Can I conduct Internal Audit for combined ISO 9001, ISO 13485 and ISO 14001?

J

jennifer2015

Hi guys, my company is registered for ISO 9001, ISO 14001 and ISO 13485.

For the internal audits, our company internal auditors conduct the audits for ISO 9001 and ISO 14001 using 2 different checklists. For ISO 13485, we engaged external consultant for the internal audit since we have no certified internal auditor in ISO 13485.

My boss has suggested that this year we shall send employee for training and try to conduct the ISO 13485 internal audit on our own.

In the previous years, we had done our internal audit 2 times every year for (a) ISO 13485 and (b) ISO 9001 and ISO 14001 respectively. I would like to know is it possible/suitable if I want to combine this 3 different ISO standards and conduct the internal audit at one time using 1 checklist.

I have searched the forum for the sample checklist for internal audit, mostly are combined audit ISO 9001 and ISO 13485, I am thinking is it suitable to combine these 3 different ISO standard into 1 checklist for the company internal audit?

My company is a small organization, I am not really an expert in quality system and I am the only person to handle all quality system related works, therefore I truly appreciate for all advices here.

Thank you.
 

AndyN

Moved On
Hi guys, my company is registered for ISO 9001, ISO 14001 and ISO 13485.

For the internal audits, our company internal auditors conduct the audits for ISO 9001 and ISO 14001 using 2 different checklists. For ISO 13485, we engaged external consultant for the internal audit since we have no certified internal auditor in ISO 13485.

My boss has suggested that this year we shall send employee for training and try to conduct the ISO 13485 internal audit on our own.

In the previous years, we had done our internal audit 2 times every year for (a) ISO 13485 and (b) ISO 9001 and ISO 14001 respectively. I would like to know is it possible/suitable if I want to combine this 3 different ISO standards and conduct the internal audit at one time using 1 checklist.

I have searched the forum for the sample checklist for internal audit, mostly are combined audit ISO 9001 and ISO 13485, I am thinking is it suitable to combine these 3 different ISO standard into 1 checklist for the company internal audit?

My company is a small organization, I am not really an expert in quality system and I am the only person to handle all quality system related works, therefore I truly appreciate for all advices here.

Thank you.

Jennifer - I think you're approaching this all wrong! (Welcome to the Cove, BTW). YOU should prepare your own checklists, based on YOUR orgs processes, not the standard(s)! In this way, you can do 1 audit and cover many requirements, especially if you adopt a "process" style of audit. Other peoples' checklists aren't going to work for you. I'd also suggest finding a smarter consultant, if you've been using one and they didn't give you similar advice! Doing internal audits twice a year isn't "compliant" with any ISO either, but that's another matter...
 

Kronos147

Trusted Information Resource
I would like to know is it possible/suitable if I want to combine this 3 different ISO standards and conduct the internal audit at one time using 1 checklist.

I say that sounds like a great idea. I don't know anything in 9001 that would discourage that practice, but I am not familiar with the other two standards.
 
J

jennifer2015

Sorry for the misunderstanding, Andy. Are you saying that is it suitable to conduct internal audit for combined ISO 9001, 14001 & 13485?

I have look for process based sample checklists and now I am trying to develop 1 checklist for process-based internal audit for combined ISO 9001, 14001 & 13485, so that when I conduct the audit, it covers all the processes in my company. I have identified the processes in my company e.g. sales, inventory management, production, etc. and trying to create the checklist, there is linkage in between processes and clauses.
As I am still in intermediate stage trying to understand all the clauses, I don't think I am ready to conduct an internal audit without checklist.
 

AndyN

Moved On
Sorry for the misunderstanding, Andy. Are you saying that is it suitable to conduct internal audit for combined ISO 9001, 14001 & 13485?

I have look for process based sample checklists and now I am trying to develop 1 checklist for process-based internal audit for combined ISO 9001, 14001 & 13485, so that when I conduct the audit, it covers all the processes in my company. I have identified the processes in my company e.g. sales, inventory management, production, etc. and trying to create the checklist, there is linkage in between processes and clauses.
As I am still in intermediate stage trying to understand all the clauses, I don't think I am ready to conduct an internal audit without checklist.

No apologies needed, Jennifer! I agree that a checklist is a useful tool, especially since YOU are creating it. But it's NOT created from standards. It should be created from the processes you outline and from your own QMS/EMS requirements - which are defined to comply with the standards. Trying to map clauses to process is a futile activity for an auditor. What your task is fundamentally, is to confirm the processes are implemented, as planned and defined by management, achieving results per the specified objectives for quality and environmental.
 

somashekar

Leader
Admin
Sorry for the misunderstanding, Andy. Are you saying that is it suitable to conduct internal audit for combined ISO 9001, 14001 & 13485?

