Internal auditing - Changes after recently changing to 9001:2000

N

nicola

#1
I have recently been employed with the main function of assisting in the move from the 1994 standard to the 9001:2000 standard. I am finding it difficult to convince the management that the conversion isn't merely a documentation issue, but involves changing the way they do things (particularly with regards to the process approach, continual improvement, customer satisfaction).

An external auditor raised the issue that our internal auditing procedures need to be adapted in order to comply with the new standard. This is now my task. The problem is that I am having a challenging time trying to convince the management that they need to trust the changes that I want to make.... and their resistance is making me question whether I am approaching this correctly.

Firstly, I believe that the audit plan must extend to include every area within the company. This includes purchasing, planning, development, etc... where before auditing was only done on the manufacturing processes. Am I correct? This morning I had a discussion with my boss who said that we can't plan when an audit must be done, because we can't predict when problems occur - which is an issue on it's own because the company is working more with corrective action rather than with preventative action. In fact, there are no preventative action measures and I'm beginning to doubt their understanding of the difference between the two. They believe that preventative means to prevent it from happening again....

Secondly, Currently the internal audits only check if the procedures and work instructions are being followed. My problem is - How do we know that the procedures and work instructions are giving us the required results? and how can we continually ensure that they follow the standared? To meet this criteria, I have created a form/checklist, but am encountering resistance to the change.

Thirdly, management believe that continual improvement can be solely be covered by the auditing process and as I mentioned above, the auditing style assumes that the process is correct and only checks to see if the process is being followed... I have argued my point a number times and believe that I am making progress is changing the way of thinking (well at least within the quality department)

Essentially I believe that the problem is in the definition of a process. Currently management define 'process' as a step in manufacturing a component, but I need to open their eyes to the the fact that processes exist from when you take the order to when you get customer feedback. These process must also be measured and monitored and they also use equipment that must be included in the calibration system. I've created a process flow diagram of the entire company, now we must created a system that works around it.

I've attached an audit plan that I would like to suggest to the company as well as an audit checklist (I understand that they will still need some work, and I particularly want to double check the referances to the iso standard). I would appreciate any feedback or ideas. Most of all, I would like to know if I'm approaching this in the right way, because all this resistance is making it easy for me to doubt my approach.

Thanks
Nicola
 

Attachments

Elsmar Forum Sponsor
B

BEVel

#2
You may be looking at two different sides of the coin

Hi Nicola~!

It's hard for people to change, much less an organization.

First, you must win over your management's support. It's not easy to do, but at least have a meeting on a comparison between ISO 9001:2000 and 1994 requirements (like a table). That way, it'll be easier for them to see what they must change.

Second, show them a scheduled plan on how you propose to do these changes. Give them a bird's eyeview and the relevance of your actions. Don't just shove them endless checklists. they'll think these are useless surveys or paperworks from the newbie.

There are many forums here on how you can go about upgrading. Expect endless delays, but hang in there!:bigwave:
 
J

Joe Cruse

#3
It sounds like they are a bit confused on continual improvement and how to do it vs the internal audit process. Internal audits are not a function of the corrective action system, although thay can be part of CA. Internal audits CAN be planned, and in fact ARE to be planned, according to the standard in section 8.2.2. It's up to your organization to determine the scope, criteria, frequency, and methods for doing this. Internal audits SHOULD be value-adding activities, not only checking conformance to the standard of your qms, but taking a look at your processes for opportunities for improvement (preventive action and continual improvement).

Look in the Auditing section of this Forum, there is a LOT of good material of the process approach and how to think and audit in this manner.

If continual improvement is only covered through the internal audit process, and your mgt thinks that audits are only for CA, that is not good thinking. Improvement should be going on without having to respond to process problems, complaints, and corrective action requests. That's not very sound business management. My take anyway.

Good luck with this.
 

