IATF 16949 Clause 9.2.2.2 Quality Management System Audit

Laurie Wright

Starting to get Involved
#1
Curious if anyone has modified their audit schedules based on the new / updated requirement "the organization shall audit all quality management system processes over EACH THREE YEAR calendar period?
Considering moving some audits from annual to at least every two years and was wondering if anyone else had and if they would be willing to share / allow a glimpse at the actual schedule created?

:thanx:
 

jack770214

Involved In Discussions
#2
We asked our registrar about this and we came to a conclusion based on an audit system score card. More risk = more frequency and intensity. The only processes we are auditing yearly are Mfg and management review. I wont get into design but its a case by case basis. There are labs that we internally audit for initial transition but won't audit them again for 3 years. We have had our cert to iso9001 since 1994. If we still have findings after being certified for so long something is wrong with the P in the CAPA. This means we have some very mature and stable processes and dont see a need to audit them but every 3 years.

Sent from my LGMP260 using Tapatalk
 
#3
Our audit plan covers the audits to be done during the business year ( e.g. 2017/18 ). Beneath product- and process audits (VDA 6.3 ) it contains system audits for all quality management processes. Auditing a process is up to current incidents, observations or identified risks. System audits which are not carried out in the business year will be transferred to the new audit plan, so that in the end of the 3 years period all qm processes are audited. That’s the plan so far.
 
#4
We have changed our auditplan quite significantly with the transition to IATF. The frequency is based on risk, complaints, findings, changes, etc. with a minimum of once per 3 years.
In practice, we perform less QMS audits (9.2.2.2) and more Manufacturing process audits (9.2.2.3). This is a way better fit for our organisation so far, with better results (improvements).

Think of it this way;
Most of your QMS processes are fairly stable and developed. You should not find significant deviations (as Jack mentions above) if there weren't any changes. How practical or beneficial would it then be to devote your resources to re-auditing these processes so often?
9.2.2.1 gives you the option to work with that, in my opinion.
There are still some QMS processes we audit yearly, but this is based on risk and criticality.
 

mindytanner

Starting to get Involved
#6
We left ours annual as well. reduces risk of degrading results.......once we have several rounds of audits to the new standard, we could change but we haven't had enough results to support reduction of frequency.....
 
#7
hi
the Three year is just a minimum requirement.There's no real change.

Just follow the original plan.
IF you were doing what the ISO 9001:2008 requirements stated, true. However, I've yet to see any organization who had a clue about what "status and importance" was and how it was factored into the audit planning. As a result, most do things like one or two audits a year. The ISO 9001:2015 and additional IATF requirements have made a significant change to topics to consider when auditing. As a result, if it was "business as usual, then that's not going to work.
 

morteza

Quite Involved in Discussions
#8
Hi

We use the attached table for defining audit frequency for each process (the attached table is part of the table we use). you can fit the table for your company. We tried to see the most required parameters in determination of audit frequency
 

Attachments

Helmut Jilling

Auditor / Consultant
#9
We asked our registrar about this and we came to a conclusion based on an audit system score card. More risk = more frequency and intensity. The only processes we are auditing yearly are Mfg and management review. I wont get into design but its a case by case basis. There are labs that we internally audit for initial transition but won't audit them again for 3 years. We have had our cert to iso9001 since 1994. If we still have findings after being certified for so long something is wrong with the P in the CAPA. This means we have some very mature and stable processes and dont see a need to audit them but every 3 years.

Sent from my LGMP260 using Tapatalk
If I we're auditing you I would look at those processes that only get audited every 3 years and look for metrics to support they are really that mature and effective... it would be your responsibility to provide evidence that is an effective approach. Effectiveness and performance (and suitability, efficiency, etc.) is still the criteria to judge processes and metrics.
 

Top Bottom