SBS - The Best Value in QMS software

Internal Audit Matrix Process Query

P

perkins201

#1
Hi all,

Just wondering if anyone can assist please with the following query regarding the ISO 9001:2015 internal audit matrix.

Our external auditing company provided a sample internal audit matrix which is not company specific. On their example, they used the following processes (which differ to our company's processes):

Leadership
Purchasing
Quality
Sales
Production/Service Planning
Production/Service Provision
Production/Service Provision

My question is, do you have to use your own company processes specific to the Process Overview sheets or can you use the generic examples listed above?

Any advice would be greatly appreciated!
 
Elsmar Forum Sponsor
P

perkins201

#4
Many thanks both for the input!

Is it possible to audit the likes of 4.1, 4.2, 4.3, 4.4, 5.1, 5.2, 5.3, 9.3 against the 'Sales' or 'Design' process(es)?

I'm just trying to ascertain whether certain processes can only be audited against certain procedures.

As always, many thanks in advance!
 

howste

Thaumaturge
Super Moderator
#5
Many thanks both for the input!

Is it possible to audit the likes of 4.1, 4.2, 4.3, 4.4, 5.1, 5.2, 5.3, 9.3 against the 'Sales' or 'Design' process(es)?

I'm just trying to ascertain whether certain processes can only be audited against certain procedures.

As always, many thanks in advance!
Generally you would audit the requirements where the responsibility is. Clause 4 is big overall QMS, clause 5 is leadership, and clause 6 is management review, so I would mostly look to audit them in a Leadership process (by whatever name you call it). While you're looking at the management review you should look for inputs/outputs and KPIs from the Sales and Design processes though.
 
P

perkins201

#6
Much appreciated!

Lastly, I'll be doing a Process Overview Sheet now for 'Leadership'.

Would anyone happen to have an example of or be able to provide suggestions for 'Process Inputs', 'Process Outputs', Resource Requirements' and 'Control Methods' specific to the 'Leadership' process.

As always, many thanks in advance!
 
R

ReworkIT

#7
Hi all,

Just wondering if anyone can assist please with the following query regarding the ISO 9001:2015 internal audit matrix.

Our external auditing company provided a sample internal audit matrix which is not company specific. On their example, they used the following processes (which differ to our company's processes):

Leadership
Purchasing
Quality
Sales
Production/Service Planning
Production/Service Provision
Production/Service Provision

My question is, do you have to use your own company processes specific to the Process Overview sheets or can you use the generic examples listed above?

Any advice would be greatly appreciated!
Hi - first post. Do you mean your registrar? If they give you a specific tool, doesn't that constitue consulting?
 
R

ReworkIT

#8
You always need to audit to the processes as defined by your company.
I've noticed similar statements (some registrars have a similar statement on their website that says it's a requirement) but I can't find in ISO where it says processes have to be audited. It says that process have to be taken into consideration, but I can't see where it says I have to audit a process. I was taught that often the problems happen BETWEEN processes.

Can anyone help me where this is indicated?
 

Kronos147

Trusted Information Resource
#9
Since we have process-based systems that are focused on meeting requirements, it is vital we understand those requirements.

In our process ID map in our quality manual, we recognize the processes and the requirements of the processes. Here is a small example-
All Processes:
0.1 General, 0.3 Process Approach, 0.3.1 General, 0.3.2 Plan-Do-Check-Act, 0.3.3 Risk-based Thinking, 4. Context of the Organization, 5.1.2 Customer Focus, 5.2 Policy, 5.3 Organizational Roles and Responsibility, 7.1.2 People, 7.1.3 Infrastructure, 7.1.4 Environment for the Operation of Processes, 7.4 Communication, 7.5 Documented Information, 8.7 Control of Nonconforming Outputs, 10.3 Continual Improvement

Threaded Requirements:
-Risks and Opportunities (many clauses)
-Process Approach (many clauses)
-Change Management (many clauses)

Management:
4.1 Understanding the Organization and Context, 4.2 Understanding the Needs and Expectations of Interested Parties, 4.3 Determining the Scope of the AQMS, 4.4 QMS and its Processes, 5.1 Leadership and Commitment, 6.2 Quality Objective and Planning to Achieve Them, 7.1 Resources, 8.1 Operational Planning and Control, 9.1 Monitoring, Measurement, Analysis and Evaluation, 9.1.2 Customer Satisfaction, 9.3 Management Review, 10. Improvement

Purchasing:
8.1.4 Prevention of Counterfeit Parts, 8.4 Control of Externally Provided Processes, Products and Services, 8.4.2 Type and Extent of Control, 8.4.3 Information for External Providers

This same information is also provided on the process work instruction "index" we created, and on the internal audit form. It's only fair we make people aware of their requirements. It's necessary to identify them in the internal audit program.
 
Last edited:

howste

Thaumaturge
Super Moderator
#10
I've noticed similar statements (some registrars have a similar statement on their website that says it's a requirement) but I can't find in ISO where it says processes have to be audited. It says that process have to be taken into consideration, but I can't see where it says I have to audit a process. I was taught that often the problems happen BETWEEN processes.

Can anyone help me where this is indicated?
The context of my post you quoted was in response to a question about auditing a set of generic processes OR the processes specific to their company. Given the choices, the company's own processes is the clear winner.

