Internal Audits - Changing from Check Lists to Process Approach

B

behoops

#1
We have been conducting internal audits for several years now. We have seven well trained, experienced auditors. When we made the transition to 9001:2000 we also changed our audit methodology from an element based approach to a process based approach. We now see a problem in that we have maintained our element based audit checklist. We are considering changing our checklist to something that is more suited to the process approach we are using.
We are worried that we may violate some ISO condition by doing this. An example:
5.3.1c) our checklist asks- “Does top management ensure that the quality policy provides a framework for establishing and reviewing quality objectives” This question has the same answer at every audit, and will have forever.
Must we address every sub article or can we develop questions that suit the process.
As in a production process audit we may only ask questions about how the policy is communicated and understood as opposed to its review by top management.
Please give us your thoughts and suggestions on this matter.
 
Elsmar Forum Sponsor

Al Rosen

Staff member
Super Moderator
#2
behoops said:
We have been conducting internal audits for several years now. We have seven well trained, experienced auditors. When we made the transition to 9001:2000 we also changed our audit methodology from an element based approach to a process based approach. We now see a problem in that we have maintained our element based audit checklist. We are considering changing our checklist to something that is more suited to the process approach we are using.
We are worried that we may violate some ISO condition by doing this. An example:
5.3.1c) our checklist asks- “Does top management ensure that the quality policy provides a framework for establishing and reviewing quality objectives” This question has the same answer at every audit, and will have forever.
Must we address every sub article or can we develop questions that suit the process.
As in a production process audit we may only ask questions about how the policy is communicated and understood as opposed to its review by top management.
Please give us your thoughts and suggestions on this matter.
I created check list questions based on the procedure and clauses appropriate to the process being audited.
 

Cari Spears

Super Moderator
Staff member
Super Moderator
#3
Al Rosen said:
I created check list questions based on the procedure and clauses appropriate to the process being audited.
That's what I've always done - even before the "process approach". I used to make a copy of the procedure and the section of the standard and just scribble questions or make notes to ask to see records, etc. in blue ink - then I scribbled my observations on the same copy in red ink. This was my checklist and my record of observations/findings. Then I formalized the findings and observations on the Internal Audit Report form.

Now I use a more detailed approach - but still the same basic principal.

behoops - search through the "Auditing including ISO19011" forum. Many of us have posted our forms, checklists, process maps, etc.

Also, FWIW, I (in my Management Representative capacity) ensure we comply with the standard - our auditors audit for compliance to our procedures only.
 
Last edited:
Q

qualeety

#4
An example:
5.3.1c) our checklist asks- “Does top management ensure that the quality policy provides a framework for establishing and reviewing quality objectives” This question has the same answer at every audit, and will have forever.

if you change the question to "how does top management............."...will you get the same answer as "does top management....."?

the objective evidence should be same but the process of obtaining the objective evidence should be differ....

for example...

2003
quality policy -> customer satisfaction
quality objective (in my case, we call this quality goals) - > reduce customer returns
quality target -> -10% from last year

2004
quality policy -> customer satisfaction
quality objective -> decrease internal failures
quality target -> -20% from last year

reason for the change - the management felt RIO (return on investment) for a new quality objective was better than continuing 2003 quality objective

the objective evidence = minutes of meetings, monthly/yearly reports, etc.

In my case, we try to ask.....input (what are they), process (what are we doing) and output (what are they) for every process..
 
C

cjvo77

#5
If you use the process approach and map out your processes correctly, you should be able to use your process maps as checklists and take notes as you audit. This will also cover all of the sections of the standard
 

Randy

Super Moderator
#6
Don't get too wrapped around the axle with this. Think about the "process" itself (no pun intended).

If you audit a process that is controlled through a procedure a simple question that can be asked is whether or not employees are aware of the procedure and how to access and use it. That one question and associated response can cover half a dozen "clauses" such as 4.2.1d, 4.2.3, 5.5.1, 5.5.3, 6.2.1, 6.2.2 and so on. Also while the audit is being performed are you also not obtaining evidence of meeting 8.2.2, 8.2.3, 8.4, 8.5.1, 8.5.2, & 8.5.3 as well?


You've been doing it, you just haven't recognized it as such.
 
C

cochranemurray

#7
You may get the same answer from top management each time, but does the response from them ring true and is it reflected by others in the company. By asking others appropriate questions, you should find out whether top management is cascading the policy down through the whole company.
 
H

H?ctor - M?xico

#8
behoops said:
We have been conducting internal audits for several years now. We have seven well trained, experienced auditors. When we made the transition to 9001:2000 we also changed our audit methodology from an element based approach to a process based approach. We now see a problem in that we have maintained our element based audit checklist. We are considering changing our checklist to something that is more suited to the process approach we are using.
We are worried that we may violate some ISO condition by doing this. An example:
5.3.1c) our checklist asks- “Does top management ensure that the quality policy provides a framework for establishing and reviewing quality objectives” This question has the same answer at every audit, and will have forever.
Must we address every sub article or can we develop questions that suit the process.
As in a production process audit we may only ask questions about how the policy is communicated and understood as opposed to its review by top management.
Please give us your thoughts and suggestions on this matter.
I noticed that nobody has replied in ten months!!! why???

Let me tell you what we are trying to do:

We perform internal audits just following the concerned flowcharts. Most of our procedures are flowcharts and all of them comply with ISO 9001:2000. We were certified one and a half year ago, so somehow our system documents comply with ISO.

We start our audit identifying one or two products which are ready for shipment and, then, we start the audit process since the P.O. for those products was received and accepted by us until they are released for shipment.

Obviously, we have to go through several departments in a sequence like this:

sales>>>credit/collectables (accounts receivables)>>>purchasing>>>production... warehouse>>>distribution (customer delivery).

