How do you audit past verbal approvals against ISO 9001 Clause 4.2.3a?

J
#11
Re: How do you audit past verbal approvals against ISO 4.2.3a?

I agree that effectiveness of the system is the most important but we are not talking about 1000 (or more) conformities. We are talking 4.2.3a vs verbal approvals specifically. Can you think of the risks of verbal approvals?
I can think that there are several aspects that might come to bear here, and that verbal vs documented approvals can vary from industry to industry - each with it's own set or form of risks. Certainly an assessment of the potential risks needs to be made by the company in order to justify whether verbal approvals are OK.

Peace
James
 
Elsmar Forum Sponsor
K

Ka Pilo

#12
Re: How do you audit past verbal approvals against ISO 4.2.3a?

I can think that there are several aspects that might come to bear here, and that verbal vs documented approvals can vary from industry to industry - each with it's own set or form of risks. Certainly an assessment of the potential risks needs to be made by the company in order to justify whether verbal approvals are OK.

Peace
James
So the fair way to say that recording approval is necessary or not can vary from industry to industry – each with its own set or form of risks.
 
#13
Re: How do you audit past verbal approvals against ISO 4.2.3a?

Let me lay out a scenario. I am the manufacturing manager for a small plastic injection molding company. I have several machines, and 4 operators who do the actual setup, mold and inspect. I create a setup sheet for each molder. I then save the file on the computer, in a shared directory that only I and the owner of the company can write to.
The operators print out a copy of the setup sheet with every setup, and fill it in. The printout then is added to the job file along with the other job documents. To prevent folks from printing out quantities in advance, there is a print date field in the footer. I will check the print date with the run date to ensure they printed the same date they ran.
So, you are an auditor and you ask for me for evidence I approved the setup sheet. My answer would be that if I had not approved it, it would not be there. If the owner put it there, she and I would have a talk about it before it was put in the directory. If you ask her, she would tell you basically the same thing. No one else but her and I could have put it there.
Why, oh why would you need some form of document stating that I approved it? It makes no sense, and it detracts from the effectiveness of the system. The more useless rules you place on your QMS, the more resistance you will have and the less likely folks are to follow the rules you do need followed! :mad:
 
Last edited by a moderator:
J
#14
Re: How do you audit past verbal approvals against ISO 4.2.3a?

So the fair way to say that recording approval is necessary or not can vary from industry to industry – each with its own set or form of risks.
Basically Yes, and db's example is a good one.

To the other extreme are industries like nuclear, medical and Aerospace where risks and liabilities might necessitate having a more "formal" approach to documentation.

But regardless of which approach one takes, it must be based on what is logical and what works - effectively - for that firm in that industry.

The auditor, assuming he is familiar with the given industry, might find verbal approval to be too risky due to safety factors etc.
On the other hand, verbal approval might be just fine in another industry with lower risk coupled with a strong, mature and effective QMS.

Peace
James
 
#15
Re: How do you audit past verbal approvals against ISO 4.2.3a?

Basically Yes, and db's example is a good one.

To the other extreme are industries like nuclear, medical and Aerospace where risks and liabilities might necessitate having a more "formal" approach to documentation.

But regardless of which approach one takes, it must be based on what is logical and what works - effectively - for that firm in that industry.
Exactly, James. I think that is why 4.2.1 d is stated the way it is. "...necessary to ensure effective planning, operation and contol of its processes". The question is one of need, versus required. If it is necessary to document, then you need to document, even if it is not mandated.
 
K

Ka Pilo

#16
Re: How do you audit past verbal approvals against ISO 4.2.3a?

Exactly, James. I think that is why 4.2.1 d is stated the way it is. "...necessary to ensure effective planning, operation and contol of its processes". The question is one of need, versus required. If it is necessary to document, then you need to document, even if it is not mandated.
Big Jim's wording states categorically that "Approval is necessary. Recording the approval is not."
 
B

bazboy

#17
Re: How do you audit past verbal approvals against ISO 4.2.3a?

