If I audit my Processes, Have I audited the Standard?

S

SteelWoman

#1
We're batting around a concept here, so let's see what you folks think:

Per the standard, "the organization shall audit it's quality management system to verify compliance with this Technical specification and any additional quality management system requirements." Well, one of the first things we did with TS was sit down as a management team and decide what processes were part of this Quality Management system, either as "customer oriented processes" or as Support or Mops. Okay, let's assume you then go about auditing all of these processes you have decided were part of the QMS. When you are done auditing all these processes, have you then in fact audited the "QMS to verify compliance with this Technical specification?"

Where I'm coming from is one of our other divisions was audited and they got dinged for not auditing every ELEMENT of the Standard. The auditor wanted to see a specific element by element checklist showing they'd covered all the bases. I thought about it and got to looking at all our processes and then the standard itself, and couldn't come up with any part of the standard that would not be covered by auditing one or several of our processes. Soooooo, if we audit all the processes we cover all the standard?

Before you attack, er I mean "add your constructive criticism," :bigwave: I know this wouldn't necessarily hold true everywhere, because it is dependent on what processes you determined were part of the QMS. But our processes list is pretty extensive.

What do ya'll think?
 
Elsmar Forum Sponsor
W

WALLACE

#2
Interesting subject SteelWoman,
I would say on face value, if you are auditing relevant processes and sub processes associated with your documented QMS, well yes, your auditing should verify compliance with the Technical specification?
The process audit looks at the big picture and, the depth of your process audit is dependent on the complexity of your processes and associated sub processes.

Do you have any examples to post here of your process audit methods?
Wallace
 
L

Laura M

#3
I think if your internal audit plan, showed how the processes related to the standard, it would close the loop.

The skeptic in me thinks the auditor wanted to make it easier on him/her self to determine whether or not you audited every element, which is not a requirements. One of my companies was 'advised' by thier auditor to 'renumber' their procedures to the standard, so they are easier to audit. So the procedure numbering scheme would include the various decimal places of the new standard. I thinks I've talked them out of it, but it really bothers me when a 3rd party auditor wants a companies systems to make it easier for them to audit. :topic: (sorry)

At any rate, you do need to ensure all elements are audited. I have set up an audit system where the first audit of the year is a process/procedures compliance audit - in other words, are all the ISO (TS) requirements covered by the documentation and referenced processes. Then the remaining audits look for implementation adherence. I would say keep on the current plan, and add the matrix showing how the processes meet the requirements.
 

Wes Bucey

Quite Involved in Discussions
#4
Serenity Prayer?

Laura M said:
The skeptic in me thinks the auditor wanted to make it easier on him/her self to determine whether or not you audited every element, which is not a requirements. One of my companies was 'advised' by thier auditor to 'renumber' their procedures to the standard, so they are easier to audit. So the procedure numbering scheme would include the various decimal places of the new standard. I thinks I've talked them out of it, but it really bothers me when a 3rd party auditor wants a companies systems to make it easier for them to audit. :topic: (sorry)
I can understand your frustration, Laura, but allow me to put a slightly different face on the topic.

I think most of the old timers and many of the newbies here would agree with me that numbering systems for Quality Manuals and Procedures are strictly arbitrary and few of us are so in love with any particular numbering system that we'd fight to the death to keep it.

Thus said, why shoot yourself in the foot by forcing a third party auditor (or a customer's auditor!) to spend extra time (and your organization's money) to modify his normal audit routine to accommodate your renegade numbering system, maybe engendering a nonconformance just because of a misunderstanding?

Folks going through 12 Step programs learn the Serenity Prayer. Maybe we should all do the same.
The Serenity Prayer
God grant me the serenity
to accept the things I cannot change;
courage to change the things I can;
and wisdom to know the difference.
 
L

Laura M

#5
Sorry Wes, we'll have to agree to disagree, and since I took this a little off topic, I'll try not to go too far here. But there is no way procedures numbered 4.2.3, or 8.5.3, with no procedure 1 or 2, makes no sense to me. A simple reference to the element (which in all reality, only the MR or internal auditors really need to know) is much more conducive to the users of the document. What do you do for a procedure that is a company only procedure, with no reference to ISO that you chose to include in your system?

