Effective Auditing advice needed

#1
Hi everybody

I tried to find a topic related to my doubt and didn't find anything, and that is the reason of my question.
When auditing internally, and the scope is to verify compliance against 9001 2015.

What do you do?, do you question each clause and subclause of the standard even if the is repeated?
An example: (only are shown e and g)

9.1.3 Analysis and evaluation
The organization shall analyse and evaluate appropriate data and information arising from monitoring
and measurement.
The results of analysis shall be used to evaluate:
e) the effectiveness of actions taken to address risks and opportunities;
g) the need for improvements to the quality management system.


If you audit e) and g) and the auditee showed you evidences that really took into consideration effectiveness
and also showed continual improvements, so both subclauses are in compliance.

But you walk thru the standard and arrive at 9.3.2 and 10.3

9.3.2 Management review inputs (only shown e))
The management review shall be planned and carried out taking into consideration:
e) the effectiveness of actions taken to address risks and opportunities (see 6.1);

10.3 Continual improvement
The organization shall continually improve the suitability, adequacy and effectiveness of the quality
management system.

The organization shall consider the results of analysis and evaluation, and the outputs from
management review, to determine if there are needs or opportunities that shall be addressed as part of
continual improvement.

So, 9.1.3 e) and g) were already audited and ok, why to audit 9.3.2 and 10.3, don´t you think is wasted time?
or the criteria is not to audit 9.3.2 and 10.3, and do a cross-check in both sub clauses without mentioning them to the auditee?
What is the practice which is approved by ISO? are there some rules in this regard?

Thanks
 
#4
Depending on the provider, my experience is that UKAS accreditation is pretty good... As long as a) the instructor doesn't see everything through the eyes of a CB auditor and b) the materials also make a differentiation between external and internal audits, you should be good. Sadly, in 20+ years of this stuff, too many, far too many, instructors believe in a "one size fits all" way of auditing.
 

mattador78

Involved In Discussions
#5
Depending on the provider, my experience is that UKAS accreditation is pretty good... As long as a) the instructor doesn't see everything through the eyes of a CB auditor and b) the materials also make a differentiation between external and internal audits, you should be good. Sadly, in 20+ years of this stuff, too many, far too many, instructors believe in a "one size fits all" way of auditing.
I'm going for an internal one for iso 9001. Where I work I have moved in to quality and we are moving towards as9100d in the next Cpl of years so I as the H/S manager got nominated due to the fact every course I go on I pass, seems to be an ever growing list at the moment. Problem where I work has been the fact that we expanded really quickly about 5 years ago (ive worked here for 20) and to speed up the growth we have been using outside consultancy for ISO auditing and nobody has really got to grips with it here. My knowledge and use of PDCA in health and safety through my NEBOSH training meant im ahead of the curve on most of the management here so ive been moved across and up a Cpl of levels to lead the AS9100D project here. Thankfully my longstanding here means I have a good rapport with the directors and they agree understanding ISO is the key to understanding AS and I have a bit of a carte blanche when it comes to what, I need I am enjoying the challenge and the learning experiences coming on here each day helps as well and being allowed do it in work hours to top up knowledge is a joy perhaps some others don't get as easy
 

mattador78

Involved In Discussions
#6
Depending on the provider, my experience is that UKAS accreditation is pretty good... As long as a) the instructor doesn't see everything through the eyes of a CB auditor and b) the materials also make a differentiation between external and internal audits, you should be good. Sadly, in 20+ years of this stuff, too many, far too many, instructors believe in a "one size fits all" way of auditing.
Not sure why but you response earlier isn't showing so replying to this one again. I have no formal training in auditing hence attending this course, I completely agree the AS standard isn't really much more than a Cpl of paragraphs more than the ISO standard hence doing an internal ISO audit course to formalise my training and confirm my "competency" to run the QMS. A change of ownership 2 years ago has really highlighted how weak we have been in the future proofing the business as a whole, our production side exceeds the market standard for AS and for NADCAP, we know we have all the tests performed. However our control and transaction side are weaker than they need and should be, a BSI auditor has been helping us make these changes over the past few months a great guy we know from him working at Rolls Royce his description of us at work was a ballet of organised chaos! My job now is to remove the chaos lol
 
#7
I had gone off topic, thinking that you'd had some auditor training as an HSE person, then realized this was your first time.
 

mattador78

Involved In Discussions
#8
I had gone off topic, thinking that you'd had some auditor training as an HSE person, then realized this was your first time.
I have a small amount of auditing experience however no formal training usually its been me walking through with auditors here due too my knowledge of all the processes and what not to tell them :notangel:
 
#9
Have you attended an auditor training course?
Hi everybody

I tried to find a topic related to my doubt and didn't find anything, and that is the reason of my question.
When auditing internally, and the scope is to verify compliance against 9001 2015.

What do you do?, do you question each clause and subclause of the standard even if the is repeated?
An example: (only are shown e and g)

9.1.3 Analysis and evaluation
The organization shall analyse and evaluate appropriate data and information arising from monitoring
and measurement.
The results of analysis shall be used to evaluate:
e) the effectiveness of actions taken to address risks and opportunities;
g) the need for improvements to the quality management system.


If you audit e) and g) and the auditee showed you evidences that really took into consideration effectiveness
and also showed continual improvements, so both subclauses are in compliance.

But you walk thru the standard and arrive at 9.3.2 and 10.3

9.3.2 Management review inputs (only shown e))
The management review shall be planned and carried out taking into consideration:
e) the effectiveness of actions taken to address risks and opportunities (see 6.1);

10.3 Continual improvement
The organization shall continually improve the suitability, adequacy and effectiveness of the quality
management system.

The organization shall consider the results of analysis and evaluation, and the outputs from
management review, to determine if there are needs or opportunities that shall be addressed as part of
continual improvement.

So, 9.1.3 e) and g) were already audited and ok, why to audit 9.3.2 and 10.3, don´t you think is wasted time?
or the criteria is not to audit 9.3.2 and 10.3, and do a cross-check in both sub clauses without mentioning them to the auditee?
What is the practice which is approved by ISO? are there some rules in this regard?

Thanks
Yes, but the issue was in debate here sometime and was not so clear for me.
I remember Randy followed the criteria I said.
Thanks
 
#10
QualProd - from your post, it seems you are auditing from the "element" of the standard, which isn't the "Preferred" approach. Internal audits shouldn't really be being done on the requirements, unless we're talking about very early in the implementation - is that your situation?

Because you have taken this approach to audit elements, you have put yourself into this conundrum. BTW there is no "ISO approved practice". You should take a look at what and why you are auditing. Unless you have a clear understanding of these things - in other words your audit program as a whole - you will keep encountering such riddles and you won't ever actually audit your QMS, all you'll be able to tell management is that you do/don't comply with ISO 9001 which doesn't tell them anything useful.

I'd strongly suggest you go back to basics and ask yourself the question what is it you're auditing, why, how it should be audited and what benefit does it bring to management as an independent view of the business.
 

Top Bottom