Anxiety - ISO Re-registration Audit

ASDriven

Starting to get Involved
#1
I was hired as the Quality Manager 4 months ago at a medium sized machine shop. The previous manager retired prior to my arrival so I received no formal insight in to their QMS. In addition, the company was doing itself a big dis-service by utilizing an auditor that just didn't care and would look the other way in areas that should have been clear major findings. This went on for years.

We now have a new auditor and my concern is that it won't go so well and I'll be ousted from my position as the audit is set to occur about a month from now. While some things are being done correctly, other items are utter disasters.

I'm afraid that I won't be able to regurgitate every area of the QMS and am asking if any one has experienced this situation before. If so, how did you prepare? Could I play the "new guy" card?

**My anxiety is through the roof**
 
Elsmar Forum Sponsor

contigo123

Involved In Discussions
#2
How about acknowledging the problems by issuing non-conformances/CAPAs now so that you can show evidence of having plans in place to address the issues? I get the same anxiety, but it's better to not hide things and rather just address them up front. You would be demonstrating that you have a proactive approach as the "new guy". Also consider running an internal audit before the external audit
 

blackholequasar

The Cheerful Diabetic
#3
I agree with @contigo123 - writing a CAR/NCR on known process failures is a good start.

Where does upper management stand on the issues? Are they not involved in what happens in the production floor and therefore it goes kind of unchecked? I've worked in that same situation before and we had several Major findings for ISO - so much so that it finally woke up the upper management to "hey, this isn't going to work and we will lose customers". Once you put a cost on it, they seem much more intuitive to what is going on. (Funny how that works...)
 

yodon

Staff member
Super Moderator
#4
I'm afraid that I won't be able to regurgitate every area of the QMS
Nor should you! You're just the point. You don't DO everything so you shouldn't hesitate to call in the process owners for help during the audit.

Could I play the "new guy" card?
Not a good strategy, IMO. The audit is supposed to be based on facts. Whether you're new or not shouldn't have any bearing on the facts. It does show a lack of planning on management's part just to throw you into the swamp - but that should reflect on management, not you.

I like @contigo123 's suggestion of doing an internal audit. Then discuss those findings with management to see where they really stand.

I'll be ousted from my position
If that happens, it may actually be a good thing for you! If they're not behind you and committed to the system, you're probably going to be pretty miserable in the position anyway.
 

AllTheThings

Involved In Discussions
#5
If that happens, it may actually be a good thing for you! If they're not behind you and committed to the system, you're probably going to be pretty miserable in the position anyway.
I personally think that audit findings against some part of 5.1.1 are probably not issued nearly as much as they should be. But understandably...Upper management is in the best position to venue shop registrars if they get their hand slapped.

This may be a CYA type situation, especially with the limited time. Some internal auditing, and a gently worded gap/risk analysis (with paths to success explained) for upper management may be in order. That way, you are preparing them for potential bad news from the audit, but with a path to succeed for your organization. As long as you don't pull a 'sky is falling', and couch it in terms of risks and solutions to be addressed, pending external audit results, you shouldn't scare them with cost/impact. That puts you in the position of being proactive and prepared, rather than reactive. Good management should recognize that.
 

ASDriven

Starting to get Involved
#6
I deeply appreciate everyone's comments and suggestions! My head is just spinning as I think I'm trying too hard to shove a square peg in to a round hole.

@contigo123 @blackholequasar @yodon the internal audits and CARs stemming from those findings is an awesome place to start and lay the foundation down to a more well established, conforming and effective QMS.

@blackholequasar @yodon @AllTheThings - upper management is bi-polar. The company had gotten away with quite a bit and were never dinged for any of their outstanding issues so to them everything was peachy. I really hope that a risk analysis associated with the internal audit findings will make them more apt at implementing effective solutions. If not, I don't believe there's much else I can do.

I'm assuming the auditor would still give us a minor if my response, to the areas where I've started improving the procedures and processes for, was something along the lines of 'we just started to improve our existing process and procedure with final review and implementation in the next management meeting'?
 

blackholequasar

The Cheerful Diabetic
#7
It depends on your auditor, to be honest. It's good to identify shortcomings of the quality system and your processes, however they may look at the historic fact that the previous auditor did not do their due diligence in investigating. You never know where it's going to go with ISO, tbh. But I'm going to try to be hopeful for you! Prepare for the worst, hope for the best, you know? It's HARD when you have a more seasoned workforce who is very laissez-faire to the importance.

In some cases, lose your certification = lose your customers.
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#8
In addition, the company was doing itself a big dis-service by utilizing an auditor that just didn't care and would look the other way in areas that should have been clear major findings. This went on for years.
One more case that exemplifies the damage created by incompetent CB auditors and welcomed by a large portion of the registrant community. It would REALLY help your case if you could demonstrate to your management IF and WHEN such unreported major findings (as you put) have led to product returns, customer complaints, inefficiency, cost of poor quality, etc...
 

Mike S.

Happy to be Alive
Trusted Information Resource
#9
OP, I've been in your shoes. It takes awhile to get your feet on the ground and understand the culture, understand the history, and understand the current "state of the union", so to speak. Once you do, be honest with Management. Call it like you see it. As someone said, document and let them know what you see as nonconformities and what risks are involved in that.

Let them know, hey, so far I have had time to look at X, Y, and Z and this is what I found. Based on that, there likely are more areas of concern I haven't gotten to yet.

You are, or at least shouldn't be, in this alone. As someone said, don't shoulder the burden alone -- call in the process owners and Management and make sure they know they will be required to participate. Good luck!
 

Kronos147

Trusted Information Resource
#10
I went to work for the current machine show where I am at 2 weeks before the audit.

