Re: What is the technical difference between the word "IDENTIFY" and "DETERMINE"?
[*]As I suggested earlier, you have no way of informing management review of results of internal audits (an explicit "shall") without audit records.
[*]You have no way to demonstrate the historical function of your internal audit system without audit records.[/LIST]
Requirement of records for the Mgmt. review or for historical reasons doesn't necessarily prove that the audits records were (indirectly) mandated by the 2000 version and that the 2008 version hasn't introduced any new requirement.
There are numerous things in an organization which cannot be accomplished & reviewed by the management without having up-to-date records in place, e.g., the entire maintenance of any manufacturing facility where hundreds of records are daily generated and for such organizations, it's one of the activities that the top management can't afford to ignore in it's periodic reviews. Similarly, resource management, work environment etc. are the processes generating lot of records without which it's impossible for the management to conduct an effective performance review (management review). This doesn't mean that 'records' are/were mandatory for all the above processes and nor does the standard prescribes so. If the audit records are so much necessary for the management review,
how do organizations conduct EMS & OHS review?
Because you obviously need records for these (among other) reasons, it also stands to reason that if you don't provide audit records for management review and if you aren't able to demonstrate to an auditor that your internal audit process is compliant, you will be in a state of nonconformity.
I can't agree with this statement because what you have presented is altogether a different issue, i.e. "
if you aren't able to demonstrate to an auditor......". This is somewhat related to the 'inability' or 'incapacity' of the auditee to defend himself without the existence of records. What if one is able to demonstrate through other means as one does in many other instances where records are explicitly not required?
That's OK, because for TC176, who have assured us that there are no significant changes in the 2008 version...
'Significance' is a relative term. Take the example of this particular instance. For the organizations who had been maintaining the audit records even before 2008 as part of their
internal requirements, it wasn't a 'significant change' because they
didn't have to do any differently after the 2008 version was released but for those who didn't, it certainly was a
significant change in requirement.
and the vast majority of users of the standard who have understood all along that records of internal audits have always been required, it's not an issue at all.
No, the records have always not been
required (it's
yet not proved) although they were being maintained by many. As I already said, vast majority might had been doing it in order to meet their internal requirements and perhaps for this reason, the issue never cropped up.
But now ISO 9001:2008,
while retaining all the previously stated requirements of the 2000 version, has introduced a
new requirement for maintaining not only the results of audits but also the audit records.