Permissible Exclusions for QM ISO9001:2008 Audit and Consultancy Services Company

N

Nargiz

Dear All!

Need your help to specify and confirm permissible exclusions (permissible under iso 9001 reqs) to write down QM for the company (private sector) providing external finance (and operational performance effectiveness) audit services. What clauses out of chapter 7 can be excluded?

I would be very grateful for your help!

Please also tell me if you need any additional/specific information with regards to company scope of services to help me to identify these exclusions.

Thank you!
 

Colin

Quite Involved in Discussions
Re: Permissible Exclusions for QM_ISO9001: 2008_Audit and Consultancy Services Compan

Welcome to the Cove. It is quite likely that you may not need design (7.3) if you are performing generic services, clause 7.6 is likely to be an exclusion because you have no equipment requiring calibration, probably 7.5.5 preservation of product (you are providing a service) and 7.5.2 validation of processes because you can measure the outputs from your processes.

Hope this helps.
 
N

Nargiz

Re: Permissible Exclusions for QM_ISO9001: 2008_Audit and Consultancy Services Compan

Dear Colin!

Thank you very much for your valuable input! Let me provide you more information on the company structure ... and I will have some additional questions: The shareholders of a large petroleum national company (which has numerous JVs around the world) have founded another Audit company(the one we're talking about) having it purposed to prevent capital outflow and simultaneously to enhance operating efficiency. So this Audit company is fully subsidized by the shareholders, and the shareholders in this case are the only customer(s) of this Audit company. Inspections' areas are oil&gaz, telecom and heavy industry...In our case service provision is an audit reporting activity...
Except those exclusions you have already mentioned (7.3 - full; 7.5.2; 7.5.5& 7.6 - full) ...what do you think about 7.4 Purchasing (where the purchases are only those required for normal office activity - equip, stationaries, etc..)..what about Customer property, whereas the company itself is a Customer property??))...and how 7.5.3identification and traceability may be applied correctly??
And, however the section 8 is not a subject for any exclusions..but how measurement can be applied to audit reporting process(es)? The company does not aim to write say 10 findings or 15 ones... ?? I mean how the quality of audit reports delivery process can be measured as of standard requirements??

Thank you very much again!
 

Colin

Quite Involved in Discussions
Re: Permissible Exclusions for QM_ISO9001: 2008_Audit and Consultancy Services Compan

Nargiz, you seem to be well informed on the subject which is good!

You may be right about purchasing but do they employ services from people outside of the organisation? e.g. a specialist needed for a particular job. If so, purchasing comes into play, if not, it may be able to be excluded.

Customer property also includes intellectual property so I guess that will be involved.

I/D and traceability are pretty difficult to ignore because we need some form of reference for jobs e.g. a project number.

As for measuring and monitoring, that can often be achieved through the quality objectives (5.4.1) plus other indicators such as complaints and rejected work.
 
N

Nargiz

Re: Permissible Exclusions for QM_ISO9001: 2008_Audit and Consultancy Services Compan

Yes, Colin, thank you fo your remark re outsorced/purchased services: - the company currently employ translation agency (as most of personnel are english/russian speakers, while the documentation need to be put into local azeri language), plus, I believe, specific services' specialist will need to be attracted to audit in order to help in some types of investigation ...

Re customer property: have you ever met such a case where the customer property is a company itself - what statement then you put in the Quality Manual?
 

Colin

Quite Involved in Discussions
I think it would be better to refer to the information and intellectual property rather than the company itself. All you will need to do is have a policy for how you protect the information and say that you do so in the manual.
 
K

kgott

Re: Permissible Exclusions for QM_ISO9001: 2008_Audit and Consultancy Services Compan

Colin;It is quite likely that you may not need design (7.3) if you are performing generic services said:
Would not the OP require 7.3 to design the service for each client?

Would not the OP likely require 7.5.5 for preservation and analysis of data gathered during the audit?

Why would 7.5.2 likely not be required as I cannot see how they would measure the outputs of the service?
 

Colin

Quite Involved in Discussions
Kgott,

With regard to 7.3, that is why I asked if they were generic services for each client. By the sounds of it they have a single service which is well established, there is no design to do.

I would have thought that 8.4 was more suited to the collection and analysis of data.

7.5.2 is for situations where the output cannot be tested.
 
J

JaneB

Re: Permissible Exclusions for QM_ISO9001: 2008_Audit and Consultancy Services Compan

Colin's advice is sound.
Some typical ways you protect and preserve the data include having confidentiality policies and controlling access to confidential data (authorised personnel only, data stored on a network which requires log ons to access it, etc).

7.3 may or may not be applicable depending on whether you have to plan ('design') your audits in each case.
 
N

Nargiz

Dear Colin, Kgott and Jane!

Thank you very much for your valuable feedback - very appreciated!
Here I have another portion of my questions/considerations which, I believe, you'll like to answer and/or to discuss:

1. 7.3. I made a conclusion that this clause shall be included within the QM, since auditing in a various industries will require development of various methodology and tools to perform audit; moreover, even if the scheme of basic finance audit is the same for various client, but it will be combined with operational performance effectivenes audit, which will definitely require various application scheme, depending on industry and/or client.

2. 7.5.1.(f) The project is completed when the Company has issued and reviewed audit report with the client (and/or Shareholder(s)) and that the Client and/or Shareholder finally signed off the report as being agreed. Any other activities beyond this sign off will be a subject of supplementary project/contract. Am I right to exclude 7.5.2.(f) as there is no need to post delivery activities??

3. 7.5.2 Colin and Kgnott, you say that this clause can be excluded for the situations where the output cannot be tested. Agreed... but have some doubts with regards to a) defined criteria for review and approval of the processes (the company have audit manual where these processes stipulated) b) approval of ... qualification of presonnal (I want this procedure to be developed, as a min to have a competency plan in place) c) use of specific methods (specific methodology for audit processes) d) requirements for the records (must-have) ...e) revalidation is actually not applicable... So, would you please give me your considerations which part of 7.5.2. clause I can remove out fm the QM?

4. 7.5.4. Yes ,Confidentiality policy will be developed to protect received information/data fm clients/customers ... and it will be linked with the QM.

5. 7.5.5. Same, Yes, confidentiality policy will be developed to protect and preserve the data...etc..

6. 7.6. Yeap, the company does not have neither monitoring, no measuring equip... but the clause says "the organisation shall determine the monitoring and mesurement to be undertaken" ... The audit provision service(s) can be measured through various satisfaction surveys, grating reports related to audit finding. My question is this applicable to this clause 7.6. as in part (if in part, then what part exactly I can exclude ...say fm a) to e)?? Or this may be requirement of another clause of the Standard? Say, 8.1?? I feel lost in it...

Do you have any others considerations with regards to possible exclusions to Clause 7 considering audit_consultancy activities?

Thank you!
 
Top Bottom