Concern about the adequacy of procedures

[Ingeniero1]

We are writing our procedures to become ISO 9001:2000 certified, and most of the procedures are being written from scratch. Everyone is well aware that the procedures are meant to help each department and operation perform their tasks and activities such that the outcome is conforming. That is, the procedure's primary goal is to help the organization and not to be a hindrance or obstacle.

However, the procedures will also be reviewed by The Auditor, and this has some people nervous as to what they should write that will be acceptable. I wrote a few 'hints' to help them out. Would those of you who have more experience than I (everyone?) with the ISO 9001:2000 auditors, please comment and critique my hints?

=======================
1. The Auditor will audit your area or operation according to what your procedures say.

2. The Auditor will investigate whether the tasks and activities listed by the procedure are done according to the procedure.

3. The Auditor will seek evidence to substantiate that the procedures indeed are followed – hearsay is not acceptable.

4. The Auditor will not judge whether the procedure is too detailed, but if it appears too vague or too simple, the auditor may question whether it is sufficient to carry out the task or activity properly – be ready to explain if this issue comes up.

5. The Auditor will not evaluate the adequacy of a procedure. If a procedure is followed and it works; i.e., the outcome of the task or activity conforms to expectations, then so be it.

6. The Auditor will not accept a procedure (will find a non-conformance) that is not followed, regardless of the outcome of the task or activity. If the outcome of the task or activity is otherwise conforming as carried out, then rewrite or edit the procedure so that it reflects what is being done.
=======================

Thank you for your time!

Alex

 

[WALLACE]

Ingeniero,
Work closely with the process owner/s, allowing them to map-out their own procedure, if indeed you are using them as work process instructions.
The auditor should realize and accept (As well as you) that, there may or should be an allowance for work procedural variation.
I've audited many work process procedures, when there has been more than one person performing the task, usually between two or even three shifts. I've always found, stepping back or moving to the next process is helpfull in assessing the efficiency of the procedure in question. Is it effective and fully completed according to process procedures? If yes, return to the process and assess for standardized procedural aspects. If no, an assessment at a deeper level is required to either re-write the procedure and retrain according to process needs.
Wallace.

 

[Mike S.]

Alex,

You've got a pretty good handle on things. However, "heresay" may indeed act as evidence IMO. Not all operations are being performed during an audit, and not all processes leave clear records. Auditors may ask someone "how do you do such-and-such" or "what happens when ..." and see if what they say matches the procedure.

Make the procedures as detailed as they need to be, but not more or less so. As Wallace said, work closely with the process owners and those who perform the process and let them guide you as to how much detail is needed. Your internal audits should be able to verify if the procedure is being followed at a later date, but your chances improve greatly if the users have early input. JMO.

 

[Claes Gefvenberg]

Everyone is well aware that the procedures are meant to help each department and operation perform....

Ok, but do think about processes rather than departments, as processes often span over several departments, and problems very often turn up in the interaction between departments (and processes for that matter).

1. And acc. to the standard.

2. Yes

3. Yes

4. Yes

5. I'm not so sure about that one, but essentially, yes.

6. I would say that the Auditor will try to convince himself that procedures and reality match. If they don't you will have to change one of the two.

7. The auditor will look for the documented and undocumented procedures necessary to conform to the standard. He has to...

/Claes

 

[db]

Alex,

You've got a pretty good handle on things. However, "heresay" may indeed act as evidence IMO. Not all operations are being performed during an audit, and not all processes leave clear records. Auditors may ask someone "how do you do such-and-such" or "what happens when ..." and see if what they say matches the procedure.

Make the procedures as detailed as they need to be, but not more or less so. As Wallace said, work closely with the process owners and those who perform the process and let them guide you as to how much detail is needed. Your internal audits should be able to verify if the procedure is being followed at a later date, but your chances improve greatly if the users have early input. JMO.

If I may add.... In Lead Auditor training, we were taught that there are 3 ways to obtain objective evidence: Observation, interviewing and examination. There is no requirement to have a written record for everything! What you call "heresay", I would call interviewing. A quick example. How do you prove you know the company's quality policy? Do you have a written record that you read, understand and know it? Or, do you explain it? As an auditor, I would accept your words, before I would accept a piece of paper you signed.

Don't over do things. Your procedure should follow the process. The amount of detail would be based on how detail it needs to be. In many cases, just a process flowchart might be enough. In other cases, neither a flowchart, nor a written procedure is required. In some cases, you might need both, along with work instructions and detailed records. It jsut depends on what you are trying to do, how you trying to do it, and who you have doing it.

Hope this helps.

 

[celso klitzke]

Hi Alex,

1, 2, 3, 4, 6 - yes
5 - no
If the auditor knows the subject (and he should) and the method described isn´t right, he can make an observation (needs further investigation/observation).

Best regards,
/Celso

 

[mshell]

Ingeniero1

Encourage them to write what they actually do, compare what they present to the standard, add any ISO requirements that are missing from the process and let internal audits catch the other missing issues. We have found this method to be very effective. When we audit, our employees can tell us almost exactly what the procedure says because we made the procedure match practice instead of *trying* to make practice match the procedure. In fact, during one audit a question was presented and everyone answered wrong (the answer did not match the procedure) so we changed the procedure to match the reponses instead of trying to change the people to match the procedure and now everyone answers the question right.
:mg:
Just IMO

 

[Claes Gefvenberg]

In fact, during one audit a question was presented and everyone answered wrong (the answer did not match the procedure) so we changed the procedure to match the reponses instead of trying to change the people to match the procedure and now everyone answers the question right.

Right on the button!

/Claes

 

[Ingeniero1]

mshell -

Yes! That's more or less what we are trying to do, but being sort of 'green' at this, what the Auditor may say about our 'just-hatched' procedures was a concern. On the positive side, this company has an excellent Quality record and satisfied customers. Frequently, we receive unsolicited letters and e-mails thanking us for helping them out with a special delivery or unusual request on their part. So whatever we are doing seems to be working just fine. Now let's put it in writing.

Thanks to all!

Alex