Definition Audit - Definition of what an audit is - Is there more to auditing?

M

M Greenaway

#11
Craig

Although the third party auditors are not involved with the system they may have a certain vested interest in keeping us sweet maybe - just an opinion.

Jim

I said nothing about the format of the audit, and never mentioned clipboard checks as a requirement. The requirement is:-

"ISO 9001:2000, Quality management systems – Requirements
8.2.2 Internal audit
The organization shall conduct internal audits at planned intervals to determine whether the quality management system
a) conforms to the planned arrangements (see 7.1), to the requirements of this International Standard and to the quality management system requirements established by the organization, and
b) is effectively implemented and maintained."

i.e. Internal audits must determine system conformance to ISO9001.
 
Elsmar Forum Sponsor
C

Craig H.

#12
M Greenaway said:

Craig

Although the third party auditors are not involved with the system they may have a certain vested interest in keeping us sweet maybe - just an opinion.
Martin:

Yes, it depends on the auditor, does it not? We can hire "yes men" or we can actually try to get same value for our money and effort.

Craig
 
M

M Greenaway

#13
True Craig, very good point.

OK so how do we get around the 'requirement' of ISO9001 regarding internal auditing addressing the conformance of the system to the requirements of ISO9001 ?

Can we say that this part of the internal audit process is in effect sub-contracted to our third party auditor ?

Thats the only way I see around it, but it does rather bend the rules in my opinion.

Also why would we want to bend the rules to such an extent ? Can we really get nothing out of conducting internal audits against the requirements of the standard ??
 

Mike S.

Happy to be Alive
Trusted Information Resource
#14
I was just thinking (I know -- dangerous stuff). What if we look at it from a different angle?

If we get the cert from the registrar, they agree that at that time we are compliant "to the requirements of" the standard, so our procedures and processes as well as our documentation is compliant at that time, right?

As time goes by let's say we decide to change something -- a procedure for contract review, for one example. If a knowledgable person (auditor, QM, etc.) reviews the change and agrees that it is still compliant to the standard's requirements, we should be safe there. If all changes are thusly approved to ensure ISO compliance prior to the change implementation the idea of checking procedures, processes, and documentation during an "internal audit" for conformance to the standard might be redundant. Most of the audit time could then be spent on ensuring that the procedures, processes, and documentation is actually being FOLLOWED/DONE as written or determined, and that they are effective, and looking for those elusive "opportunities for improvement".

Maybe this is what Jim is aiming at? :confused:
 
M

M Greenaway

#15
Mike

Yes its a very strong argument for the redundancy of the requirement to internal audit against the requirements of the standard. However isnt is reliant on us having documents for everything we do ?
 

Mike S.

Happy to be Alive
Trusted Information Resource
#16
Martin,

I don't think it is reliant on having docs for everything, but I admit to being undecided on the issue of new/different ways to audit. I'm still thinking on it. If I have a procedure that is unwritten -- say it is done by training and no written procedure is required by ISO or internal need -- and it was acceptable to be that way when I got the cert, it should be okay unless/until I change it. If/when I change it, if I first I review to make sure that the proposed new way is still compliant, I should be okay and not need to verify compliance of that procedure to ISO during some later internal audit. I may need to verify by later audit that the users are actually following this new procedure at a later date, but the issue of conformity to ISO is already handled. Or am I missing something?
 
M

M Greenaway

#17
OK Mike.

So where you do not have a written procedure the ISO auditor would have to audit the witnessed activity against the requirements of the standard would they not ?

It couldnt just be a desk audit could it ?
 

Mike S.

Happy to be Alive
Trusted Information Resource
#18
M Greenaway said:
OK Mike.
So where you do not have a written procedure the ISO auditor would have to audit the witnessed activity against the requirements of the standard would they not ?

It couldnt just be a desk audit could it ?
In my scenerio, where the procedures are not written, the ISO registrar auditor "would have to audit the witnessed activity against the requirements of the standard", yes. If it was not compliant, no cert. So, let's say it is compliant and I get the cert. Unless/until I formally change that procedure, or unless/until someone stops following the procedure properly (unauthorized change) we are compliant there -- no need to re-verify compliance to the ISO std. Yes, the person running the process could stop following it and do something else on his own (unauthorized change), but this could also happen if there were a written procedure.

So, most of my time is spent making sure that the approved procedure (whether written or not) is actually being done (not whether it is ISO compliant) and looking for opportunities for improvement.

Changes would get a "real-time audit" at the time of consideration for approval to verify ISO compliance.

I'm not trying to be argumentative here -- but tell me where you think I'm screwed-up (anyone).
 
J

Jimmy Olson

#19
We've adopted the following audit philosophy here. The requirements of the standard are verified by the external auditor. The registar confirms that our documentation and procedures satisfy the standard. When we do internal audits, we look at our own procedures and verify that they are being followed and that they are effective. However, we do verify things with the standard so that we can say we are checking comliance, but the primary focus of the audits are looking at effectiveness and areas for improvement.

Basically, we do it the way that is most valuable for us, and then jump through the hoops when doing the paperwork to keep the external auditor happy. :vfunny: :bonk:
 
C

Craig H.