I agree that there is no "shall" that says that internal audits are required to be based on processes. However, given the Process Approach (0.3) which leadership shall promote (5.1.1d), the fact that the QMS is managed using these processes (4.4.1), and that these processes shall be evaluated (4.4.1g) anyway, why wouldn't we audit using them as the basis of the audit planning?

The standard says that we shall audit to determine whether the QMS meets requirements and is effectively implemented and maintained. Unless you go out and audit the whole QMS at once (unlikely), you will need to break the elephant into bite sized pieces. It makes sense to use the processes for this. We may sometimes also need to do some focused audits on particular requirements that cover multiple processes - these might not be process audits.

I also agree that problems happen in the interactions between processes. That's why whenever I audit a process I make sure to cover the interactions on both ends. If I audit all processes in this way, covering the "in between" parts should be covered twice - the input direction from the receiving process and the output direction from the sending process.
 
Thread starter Similar threads Forum Replies Date
C Internal Audit - Process Clause Matrix / Audit Checklist ISO 13485:2016 - Medical Device Quality Management Systems 7
N Comprehensive Compliance Matrix for Internal Audit Checklist Other Medical Device Regulations World-Wide 1
V Process and Internal Audit Criteria matrix wanted Internal Auditing 8
I Internal Audit Matrix Template AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 11
Q ISO 13485, FDA's QSR, CMDR, MDD: Seeking Internal Audit Correlation Matrix Various Other Specifications, Standards, and related Requirements 3
A ISO 9001-14001 Internal Audit Matrix ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
C Simple TS16949 Internal Audit Check List / Matrix Internal Auditing 4
T Seeking ISO 9001:2000 Internal Audit Matrix Examples Internal Auditing 7
Q Easy CARs for Internal Audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 14
A Internal audit plan and processes for ISO 14001:2015 ISO 14001:2015 Specific Discussions 3
C API Q1 internal audit report Internal Auditing 3
P Filled in F48/F49 for internal audit ISO 17025:2017 Internal Auditing 1
J Internal audit random sampling methodology Internal Auditing 2
G Organizing internal audit program for an Integrated QHSE Management System Internal Auditing 13
W How do you phrase your internal audit questions? Internal Auditing 3
M IATF - Internal Audit 3 year span Internal Auditing 4
Q ISO 9001-2015 Internal audit finding Internal Auditing 12
lanley liao How to understand this words that the planning of internal audit shall take into consideration the results of previous audits? Oil and Gas Industry Standards and Regulations 10
A Add MDSAP to Internal Audit Schedule Medical Device Related Regulations 0
J IATF 16949 Internal Audit question - Auditor's responsibility Internal Auditing 6
S IATF 16949 Internal Audit Example IATF 16949 - Automotive Quality Systems Standard 15
R AS9100D internal audit checklist or ISO 9001 2015 to AS9100 D AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
M ISO 13485:2016 internal audit checklist Medical Device and FDA Regulations and Standards News 8
A Internal Audit Questions ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
salaheddine96 Internal audit planning Internal Auditing 2
M ISO 9001 Major Nonconformance Internal Audit Schedule/COVID-19 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
E MDR internal audit Internal Auditing 1
U Internal Auditor not trained but done Audit for some process Nonconformance and Corrective Action 5
B Looking for 10 Internal Audit Online Training Participants ISO 17025 related Discussions 2
H AS9100 Checklist for Internal Audit needed AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
A What are the pros and cons of using an audit software for internal auditing? General Auditing Discussions 7
F Internal Audit before Pre-Assessment ISO 17025 related Discussions 2
Q Internal audit plan template Internal Auditing 12
L Internal audit during COVID-19 restrictions ISO 13485:2016 - Medical Device Quality Management Systems 5
O ISO13485 implementation - Are internal audits expected before stage 1 audit? Design and Development of Products and Processes 3
B Using Unreleased Documents & Process Maps for Internal Audit purposes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
N Small Company - Internal audit process - Who does the audit? Internal Auditing 16
J Does anyone have an excel IATF 16949 Internal Audit checklist I could use? IATF 16949 - Automotive Quality Systems Standard 7
G Addressing Non-Conformances from an Internal Audit that are not product related ISO 13485:2016 - Medical Device Quality Management Systems 11
S Internal audit discrepancy - We missed a few audits that were scheduled Internal Auditing 12
Raffy ISO 14001 9.2.2 Internal Audit Programme Content Internal Auditing 10
N Internal Audit Schedule – Who gets to set the schedule? Internal Auditing 16
V IATF 16949 9.2.2.1 Internal Audit Program - "Process Changes" IATF 16949 - Automotive Quality Systems Standard 11
G Non Conformance During ISO 9001 Audit - Not All Internal Audits Completed General Auditing Discussions 19
B Using external FDA and ISO 13485 audit as internal audit Internal Auditing 6
T Internal Audit Schedule when Hiring Out Internal Auditing 7
D ISO 9001:2015 Internal Audit Training Advice Internal Auditing 10
M Internal audit consultant ISO 13485 (English speaker) Consultants and Consulting 3
S Implementing a 45001 Health & Safety standard - Internal audit plan wanted Internal Auditing 1
F Internal Audit - Procedure example Internal Auditing 5

Similar threads

Top Bottom