Audit of essential QMS processes

G

glenn0004

#1
Audit of essential QMS processes
Over the past 12 months we have undertaken a programme of System Audits across all departments who are involved within the process of product realization. Our system audits are designed to account for ISO 9001 and I4001 requirements and how the department is accommodating the stated requirements. This includes, Document Control, Record Control, Non-Conformance, Corrective and Preventative Actions and Internal Audit, in effect we are auditing the net results of the six required procedures, within all other requirements.
During our external surveillance audit we pick-up a minor NC for not auditing all of the QMS i.e. we hadn't directly audited our Document Control Process. Our past approach to internal audit has never directly audited Document Control and has always audited the net results.
Does our approach meet the requirements of the standard or will we have to make arrangements for an un-associated person(s) to directly audit the big six?
 
Last edited by a moderator:
Elsmar Forum Sponsor

dsanabria

Quite Involved in Discussions
#2
If you could demonstrate that the results of Document control

"A documented procedure shall be established to define the controls needed a) to approve documents for adequacy prior to issue,
b) to review and update as necessary and re-approve documents,
c) to ensure that changes and the current revision status of documents are identified,
d) to ensure that relevant versions of applicable documents are available at points of use,
e) to ensure that documents remain legible and readily identifiable,
f) to ensure that documents of external origin determined by the organization to be necessary for the planning and operation of the quality management system are identified and their distribution controlled, and
g) to prevent the unintended use of obsolete documents, and to apply suitable identification to them if they are retained for any purpose."

were audited during the process then you have reason to appeal the ncr to the registrar. If not, then added to the processes for all your processes.
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#3
I agree with dsanabria.

I do agree with sampling documents in the process of auditing all over the site where controlled documents are used. That can help ensure you're not missing a place where controls fall apart.

But there's an expectation that the entire standard gets audited. Demonstrating the support process's coverage as samples in process audits might be easier if a table is used in which the auditor could check off that a) through f) were addressed with the sample. I do this for Management Review too, especially where different clauses are covered in different meeting venues.
 
G

GoKats78

#4
We don't have Document Control identified as a process. Never been questioned by an auditor as to why not.

Document control happens across all processes and is audited as part of those audits. It is my long-help opinion that is NOT a process.
 

dsanabria

Quite Involved in Discussions
#5
We don't have Document Control identified as a process. Never been questioned by an auditor as to why not.

Document control happens across all processes and is audited as part of those audits. It is my long-help opinion that is NOT a process.
You are correct - this is why competent auditors will not ask you for it - documents are there to support the process and it is / should be audited as part of the processes by internal and external auditors.
 
#6
Audit of essential QMS processes
Over the past 12 months we have undertaken a programme of System Audits across all departments who are involved within the process of product realization. Our system audits are designed to account for ISO 9001 and I4001 requirements and how the department is accommodating the stated requirements. This includes, Document Control, Record Control, Non-Conformance, Corrective and Preventative Actions and Internal Audit, in effect we are auditing the net results of the six required procedures, within all other requirements.
During our external surveillance audit we pick-up a minor NC for not auditing all of the QMS i.e. we hadn't directly audited our Document Control Process. Our past approach to internal audit has never directly audited Document Control and has always audited the net results.
Does our approach meet the requirements of the standard or will we have to make arrangements for an un-associated person(s) to directly audit the big six?
Your auditor is making up requirements and has no clue about process based audits of a management system. Reject the nc back the the CB management and tell them you don't expect to have the same auditor back.
 

RoxaneB

Super Moderator
Super Moderator
#7
The way doc control was assessed at our organization was the individual departments to conformance to our documented doc control process...and the "owner" of the doc control process was assessed on the appropriateness of the doc control process.

It was two ways of looking at the process...(1) Are people following the process? (2) Is the established process appropriate?

I'm wondering if this is the approach taken by your auditor.
 

SmallBizDave

Involved In Discussions
#9
I'm always looking for ways to protect myself from bad auditors without expending any effort. When I create my audit scripts I note the reference for each question as to what section of the standard and what section of the QMS procedures is covered. For example, if I am checking a management review record for required outputs, that question addresses items in section 5 as well as 4.2.4 since it's a record. The record has to be legible, controlled, etc. as well as containing the right information.

There is no standalone Record Control audit but there are questions covering section 4.2.4 (and 4.2.3) scattered through all process audits. So when the auditor wants to see that I have audited records control I can provide traceability to a series of scattered questions proving its been covered. It's not in the format they like but it is certainly compliant.
 

John Broomfield

Staff member
Super Moderator
#10
I agree with Dave's approach.

When process auditing you bring any applicable clause to bear on reporting the effectiveness of the process, and how well it is served by the system while making sure the audit fulfills its objective.

The idea of conducting a separate document control audit is laughable.

