Internal Audit Matrix Process Query

P

perkins201

#1
Hi all,

Just wondering if anyone can assist please with the following query regarding the ISO 9001:2015 internal audit matrix.

Our external auditing company provided a sample internal audit matrix which is not company specific. On their example, they used the following processes (which differ to our company's processes):

Leadership
Purchasing
Quality
Sales
Production/Service Planning
Production/Service Provision
Production/Service Provision

My question is, do you have to use your own company processes specific to the Process Overview sheets or can you use the generic examples listed above?

Any advice would be greatly appreciated!
 
Elsmar Forum Sponsor
P

perkins201

#4
Many thanks both for the input!

Is it possible to audit the likes of 4.1, 4.2, 4.3, 4.4, 5.1, 5.2, 5.3, 9.3 against the 'Sales' or 'Design' process(es)?

I'm just trying to ascertain whether certain processes can only be audited against certain procedures.

As always, many thanks in advance!
 

howste

Thaumaturge
Trusted Information Resource
#5
Many thanks both for the input!

Is it possible to audit the likes of 4.1, 4.2, 4.3, 4.4, 5.1, 5.2, 5.3, 9.3 against the 'Sales' or 'Design' process(es)?

I'm just trying to ascertain whether certain processes can only be audited against certain procedures.

As always, many thanks in advance!
Generally you would audit the requirements where the responsibility is. Clause 4 is big overall QMS, clause 5 is leadership, and clause 6 is management review, so I would mostly look to audit them in a Leadership process (by whatever name you call it). While you're looking at the management review you should look for inputs/outputs and KPIs from the Sales and Design processes though.
 
P

perkins201

#6
Much appreciated!

Lastly, I'll be doing a Process Overview Sheet now for 'Leadership'.

Would anyone happen to have an example of or be able to provide suggestions for 'Process Inputs', 'Process Outputs', Resource Requirements' and 'Control Methods' specific to the 'Leadership' process.

As always, many thanks in advance!
 
R

ReworkIT

#7
Hi all,

Just wondering if anyone can assist please with the following query regarding the ISO 9001:2015 internal audit matrix.

Our external auditing company provided a sample internal audit matrix which is not company specific. On their example, they used the following processes (which differ to our company's processes):

Leadership
Purchasing
Quality
Sales
Production/Service Planning
Production/Service Provision
Production/Service Provision

My question is, do you have to use your own company processes specific to the Process Overview sheets or can you use the generic examples listed above?

Any advice would be greatly appreciated!
Hi - first post. Do you mean your registrar? If they give you a specific tool, doesn't that constitue consulting?
 
R

ReworkIT

#8
You always need to audit to the processes as defined by your company.
I've noticed similar statements (some registrars have a similar statement on their website that says it's a requirement) but I can't find in ISO where it says processes have to be audited. It says that process have to be taken into consideration, but I can't see where it says I have to audit a process. I was taught that often the problems happen BETWEEN processes.

Can anyone help me where this is indicated?
 

Kronos147

Trusted Information Resource
#9
Since we have process-based systems that are focused on meeting requirements, it is vital we understand those requirements.

In our process ID map in our quality manual, we recognize the processes and the requirements of the processes. Here is a small example-
All Processes:
0.1 General, 0.3 Process Approach, 0.3.1 General, 0.3.2 Plan-Do-Check-Act, 0.3.3 Risk-based Thinking, 4. Context of the Organization, 5.1.2 Customer Focus, 5.2 Policy, 5.3 Organizational Roles and Responsibility, 7.1.2 People, 7.1.3 Infrastructure, 7.1.4 Environment for the Operation of Processes, 7.4 Communication, 7.5 Documented Information, 8.7 Control of Nonconforming Outputs, 10.3 Continual Improvement

Threaded Requirements:
-Risks and Opportunities (many clauses)
-Process Approach (many clauses)
-Change Management (many clauses)

Management:
4.1 Understanding the Organization and Context, 4.2 Understanding the Needs and Expectations of Interested Parties, 4.3 Determining the Scope of the AQMS, 4.4 QMS and its Processes, 5.1 Leadership and Commitment, 6.2 Quality Objective and Planning to Achieve Them, 7.1 Resources, 8.1 Operational Planning and Control, 9.1 Monitoring, Measurement, Analysis and Evaluation, 9.1.2 Customer Satisfaction, 9.3 Management Review, 10. Improvement

Purchasing:
8.1.4 Prevention of Counterfeit Parts, 8.4 Control of Externally Provided Processes, Products and Services, 8.4.2 Type and Extent of Control, 8.4.3 Information for External Providers

This same information is also provided on the process work instruction "index" we created, and on the internal audit form. It's only fair we make people aware of their requirements. It's necessary to identify them in the internal audit program.
 
Last edited:

howste

Thaumaturge
Trusted Information Resource
#10
I've noticed similar statements (some registrars have a similar statement on their website that says it's a requirement) but I can't find in ISO where it says processes have to be audited. It says that process have to be taken into consideration, but I can't see where it says I have to audit a process. I was taught that often the problems happen BETWEEN processes.

