ISO 9001 3rd Party Audit Preparation - Open Issues Aspects

F

fuzzy

Re: 3rd party audit prep

Thanks for all the input. To answer a few of your questions.
This is surveillance to ISO9001:2000
Yes I have reviewed the results form the last external audit and made some changes and progress towards the responses that were given to the auditor, but I am also finding out that the person before me filled out the reponses but did not do anything to fix the issues.
We are performing internal audits at this time to determine where we really are. (And it's not good)
I know I have to come up with some major plan here to hopefully by some time to fix things. I have ran into problems similar to this before, but never of this magnitude.
Thanks
Angie

I would, from my similar experiences, like to reinforce the multi-level benefit of issuing CAR's as you discover / document these gaps. With this much experience I doubt that you will over-reach as to what is truely a NC vs. an opinion over methodology or style.:notme: So when you have your total NC picture clarified, then as suggested by other wise Covers, use a risk assessment method to prioritize your fixes. I would use my old "Diamonds of ISO" framework (from a UL auditor): Each of the six required documented procedures are the key processes that determine the health of the ISO system. NC's that bear on any of those six processes would be at the top of my list. If my audit process is broken, what have I got? Jack squat...:frust:
And of course, the benefit on another level is showing how you will steward an effective CA / PA system by working your findings through the cycle. Best of Luck. :cfingers: Work the Process!!:applause: Oh and ask Randy for his menu...:lmao:
 
Last edited by a moderator:
A

acook81

Re: 3rd party audit prep

Angie,

When the original registration audit and surveillance audits thereof were performed, what has changed other then what you have defined, and excluding Management?

From what I can tell so far, it looks like resources were provided for implementation and just not carried through to maintain. The position I am now in was first handled by a somewhat knowledgable person, but since that time they have pretty much just put a warm body in it's place and it appears that Management has just taken for granted that whatever that person told them was true (example: in management review reports all corrective actions had been addressed and closed, even the QA Manager beleived this to be true) But when I came aboard I found open CA's dating back as far as 2002. Since corrective action effectiveness was a finding in the last audit, I, of course, took immediate action to try to go back and close out any open issues. Which all parties have stated that the issues were addressed, that evidence was collected, but I can't find anything to back up what they are saying.
And with everything I am finding thus far, I really wonder about the credibility of the 3rd party auditor. I mean, how have things went on this long and not been brought up by a 3rd party.
Another issue I have seen and put a stop to is that a lot of "light duty" people are brought up to do adminstrative type paperwork (filling records, updating master books of documents, etc)
All in all it just has not been managed at all, document control is out of hand, training records have not been maintained at all, corrective action effectiveness not even checked, but documented as closed with no evidence to do so. Management review lacking key indicators of process/system proformance. I just don't know how it has went on this long.
 

Jen Kirley

Quality and Auditing Expert
Leader
Admin
Re: 3rd Party Audit Preparation

So much good advice so far.

I suggest it's already time to run a short temperature check of whether you belong there or not.

Given the list and types of things you have divulged, I venture to say your employer wants a magician and doesn't care much, if any about the system--you know the type, the certificate is what matters. "Git 'er done."

I expect the problems you have already observed would plague you until the end of your days there. Unless management gets on their knees and begs you, you might just as well move on down the road to some place that doesn't treat Quality like an afterthought.

:2cents:
 

Coury Ferguson

Moderator here to help
Trusted Information Resource
Re: 3rd party audit prep

From what I can tell so far, it looks like resources were provided for implementation and just not carried through to maintain. The position I am now in was first handled by a somewhat knowledgable person, but since that time they have pretty much just put a warm body in it's place and it appears that Management has just taken for granted that whatever that person told them was true (example: in management review reports all corrective actions had been addressed and closed, even the QA Manager beleived this to be true) But when I came aboard I found open CA's dating back as far as 2002. Since corrective action effectiveness was a finding in the last audit, I, of course, took immediate action to try to go back and close out any open issues. Which all parties have stated that the issues were addressed, that evidence was collected, but I can't find anything to back up what they are saying.
And with everything I am finding thus far, I really wonder about the credibility of the 3rd party auditor. I mean, how have things went on this long and not been brought up by a 3rd party.
Another issue I have seen and put a stop to is that a lot of "light duty" people are brought up to do adminstrative type paperwork (filling records, updating master books of documents, etc)
All in all it just has not been managed at all, document control is out of hand, training records have not been maintained at all, corrective action effectiveness not even checked, but documented as closed with no evidence to do so. Management review lacking key indicators of process/system proformance. I just don't know how it has went on this long.

Thanks for answering/clarifying my question.

After reviewing what Jennifer has recommended, I am leaning toward her possible solution of considering why you are there. Without the support of the Top Management there is a potential of failure. It looks as if the company wants the piece of paper, not to improve the Business. This is definitely not the ideal situation for anyone to be in.

My recommendation is to have a Top Level meeting with Management and explain the importance of the documented Business system. You will need to explain the "how", "why" and "what" is in it for them. Once you have had this meeting with top management and (hope) they seem to understand the importance, contact your registrar and reschedule the surveillance audit. I may even consider letting the current certification expire and consider planning later down the road to get the certification. In my opinion.

