Insect Warfare - this is exactly what I was looking for. I called them "functions" but you have them labeled as "key processes". I want to audit the entire system as Colin said, but have it broken down in bite sized segments. I was just having trouble deciding how to break it down. Your first attachment looks very logical.
Thank you Doug. I agree that it is very logical for me, but more importantly, it is simple...no complex NC grading systems, no bureaucracy to hamper down the activities., etc.
The way it works at my organization I call them all "key processes" even though on my process interaction map they are divided into 3 sections (Manufacturing Processes, Procurement Processes and Support Processes). I'm sure you know by now that it doesn't matter what terminology you use as long as it is clearly understood throughout. All of what I told you here is documented in our quality manual. I think half of the audit planning is already done for you if you have a well-written quality manual with a clear description of each process.
Some very good advice has already been given in this post but I would like to throw in another angle. I agree entirely with auditing processes but there are potential issues with this e.g. the size of the processes.
If an organisation has a very well 'processed based' QMS in place, how do you break up the audits into manageable pieces without breaking the 'process flow'? You could end up auditing the whole organisation in 1 go - which works great for a small business but not for a large/complex one.
Similarly, I don't recommend auditing by procedure, as such, but if the procedures have been written around the processes, where is the problem? The other issue is auditing against the standard - clause 8.2.2a states that we must determine whether the QMS conforms to 'this International standard'.
My preference is to encourage each audit to include the basics such as document control, records, elements of training, responsibilities etc. and then to use any specific clauses which apply to the processes being audited e.g. if you are in sales, look at 7.2, purchasing 7.4, etc.
If we encourage auditors to do that we not only verify that the system satisfies our own requirements but also that it meets ISO 9001.
I think Colin raised some interesting points that I didn't really think about in my last post. One is conforming to the standard per 8.2.2(a): another way to do this is by using a gap analysis checklist, as it is just another form of audit. In my organization I have a table in the quality manual showing which elements are associated with what process, based on gap analysis results. This also allows ours auditors to focus strictly on process performance during internal audits. Is it the preferred method or the best method? Maybe not in every case, but I thought I would just spitball it here anyway.
The other one is that, as you've seen in my attachment, I am not above auditing some "common-denominator" processes distinctly (i.e. Document Control, Records Control, Training, etc.), since they exist as processes in their own right, and have inputs and outputs that link to other processes which deserve an appropriate amount of attention. I would want to be sure though that (as an auditor) those interdependencies are existent and are working as intended. But I also realize that those processes are peppered into the other key processes, albeit with varying degrees of intersection, and just because I audit "calibration" doesn't mean I will not audit the records control part of it because it is listed separately on my audit plan. Common-sense should take over at some point.
One more thing....make sure your auditors are competent. This is paramount to any company's audit program. Make sure they know the fundamentals of internal auditing and what it is really all about, not the common misconceptions you are probably used to. Design training materials that suit your organization's culture, create workshops that make sense to them, and practice, practice, practice - even after they become competent. The Cove contains so much information on internal auditing that it is possible to put the pieces together (what am I saying this for, you already know
)
Brian