Informational Context of the Organization & Interested Parties Evidence - ISO 9001:2015 Cl. 4.1/4.2

AndyN

Moved On
In 3 years of using this "context of the organization", I haven't seen any advantage for any organization!
It's one thing to show that is done for auditor to read...
If you only deal with mature organizations, that's possible. I work with small/medium sized businesses and they gain a benefit from doing a SWOT analysis to address this requirement. Are the organizations doing the right things? Or are they mature in their approach?
 

qualprod

Trusted Information Resource
In 3 years of using this "context of the organization", I haven't seen any advantage for any organization!
It's one thing to show that is done for auditor to read...
Antonio

I have to be in disagreement with your opinion.

If you think or try to comply only to auditor, I think is not a good decision.

However if try to apply treatment on aspects identified in the context into any business, no doubt we can have good results
in the organizations.

Please share why Context is not useful, I´m interested in your explanation.

Thanks
 

Rameshwar25

Quite Involved in Discussions
This is very confusing requirements in new standards. There are thousands issues in a company. How many of them to be included in risk analysis? You can never satisfy an auditor.
This is worst requirements of QMS. The theory of risk based thinking and issues has replaced 'preventive actions' of previous versions. But considerations could have been given how it would be effectively implemented before including this concept in new standards.
Yes, auditor have a got a good weapon in form of clause 4.1 to raise NCs. Even if you identify 5000 issues, they will tell you one more from your company and that too, in form of NC.
 

tony s

Information Seeker
Trusted Information Resource
Yes, auditor have a got a good weapon in form of clause 4.1 to raise NCs. Even if you identify 5000 issues, they will tell you one more from your company and that too, in form of NC.
I don't think so. Just because an auditor "add" to your already identified issues, or risks, he has now all the right to raise an NC.
 

armani

Quite Involved in Discussions
I don't think so. Just because an auditor "add" to your already identified issues, or risks, he has now all the right to raise an NC.
No, he has not all the right to raise an NC, firstly because u are supposed to know better than the auditor the issues / risk confronting ur organization.. Secondly, auditors (especially external ones) shouldn't look for identifying new risks, but to evaluate how you are dealing with identified risks.
Only if he(she) finds a NC and could tie this NC to an unidentified issue / risk, a NC can be raised.
I hope was clear enough.;)
 

tony s

Information Seeker
Trusted Information Resource
I believe, auditors can help the auditees to add from their list of risks. But, should not raise an NC due to this.

ISO 19011:2018 defines "audit findings" as "results of the evaluation of the collected audit evidence against audit criteria" with a Note saying Audit findings can lead to the identification of risks, opportunities for improvement or recording good practices.
 

armani

Quite Involved in Discussions
1 - ISO 19011:2018 is mainly about 1st and 2nd party audit
2 - "can lead to the identification of risk" could be interpreted as "can lead THE AUDITEE to the identification of risk";
3 - identification of risk means identification of NC, which is a risk per se .... so if the auditor identifies a NC, it is implying he identifyes a (new) risk.
etc...
 

AMIT BALLAL

Super Moderator
This is very confusing requirements in new standards. There are thousands issues in a company. How many of them to be included in risk analysis? You can never satisfy an auditor.
This is worst requirements of QMS. The theory of risk based thinking and issues has replaced 'preventive actions' of previous versions. But considerations could have been given how it would be effectively implemented before including this concept in new standards.
Yes, auditor have a got a good weapon in form of clause 4.1 to raise NCs. Even if you identify 5000 issues, they will tell you one more from your company and that too, in form of NC.

Completely agree risk analysis is a never ending process, everyone can be able to find different risks, but auditor cannot and should not raise a NC just because a particular risk was not identified. Risk analysis doesn't have to be a document, it has to be a practice. Risk analysis was always there, but was not integrated in QMS earlier. And as Andy said, there will be only few issues that will be critical to the organization . It has to be identified , acted upon and has to be integrated in QMS. Auditor need to look at the process of how context, actions are identified, how it is tracked and how effectiveness of these actions is verified.
 
Top Bottom