Auditing Top Management - Meeting Competency Requirements and Questions to Ask

L

LMills

#1
Hello to all, I'm currently an auditor in training for both ISO 9001 and ISO 14001. Worked extensively as internal audit in former company but learning how to work with third party registrar.

One area i've had a bit of a problem with in meeting competency requirements. In 5 Management clauses i can obtain evidence via interviews with QMR and others, reviewing QMS requirements as per 4.1, quality policy, quality objectives, etc. But in interviewing top management to discern their commitment what is the best approach for obtaining evidence--of course you can ask if they are committed to the QMS but not wanting a yes/no answer, need to have them elaborate. Any suggestions? Thanks!:bigwave:
 
Elsmar Forum Sponsor

Kronos147

Trusted Information Resource
#2
One area i've had a bit of a problem with in meeting competency requirements.
IMHO - Process owners do their process. Top management designs the process to meet requirements. Internal Audits challenge the plan's ability to meet requirements, and then further challenges the process.

I hope to ensure that the process owners at my organization are aware of the tools in our QMS, including Process Identification and Interaction, Quality Policy, and Quality Objectives, and to be able to identify their process within the identification method (in our Quality Manual), and identify their relevant Objectives on the Objective Report.

I hope process owners can point to the strategic goals, as discussed in management review. I hope they are aware of their process's impact on the other processes.

I hope process owners can explain their process controls, as spelled out in our documented information, and demonstrate adherence to requirements of our procedures, and creating sufficient documented information as objective evidence.

If the process is found to be non-conforming to requirements, we as top management, with me in the lead, failed to plan and assess the process in accordance with all the requirements.
 

howste

Thaumaturge
Super Moderator
#5
The ISO 9001 Auditing Practices Group (APG) has a guidance document on auditing top management. It can be found on their website here (search for "top management") or here is a direct link to the document.

I tend to ask a lot of open-ended questions to get them talking about the company, their role, and their commitment and support for the required activities. As far as specific questions to ask, there are too many to list, but here are a few to start with:

What do you consider to be the most important metrics that you look at?
What do you see as the purpose of the QMS in your company, and how does it fit into the business?
How's business?
What challenges are you facing right now?
What do you see as your role in the QMS?
What are you personally doing to support the QMS?
Are you getting the information that you need from the metrics and internal audits? (If not, what would you like to see?)
I noticed that the trend for the X metric is going the wrong way - what is being done to get it back on track? (You can also ask specific questions about any issues identified in management review, internal audits, or recent metrics...)
Are there some (ISO 9001/14001) required activities that you'd get rid of (they don't see as value-added), if given the option?
Etc...
 
L

LMills

#6
Those are great questions to start with...thanks! I have used the APG guidance documents before on a number of topics, they have been very helpful. :)
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#7
Listen to Howste. :agree1: And consider pursuing your competency requirement verifications for those with more direct impact on product/service quality. Top management can be dealt with in accountability and adequate resourcing.

That said, the organization is not off the hook as the new standards (you did not specify which one you were referring to) are including a blurb about managing change and that does include organizational change; and then there's risk management, which is absolutely a factor when the organization places poorly qualified persons in responsible positions. For this I would audit the process and ask if there is a means to identify, assign and prepare managers for succeeding in key roles.

This could include soft skills, though that wouldn't merit more than an OFI if a gap is recognized without clear affect on QMS performance or product/service quality, or system compliance with regulations. Too often I have seen people get promoted based on their technical prowess and stink at leadership & management.
:2cents:
 
L

LMills

#8
Thanks Jen--I'm referring to the ISO 9001:2008 standard, will be a candidate auditor next week for 2.5 day surveillance and and recert for ISO 9001:2008 for 3.5 days after that. And yes, i have seen first hand evidence of people promoted with tech skills but completely lacking leadership and management capabilities :)
 

AMIT BALLAL

Trusted Information Resource
#9
Audit the top management as a process - following process approach.
Process map / Turtle chart specified in Quality manual of your organization might help. Otherwise you can prepare a turtle chart by collecting following information. And then audit each element of the turtle chart finalized.

Start with asking about which activities being performed by top management (Might be like Business planning, budgeting, etc.). - This will become part of your process. [PROCESS]

Then ask what are the outputs out of the process/activities. (Outputs would be like Business plan for business planning, Budget for YearXXX, etc.) [OUTPUT]

Then ask/determine what inputs are required in order to perform the activities. (Inputs would be like Balanced scorecard for Business planning, Financial statements of previous year for Budget of current year) [INPUT]

Then ask how these activities are being done. Eg. How do you do Business planning, which elements are being considered. [PROCEDURE].

Then ask how effectiveness and efficiency of their process is being measured.
[MEASURES]


:2cents:

Thanks,
Amit
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#10
Thanks Jen--I'm referring to the ISO 9001:2008 standard, will be a candidate auditor next week for 2.5 day surveillance and and recert for ISO 9001:2008 for 3.5 days after that. And yes, i have seen first hand evidence of people promoted with tech skills but completely lacking leadership and management capabilities :)
I am wondering if we are talking about two separate things: commitment and competency in upper management.

The higher the level in the organization, the less competency evidence will resemble that of the people at the process level. Let's keep in mind 6.2.2 says "determine the necessary competence for personnel performing work affecting conformity to product requirements."