Let me lay out a scenario. I am the manufacturing manager for a small plastic injection molding company. I have several machines, and 4 operators who do the actual setup, mold and inspect. I create a setup sheet for each molder. I then save the file on the computer, in a shared directory that only I and the owner of the company can write to.
The operators print out a copy of the setup sheet with every setup, and fill it in. The printout then is added to the job file along with the other job documents. To prevent folks from printing out quantities in advance, there is a print date field in the footer. I will check the print date with the run date to ensure they printed the same date they ran.
So, you are an auditor and you ask for me for evidence I approved the setup sheet. My answer would be that if I had not approved it, it would not be there. If the owner put it there, she and I would have a talk about it before it was put in the directory. If you ask her, she would tell you basically the same thing. No one else but her and I could have put it there.
Why, oh why would you need some form of document stating that I approved it? It makes no sense, and it detracts from the effectiveness of the system. The more useless rules you place on your QMS, the more resistance you will have and the less likely folks are to follow the rules you do need followed! :mad:
I agree that this scenario provides the necessary approval evidence. My earlier reply was in respect to verbal approvals.
 
R

Request 20110311

#18
Re: How do you audit past verbal approvals against ISO 4.2.3a?

Outlandish and ultra-specific scenarios involving very small companies using "verbal approval" for activities do not make written approval a "useless rule inflicted on a QMS".

The plain truth of the matter is that in nearly all cases, where folks have adapted a written signatory policy, they do so because alternatives are either more cumbersome or offer them less comfort in the robustness of their process than they'd like to have.

Sure you can get into a million stupid discussions about this or that mickey mouse company that plays fast and loose with their QMS controls and how they're not actually violating any rules, but it's not like these industry standards were just thought up yesterday. They've evolved into industry standards because they work and in most cases they work well when properly implemented.

Of course, having 23 signatories for a floor mopping work instruction is absurd as well, but those types of companies are relatively rare also.

As a side note, placing electronic controls around documents without ensuring the validity and proper function/security of those electronic controls doesn't exactly put any of my concerns to rest on the matter either, but then, I'm probably not auditing companies who do this sort of thing anyway.
 
P

pldey42

#19
I'm repeating what has already been said, but differently in the hope that it might be understood.

4.2.3 requires document controls including approvals to be defined in a documented procedure, itself controlled according to the methods it specifies. Verbal approvals can satisfy 4.2.3 if they are consistently performed and effective. "Show me records of approvals" is an inappropriate audit question in such circumstances, because there's no requirement for them.

4.2.4 only requires records specified either in the standard or by the organization to be controlled. It does not require records of conformity with all elements of the standard.

There's more authoritative information here:
http://www.iso.org/iso/iso_catalogu...cumentation_requirements_of_iso_9001_2008.htm

For many organizations (usually characterized by low mutual trust and respect, and chaotic or political behaviour) there are risks associated with verbal approvals. Documenting such approvals is a weak control unless it's backed by meaningful leadership and broad-based buy-in to the documented procedures.

There are risks, too, in insisting on documented approvals when the management culture is trusting, respectful and disciplined enough not to need them. The biggest such risk is of losing management commitment to the QMS by insisting on bureaucratic activities that deliver no value to the organization.

Hope this helps,
Pat
 
#20
Re: How do you audit past verbal approvals against ISO 4.2.3a?

The plain truth of the matter is that in nearly all cases, where folks have adapted a written signatory policy, they do so because alternatives are either more cumbersome or offer them less comfort in the robustness of their process than they'd like to have.
Erik - excellent points, however, I'd tend to favor that people do this kind of bureaucracy because it's been written in How to do ISO books, off the shelf QMS in a box, and consultants and implementers also believe it's 'required'...a bit like members of the 'flat earth society' really!
 
