Process Approach to Auditing Undocumented Processes at the System Level

[Alexander Keith]

to put that more simply, I am looking for a model that I can use to plan and do an audit of an undocumented process of ISO 9001:2000.

For example: I am an external auditor visiting a supplier's plant and I want to do an audit on section 8.5.1 Continual Improvement. There is a contractual requirement for the supplier to implement ISO 9001:2000 but registration is not required. The supplier has nothing documented to cover section 8.5.1 so I am now looking at the prospect of auditing on a verbal basis. How do I prepare for this in advance?

What inputs should I choose to examine? What questions should I be asking? Am I asking something redundant that there exists established models to use today?

Thank you everyone!

[CarolX]

Quote:

In Reply to Parent Post by Alexander Keith

For example: I am an external auditor visiting a supplier's plant and I want to do an audit on section 8.5.1 Continual Improvement. There is a contractual requirement for the supplier to implement ISO 9001:2000 but registration is not required. The supplier has nothing documented to cover section 8.5.1 so I am now looking at the prospect of auditing on a verbal basis. How do I prepare for this in advance?

Well - I gotta ask - how can you audit something that is not a requirement? I know the answer - you can't - nor is it fair to the auditee.

I had this happen a few months ago - a customer came in and audited us to some FDA requirements that were NEVER extended down to our level. It was the most frustrating experience of my career - and to top it off - we are still hashing out some of the findings. We agreed, after the audit, to comply with their requirements because of our long standing relationship, but the whole process was very much like .

As always - just my .

[Colin]

I don't think it is appropriate to audit continual improvement (along with a few other clauses like 5.1 & 5.2) as a 'stand alone' process. I believe it is part of other processes and the clue is in the clause.

8.5.1 identifies the key components and I would normally concentrate on items such as management review - particularly the outputs; quality objectives - how are they being used to set targets for improvements and how successful are they; internal audits - are opportunities for improvement being identified and acted upon; corrective actions - how are they being identified and managed following events such as complaints and NC product; preventive action - are they being employed, by whom and how successful are they.

Finally, what data is being gathered, from where and how is it being analysed and used to identify, implement and monitor improvements.

[CliffK]

Quote:

In Reply to Parent Post by Alexander Keith

to put that more simply, I am looking for a model that I can use to plan and do an audit of an undocumented process of ISO 9001:2000.

For example: I am an external auditor visiting a supplier's plant and I want to do an audit on section 8.5.1 Continual Improvement. There is a contractual requirement for the supplier to implement ISO 9001:2000 but registration is not required. The supplier has nothing documented to cover section 8.5.1 so I am now looking at the prospect of auditing on a verbal basis. How do I prepare for this in advance?

First, you need to be well versed in what the standard actually says about continual improvement. Second, bone up on the same element in ISO 9004.
Now you have some background. Third, google for "ISO 9001 Auditing Practices Group" (omit the quotes). There you will find guidance documents on auditing undocumented systems and on auditing continual improvement.

Quote:

What inputs should I choose to examine? What questions should I be asking? Am I asking something redundant that there exists established models to use today?

There's nothing wrong with going after continual improvement as a stand-alone topic. You certainly can address improvement while auditing other processes, but that's not the only way to approach it. In fact, if you suspect that the "improvement" has been, um, retrograde, then you probably should go after it.

How about asking the general manager what they've done to make things better? What are the goals for this year? Where is the "stretch" in those goals? How are they doing against those goals? If shortfall, what is being done about it? If you can't get to the GM, ask the quality guy. He should be able to provide evidence.

Reality check the upper management statements with lower level managers and the front-line guys. Don't expect word-for-word repetition, though, especially if you ask open-ended questions. You may have to ask leading questions to make sure you get all the facts.

Another way to look at it: is PDCA in evidence? Is improvement included in the P part?

Quote:

Thank you everyone!

No problemmo.

[Stijloor]

Quote:

In Reply to Parent Post by Alexander Keith

to put that more simply, I am looking for a model that I can use to plan and do an audit of an undocumented process of ISO 9001:2000.

For example: I am an external auditor visiting a supplier's plant and I want to do an audit on section 8.5.1 Continual Improvement. There is a contractual requirement for the supplier to implement ISO 9001:2000 but registration is not required. The supplier has nothing documented to cover section 8.5.1 so I am now looking at the prospect of auditing on a verbal basis. How do I prepare for this in advance?

What inputs should I choose to examine? What questions should I be asking? Am I asking something redundant that there exists established models to use today?

Thank you everyone!

Alexander,

Look at this link: "ISO 9001 Auditing Practices Group" and click your pick.

Free and downloadable.

Stijloor.

[Sidney Vianna]

Quote:

In Reply to Parent Post by Stijloor

Look at this link: "ISO 9001 Auditing Practices Group" and click your pick.

The two papers that seem to be the most appropriate are:

·Auditing continual improvement
·Auditing a QMS which has minimum documentation

[Helmut Jilling]

Quote:

In Reply to Parent Post by CarolX

Well - I gotta ask - how can you audit something that is not a requirement? I know the answer - you can't - nor is it fair to the auditee.

....

The OP stated

"There is a contractual requirement for the supplier to implement ISO 9001:2000 but registration is not required."

Thus, there is a requirement that this supplier implements ISO. The audit is done the same way as if they were registered.

[CliffK]

Quote:

In Reply to Parent Post by Helmut Jilling

The OP stated

"There is a contractual requirement for the supplier to implement ISO 9001:2000 but registration is not required."

Thus, there is a requirement that this supplier implements ISO. The audit is done the same way as if they were registered.

Quite right.

An interesting arrangement it is, too. If the OP's company required the supplier to register, the supplier would bear the cost of the audits. Both the supplier and OP's company would very likely benefit from having an experienced auditor do the work, as well.