John
 
Thread starter Similar threads Forum Replies Date
ccochran The 10 Essential ISO 9001:2000 Audit Questions General Auditing Discussions 36
R External Audit and Certificate prorogation due to the pandemic General Auditing Discussions 10
Dean Bell Implementation of Controls as per SOA for Stage 2 Audit IEC 27001 - Information Security Management Systems (ISMS) 0
G Logistic organization and controls - IATF/ISO 9001 audit Nonconformance and Corrective Action 2
Geoff Cotton Performing a Delta Audit General Auditing Discussions 12
N ISO 19011:2018 - 5.4.2 "...audit program should engage in appropriate continual development..." Training - Internal, External, Online and Distance Learning 4
G MSA check list to audit IATF 16949 - Automotive Quality Systems Standard 8
L Open Positions During AS9100 Audit AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
L Stage 2 audit - Requirement for 3 months of records ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
F Who can sit in/perform an API audit? Oil and Gas Industry Standards and Regulations 2
L Manufacturing Process Audit Help IATF 16949 - Automotive Quality Systems Standard 6
H AS9100 Checklist for Internal Audit needed AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
A What are the pros and cons of using an audit software for internal auditing? General Auditing Discussions 4
F Internal Audit before Pre-Assessment ISO 17025 related Discussions 2
Q Internal audit plan template Internal Auditing 5
G Self Assessment Audit from a new potential customer General Auditing Discussions 3
L Internal audit during COVID-19 restrictions ISO 13485:2016 - Medical Device Quality Management Systems 5
M OEM asking for NC report after certification audit. IATF 16949 - Automotive Quality Systems Standard 3
Ooi Yew Jin Customer E audit preparation Quality Manager and Management Related Issues 2
N Audit non-compliance API Q1 - Use of External Documents 4.4.4 in Product Realization Oil and Gas Industry Standards and Regulations 4
J Remote Audit Experiences - June 2020 General Auditing Discussions 26
F Product audit sampling plans IATF 16949 - Automotive Quality Systems Standard 3
O ISO13485 implementation - Are internal audits expected before stage 1 audit? Design and Development of Products and Processes 3
M Supplier Audit Report - Template for second party audit wanted Lean in Manufacturing and Service Industries 1
Stefan Mundt AS9100D Major nonconformity due to recurrence of a NC during a subsequent CB audit. AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
B Using Unreleased Documents & Process Maps for Internal Audit purposes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
Q ISO 9001:2015 man days for surveillance audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
F ISO 13485 - EU countries that could request another audit ISO 13485:2016 - Medical Device Quality Management Systems 2
H Layered audit updates after COVID-19 shutdowns Process Audits and Layered Process Audits 0
L How to deal with an ISO 13485 Supplier Audit nonconformance ISO 13485:2016 - Medical Device Quality Management Systems 17
M Description of the requirements of clause 9.2.2.3 manufacturing process audit- needs your feedback IATF 16949 - Automotive Quality Systems Standard 0
Armen Conflict of Interest if I audit the QC department? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 16
V Generic IATF 16949 Audit Checklist wanted IATF 16949 - Automotive Quality Systems Standard 3
A NB (Notified Body) Audit of Standards ISO 13485:2016 - Medical Device Quality Management Systems 3
N Audit non-compliance - API Spec Q1 9th Ed 5.6.1.2 b Oil and Gas Industry Standards and Regulations 10
M Any way to execute VDA 6.3 audit remotely? VDA Standards - Germany's Automotive Standards 2
D Audit for ISO and AS 91XX and mitigating exposure to COVID-19 AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 14
D Postpone IATF 16949 audit due to COVID-19 IATF 16949 - Automotive Quality Systems Standard 41
JoCam Certified Body Audit of MDR requirements EU Medical Device Regulations 4
D Do non-IATF customers need to be included in audit scope? IATF 16949 - Automotive Quality Systems Standard 23
Ajit Basrur Track audit findings on Excel tracker Excel .xls Spreadsheet Templates and Tools 9
N Small Company - Internal audit process - Who does the audit? Internal Auditing 16
J Does anyone have an excel IATF 16949 Internal Audit checklist I could use? IATF 16949 - Automotive Quality Systems Standard 7
Watchcat Anyone had an MDR technical file review/audit yet? EU Medical Device Regulations 13
G Addressing Non-Conformances from an Internal Audit that are not product related ISO 13485:2016 - Medical Device Quality Management Systems 11
M Has anyone has been through an MDR audit? (3/2020) EU Medical Device Regulations 1
J Audit Finding For Not Retaining Test Results ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
T ISO 27001 sample audit report IEC 27001 - Information Security Management Systems (ISMS) 0
D API Spec Q1 9th Edition # Re-audit - Disputing with API AARs Oil and Gas Industry Standards and Regulations 2
Ajit Basrur Withdrawal of Audit Report Supplier Quality Assurance and other Supplier Issues 3

Similar threads

Top Bottom