I tried to perform a search to see if I could find something to help me with this. I didn't have much luck finding what I needed. If I overlooked a thread, I apologize in advance.
I am getting ready to start performing our internal audits. We used to use Internal Audit software by Harrington. I hated the software so I "removed it from service". In creating our new audit process, I have put the responsibility of creating the questions on the checklist to the auditors. In reading some of the threads from my search there were some suggestions made to take a copy of the procedure with you and make notes and questions on it along the way. I hate the idea of using a "canned" checklist. We've been that route before. I just can't figure out another way do to this.
First you ensure our system meets the standard....if it does you proceed to see if what they are doing is compliant to the documented procedures and work instructions. There was also talk in some threads along the way of using checkmarks.
This is what I had in mind....
On the front page of the checklist have a place for the auditor to identify which clauses they are auditing against (these are identified on the audit schedule) and to the right have a place to check if the system satisfied the clause, same with the QMS. If there are any areas unsatisfactory you identify the findings or any observations below.
My boss really liked the idea of an Audit Summary Report. When we used Harrington, my boss at the time had me submit a copy of the checklist to All departmetal supervisors involved. There was no "report". To be honest they didn't read them half the time they'd look for any findings and that was it. If you don't do a checklist, just what do you do? How do you document and have a record of your audit?
If you audit against the standard and the QMS and everything is hunky dorey...What and Why would you want to go into all the detail of documenting what you compared it to and what you found I've already said in my auditing procedure that we audit the standard and our own QMS. Would this satisfy the standard.
People were talking about an audit trail in some of the threads I was reading on as well. I'm not sure how all this is coming into play.
Can anyone help me "see" the light? Knowing me, I'm making this much harder than it is.
I meant to attach a copy of what I had created so far for our report and checklist. I hope I have them attached to this message right. If I do, what do you think?
Originally posted by Jamie First you ensure our system meets the standard....if it does you proceed to see if what they are doing is compliant to the documented procedures and work instructions. There was also talk in some threads along the way of using checkmarks.
If you audit against the standard and the QMS and everything is hunky dorey...What and Why would you want to go into all the detail of documenting what you compared it to and what you found I've already said in my auditing procedure that we audit the standard and our own QMS. Would this satisfy the standard.
Jamie
Jamie,
We do not intend to let our Internal Auditors audit to the standard. They will audit approved procedures written with the standard in mind, by a Steering Committee of (7) Department Heads and Managers. These meetings are often contentious, argumentative and eventually end up in agreement regarding interpretations. If seven us find it difficult to agree on what the standard means, what chance does an Auditor have in coming to a conclusion on what meets the intent? That does not preclude them from using a checklist to perform their audits. Again, the checklist will be developed with the standard in mind by the Committee. While the Internal Auditors have had auditor training by an outside consultant, the limited time (2 man days) is not enough to become familiar with a document that they never saw before. They are also not being paid to spend hours reading the standard before beginning their audits. All Auditors have a copy of the standard and are encouraged to read it. Certainly, as they mature and become more familiar with the standard, they have the right through the Document Control System to suggest changes to procedures and explain why. But not now.
So, documents/procedures approved and released by the Committee are binding and only subject to arbitration with our Consultant and/or our eventual Registrar. While everybody on the committee is recognized for their individual expertise, the standard (or intent) causes a lot of confusion as to what a section really means. Look at the differing opinions that we see here at the Cove. If you allow your Internal Auditors to question anything that doesn’t agree with what they perceive to be the correct meaning of a particular section of the standard, you can be in for a long day. I’m a firm believer in that old saying, “Give a man a hammer and he will bang it”.
Oh I forgot. We have 8 auditors for a Company of 45 people. 4 of them are on the Steering Committee. That leaves 3 that are not auditors. Conflict of interest? Not. We're all in this together. JMHO
Last edited by energy; 9th March 2002 at 11:09 AM.
It depends on your priorities. Who cares if you miss a requirement? Don't you pay a registrar to look after that?
Nope. We have to do it ourselves:
8.2.2 a (Internal audit): determine whether the QMS: conforms to the requirements of this standard.
Besides, The registrar spends two days/year here. Our internal auditors are here all the time. Thus they are able to dig up things the registrar would never find.
Quote:
You could look at 9001 compliance separately
Why? That would mean doing the same thing twice.
Quote:
why involve all those excellent busy people trying to do their work? Keep it away from them. Expose them to the organization's system, not to ISO 9000
I agree with that apart from the auditors. It's their job to do just that.
Internal audits must address the organisations compliance with the requirments of ISO9001:2000. You can slice and dice it anyway you want - and you may seperate the compliance to ISO9001 audit (even if you call it an annual desk top review - or any other name) from the compliance to our own procedures, from the effectiveness of the system - but you have to cover all these points.
The system you describe does not do away with the ISO9001 compliance audit - you have just seperated it from the other audit criteria and called it a different name.
You quote 8.2.2. I submit that there is a much more relevant and important clause: 8.2.1.3. Tell me if you can't find it
Sure. 8.2.1.3 is certainly relevant (No worries about finding it either), and it reflects my main reason for doing audits at all: To find input for improvement. However, that cannot be used to negate 8.2.2. Exactly how an audit is performed is beside the point, clipboards and deskchecks or not. We still have to use them to make certain that we conform to 9001.
Besides, we never go out waving the 9000 flag during audits. We ask questions designed to tell us whether we can improve the way we work. If we find that we don't fulfil the requirements in the standard, that's one of the things we need to fix....
Quote:
There are alternatives. You could, and this is JUST AN EXAMPLE, meet the 'conform to 9001' requirement by having one person do a deskcheck and then have managers audit their own departments or processes with no reference to ISO 9001 at all.
Err... I certainly want them to work with improvement in their own areas, no argument there. But: Bearing in mind that you're not supposed to audit yourself that is continual improvement, not part of the audit system. And yes, you could have one person do a deskcheck to see if you fulfill the standard. I just fail to see the point in having a number of trained auditors do only part of the job and leave the rest to this one person when they are perfectly able to do it themself?
Internal Audit Checklist?
I still insist
Linear Mode
