’s risk analysis of the activity covered by the quality management system subject to
certification/registration indicates special circumstances in respect of factors like:
a) The size of the sites and number of employees,
b) The complexity of the activity and of the quality management system,
c) Variations in working practices,
d) Variations in activities undertaken,
e) Records of complaints and other relevant aspects of corrective and preventive action,
f) Any multinational aspects;
g) Results of internal audits.
4.2.6. When the organization has a hierarchical system of branches (e.g. head (central) office / national offices/regional offices/local branches), the sampling model for initial audit as defined above applies to each level.
Example:
1 head office: visited at each audit cycle (initial/surveillance/reassessment)
4 national offices: sample = 2: minimum 1 at random
27 regional offices: sample = 6: minimum 2 at random
1700 local branches: sample = 42: minimum 11 at random.
4.3. Assessment Times
4.3.1. The audit time to spend for each individual site is another important element to consider, and the certification/registration body shall be prepared to justify the time spent on multi-site assessment in terms of its overall policy for allocation of assessment time.
4.3.2. Normally the number of man-days per site should be consistent with the number shown in the chart in Annex 2 of IAF Guidance on the Application of ISO/IEC Guide 62 - 1996.
4.3.3. Reductions can be applied to take into account the clauses that are not relevant to the local sites and are only examined at the central office.
4.3.4. The complexity of the activity is another factor that may be taken into consideration.
4.3.5. No reduction is permitted for the central office.
4.3.6. The total time expended on initial assessment and surveillance (understood as the total sum of the time spent at each site plus the central office) should never be less than that which would have been calculated for the size and complexity of the operation if all the work had been undertaken at a single site (i.e. with all the employees of the company in the same site). In most cases it will be considerably more.
4.4 Additional Sites
4.4.1. On the application of a new group of sites to join an already certified multi-site network, each new group of sites should be considered as an independent set for the determination of the sample size. After inclusion of the new group in the certificate, the new sites should be cumulated to the previous ones for determining the sample size for future surveillance visits or reassessment audits.