RoxaneB

Super Moderator
Super Moderator
#4
nicola said:
Firstly, I believe that the audit plan must extend to include every area within the company. This includes purchasing, planning, development, etc... where before auditing was only done on the manufacturing processes. Am I correct? This morning I had a discussion with my boss who said that we can't plan when an audit must be done, because we can't predict when problems occur - which is an issue on it's own because the company is working more with corrective action rather than with preventative action. In fact, there are no preventative action measures and I'm beginning to doubt their understanding of the difference between the two. They believe that preventative means to prevent it from happening again....
Audits can be planned and should be planned to ensure that the necessary resources are available to conduct the audit (both on the part of the audit team and the part of the auditee). An audit is not to be conducted just because a problem occured...an audit is to ensure conformance (or is it compliance?) between the requirements and process.

As for the definitions of corrective and preventive action, that is a whole separate thread or two. If you do a search here on the Cove, you'll have many hits on exactly this dicussion.

nicola said:
Secondly, Currently the internal audits only check if the procedures and work instructions are being followed. My problem is - How do we know that the procedures and work instructions are giving us the required results? and how can we continually ensure that they follow the standared? To meet this criteria, I have created a form/checklist, but am encountering resistance to the change.
How will the checklist assist you in determining if the required results are being attained? Ensuring that standardized processes are being followed is one thing. And you are right to want to see if the required results are being attained. Does your company use Key Performance Indicators or have metrics that are regularly updated to show if goals are being met? What about your company objectives? How do you demonstrate that those are being met?

nicola said:
Thirdly, management believe that continual improvement can be solely be covered by the auditing process and as I mentioned above, the auditing style assumes that the process is correct and only checks to see if the process is being followed... I have argued my point a number times and believe that I am making progress is changing the way of thinking (well at least within the quality department)
Provide a copy of 8.5.1 in common english to your management and provide examples of how you believe the company meets each of the stated ways to demonstrate continual improvement. Or, for a more fun exercise, provide management with a list of the ways ISO 9001 says you can demonstrate continual improvement and have them provide company examples. :)

ISO 9001 8.5.1 Continual improvement said:
The organization shall continually improve the effectiveness of the quality management system through the use of the quality policy, quality objectives, audit results, analysys of data, corrective and preventive actions and management review.


Auditing these topics will not demonstrate continual improvement. Showing that the process for establishing and maintaining and reviewing them will. Showing that concepts like the policy and objectives are dynamic will. Showing that management review is less of a presentation on your part and more of discussion with value-added outputs from them will.

Best of luck!



Essentially I believe that the problem is in the definition of a process. Currently management define 'process' as a step in manufacturing a component, but I need to open their eyes to the the fact that processes exist from when you take the order to when you get customer feedback. These process must also be measured and monitored and they also use equipment that must be included in the calibration system. I've created a process flow diagram of the entire company, now we must created a system that works around it.

I've attached an audit plan that I would like to suggest to the company as well as an audit checklist (I understand that they will still need some work, and I particularly want to double check the referances to the iso standard). I would appreciate any feedback or ideas. Most of all, I would like to know if I'm approaching this in the right way, because all this resistance is making it easy for me to doubt my approach.

Thanks
Nicola[/QUOTE]
 
#5
Getting to basics.......

Hi Nicola:

I suggest that since you're responsible for implementation, your best course of action is to get the management team on the same page. Firstly, if you have a budget to do this, get someone to do a gap assessment. I'd advise you don't use a registrar, but your call. The gap should show your management three things:-
What ISO9K2K requires but you don't do
What you have in place that ISO9K2K requires and you can leverage from the '94 version
What must be improved to be effective.

I'd also suggest they get some 'overview' training for the management from some kind of consultant or similar with a track record of helping implementation support. Make certain that the training shows you what the benefit of a good qms is, not just registration.

You should get auditor training too, if you didn't get it yet.

These are basic requirements for you and the company to be successful.