Can anyone help me where this is indicated?
The context of my post you quoted was in response to a question about auditing a set of generic processes OR the processes specific to their company. Given the choices, the company's own processes is the clear winner.

I agree that there is no "shall" that says that internal audits are required to be based on processes. However, given the Process Approach (0.3) which leadership shall promote (5.1.1d), the fact that the QMS is managed using these processes (4.4.1), and that these processes shall be evaluated (4.4.1g) anyway, why wouldn't we audit using them as the basis of the audit planning?

The standard says that we shall audit to determine whether the QMS meets requirements and is effectively implemented and maintained. Unless you go out and audit the whole QMS at once (unlikely), you will need to break the elephant into bite sized pieces. It makes sense to use the processes for this. We may sometimes also need to do some focused audits on particular requirements that cover multiple processes - these might not be process audits.

I also agree that problems happen in the interactions between processes. That's why whenever I audit a process I make sure to cover the interactions on both ends. If I audit all processes in this way, covering the "in between" parts should be covered twice - the input direction from the receiving process and the output direction from the sending process.
 
Thread starter Similar threads Forum Replies Date
C Internal Audit - Process Clause Matrix / Audit Checklist ISO 13485:2016 - Medical Device Quality Management Systems 7
N Comprehensive Compliance Matrix for Internal Audit Checklist Other Medical Device Regulations World-Wide 1
V Process and Internal Audit Criteria matrix wanted Internal Auditing 8
I Internal Audit Matrix Template AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 11
Q ISO 13485, FDA's QSR, CMDR, MDD: Seeking Internal Audit Correlation Matrix Various Other Specifications, Standards, and related Requirements 3
A ISO 9001-14001 Internal Audit Matrix ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
C Simple TS16949 Internal Audit Check List / Matrix Internal Auditing 4
T Seeking ISO 9001:2000 Internal Audit Matrix Examples Internal Auditing 7
T AS9100D Risk-Based Internal Audit Schedule AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 10
S Minimum Retention Time for Records of internal audit results as per AS9100 AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
B Establishing topics for IATF internal audit processes Internal Auditing 9
T Robust internal audit program AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 7
J Average number of Nonconformances during internal quality audit for Medical Device Manufacturers Internal Auditing 3
Q AS9100:D Counterfeit internal audit questions AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
D ISO 9001:2015 Internal Audit Check Sheet ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
L Documenting internal audit of customer specific requirements IATF 16949 - Automotive Quality Systems Standard 7
R Looking for ISO 13485 Internal Audit Checklist ISO 13485:2016 - Medical Device Quality Management Systems 8
G During internal audit - finding poor action plans ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
G Opening meeting - internal audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
Mr Roo Discovered dishonesty after performing an internal audit General Auditing Discussions 4
W IATF 9.2.2.1 Internal Audit how to determine risk IATF 16949 - Automotive Quality Systems Standard 12
X Looking for 17025 auditor to perform internal audit on IT software testing laboratory ISO 17025 related Discussions 3
J 9001 Internal Audit of Client Onboarding process ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
B Internal audit checklist Internal Auditing 5
V Internal Audit Software IATF 16949 - Automotive Quality Systems Standard 5
J Internal Audit Schedule IATF Internal Auditing 4
C ISO 14001 Internal Audit - Opportunity for Improvement ISO 14001:2015 Specific Discussions 2
P Does FDA require certification for quality system internal audit for auditor? Qualification and Validation (including 21 CFR Part 11) 1
P Looking to outsource Internal Audit - MDSAP competent auditor needed Other Medical Device Regulations World-Wide 9
J Outsourced Internal Audit requirements for Aerospace Suppliers AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 21
D Number of people to be interviewed during an internal audit? Internal Auditing 10
Q Easy CARs for Internal Audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 14
armani Internal audit plan and processes for ISO 14001:2015 ISO 14001:2015 Specific Discussions 3
C API Q1 internal audit report Internal Auditing 3
P Filled in F48/F49 for internal audit ISO 17025:2017 Internal Auditing 2
J Internal audit random sampling methodology Internal Auditing 2
G Organizing internal audit program for an Integrated QHSE Management System Internal Auditing 13
W How do you phrase your internal audit questions? Internal Auditing 3
M IATF - Internal Audit 3 year span Internal Auditing 4
Q ISO 9001-2015 Internal audit finding Internal Auditing 14
lanley liao How to understand this words that the planning of internal audit shall take into consideration the results of previous audits? Oil and Gas Industry Standards and Regulations 10
A Add MDSAP to Internal Audit Schedule Medical Device Related Regulations 0
J IATF 16949 Internal Audit question - Auditor's responsibility Internal Auditing 6
S IATF 16949 Internal Audit Example IATF 16949 - Automotive Quality Systems Standard 20
R AS9100D internal audit checklist or ISO 9001 2015 to AS9100 D AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
M ISO 13485:2016 internal audit checklist Medical Device and FDA Regulations and Standards News 8
A Internal Audit Questions ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
salaheddine96 Internal audit planning Internal Auditing 2
M ISO 9001 Major Nonconformance Internal Audit Schedule/COVID-19 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
E MDR internal audit Internal Auditing 4

Similar threads

Top Bottom