In Reply to Parent Post by António Vieira
In my country almost all the registrars only perform the first ISO 9001 audit in an organization after that organization made one internal audit and one management review.
I don’t understand we these two processes are so important.
Shouldn’t, for example, corrective and preventive actions be more important?
When I make those audits what I generally find is Management Reviews so poor that the first one should be done only after my audit...
Is it the same everywhere?
As I understand your question, you and the members of your organization don't quite understand the value and concept of a "rehearsal" before the outside auditors come in.
The point is intended for the organization to do its own internal audit
of ALL its processes to see how they comply or don't comply with the Standard.
The report of the internal audit goes to management for management review
. The managers look at the internal audit report and make a decision for action or non-action based on the audit results. If corrective action
is required, management orders it and follows up to ensure it has been done. (Management may delegate the internal auditors to physically confirm the corrective action has been performed and whether it is effective. If not, management dictates a different action based on the recommendations of the auditors. This goes on until the process is in compliance.)
Similarly, if preventive action
is required, management orders it. (and so forth)
It is also important to realize the management review process
may call in lots of internal and external experts to help it arrive at a decision for action or non-action.
Once the internal audit, management review, and all actions dictated by the management review to bring the processes into compliance are accomplished, THEN, AND ONLY THEN do you bring in the outside auditors/registrars as a final check to determine if the organization's Quality Management System complies with the Standard.