Commitment is reviewed in a triad of documentation, verbal inputs by auditees and what auditors physically observe. When interviewing top management, one can ask what's new since the last audit, what has been done that they are most proud of, and what they see for challenges ahead. What they say can be compared to how the rest of your auditees verbalize - you can ask them how their managers make sure they get what's needed to do a good job - and what you see when you go about the place. If these things tend to "line up" then one can say one has verified management commitment.
 
Thread starter Similar threads Forum Replies Date
S Auditing the Top Management during the Opening Meeting of Internal Audit Internal Auditing 21
C List of MDSAP Auditing Organizations Medical Device and FDA Regulations and Standards News 1
A What are the pros and cons of using an audit software for internal auditing? General Auditing Discussions 4
cscalise Suggestions for MDR Auditing tools EU Medical Device Regulations 1
J Auditing of Support Function IATF 16949 - Automotive Quality Systems Standard 9
D ISO 13485, FDA 21 CFR 820 and Auditing the Accounting Department ISO 13485:2016 - Medical Device Quality Management Systems 5
S Risk based internal auditing Internal Auditing 6
Randy Remote auditing (for disaster, disease, disturbance etc...) during the Neo Coronavirus Pandemic and Social Distancing Registrars and Notified Bodies 7
K ANVISA B-GMP Auditing requirements for Contract Manufacturers Other Medical Device Regulations World-Wide 0
F AS9100D Internal auditing requirements Internal Auditing 3
R Does any here use an internal auditing tool that works on different platforms? Internal Auditing 3
W Does anyone have an API Q2 checklist for internal auditing? Oil and Gas Industry Standards and Regulations 1
G Best Practices for IT auditing - Is a session-id necessary for a complete audit trail? IEC 27001 - Information Security Management Systems (ISMS) 0
I Questions to ask when auditing for Organizational Leadership and Planning for the QMS? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
C CE marking for general IVD (self-certified) & ISO 13485 QMS requirements - auditing EU Medical Device Regulations 6
blackholequasar Internal Auditing Inspiration - Getting volunteers to perform internal audits. Internal Auditing 22
W Internal Auditing carried out by a 3rd party - Review of previous audits AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
tony s What is the automotive process approach for auditing? IATF 16949 - Automotive Quality Systems Standard 2
S Internal Auditing for API Spec Q1 - auditor qualification requirements Oil and Gas Industry Standards and Regulations 6
R I've been auditing for a CB for 18 years General Auditing Discussions 10
P Consultant Auditing Qualifications Requirements ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 23
E Informational Internal Audits - Wear multiple hats what can and can't I audit (so I'm not auditing my own work) Internal Auditing 144
M We still have not received our certificate due to a 'backlog' with our auditing body Registrars and Notified Bodies 25
N Online Internal Auditing Course for ISO 13485 - Suggestions ISO 13485:2016 - Medical Device Quality Management Systems 8
A Agenda for 8D audit on Supplier's side - Auditing Corrective Actions General Auditing Discussions 5
U Internal auditing - Company employees or contract second party Internal Auditing 10
J Recomended Values - Auditing process in a supplier IATF 16949 - Automotive Quality Systems Standard 18
M Canada - Registrars that allow e-auditing for ISO 9001? Registrars and Notified Bodies 4
K Internal Auditing - Umbrella QMS and Multiple Standards Oil and Gas Industry Standards and Regulations 4
D Auditing Our Outsourced 2nd-3rd Party Internal Audit Company ISO 13485:2016 - Medical Device Quality Management Systems 6
supadrai Auditing Organization dragging their heels on issuing our MDSAP Surveillance Audit Confirmation Letter - everyone is nervous ... are we the only ones? Canada Medical Device Regulations 7
Ed Panek Supplier Auditing - No purchases from our key suppliers in the last 24 months ISO 13485:2016 - Medical Device Quality Management Systems 5
P Auditing "process validation" process 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
qualprod Effective Auditing advice needed ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 16
M Acceptance of remote auditing techniques - Can you help me with my research? General Auditing Discussions 0
GStough Auditing Against Criteria Unfamiliar to Auditee - Yea or Nay? General Auditing Discussions 11
qualprod Auditing Product and Services doubts ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
R Auditing support and management processes General Auditing Discussions 7
F It is acceptable moving remote locations staff to manufacturing plant for auditing? IATF 16949 - Automotive Quality Systems Standard 3
D MSDS / GHS Walk-through / Auditing Occupational Health & Safety Management Standards 6
Pmarszal Supplier Auditing Services (Audit Needed?) General Auditing Discussions 4
S ISO 9001 Audit Observations - Transitioning my career into auditing Career and Occupation Discussions 16
G AS9101 Rev F - Worksheets for internal auditing AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 11
N API Q2 clause 6.2.2.1 Auditing Outsourced Suppliers Oil and Gas Industry Standards and Regulations 5
M Auditing processes followed by employees placed on client's site Internal Auditing 4
S ISO 13485:2016 and MDSAP internal auditing ISO 13485:2016 - Medical Device Quality Management Systems 6
M Auditing a Contractor in EMS and Non Conformity Report General Auditing Discussions 1
Richard Regalado ISMS Auditing Guideline V2 (based from ISO/IEC 27001:2013) IEC 27001 - Information Security Management Systems (ISMS) 7
S ISO 9001:2015 - Internal Auditing - Audit to the Standard? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
B Auditing Senior Management to determine the Effectiveness of Management Processes IATF 16949 - Automotive Quality Systems Standard 6

Similar threads

Top Bottom