ISO 9001:2015 Transition Internal Audit completion thread

[ochem]

Question about the internal audit program requirements for transition prep. We audit all topics on a 1, 2, or 3, year interval based on a risk assessment approach. All audits have been done in the last three years. IMO opinion, most audit topics can be argued to have not be affected by the new standard.

Issue is, I had been under the impression, up until Oct 2017 (our transition/recert is scheduled to start 3/1) that I would update systems/procedures, processes to satisfy the new guideline, go through transition, then train internal auditors and start auditing to the new standard. Since I found out I was wrong, I prepared and performed training for all internal auditors and and can move forward with internal audits.

Question then is, with ~1month to go (I need time to perform the management review, and then audit the management review process?) Do I really need to perform every audit in our 3 year schedule, or can I focus on the topics that are truly affected by the updated standard (internal audit, training, risk-based thinking/corrective action, management review, etc...)

Thanks for your feedback.

 

[BigJohnJ]

Not sure what your CB will require, ours, however is requiring a full Quality Management System audit prior to our transition audit to the new standard.

 

[ScottK]

My registrar requires the same as BigJohnJ.
Full system audit to the 2015 rev prior to the transition audit

 

[Golfman25]

Question about the internal audit program requirements for transition prep. We audit all topics on a 1, 2, or 3, year interval based on a risk assessment approach. All audits have been done in the last three years. IMO opinion, most audit topics can be argued to have not be affected by the new standard.

Issue is, I had been under the impression, up until Oct 2017 (our transition/recert is scheduled to start 3/1) that I would update systems/procedures, processes to satisfy the new guideline, go through transition, then train internal auditors and start auditing to the new standard. Since I found out I was wrong, I prepared and performed training for all internal auditors and and can move forward with internal audits.

Question then is, with ~1month to go (I need time to perform the management review, and then audit the management review process?) Do I really need to perform every audit in our 3 year schedule, or can I focus on the topics that are truly affected by the updated standard (internal audit, training, risk-based thinking/corrective action, management review, etc...)

Thanks for your feedback.

IDK. I would think it depends on where you are in your certification schedule. If you're at a surveillance then maybe you can. You'll have audits available from older parts of the system and audits from the new parts. You could probably show a full cycle of audits, no?

 

[ochem]

The timing is such that we are at our 3 year recertification audit, and will be doing the transition to the new standard at the same time. So like I said, we've audited every topic in our audit program at least once since the last certification, but the auditors haven't technically been trained to the 2015 standard until beginning of December.

 

[AndyN]

Not sure what your CB will require, ours, however is requiring a full Quality Management System audit prior to our transition audit to the new standard.

I'd like to hear a CB define what they mean by this! Why not just audit the changes you made (ISO 9001:2015 9.2.2 requires that you take them into consideration). If you've already been auditing and there's not much changed, why do the whole thing? Sounds like mission creep to me...

 

[Golfman25]

The timing is such that we are at our 3 year recertification audit, and will be doing the transition to the new standard at the same time. So like I said, we've audited every topic in our audit program at least once since the last certification, but the auditors haven't technically been trained to the 2015 standard until beginning of December.

Well, I would take what sounds like Andy's approach. Do audits of those parts of your system that are new or changed. Then see what happens.

 

[Big Jim]

You really need to talk to your CB. Some insist on a full internal audit to the new standard. I'm aware of some that accepted a partial internal audit with a gap analysis that included addressing deficiencies discovered with the gap analysis. I'm not saying I like this idea, but I'm aware where it was accepted.

 

[Randy]

How can one claim that their QMS is up, running and effective unless it has been looked at?

How can Management review the effectiveness of the QMS to decide whether or no changes are necessary unless they've been supplied something that says "hey, here's what's happening"

As a 3rd party guy I can't verify effectiveness unless I have objective evidence supporting my decision, an a promise that "we're doing it in 2, 3, 6 months" isn't going to cut it.

Everyone can play silly games, but the end could be pretty bad for one of the players.

It's not like this has snuck up out of a dark corner and said "SURPRISE!" and arguments aside, a vast majority of negative stuff that can now happen during transition audits to 2015 regardless of how one feels is going to be on the organization and not the CB and definitely not the auditors, it's going to be a self inflicted wound.

I've got an audit coming up in 3 weeks and the client asked me last week if I could get them a copy of the standard so they could get ready! WHAT ? Anyone want to guess what the potential outcome might be? I've got to got into this thing objectively and impartially with the 600 lb gorilla already in the room.....

Just do what needs to be done, don't fiddle, don't prolong, don't play guessing games, don't point fingers....JUST DO IT!!!


(Maybe I'll be quoted again.)

 

[Golfman25]

How can one claim that their QMS is up, running and effective unless it has been looked at?

How can Management review the effectiveness of the QMS to decide whether or no changes are necessary unless they've been supplied something that says "hey, here's what's happening"

As a 3rd party guy I can't verify effectiveness unless I have objective evidence supporting my decision, an a promise that "we're doing it in 2, 3, 6 months" isn't going to cut it.

Everyone can play silly games, but the end could be pretty bad for one of the players.

It's not like this has snuck up out of a dark corner and said "SURPRISE!" and arguments aside, a vast majority of negative stuff that can now happen during transition audits to 2015 regardless of how one feels is going to be on the organization and not the CB and definitely not the auditors, it's going to be a self inflicted wound.

I've got an audit coming up in 3 weeks and the client asked me last week if I could get them a copy of the standard so they could get ready! WHAT ? Anyone want to guess what the potential outcome might be? I've got to got into this thing objectively and impartially with the 600 lb gorilla already in the room.....

Just do what needs to be done, don't fiddle, don't prolong, don't play guessing games, don't point fingers....JUST DO IT!!!


(Maybe I'll be quoted again.)

Yes, but things don't happen in a vacuum. We don't turn our system off, update it, and then turn it back on. We make changes on the fly. With any update, some things change and some stay the same. So why wouldn't prior audits of areas that haven't changed be sufficient? It should. Thus, you would only need to audit that which has changed.