Andy
 
Thread starter Similar threads Forum Replies Date
S ISO 9001:2015 Internal Auditing Internal Auditing 8
A What are the pros and cons of using an audit software for internal auditing? General Auditing Discussions 7
S Risk based internal auditing Internal Auditing 6
F AS9100D Internal auditing requirements Internal Auditing 11
R Does any here use an internal auditing tool that works on different platforms? Internal Auditing 3
W Does anyone have an API Q2 checklist for internal auditing? Oil and Gas Industry Standards and Regulations 1
blackholequasar Internal Auditing Inspiration - Getting volunteers to perform internal audits. Internal Auditing 22
W Internal Auditing carried out by a 3rd party - Review of previous audits AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
S Internal Auditing for API Spec Q1 - auditor qualification requirements Oil and Gas Industry Standards and Regulations 6
E Informational Internal Audits - Wear multiple hats what can and can't I audit (so I'm not auditing my own work) Internal Auditing 149
N Online Internal Auditing Course for ISO 13485 - Suggestions ISO 13485:2016 - Medical Device Quality Management Systems 8
U Internal auditing - Company employees or contract second party Internal Auditing 10
K Internal Auditing - Umbrella QMS and Multiple Standards Oil and Gas Industry Standards and Regulations 4
D Auditing Our Outsourced 2nd-3rd Party Internal Audit Company ISO 13485:2016 - Medical Device Quality Management Systems 6
G AS9101 Rev F - Worksheets for internal auditing AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 11
S ISO 13485:2016 and MDSAP internal auditing ISO 13485:2016 - Medical Device Quality Management Systems 6
S ISO 9001:2015 - Internal Auditing - Audit to the Standard? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
R Internal Auditor auditing Internal Audit Procedure (AS9100) Internal Auditing 18
M Is Automated Internal Auditing Possible? Internal Auditing 13
C Internal Auditing Requirements (ISO 9001:2008) Internal Auditing 3
L Auditing Design and Development in ISO 9001 (Internal Audit) Internal Auditing 1
sswaim Auditing Internal Laboratory Personnel for Competence General Auditing Discussions 4
K Internal Auditing a previous Nonconformance? Internal Auditing 19
P Recommended books on ISO 27001:2013 Implementation and Internal Auditing IEC 27001 - Information Security Management Systems (ISMS) 4
M Are auditing checklists required for Internal Audits? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
B ISO/TS16949 Internal Auditing - How many auditors? Internal Auditing 4
B PFMEA, Internal Auditing, Corrective Action Training In Native Language (China) Training - Internal, External, Online and Distance Learning 1
Gman2 Internal Auditing Requirements before ISO 9001 Registration ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
S Auditing TS 16949 Cl. 7.6.3.1 - Internal Calibration Laboratory Requirements IATF 16949 - Automotive Quality Systems Standard 8
T ISO 9001 Internal Auditing Auditor Training in Amsterdam Training - Internal, External, Online and Distance Learning 1
S In an internal auditing desert and I'm the only one here.... AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 15
G Internal Auditing in a Multi-Site Environment ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 17
B Internal Auditing of MDD and CMDR Requirements Other Medical Device Related Standards 5
O Internal Auditing in small Engineering company ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
T Looking for a webinar on Internal Auditing General Auditing Discussions 3
R On Auditing Internal Audit Process - How Independence can be Established Internal Auditing 4
D Auditing Abroad - Internal Audits of our European Sister Companies ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 16
R Auditing a process outside the realm of the formal Internal Audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
G New to Internal Auditing - Best questions to ask? Internal Auditing 17
M Auditing the Internal Audit Process - 8.2.2 General Auditing Discussions 2
J Auditing the Internal Auditing Process - Audit Nonconformance General Auditing Discussions 3
S Internal Auditing related to RISK Internal Auditing 9
W Internal Auditing - Observational Checklist for a Behavior Based System Internal Auditing 3
R Internal Auditing Checklist - Major NCR because the Checklist was not Completed Internal Auditing 17
V Depth of Internal Auditing and Training aspects in Research & Development (R & D) Internal Auditing 4
N Good Internal Auditing Training Courses Training - Internal, External, Online and Distance Learning 13
L Internal Auditing Reports / Documents - Design and Content Document Control Systems, Procedures, Forms and Templates 1
N Recommend internal auditing training 101 please (Tucson or Phoenix, AZ) Training - Internal, External, Online and Distance Learning 1
L Internal Auditing - How can I audit my QMS independently? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
C Internal Auditing - How to make it useful? Internal Auditing 36

Similar threads

Top Bottom