Internal Audit Matrix Process Query

P

perkins201

#1
Hi all,

Just wondering if anyone can assist please with the following query regarding the ISO 9001:2015 internal audit matrix.

Our external auditing company provided a sample internal audit matrix which is not company specific. On their example, they used the following processes (which differ to our company's processes):

Leadership
Purchasing
Quality
Sales
Production/Service Planning
Production/Service Provision
Production/Service Provision

My question is, do you have to use your own company processes specific to the Process Overview sheets or can you use the generic examples listed above?

Any advice would be greatly appreciated!
 
Elsmar Forum Sponsor
P

perkins201

#4
Many thanks both for the input!

Is it possible to audit the likes of 4.1, 4.2, 4.3, 4.4, 5.1, 5.2, 5.3, 9.3 against the 'Sales' or 'Design' process(es)?

I'm just trying to ascertain whether certain processes can only be audited against certain procedures.

As always, many thanks in advance!
 

howste

Thaumaturge
Super Moderator
#5
Many thanks both for the input!

Is it possible to audit the likes of 4.1, 4.2, 4.3, 4.4, 5.1, 5.2, 5.3, 9.3 against the 'Sales' or 'Design' process(es)?

I'm just trying to ascertain whether certain processes can only be audited against certain procedures.

As always, many thanks in advance!
Generally you would audit the requirements where the responsibility is. Clause 4 is big overall QMS, clause 5 is leadership, and clause 6 is management review, so I would mostly look to audit them in a Leadership process (by whatever name you call it). While you're looking at the management review you should look for inputs/outputs and KPIs from the Sales and Design processes though.
 
P

perkins201

#6
Much appreciated!

Lastly, I'll be doing a Process Overview Sheet now for 'Leadership'.

Would anyone happen to have an example of or be able to provide suggestions for 'Process Inputs', 'Process Outputs', Resource Requirements' and 'Control Methods' specific to the 'Leadership' process.

As always, many thanks in advance!
 

ReworkIT

Starting to get Involved
#7
Hi all,

Just wondering if anyone can assist please with the following query regarding the ISO 9001:2015 internal audit matrix.

Our external auditing company provided a sample internal audit matrix which is not company specific. On their example, they used the following processes (which differ to our company's processes):

Leadership
Purchasing
Quality
Sales
Production/Service Planning
Production/Service Provision
Production/Service Provision

My question is, do you have to use your own company processes specific to the Process Overview sheets or can you use the generic examples listed above?

Any advice would be greatly appreciated!
Hi - first post. Do you mean your registrar? If they give you a specific tool, doesn't that constitue consulting?
 

ReworkIT

Starting to get Involved
#8
You always need to audit to the processes as defined by your company.
I've noticed similar statements (some registrars have a similar statement on their website that says it's a requirement) but I can't find in ISO where it says processes have to be audited. It says that process have to be taken into consideration, but I can't see where it says I have to audit a process. I was taught that often the problems happen BETWEEN processes.

Can anyone help me where this is indicated?
 

Kronos147

Trusted Information Resource
#9
Since we have process-based systems that are focused on meeting requirements, it is vital we understand those requirements.

In our process ID map in our quality manual, we recognize the processes and the requirements of the processes. Here is a small example-
All Processes:
0.1 General, 0.3 Process Approach, 0.3.1 General, 0.3.2 Plan-Do-Check-Act, 0.3.3 Risk-based Thinking, 4. Context of the Organization, 5.1.2 Customer Focus, 5.2 Policy, 5.3 Organizational Roles and Responsibility, 7.1.2 People, 7.1.3 Infrastructure, 7.1.4 Environment for the Operation of Processes, 7.4 Communication, 7.5 Documented Information, 8.7 Control of Nonconforming Outputs, 10.3 Continual Improvement

Threaded Requirements:
-Risks and Opportunities (many clauses)
-Process Approach (many clauses)
-Change Management (many clauses)

Management:
4.1 Understanding the Organization and Context, 4.2 Understanding the Needs and Expectations of Interested Parties, 4.3 Determining the Scope of the AQMS, 4.4 QMS and its Processes, 5.1 Leadership and Commitment, 6.2 Quality Objective and Planning to Achieve Them, 7.1 Resources, 8.1 Operational Planning and Control, 9.1 Monitoring, Measurement, Analysis and Evaluation, 9.1.2 Customer Satisfaction, 9.3 Management Review, 10. Improvement

Purchasing:
8.1.4 Prevention of Counterfeit Parts, 8.4 Control of Externally Provided Processes, Products and Services, 8.4.2 Type and Extent of Control, 8.4.3 Information for External Providers

This same information is also provided on the process work instruction "index" we created, and on the internal audit form. It's only fair we make people aware of their requirements. It's necessary to identify them in the internal audit program.
 
Last edited:

howste

Thaumaturge
Super Moderator
#10
I've noticed similar statements (some registrars have a similar statement on their website that says it's a requirement) but I can't find in ISO where it says processes have to be audited. It says that process have to be taken into consideration, but I can't see where it says I have to audit a process. I was taught that often the problems happen BETWEEN processes.

Can anyone help me where this is indicated?
The context of my post you quoted was in response to a question about auditing a set of generic processes OR the processes specific to their company. Given the choices, the company's own processes is the clear winner.

I agree that there is no "shall" that says that internal audits are required to be based on processes. However, given the Process Approach (0.3) which leadership shall promote (5.1.1d), the fact that the QMS is managed using these processes (4.4.1), and that these processes shall be evaluated (4.4.1g) anyway, why wouldn't we audit using them as the basis of the audit planning?

