Evaluation of Readiness of Organization for 3rd Party Audit

[lobotm6]

Hello to All,

I am preparing our organization for our 3rd party surveillance audit in the 1st quarter of the year and would need any suggestions that could help to measure the readiness of the processes.

In my view, I am preparing a dashboard (or say a barometer) that will be based on the following per each process:
- % non-conformity closed out from internal audits
- % reviewed/revised mandatory documents
- % relevant records in place
- % calibration status (for relevant processes)
-% compliance to legal & statutory requirements (permits, certificates etc.)

Is there a better way than this to evaluate the readiness? Are there some more parameters I can add to the above list?

Your recommendations are greatly appreciated.

Regards.

 

[Johnny Quality]

Who is the dashboard for?

 

[mattador78]

What does you gap analysis and internal audits say you are missing? And what % is your magic number for readiness is your audit against AS9100 or AS9001 for example as one requires a geater level of readiness from the other.

 

[lobotm6]

Who is the dashboard for?

The dashboard is for me and I am the EHQMS manager / MR

 

[lobotm6]

What does you gap analysis and internal audits say you are missing? And what % is your magic number for readiness is your audit against AS9100 or AS9001 for example as one requires a geater level of readiness from the other.

Actually the management systems we are certidied to are 9001, 14001 and 45001

 

[John C. Abnet]

Hello to All,

I am preparing our organization for our 3rd party surveillance audit in the 1st quarter of the year and would need any suggestions that could help to measure the readiness of the processes.

Regards.

Good day @lobotm6 ;
I would offer the following...

- % non-conformity closed out from internal audits
There is no "ISO" requirement" for % closed.
* Were nonconformities addressed without "undue delay?
* Were all applied corrective actions confirmed to be effective?
- % reviewed/revised mandatory documents
* There is no "ISO" requirement for reviewing/revising documents (and certainly no applicable "%" measurable ). The only requirements for
"review/revised" are..
- when "creating or updating....(were they reviewed for suitability? Were changes controlled [e.g. revision history] ?
- % relevant records in place
* How about simply ensuring 100% of relevant records are in place and serving their intended purpose?
- % calibration status (for relevant processes)
* Does your organization have measurement devices that require calibration? (simply verification?).
- How about ensuring 100% have been calibrated and/or verified at the frequencies to which your organization subscribes?
-% compliance to legal & statutory requirements (permits, certificates etc.)
* Why would your organization be willing to accept anything less than 100% compliance to legal and statutory requirements?

I would counsel that your organization moves away from a "%" measurable in this context.

Keep in mind. If it's required, then your 3rd party auditor will potentially (likely), write a nonconformance finding for anything that is not as required (and likely not be interested in whether "5%" is not as it should be or "20%" is not as it should be).

It sounds as if your organization is already certified and has previous surveillance audits. How did your organization operate ("prepare") previously? Was that method effective ?


Hope you find these considerations helpful.

Be well.

 

[Randy]

You are setting yourself up for failure if your auditor is worth his salt.

- % relevant records in place

I'd ask why you aren't controlling all your records and your answer would be supporting evidence of the NC I'd probably issue fo ineffective document control. The seriousness would determine Minor or Major

-% compliance to legal & statutory requirements (permits, certificates etc.)

If you say anything less than 100% you're probably toast, especially for 14001 & 45001. You've committed to 100% in your policy and that's the minimum, not meeting it goes against your policy and creating/setting a percentage demonstrates planning of non-fulfillment, the consequences of which could be very painful.

You pull up and present that dashboard to me and you'll be opening Pandora's Box while reaching for a big, foaming mug of Hemlock with regards to the success of your audit. You've provided me some absolutely fantastic audit trails a blindfolded blind man could follow in a coal mine, after dark, during the dark of the moon.

Here's to ya

 

[lobotm6]

Good day @lobotm6 ;

It sounds as if your organization is already certified and has previous surveillance audits. How did your organization operate ("prepare") previously? Was that method effective ?


Hope you find these considerations helpful.

Be well.

VERY HELPFUL John.
Yes, we are already certified and have had previous surveillance audits.
For continuous improvement and easy follow up on areas needing close attention, I thought of developing such dashboard (or something of its kind), at least to quantify the level of readiness per process or site. And in that way also I can focus on the areas that need urgent attention.

 

[lobotm6]

You are setting yourself up for failure if your auditor is worth his salt.

I'd ask why you aren't controlling all your records and your answer would be supporting evidence of the NC I'd probably issue fo ineffective document control. The seriousness would determine Minor or Major


If you say anything less than 100% you're probably toast, especially for 14001 & 45001. You've committed to 100% in your policy and that's the minimum, not meeting it goes against your policy and creating/setting a percentage demonstrates planning of non-fulfillment, the consequences of which could be very painful.

You pull up and present that dashboard to me and you'll be opening Pandora's Box while reaching for a big, foaming mug of Hemlock with regards to the success of your audit. You've provided me some absolutely fantastic audit trails a blindfolded blind man could follow in a coal mine, after dark, during the dark of the moon.

Here's to ya

Good RANDY. I really agree to and appreciate your recommendations and will consider them.
In fact, the dashboard (or something of its kind) I want to develop is a personal follow tool I want to use in order to measure our readiness level and to allow focus on areas needing urgent attention. It won't be for the auditors' "consumption".

My regards.

 

[Johnny Quality]

Where and how will the dashboard gather its data?