Bottom line, I don't believe in making it easier on the registrar, versus easier on the users of the document, which is the only reason I entered it into this thread.

What I meant to include in my original thoughts were that the Internal Audit of the Internal Audit process could also provide evidence and close the loop that all elements were audited, without the checklist as indicated by the registrar.

I'd like to hear more thoughts on the original question - I got into auditor motive versus the actual requirements - and I'd like Steel to get more responses to that.
 
S
#6
IMO, once you have identified your COP's and then analysed them using the "turtle" diagram you should find that you have addressed the appropriate clauses of the specification. Subsequent audits would then allow you to determine the efficiency andd effectiveness of you processes.
It appears that you have an auditor that is unable to wean himself away from the elemen approach to auditing.

Good luck.
 
S

SteelWoman

#7
Sam said:
It appears that you have an auditor that is unable to wean himself away from the element approach to auditing.
One of my internal auditors has been completely unable to make the transition - I'm probably going to end up removing him. The registrar auditor at the other division that I mentioned in my opening question does seem like one of them, also. Unfortunately I can't remove HIM!

To go back to what someone else mentioned, I'm struggling with my expereince/training that normally would have me laying EVERYTHING out for an auditor that I possibly can, so they never have to LOOK for ANYTHING - answer the question before they can ask it - versus creating a lot of extra work for myself for the SOLE purpose of answering an auditor question.

Let's just say, for instance, that I take a list of my processes, and show the date when each process was audited, and my audit procedure says we have determined that by auditing all the processes we have, in fact, confirmed compliance with the TS Specification. Let's say we made that determination after looking at our initial gap analysis which lists everything we HAD in place already and everything we had to PUT in place that wasn't there yet in order to transition to TS. Here we are, 4th quarter of the game, everything's in place that was missing. Do I really then need to connect the dots any further for an auditor?

Am I making any sense? I've only had one cup of coffee this morning, it's amazing I can even string words together..... :eek:
 
L

Laura M

#8
Makes sense to me - and I've had 2 cups of coffee! However, since it probably wouldn't be alot of extra work, I could see a matrix that list the elements, and the procedure(s) which address them. Having said that, I'm assuming all requirements resulted in a documented procedure in your organization. Your auditor may be wondering if some "processes" were undocumented, then a specific audit of that requirements may be necessary. Rather than just saying it in the IA procedure, I would show the cross reference. I think that is good for the org (you) and the auditor, in case a procedure change is recommended, you can make sure the change doesn't affect compliance to the requirements.
 
S

SteelWoman

#9
We actually already have such a beast - we took our initial gap analysis and turned it into a "Shall Matrix" after the fact, showing each procedure or process or whatever that addresses each "shall." I'm just trying to figure out whether I need to do anytihing BEYOND that in order to satisfy the "checklist" issue. I initially thought, great I'll just take the shall matrix and after each audit check off that we audited each "shall" during that audit. My god what a JOB - I got to page 2 of the shall matrix and figured out I'd have to hire extra help to do that checklist! So now I'm thinking about taking my Processes list and using THAT as an audit checklist - IF I can argue the point that auditing the processes in effect audits the specification.

I need coffee.
 
#10
SteelWoman said:
Let's just say, for instance, that I take a list of my processes, and show the date when each process was audited, and my audit procedure says we have determined that by auditing all the processes we have, in fact, confirmed compliance with the TS Specification. Let's say we made that determination after looking at our initial gap analysis which lists everything we HAD in place already and everything we had to PUT in place that wasn't there yet in order to transition to TS. Here we are, 4th quarter of the game, everything's in place that was missing. Do I really then need to connect the dots any further for an auditor?

Am I making any sense? I've only had one cup of coffee this morning, it's amazing I can even string words together..... :eek:
IMO yes you should have a list of your processes.
What i have done is to create a "Schedule Plus"; first I listed the COP's including all of the support processes, then the name of the auditor and the date, the process definition ID, the TS2 clause (inserted at the time of audit), the process owner, the type of nonconformity major, minor, OFI. All of this creates a chart. This serves as both the QMS and the Mfg process audits. It's not foolproof, but it does help me keep things better organized.
 