#20
Richard, I could just about copy your post and put my name on it, too. That's pretty much what we do. At the beginning of each internal audit, the auditors look at the procedures relevant to the area (yes, they are written)and we talk about the relevant parts of the std.

In the areas that we have audited before, although I really havn't thought of it until Mike just brought it up, we are mostly looking for unauthorized changes. Most of ensuring compliance of the standard is my job - when I design parts of the system. Of course, QA gets audited too, so that is when most of the checking up on me (and standard compliance)is done. Except, of course, for the visits of the friendly neighborhood 3rd party auditor.

In the past, the parts of the standard were not included on the internal audit schedule. As I make up our new schedule, I am going to try to name the areas of the standard that apply to each subprocess/group in an attempt to put a little more emphasis on that, especially as our ISO 9001:2000 pieces are so young.
 
Thread starter Similar threads Forum Replies Date
R Critical suppliers (Definition of) and MDSAP (Medical Device Single Audit Program) ISO 13485:2016 - Medical Device Quality Management Systems 15
M Inputs on definition of very similar processes for multi site audit sample - IAF MD1 2018 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
S Definition Would a wrong definition constitute an Audit Finding? Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 3
K Definition of Repeat Audit Findings Internal Auditing 11
W Definition Product Audit - Definition Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 2
K Definition Audit - Time for a new definition of the word Audit? Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 15
B Definition of Calibration Frequency - Dispute during Audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
A Audit "Finding" Definition and Significance General Auditing Discussions 7
S Audit Trails - Definition, Description and Software Internal Auditing 9
D Definition Major Audit Nonconformance - Definition of Major Nonconformance Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 9
J Definition of Special Characteristics Delta C and Delta S - Need for Customer Audit Capability, Accuracy and Stability - Processes, Machines, etc. 2
L Audit Definition in ISO 9000:2000 includes "documented process"? General Auditing Discussions 2
E Definition Audit Finding - In 'Registrar Language' what is the Definition of a 'Finding'? Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 11
A Definition Major vs. Minor Nonconformance (Finding) - Internal Audit - Definition & Differences Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 38
Marc Definition Process Audit - Internal and External - ISO9000 - A Definition Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 7
N Definition Discovery Audit - Can someone give me a text book definition? Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 4
Q ISO 9001-2015 Internal audit finding Internal Auditing 12
lanley liao How to understand this words that the planning of internal audit shall take into consideration the results of previous audits? Oil and Gas Industry Standards and Regulations 10
P Audit check for IT company (ISO 9001) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
D Supplier audit Medical Device and FDA Regulations and Standards News 2
M Go Live With New ERP System before Recertification Audit General Auditing Discussions 6
A Add MDSAP to Internal Audit Schedule Medical Device Related Regulations 0
A Define timeline for Major and Miner Audit finding General Auditing Discussions 4
J IATF 16949 Internal Audit question - Auditor's responsibility Internal Auditing 6
A API Monogram audit review process Oil and Gas Industry Standards and Regulations 4
S IATF 16949 Internal Audit Example IATF 16949 - Automotive Quality Systems Standard 7
B Remote IATF 16949 audit preparation General Auditing Discussions 10
M AS9100D Registrar pre-audit requirements AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 15
I Do I need to sign off my annual audit calendar? Internal Auditing 2
R AS9100D internal audit checklist or ISO 9001 2015 to AS9100 D AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
M Nice and simple invitation email to an audit kickoff meeting Internal Auditing 1
M IATF 16949 - Audit of Remote Location/Support Site and IT IATF 16949 - Automotive Quality Systems Standard 4
Q IATF audit - Root Cause Analysis results IATF 16949 - Automotive Quality Systems Standard 5
Q Self-assessment audit information Quality Management System (QMS) Manuals 6
Le Chiffre Online training available for ISO/IEC 17021-1: Requirements for bodies providing audit and certification of management systems Training - Internal, External, Online and Distance Learning 3
xfngrs NIOSH Audit for N95 respirators US Food and Drug Administration (FDA) 1
Sidney Vianna IATF 16949 News Risked Based Audit Day Calculation IATF 16949 - Automotive Quality Systems Standard 2
T AS9100 audit due to facility move AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
M ISO 13485:2016 internal audit checklist Medical Device and FDA Regulations and Standards News 5
A Internal Audit Questions ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
B SAP Audit trail Periodic Review EU Medical Device Regulations 1
N What are the software audit and control steps Reliability Analysis - Predictions, Testing and Standards 2
R Gap Audit Aerospsace and Rail QMS Quality Manager and Management Related Issues 0
salaheddine96 Internal audit planning Internal Auditing 2
A MDSAP Audit Questionnaire Medical Device and FDA Regulations and Standards News 7
H Obligations as a contract manufacturer during an MDSAP audit ISO 13485:2016 - Medical Device Quality Management Systems 5
M What are the basics of Medical Device Single Audit Program (MDSAP)? ISO 13485:2016 - Medical Device Quality Management Systems 7
Sidney Vianna IATF 16949 News Update on the IATF CARA Project (“Common Audit Report Application”) - 12/2020 IATF 16949 - Automotive Quality Systems Standard 1
R ISO 17025 vertical audit checklist wanted Document Control Systems, Procedures, Forms and Templates 2
Z Rapid audit template for plastic parts manufacturing process Manufacturing and Related Processes 12

Similar threads

Top Bottom