Thread starter Similar threads Forum Replies Date
I CB Scheduling ISO9001 Surveillance Audit 15 Months past Re-Cert Audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
A Quality Audit Advice - Past Due Device Calibrations due to Cal Supplier Issues Quality Manager and Management Related Issues 14
Q ISO 9001-2015 Internal audit finding Internal Auditing 12
lanley liao How to understand this words that the planning of internal audit shall take into consideration the results of previous audits? Oil and Gas Industry Standards and Regulations 10
P Audit check for IT company (ISO 9001) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
D Supplier audit Medical Device and FDA Regulations and Standards News 2
M Go Live With New ERP System before Recertification Audit General Auditing Discussions 6
A Add MDSAP to Internal Audit Schedule Medical Device Related Regulations 0
A Define timeline for Major and Miner Audit finding General Auditing Discussions 4
J IATF 16949 Internal Audit question - Auditor's responsibility Internal Auditing 6
A API Monogram audit review process Oil and Gas Industry Standards and Regulations 4
S IATF 16949 Internal Audit Example IATF 16949 - Automotive Quality Systems Standard 7
B Remote IATF 16949 audit preparation General Auditing Discussions 10
M AS9100D Registrar pre-audit requirements AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 15
I Do I need to sign off my annual audit calendar? Internal Auditing 2
R AS9100D internal audit checklist or ISO 9001 2015 to AS9100 D AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
M Nice and simple invitation email to an audit kickoff meeting Internal Auditing 1
M IATF 16949 - Audit of Remote Location/Support Site and IT IATF 16949 - Automotive Quality Systems Standard 4
Q IATF audit - Root Cause Analysis results IATF 16949 - Automotive Quality Systems Standard 5
Q Self-assessment audit information Quality Management System (QMS) Manuals 6
Le Chiffre Online training available for ISO/IEC 17021-1: Requirements for bodies providing audit and certification of management systems Training - Internal, External, Online and Distance Learning 3
xfngrs NIOSH Audit for N95 respirators US Food and Drug Administration (FDA) 1
Sidney Vianna IATF 16949 News Risked Based Audit Day Calculation IATF 16949 - Automotive Quality Systems Standard 2
T AS9100 audit due to facility move AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
M ISO 13485:2016 internal audit checklist Medical Device and FDA Regulations and Standards News 5
A Internal Audit Questions ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
B SAP Audit trail Periodic Review EU Medical Device Regulations 1
N What are the software audit and control steps Reliability Analysis - Predictions, Testing and Standards 2
R Gap Audit Aerospsace and Rail QMS Quality Manager and Management Related Issues 0
salaheddine96 Internal audit planning Internal Auditing 2
A MDSAP Audit Questionnaire Medical Device and FDA Regulations and Standards News 7
H Obligations as a contract manufacturer during an MDSAP audit ISO 13485:2016 - Medical Device Quality Management Systems 5
M What are the basics of Medical Device Single Audit Program (MDSAP)? ISO 13485:2016 - Medical Device Quality Management Systems 7
Sidney Vianna IATF 16949 News Update on the IATF CARA Project (“Common Audit Report Application”) - 12/2020 IATF 16949 - Automotive Quality Systems Standard 1
R ISO 17025 vertical audit checklist wanted Document Control Systems, Procedures, Forms and Templates 2
Z Rapid audit template for plastic parts manufacturing process Manufacturing and Related Processes 12
M ISO 9001 Major Nonconformance Internal Audit Schedule/COVID-19 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
S Quality Audit Training Activities Quality Manager and Management Related Issues 2
G IATF Rules for COVID 5th revision - Re-certification audit timing IATF 16949 - Automotive Quality Systems Standard 3
E MDR internal audit Internal Auditing 1
Ed Panek Remote Audit GOTOMEETING thoughts Coffee Break and Water Cooler Discussions 22
B ISO 9001 - "Remote Audit Fee" Registrars and Notified Bodies 13
L IATF external audit virtual (remote) IATF 16949 - Automotive Quality Systems Standard 13
M Audit Criteria Training Materials Internal Auditing 1
K New supplier audit as per V3.1 by French Automotive OEM General Auditing Discussions 2
S Complexity Rating - CB adding another audit day for "high complexity" AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 6
U Internal Auditor not trained but done Audit for some process Nonconformance and Corrective Action 5
B Looking for 10 Internal Audit Online Training Participants ISO 17025 related Discussions 2
K MDSAP Audit Approach 2020 for Brazil Other Medical Device Regulations World-Wide 1
K MDSAP Audit Approach 2020 ISO 13485:2016 - Medical Device Quality Management Systems 3

Similar threads

Top Bottom