I have look for process based sample checklists and now I am trying to develop 1 checklist for process-based internal audit for combined ISO 9001, 14001 & 13485, so that when I conduct the audit, it covers all the processes in my company. I have identified the processes in my company e.g. sales, inventory management, production, etc. and trying to create the checklist, there is linkage in between processes and clauses.
As I am still in intermediate stage trying to understand all the clauses, I don't think I am ready to conduct an internal audit without checklist.
Jennifer.
It is possible to conduct combined internal audit.
For the question, Can you conduct it combined ... ?
You will need a good auditing experience of both 9k, 13485 and 14k.
The focus area of 9k and 13485 are closer with special emphasis in the 13485 on regulatory and certain other details as said in the standard and based on your products.
The focus area of 14k is different to these.
You need to shift your focus area and thus the auditing questions and style when you are combining these in your single audit visit to a process / area. This comes from experience of having performed good and in-depth internal auditing of 9k + 13485 and 14k in separate paths.
I am not trying to discourage you., but within our integrated QMS which also has 18k, our attempt with the auditors for a combined internal audit never went off well. We came back to traditional style (9k + 13485) and (14k + 18k)
Note that these are also combined, and our comfort level at this is OK...
Checklists at best are ready reckoner, and by itself do not make the foundation of a successful internal auditing program.
You make your best decision and good luck ~~~
 
I

IRAHAZ

If you have established your QMS and EMS is the same SOPs, then have your checklist done based on your SOP and not based on standard checklist. The structure of ISO 9000, 13485 and 14000 is the same so conducting 3 in 1 audit is definitely possible.

Although if you have separated your QMS and EMS is a two different sets of SOPs, you can still have your checklist done based on both sets of SOPs. the important thing is how your checklist is established? Dont follow the standard checklist that you may find from websites or training that you attended that based on the ISO clauses. Build the checklist from all related SOPs or WIs that you have from each department.
 

John Broomfield

Leader
Super Moderator
Jennifer,

Only occasionally do you need to verify that your organizational management system fulfills the requirements of the multiple system standards.

You have just one process-based management system and not a separate subsystem for each standard I hope.

I trust that your colleagues monitor the conformity and effectiveness of their processes long before you audit these processes for conformity and effectiveness.

The only time an auditor should concern herself or himself with which standard to cite is when the auditor reports a nonconformity.

Select the best clause from the most suitable standard. Do not list all the "applicable" clauses from all the standards in your nonconformity statements.

For the occasional system audit you can then afford to combine standards or not according to the competence of your auditors.

BTW, auditing every process "twice a year" whether it needs it or not is a nonconformity. You'll find that you should determine the status and importance (or assess the risk) of each process and adjust the frequency accordingly.

John
 
Q

qmshotpeen

I am struggling with a similar issue as Jennifer. I work for a small company that we are currently ISO9001/AS9100 and ISO13485 registered and certified to. Every year we have gotten by on our internal audits and every year they say they could be better. I have tried everything. I have tried to take our Quality Procedures and walk the process and audit like that to make sure we are doing everything as we state - some auditors don't like that. I have gathered so much objective evidence that I needed a binder to keep it organized, some liked that some didn't. Then this last year I have tried to audit to the check lists of the standards - I liked the checklists but I felt that really didn't audit our process well at all. We are so small that it is only me conducting these audits and I know the standards say I can't but the owners fight that because we have no one else to do it and that is my job. One of my objectives this year is to revamp the Internal Audit system. I am stuck other than hiring someone from the outside to come in and do them. HELP!!!!
 

John Broomfield

Leader
Super Moderator
I am struggling with a similar issue as Jennifer. I work for a small company that we are currently ISO9001/AS9100 and ISO13485 registered and certified to. Every year we have gotten by on our internal audits and every year they say they could be better. I have tried everything. I have tried to take our Quality Procedures and walk the process and audit like that to make sure we are doing everything as we state - some auditors don't like that. I have gathered so much objective evidence that I needed a binder to keep it organized, some liked that some didn't. Then this last year I have tried to audit to the check lists of the standards - I liked the checklists but I felt that really didn't audit our process well at all. We are so small that it is only me conducting these audits and I know the standards say I can't but the owners fight that because we have no one else to do it and that is my job. One of my objectives this year is to revamp the Internal Audit system. I am stuck other than hiring someone from the outside to come in and do them. HELP!!!!

Shotpeen,

You may need first to develop your organizational management system so it is process-based and naturally conforms to all three standards.

Then you can ask top management for their objectives for your internal audit programme.

Then you can develop your audit team and audit process to fulfill those objectives.

Running around in circles to keep your auditors happy is evidence that you do not know what you are doing or what you are trying to achieve.

Please post the objectives of your internal audit programme here so we can advise you how to fulfill it.

John
 
Top Bottom