Of course there is more involved... I'm just trying to get something going on.

The message here is forget about the boring check list (dead bodies) and think process, process, process... (alive bodies).
 

Antonio Vieira

Involved - Posts
Trusted Information Resource
#9
Héctor,
What I normally do is turning the procedure “up side down”...
If it’s written “The operator must do this and this...”, the question related to this activity should be “Does the operator did this and this...”
This way we can check every activity and inclusive if the procedure is correct. :cool:
 
J

JWenmeekers

#10
António Vieira said:
If it’s written “The operator must do this and this...”, the question related to this activity should be “Does the operator did this and this...”
This way we can check every activity and inclusive if the procedure is correct. :cool:
Is also one of my tools. Take all the descriptions of must, do, action... etc out of the procedure and ask 'does it..?'.
The 'why' gives you an answer/insight and the 'why not' gives you insight/answer...

Basically you just check the PDCA cycle....

:topic:
Héctor said:
I noticed that nobody has replied in ten months!!!
Last post was from cochranemurray / 17th June 2005 02:38 AM
December 2005 - June 2005 = 6 months
;)
 
Thread starter Similar threads Forum Replies Date
F Changing the Frequency of Internal Audits - ISO/TS 16949 Internal Audit Requirements Internal Auditing 5
C Changing Internal Audit Program - Regional Manager Online Audits Internal Auditing 2
lanley liao How to understand this words that the planning of internal audit shall take into consideration the results of previous audits? Oil and Gas Industry Standards and Regulations 10
M ISO13485:2016, MDSAP and Internal Audits ISO 13485:2016 - Medical Device Quality Management Systems 8
S Would this be a second site for the purposes of internal and third party audits? General Auditing Discussions 4
J ISMS - Internal Audits Internal Auditing 3
L Documented Information in Internal Audits Process (9.2) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
D CB and customer audits considered as internal audits? General Auditing Discussions 9
R IATF 16949 - Outsourcing of internal audits Internal Auditing 10
M Major vs. Minor for Internal Audits? Internal Auditing 10
C Internal Audits in a tiny Dx Company Internal Auditing 33
N Sampling Plan for Internal Audits - ISO 2859 or 3951 - Or Neither? Internal Auditing 6
O ISO13485 implementation - Are internal audits expected before stage 1 audit? Design and Development of Products and Processes 3
O Informational Scaling back internal audits due to corona virus while avoiding a NC Internal Auditing 7
G Internal Audits and Employee engagement Internal Auditing 16
S Internal audit discrepancy - We missed a few audits that were scheduled Internal Auditing 12
F ISO 17025 8.8 Internal Audits in a segmented company ISO 17025 related Discussions 5
qualprod Internal Audits - Categories of non conformances Internal Auditing 12
G Non Conformance During ISO 9001 Audit - Not All Internal Audits Completed General Auditing Discussions 19
K A way to monitor our Internal Audits as a KPI AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 7
blackholequasar Internal Auditing Inspiration - Getting volunteers to perform internal audits. Internal Auditing 22
A External Auditor issue with Internal Audits Internal Auditing 7
W Internal Auditing carried out by a 3rd party - Review of previous audits AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
E Informational Internal Audits - Wear multiple hats what can and can't I audit (so I'm not auditing my own work) Internal Auditing 149
Gman2 Quality Record Retention (Internal Audits, CA's) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
T Informational What is the purpose of Internal Audits? Internal Auditing 27
F API Spec Q1 9th Edition Surveillance Audit - Questions about internal audits. Oil and Gas Industry Standards and Regulations 22
Pmarszal ISO 19011:2018 - Risk Based Approach for planning, conducting and reporting of internal audits Internal Auditing 8
R ISO 13485:2016 Registration - NC on full cycle of internal audits ISO 13485:2016 - Medical Device Quality Management Systems 7
J Internal Audit clarification - How to perform the audits IATF 16949 - Automotive Quality Systems Standard 6
S Corrective Action from Internal Audits not performed ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 24
W FAA Advisory Circular (AC) Requirements (FAA AC 00-56) - Internal Audits AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
B Going into IATF 16949 transition without Internal Audits IATF 16949 - Automotive Quality Systems Standard 4
S Internal Audits performed by another local business ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 26
K No Internal Audits For Upcoming IATF Trans Audit IATF 16949 - Automotive Quality Systems Standard 5
J Supporting Processes - Internal Audits - Need help settling a debate IATF 16949 - Automotive Quality Systems Standard 4
K AS9100 Rev. D Transition - Internal Audits & Gap Analysis Requirements AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 14
J Internal Audits - Closing Audit Deficiency Reports (ISO 13485) Internal Auditing 4
S Is Audit Plan / Agenda required for Internal Audits? Internal Auditing 2
J ISO 9001:2008 - Can I still conduct Internal Audits in my company? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
F What is your favorite software for ISO 9001:2015 Internal Audits? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
C ISO 9001:2008 Surveillance Audit - No Internal Audits Internal Auditing 9
J Dinged on Internal Audits for supervising an auditor I was training Internal Auditing 10
Marc ISO 9001:2015 vs. 2008 - Internal Audits - What changes are you making? Internal Auditing 44
M Are auditing checklists required for Internal Audits? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
dubrizo Internal Audit Value - What is the point of conducting internal audits to a checklist Internal Auditing 40
D Using consultants for Internal Audits Internal Auditing 24
O New Job 1 Month from Recertification Audit - Missing Documents, no Internal Audits ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 25
R How do I conduct my API Q1, ISO compliant internal audits? Internal Auditing 1
F Is it good to outsource the Internal Audits? Quality Manager and Management Related Issues 16

Similar threads

Top Bottom