There is no question that we WILL have procedures to control critical processes. I would not dream of 'pretending' to control a process without the properly documented procedure(s). If anything, I know that I tend to fault in the too-many-procedures and too-detailed instructions. Though with age, I have learned to temper this tendency.
My question does not relate to determining the need for a procedure - I know we will do that correctly. My question is how many of the procedures we have (or will have), which may well be more than explicitly or implicitly required by the Standard, do we have to make, or should make available to the auditor? Will the 'extra procedures' serve to show how well (hopefully) we control our operation? Will the auditor pick apart a procedure that perhaps I didn’t even have to ‘produce’ for the auditor’s perusal?
When the auditor comes, I want to show him/her that we fully meet the requirements of the Standard and are worthy of the certificate. I am not interested, however, in showing the auditor how great we are or how meticulously we document everything if such is not required. If I can meet the requirements and be certified by having the auditor spend X-hours auditing, why add anymore that would just result in the auditor spending 2X-hours if the result will be the same? Sort of the KISS principle, if you get my drift.
Alex