I prepped myself by going through the manual and seeing if I could 'point' to all the stuff.

Yodon is right, the process owners should do most of the talking this time. IMO, you should use the event as your own gap analysis. What does your quality policy say? You want to continually improve? The audit will be a way for you to collect data for evidence-based decision making to determine what to address first!

Remember, the audit is about the processes, not the people. If management doesn't get that and fires you for a bad audit, collect the unemployment and find the right company!

Cheers
 
Thread starter Similar threads Forum Replies Date
I Does BSI require suppliers to be ISO 9001 Certified? EU Medical Device Regulations 8
Ron Rompen ISO 9001 Sanctioned Interpretations and FAQs ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
Ashland78 Need IATF 16949 ISO Gap Analysis Excel File Internal Auditing 3
Brizilla ISO 13485 for a Distributor ISO 13485:2016 - Medical Device Quality Management Systems 7
E Organisational Chart-ISO 17025 Laboratory ISO 17025 related Discussions 3
S Do ISO certs require an Apostille? ISO 13485:2016 - Medical Device Quality Management Systems 13
Q Harmonised Standards (EN ISO 13485 / EN ISO 14971) in MDR (2017/745/EU) ISO 13485:2016 - Medical Device Quality Management Systems 3
Sidney Vianna Informational ISO/CD 7101 Health Care Quality Management System Standard Hospitals, Clinics & other Health Care Providers 0
Fjalar ISO 20417:2021: Technical Data (6.6.4 c) Other Medical Device Related Standards 0
D Automotive Customer asking for ISO 14001 Certification from suppliers ISO 14001:2015 Specific Discussions 3
K Need Help With Auditing Suppliers Against ISO 9001 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 50
L PFMEA for test procedures (ISO 14971) ISO 14971 - Medical Device Risk Management 5
J ISO 13485- 8.3.1 Non-conforming material high volume ISO 13485:2016 - Medical Device Quality Management Systems 4
Q ISO 20417:2021- Regulatory Identification Other ISO and International Standards and European Regulations 2
L ISO/IEC 20000-6 Technical Areas IT (Information Technology) Service Management 0
R What are the new changes in EN ISO 11137-1:2015+A2:2019? Other Medical Device Related Standards 2
Y ISO 10993-14:2001 - Gel implants stored in glass syringes Other Medical Device Related Standards 1
eldercare Multi-Site ISO/AS Certification Requirement for some sites ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 22
Sidney Vianna ISO 14001 News ISO 14001 Continual Improvement Survey ISO 14001:2015 Specific Discussions 0
Casana ISO 17025 - Contractor certification? IATF 16949 - Automotive Quality Systems Standard 5
B Sanctioned interpretation #10 - ISO 17025 IATF 16949 - Automotive Quality Systems Standard 2
H Contract Manufacturer as Design Owner ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 6
G Compliance with ISO 9001-2015 for ISO 17025 Accredited Labs? ISO 17025 related Discussions 5
blackholequasar ISO 13485 certification prior to Medical Device Manufacturing... worth it? ISO 13485:2016 - Medical Device Quality Management Systems 4
C ISO 14001 Internal Audit - Opportunity for Improvement ISO 14001:2015 Specific Discussions 2
P ISO 11607-2 Process Specification Other Medical Device Related Standards 1
S Which ISO Standards to Purchase - EN ISO and/or ISO Other Medical Device Related Standards 1
A ISO Clause 4.1/4.2 & 6.1 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
S Electronic Signatures - Non-Conformance - ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 30
E ISO 13485 software validation ISO 13485:2016 - Medical Device Quality Management Systems 7
B ISO 11197, Venting of Medical Supply Units - cl. 201.11.2.2.101 Other Medical Device Related Standards 2
D Management reviews ISO 17025 ISO 17025 related Discussions 3
L Change Log in (controlled) Forms? (ISO 9001:2015) Document Control Systems, Procedures, Forms and Templates 6
K ISO 9001 Clause 8.3 & 8.6 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
I ISO 17025:2017 / ANAB 3125 - Articulating / Communicating Risks vis-a-vis Audit Findings ISO 17025 related Discussions 2
A Management of change procedure for ISO 45001 Occupational Health & Safety Management Standards 5
S Transition training for Internal Auditor from ISO 9001: 2008 to the ISO 9001:2015 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
D Notified Bodies - ISO 13485 & MDR Technical Files ISO 13485:2016 - Medical Device Quality Management Systems 3
E Comparison of Personal Protective Equipment Standards EN 14605 vs GB24539 and ISO 13982 vs GB 24539 Occupational Health & Safety Management Standards 0
H R&D Lab ISO 9001 certification ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
C Biologic Evaluation based on ISO 10993-1 EU Medical Device Regulations 2
D Deviations - Where in ISO 13485 deviations are covered? ISO 13485:2016 - Medical Device Quality Management Systems 7
B ISO 13485 Certification ISO 13485:2016 - Medical Device Quality Management Systems 2
J ISO 9001:2015 Clause 8.5.1 Control of Production and service provision - Help with Work Instruction Access ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
Y ISO 13485:2015 Software Validation IQ/OQ/PQ ISO 13485:2016 - Medical Device Quality Management Systems 13
Ajit Basrur Any ISO standard or guidance documents on barcode and scanning? Other Medical Device Related Standards 1
J ISO 13485 for Metal Finishing Medical Device and FDA Regulations and Standards News 5
S How to calculate Effective Number of People for ISO 13485 Certification? General Auditing Discussions 2
C ISO Question - Do you say "I-S-O" or "I-Soh"? Misc. Quality Assurance and Business Systems Related Topics 14
D Question regarding where "validations" fit according to ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 1

Similar threads

Top Bottom