A macro-process structure approach to auditing for ISO 9001:2000(8)

[Alexander Keith]

Bonjours everyone,

there is debate here about the best structured process approach to auditing ISO 9001:2000. People have come up with different macro-process structures in which the various elements or sections of ISO can be plugged in. Here's my version. Let me know what you think please:

Quality System Processes ---> 4.1, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 5.4.2, 7.6 and 8.2.2

Management Processes ---> 5.1, 5.3, 5.4.1, 5.6, 8.4, 8.5.1, 8.5.2 and 8.5.3

Administrative Processes ---> 5.5.1, 5.5.2, 5.5.3 and 6.2.2

Customer Related Processes ---> 5.2, 7.2.1, 7.2.2, 7.2.3, 7.5.4 and 8.2.1

Product Related Processes ---> 6.3, 6.4, 7.1, 7.3, 7.4, 7.5.1, 7.5.2, 7.5.3,
7.5.5, 8.2.3, 8.2.4 and 8.3

I thank you in advance. Critique this all you want and to the max please. I'm looking for something that makes sense and is sellable to and useable by a team of auditors.

Alexander Keith
over & out

 

[Randy]

Re: Best macro-process structure for ISO 9001:2000(8)

1st Welcome

Here's the deal........your list will only be good for basically the 1st question in each clause, after that it's "Katie-bar-the-door". Also, don't waste time looking at 4.1 because the only time it's met is when everything else is done.

For instance to verify 6.2.2 you're going to need 4.2.4, 5.5.3, 4.2.2, 7.5.1 and maybe one or two more.

In a process approach to auditing what you worked so hard doing is just the starting point.

 

[Stijloor]

Re: Best macro-process structure for ISO 9001:2000(8)

Bonjours everyone,

there is debate here about the best structured process approach to auditing ISO 9001:2000. People have come up with different macro-process structures in which the various elements or sections of ISO can be plugged in. Here's my version. Let me know what you think please:

Quality System Processes ---> 4.1, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 5.4.2, 7.6 and 8.2.2

Management Processes ---> 5.1, 5.3, 5.4.1, 5.6, 8.4, 8.5.1, 8.5.2 and 8.5.3

Administrative Processes ---> 5.5.1, 5.5.2, 5.5.3 and 6.2.2

Customer Related Processes ---> 5.2, 7.2.1, 7.2.2, 7.2.3, 7.5.4 and 8.2.1

Product Related Processes ---> 6.3, 6.4, 7.1, 7.3, 7.4, 7.5.1, 7.5.2, 7.5.3,
7.5.5, 8.2.3, 8.2.4 and 8.3

I thank you in advance. Critique this all you want and to the max please. I'm looking for something that makes sense and is sellable to and useable by a team of auditors.

Alexander Keith
over & out

Alexander,

First of all, there is no requirement for "classifying" processes. It can be helpful, but not required. Part of this activity is to identify/determine your processes first. You can plug in the ISO 9001 requirements later on. Keep in mind that certain ISO 9001 requirements apply to various processes simultaneously. There's "overlap" so to speak and that is perfectly OK. Look for other threads here at The Cove Forums. You will notice that there are very diverse opinions about this process business. My advise? Keep it very simple and user-friendly.

Good luck with this.

Stijloor.

 

[Alexander Keith]

Re: A macro-process structure for ISO 9001:2000(8)

Thank you, Thank you,

We are auditing application of the ISO 9001:2000 standard. The standard is loosely organized into macro-processes (section 4, 5, 6, 7 & 8). I have simply re-arranged this as per above. Within each of these macro-processes are individual requirements for which an organization will develop individual processes in order to achieve the end result.

I have a team of external auditors and each one is assigned a macro-process.

We use the PDCAA approach (say what you do, do what you say, prove it, act on the difference, show me the evidence). The PDCA part is the organization's responsibility to achieve the end result. The A part is the external auditor's responsibility to verify at each PDCA stage. Show me the money, show me the evidence of your plan, your execution, your verification and any CA or improvement that you did on that individual process.