Thread starter Similar threads Forum Replies Date
M Inputs on definition of very similar processes for multi site audit sample - IAF MD1 2018 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
M Can I audit processes I've established but do not implement or maintain? Internal Auditing 6
G Audit of essential QMS processes General Auditing Discussions 11
Gman2 Processes sharing the same nonconformance during an audit General Auditing Discussions 13
D Shall the first Internal Audit cover all the processes of the company? Internal Auditing 17
A Where can I find the NADCAP Audit Criteria for all the processes? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
T Internal Audit - How to define the Importance of Departments and Processes Internal Auditing 8
C How to efficiently audit Suppliers Qualification Processes AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
M Monitoring of Processes - Audit of a Call Centre ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 14
H Understanding 8.2.3 M&M of Processes for our Internal Audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
E How to perform a DCC Audit (Document Control Processes) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
A 3rd Party Audit Finding Not Clear - 4.1 Outsourced Processes AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 36
S Audit on Manufacturing Processes - a) Audit Checklist, and b) Detailed Audit Report Process Audits and Layered Process Audits 13
X Audit Findings - The Process/Clause Matrix does not identify all the processes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 30
D How to Audit Oracle used for Accounting Processes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
A Internal Audit-Customer Related Processes Internal Auditing 2
G Quality Audit on Designers and their Processes and Practices General Auditing Discussions 2
M Internal Audits - Audit Departments or Processes Internal Auditing 13
D Flowcharts of Processes Delayed my Internal Audit Plan ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 17
I Can we use layered process audit (LPA) for HR Processes? Process Audits and Layered Process Audits 9
T Records of New Processes for AS9100 - AS 9100 certification audit AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 6
J Which is correct: Audit elements of standard or QMS Processes? Internal Auditing 16
Q Internal Audit:Comparing Efficiency of Similar Processes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
D How to audit identical processes? TS 16949 Clause 8.2.2 General Auditing Discussions 2
Q Streamlining incoming audit - 2 separate inspection processes Inspection, Prints (Drawings), Testing, Sampling and Related Topics 2
J Does anybody have an audit checklist focused on Manufacturing processes? Manufacturing and Related Processes 8
S TS 16949 ?Audit observation Report? format or form with Input, Output, Processes Document Control Systems, Procedures, Forms and Templates 9
A Process audit - Is it necessary to audit the special processes like plating? Process Audits and Layered Process Audits 2
E Supplier audit checklists for special processes - Plating Process audit Checklist Process Audits and Layered Process Audits 2
Antonio Vieira The importance of some processes... Internal Audit, Management Review, Nonconformance Management Review Meetings and related Processes 3
P Special Processes Audit - Seeking review and comments General Auditing Discussions 7
R Process Audit vs. Element Audit - The auditor focused on 13 different processes. Process Audits and Layered Process Audits 5
CarolX Supplier Audit checklist for special processes Supplier Quality Assurance and other Supplier Issues 3
Q ISO 9001-2015 Internal audit finding Internal Auditing 12
lanley liao How to understand this words that the planning of internal audit shall take into consideration the results of previous audits? Oil and Gas Industry Standards and Regulations 10
P Audit check for IT company (ISO 9001) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
D Supplier audit Medical Device and FDA Regulations and Standards News 2
M Go Live With New ERP System before Recertification Audit General Auditing Discussions 6
A Add MDSAP to Internal Audit Schedule Medical Device Related Regulations 0
A Define timeline for Major and Miner Audit finding General Auditing Discussions 4
J IATF 16949 Internal Audit question - Auditor's responsibility Internal Auditing 6
A API Monogram audit review process Oil and Gas Industry Standards and Regulations 4
S IATF 16949 Internal Audit Example IATF 16949 - Automotive Quality Systems Standard 7
B Remote IATF 16949 audit preparation General Auditing Discussions 10
M AS9100D Registrar pre-audit requirements AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 15
I Do I need to sign off my annual audit calendar? Internal Auditing 2
R AS9100D internal audit checklist or ISO 9001 2015 to AS9100 D AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
M Nice and simple invitation email to an audit kickoff meeting Internal Auditing 1
M IATF 16949 - Audit of Remote Location/Support Site and IT IATF 16949 - Automotive Quality Systems Standard 4
Q IATF audit - Root Cause Analysis results IATF 16949 - Automotive Quality Systems Standard 5

Similar threads

Top Bottom