The importance of some processes... Internal Audit, Management Review, Nonconformance

[António Vieira]

Hi everybody,

In my country almost all the registrars only perform the first ISO 9001 audit in an organization after that organization made one internal audit and one management review.
I don’t understand we these two processes are so important.
Shouldn’t, for example, corrective and preventive actions be more important?

When I make those audits what I generally find is Management Reviews so poor that the first one should be done only after my audit...

Is it the same everywhere?
Thanks

[Wes Bucey]

Quote:

Originally Posted by António Vieira

Hi everybody,

In my country almost all the registrars only perform the first ISO 9001 audit in an organization after that organization made one internal audit and one management review.
I don’t understand we these two processes are so important.
Shouldn’t, for example, corrective and preventive actions be more important?

When I make those audits what I generally find is Management Reviews so poor that the first one should be done only after my audit...

Is it the same everywhere?
Thanks

As I understand your question, you and the members of your organization don't quite understand the value and concept of a "rehearsal" before the outside auditors come in.

The point is intended for the organization to do its own internal audit of ALL its processes to see how they comply or don't comply with the Standard.

The report of the internal audit goes to management for management review. The managers look at the internal audit report and make a decision for action or non-action based on the audit results. If corrective action is required, management orders it and follows up to ensure it has been done. (Management may delegate the internal auditors to physically confirm the corrective action has been performed and whether it is effective. If not, management dictates a different action based on the recommendations of the auditors. This goes on until the process is in compliance.)

Similarly, if preventive action is required, management orders it. (and so forth)

It is also important to realize the management review process may call in lots of internal and external experts to help it arrive at a decision for action or non-action.

Once the internal audit, management review, and all actions dictated by the management review to bring the processes into compliance are accomplished, THEN, AND ONLY THEN do you bring in the outside auditors/registrars as a final check to determine if the organization's Quality Management System complies with the Standard.

[Hershal]

Excellent reply Wes.

From the accreditation world, we see the same question at times, though in a slightly different way. We consider these tools of management review, internal audit, and customer complaints/feedback as CRUCIAL to effective management of the operation. Suppose one is driving a car down the street. If the driver does not look at the instruments and the road then no corrections will be made as appropriate and the car will crash at some point because there is no control. The registered organization is the same. If there is no review and correction as appropriate, then there is no control.

Hope this helps.

Hershal

[Paul Simpson]

Agree with the above. There is a more basic reason why the registrars want to see an audit cycle and a management review cycle - they are both elements of the standard and the company needs to be able to demonstrate that it has systems in place that meet the element requirements.

Therefore you need some evidence that audits and reviews are working effectively.