As Randy has mentioned there will be overlap into other processes when verifying any one process. The team meets regularly to review these overlaps and probe further if necessary.

The macro-process structure is there for me and the team to help organize and visualize things better. Maybe I shouldn't have used the word best on the title... in fact, I just took it off now. It's one idea for a structure among many.

Thank you!

 

[Stijloor]

Re: A macro-process structure for ISO 9001:2000(8)

Thank you, Thank you,

We are auditing application of the ISO 9001:2000 standard. The standard is loosely organized into macro-processes (section 4, 5, 6, 7 & 8). I have simply re-arranged this as per above. Within each of these macro-processes are individual requirements for which an organization will develop individual processes in order to achieve the end result.

I have a team of external auditors and each one is assigned a macro-process.

We use the PDCAA approach (say what you do, do what you say, prove it, act on the difference, show me the evidence). The PDCA part is the organization's responsibility to achieve the end result. The A part is the external auditor's responsibility to verify at each PDCA stage. Show me the money, show me the evidence of your plan, your execution, your verification and any CA or improvement that you did on that individual process.

As Randy has mentioned there will be overlap into other processes when verifying any one process. The team meets regularly to review these overlaps and probe further if necessary.

The macro-process structure is there for me and the team to help organize and visualize things better. Maybe I shouldn't have used the word best on the title... in fact, I just took it off now. It's one idea for a structure among many.

Thank you!

Alexander,

Is your plan to audit against the requirements of the Standard or audit processes using the (srtrongly) recommended process approach?

There's a lot of information available here about auditing using the "Process Approach."

Stijloor.

 

[Patricia Ravanello]

Bonjours everyone,

there is debate here about the best structured process approach to auditing ISO 9001:2000. People have come up with different macro-process structures in which the various elements or sections of ISO can be plugged in. Here's my version. Let me know what you think please:

Quality System Processes ---> 4.1, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 5.4.2, 7.6 and 8.2.2

...etc

I thank you in advance. Critique this all you want and to the max please. I'm looking for something that makes sense and is sellable to and useable by a team of auditors.

Alexander Keith
over & out

Hello Alexander,

Your system looks like an adaptation of what we saw with ISO 1994 where every company suddenly had some 20 or so Procedures...all aligned with the Standard. It looks like you're doing the same thing, but using just 5 Procedures...again, aligned with the standard - Sections 4, 5, 6, 7 & 8.

It also appears that you're focusing on the elements as opposed to your processes which doesn't jive with the "process approach", as mentioned already.

While grouping the sub-elements together like this, may serve some purpose for your organization, I doubt that it's very representative of how your company actually works.

Even if you are only using this proposed configuration for auditing, it goes against the grain of what the process approach requires. You need to follow your processes, step-by-step...not a select set of sub-elements of the standard...unless of course, that sequence happens to conform with your actual processes.

Your approach begs the question...what do your processes look like? Flow charts? Narratives? If you're satisfied that your documentation complies with the standard...I would put the standard away and focus on your documented processes.

Seems like you're creating more work than necessary and deviating from the whole point of the process approach.

Patricia Ravanello

 

[Alexander Keith]

I guess I didn't explain myself clearly and maybe I even assumed that we are all auditing the same thing here.

Here's what I am auditing, and here's what I see, as a customer's rep, the majority of the time from our suppliers:

----- supplier has a documented quality system originally structured to ISO 9001 (94) but subsequently re-structured to meet ISO 9001:2000. They are basically the same procedures before and after the re-structurization -----

Isn't that what you guys see too? Don't most companies serious about their personnel implementing ISO 9001:2000 on a consistent basis have documented procedures?

Also; if I'm doing an audit of a welding process for example, now here's a set of inputs that involve people, methods, materials, environment, etc.

if I'm doing an audit of the management macro-process however, the inputs become 5.1, 5.3, 5.4.1, 5.6, etc. I review the procedures beforehand and develop my checklist of questions based on those procedures. In those rare instances that there is no procedure I have a set of prepared open-ended questions to ask. I don't like to wing it or let the company describe in words anything they can think of next just to answer my questions.