The standard says that we shall audit to determine whether the QMS meets requirements and is effectively implemented and maintained. Unless you go out and audit the whole QMS at once (unlikely), you will need to break the elephant into bite sized pieces. It makes sense to use the processes for this. We may sometimes also need to do some focused audits on particular requirements that cover multiple processes - these might not be process audits.

I also agree that problems happen in the interactions between processes. That's why whenever I audit a process I make sure to cover the interactions on both ends. If I audit all processes in this way, covering the "in between" parts should be covered twice - the input direction from the receiving process and the output direction from the sending process.
 
Thread starter Similar threads Forum Replies Date
C Internal Audit - Process Clause Matrix / Audit Checklist ISO 13485:2016 - Medical Device Quality Management Systems 7
N Comprehensive Compliance Matrix for Internal Audit Checklist Other Medical Device Regulations World-Wide 1
V Process and Internal Audit Criteria matrix wanted Internal Auditing 8
I Internal Audit Matrix Template AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 11
Q ISO 13485, FDA's QSR, CMDR, MDD: Seeking Internal Audit Correlation Matrix Various Other Specifications, Standards, and related Requirements 3
A ISO 9001-14001 Internal Audit Matrix ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
C Simple TS16949 Internal Audit Check List / Matrix Internal Auditing 4
T Seeking ISO 9001:2000 Internal Audit Matrix Examples Internal Auditing 7
H AS9100 Checklist for Internal Audit needed AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
A What are the pros and cons of using an audit software for internal auditing? General Auditing Discussions 4
F Internal Audit before Pre-Assessment ISO 17025 related Discussions 2
Q Internal audit plan template Internal Auditing 5
L Internal audit during COVID-19 restrictions ISO 13485:2016 - Medical Device Quality Management Systems 5
O ISO13485 implementation - Are internal audits expected before stage 1 audit? Design and Development of Products and Processes 3
B Using Unreleased Documents & Process Maps for Internal Audit purposes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
N Small Company - Internal audit process - Who does the audit? Internal Auditing 16
J Does anyone have an excel IATF 16949 Internal Audit checklist I could use? IATF 16949 - Automotive Quality Systems Standard 7
G Addressing Non-Conformances from an Internal Audit that are not product related ISO 13485:2016 - Medical Device Quality Management Systems 11
S Internal audit discrepancy - We missed a few audits that were scheduled Internal Auditing 12
Raffy ISO 14001 9.2.2 Internal Audit Programme Content Internal Auditing 9
N Internal Audit Schedule – Who gets to set the schedule? Internal Auditing 16
V IATF 16949 9.2.2.1 Internal Audit Program - "Process Changes" IATF 16949 - Automotive Quality Systems Standard 11
G Non Conformance During ISO 9001 Audit - Not All Internal Audits Completed General Auditing Discussions 19
B Using external FDA and ISO 13485 audit as internal audit Internal Auditing 6
T Internal Audit Schedule when Hiring Out Internal Auditing 7
D ISO 9001:2015 Internal Audit Training Advice Internal Auditing 10
M Internal audit consultant ISO 13485 (English speaker) Consultants and Consulting 3
S Implementing a 45001 Health & Safety standard - Internal audit plan wanted Internal Auditing 1
F Internal Audit - Procedure example Internal Auditing 5
CPhelan Internal audit - Combine similar nonconformities in one or keep separate? Internal Auditing 6
M Internal Audit Plan in Retail Internal Auditing 10
D Management of NC after internal system audit IATF 16949 - Automotive Quality Systems Standard 7
A Purchasing - Internal Audit Questions Internal Auditing 8
W Where to begin with an ISO 9001:2015 internal audit Internal Auditing 13
D Internal audit forms or checklists for a medical/veterinary laboratory General Auditing Discussions 5
E Informational Internal Audits - Wear multiple hats what can and can't I audit (so I'm not auditing my own work) Internal Auditing 144
E ISO 9001:2015 - Internal Audit Plan Clauses General Auditing Discussions 8
S Internal Audit Checklist for Application/Software development IEC 27001 - Information Security Management Systems (ISMS) 1
S Internal Audit - Risk and Opportunity (ISO 9001:2015 ) Internal Auditing 1
F API Spec Q1 9th Edition Surveillance Audit - Questions about internal audits. Oil and Gas Industry Standards and Regulations 23
Ashland78 IATF 16949 Internal Audit Checklist Manufacturing and Related Processes 11
Ed Panek Root Cause CAPAs from internal audit ISO 13485:2016 - Medical Device Quality Management Systems 16
K Student wanting Case Study about Internal Audit Report Internal Auditing 1
R How far apart can you schedule separate areas or departments in your internal audit? Internal Auditing 4
D Auditing Our Outsourced 2nd-3rd Party Internal Audit Company ISO 13485:2016 - Medical Device Quality Management Systems 6
A API Spec Q1 9th Edition - 12 month Internal Audit Schedule Audit Nonconformance Oil and Gas Industry Standards and Regulations 10
J Microsoft Teams to manage Internal Audit System? Internal Auditing 3
tony s An organization's Internal Audit Office certified to ISO 9001:2015 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 28
Tagin Does ISO 9001:2015 require a full internal audit annually? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 21
S GM/VP softgrading internal audit finding - need feedback from an audit guru! General Auditing Discussions 11

Similar threads

Top Bottom