At the end of the day the audit, whatever approach you take, is suppose to give you enough evidence to determine whether requirement are fulfilled or not. I like my evidence in writing please. PDCAA ---> the company does the PDCA and shows me the A (evidence) when I come in to audit.

Am I a dinosaur or are there still others like me out there?

Alexander Keith
over & out

 

[Patricia Ravanello]

Hi Alexander,
Thanks for the clarifcation...I didn't understand that your were talking about "you, auditing your suppliers", and not your own organization.

Notwithstanding that fact, I don't know why you'd take a different approach than the "Process Approach", even for what you are calling the "Macro" processes...Why aren't they documented? (Actually, I already know why...most Senior Management has gotten away without documented Procedures for those processes...like they just "magically" know how to do Business Planning and Management Review. I don't agree with it, but it's fairly common).

I suppose that's why you go in with your own set of "reference questions" to ask, just to make sure that the requirements have been met (that's not the process approach). I don't know what luck you'd have challenging them if their CB grants them certification.

I'd say you're doing the best you can under less than ideal circumstances. Bottom line is, you have to satisfy yourself that your audit is comprehensive, and that your supplier is, in fact, doing what they say they do...and what is required of them.

You raise an interesting question and discussion. I'm curious to hear other input on the subject.

Patricia

 

[JaneB]

----- supplier has a documented quality system originally structured to ISO 9001 (94) but subsequently re-structured to meet ISO 9001:2000. They are basically the same procedures before and after the re-structurization -----

Isn't that what you guys see too?

No. We have huge debates about the various ways of structuring manuals. I think that many people agree that a reasonably good and useful procedures manual is not just the 'same procedures' as there were for the '94 version, just 'tricked up' for the 2000 one.

It absolutely contradicts the process approach. Totally.

What kind of suppliers are you auditing? Are they all in similar fields?

Notwithstanding that fact, I don't know why you'd take a different approach than the "Process Approach" ...

I'd say you're doing the best you can under less than ideal circumstances. Bottom line is, you have to satisfy yourself that your audit is comprehensive, and that your supplier is, in fact, doing what they say they do...and what is required of them.

It is an interesting question and discussion.

Don't most companies serious about their personnel implementing ISO 9001:2000 on a consistent basis have documented procedures?

Yes to documented procedures. But if they're serious about 9001, I'd hope they'd be equally serious about the process approach, and that their procedures would then reflect this.
Are you second guessing the (external) auditors?

 

[Helmut Jilling]

I guess I didn't explain myself clearly and maybe I even assumed that we are all auditing the same thing here.

Here's what I am auditing, and here's what I see, as a customer's rep, the majority of the time from our suppliers:

----- supplier has a documented quality system originally structured to ISO 9001 (94) but subsequently re-structured to meet ISO 9001:2000. They are basically the same procedures before and after the re-structurization -----

Isn't that what you guys see too? Don't most companies serious about their personnel implementing ISO 9001:2000 on a consistent basis have documented procedures?

Also; if I'm doing an audit of a welding process for example, now here's a set of inputs that involve people, methods, materials, environment, etc.

if I'm doing an audit of the management macro-process however, the inputs become 5.1, 5.3, 5.4.1, 5.6, etc. I review the procedures beforehand and develop my checklist of questions based on those procedures. In those rare instances that there is no procedure I have a set of prepared open-ended questions to ask. I don't like to wing it or let the company describe in words anything they can think of next just to answer my questions.

At the end of the day the audit, whatever approach you take, is suppose to give you enough evidence to determine whether requirement are fulfilled or not. I like my evidence in writing please. PDCAA ---> the company does the PDCA and shows me the A (evidence) when I come in to audit.

Am I a dinosaur or are there still others like me out there?

Alexander Keith
over & out

We see all kinds of variations. Not all processes must be documented. But the paradox is those companies who most insist on that prerogative, also usually have really weak systems and poor performance (not in every case). The best companies frequently have too much documentation. not sure if that is a cause and effect relationship, but it is pretty telling.