These decisions are going to be up to you (mostly) and top management, but you will have to take the lead.

I feel for you and I understand your pain.

If you need anything else, either post or PM me, and I will try to help you get thru this.
 
P

potdar

Re: 3rd party audit prep

From what I can tell so far, it looks like resources were provided for implementation and just not carried through to maintain. The position I am now in was first handled by a somewhat knowledgable person, but since that time they have pretty much just put a warm body in it's place and it appears that Management has just taken for granted that whatever that person told them was true (example: in management review reports all corrective actions had been addressed and closed, even the QA Manager beleived this to be true) But when I came aboard I found open CA's dating back as far as 2002. Since corrective action effectiveness was a finding in the last audit, I, of course, took immediate action to try to go back and close out any open issues. Which all parties have stated that the issues were addressed, that evidence was collected, but I can't find anything to back up what they are saying.
And with everything I am finding thus far, I really wonder about the credibility of the 3rd party auditor. I mean, how have things went on this long and not been brought up by a 3rd party.
Another issue I have seen and put a stop to is that a lot of "light duty" people are brought up to do adminstrative type paperwork (filling records, updating master books of documents, etc)
All in all it just has not been managed at all, document control is out of hand, training records have not been maintained at all, corrective action effectiveness not even checked, but documented as closed with no evidence to do so. Management review lacking key indicators of process/system proformance. I just don't know how it has went on this long.

Well Angie, just relax. No need to :( :mad: :confused: :mg: :frust: :nope: and definitely dont :argue: with anybody around. That wil only further increase your woes. I have seen this situation from all three sides. As an MR, as a Lead auditor and as a Consultant.

Normally there are two big culprits who facilitate such situations - the Top Management and the Registrar. Normally both are very much aware of it. And normally both wont want to do anything about it. If they did, this wont be the status today. Do you really know whether the then MR told lies in the 2002 MRM or whether the Top Management asked him to report lies?

The time is too short to try and cover the company's butt. Just bother about covering your butt first. as Jim says report to the management in writing about the conditions and the likelyhood of adverse comments from the Third Party in spite of your best efforts. I take it that being an Auditor, you know how to present facts.

Try to start correcting the system. Dont bother about the speed and definitely not any backdated corrections. The dumbest of auditors can tell at a glance when a QMS has been undergoing preparations for an audit. Any QMS that requires preparations is non-functional. They knew it during last so many audits, they accepted it during last so many audits and so, in all probability, they will accept it during the current audit also.

So far so good. Now lets discuss what you would like to do after the audit.

Call it quits. - Start looking today.

Carry on as it is.

Take it up as a challenge and transform the system. The first challenge would be to convert your Top Management to your view because nothing can be accomplished without their support. IF they are converted (thats a big IF) start on the painstaking path of putting the QMS back on the road. And dont hurry too much from the start. These things start slow but once rolling, they pick up their own momentum. Later your job will be to only facilitate. When you have things staightening up at your end, ask your Registrars to tighten up their strings. If they are unable to do it, fire them. Entrust your system to a set of guys with better reputation around.​

Anyway, thats too far in the future. And I know I have already invited many angry posts.;)

But I'll bet my:2cents: , that after the audit you'll say "Oh, why did I bother so much about what to do during the audit. I should have started bothering about what to do after the audit right from the word go!"

Please do come back to this thread with your audit results. Best of luck!!
 

Randy

Super Moderator
Re: 3rd Party Audit Preparation

My real suggestion is actually a comment...if you have to prepare then your system either has not been properly implemented or it is not being properly maintained. If you have to prep "it" then "it" isn't working and you're not ready. A "system", if it is running in a proper fashion, should be able to be audited at any time and be found to be operating as required.

Apparently your system isn't in place and functioning yet.

If I'm told that "we're not ready" or "we haven't had time to prepare" that does nothing more than open an audit trail up for me related to the requirements to "implement" or "maintain".
 
I

IEGeek - 2006

Re: 3rd Party Audit Preparation

I would be curious to hear more from the auditors in our midst relating to this.

If your client (auditee, if you will) called you and informed you of the things we are discussing here, what would be your reaction? Would it be one of, "OK, let's see what you've got and take it from there." Or would it be one of. "I got my pencil sharpened and I want to write some N/C's."

I guess what I would like to determine is that if a auditee was candid and providing the appearance of trying to correct failing system, does that go further than hiding information and steering an auditor away from known problems?

I am sure that auditors have to realize that new quality managers and management reps. have to clean up a lot of sh*t, every time. If the new person is making great strides towards implementing positive cultural change and really working the tools (process audits, CARs, etc) but the timing is off due to their start date and the auditor's arrival, is that not a better approach?

Love to hear your thoughts.

Thanks
 

BradM

Leader
Admin
Re: 3rd Party Audit Preparation

Angie, thanks for sharing your situation.

I learn so much by reading the threads. More than anything, they represent real life, and many times it's not so easy to put a bowtie on it. I would surmise that each of the cove auditors would approach this differently (either from your perspective or the auditors perspective), given their life's experience.

I am a junior auditor compared to most all the auditors here. If I were to audit your facility, one of the first audit preparation tools I would utilize are the previous audit reports and findings. If they have not been addressed, my alert meter will be pegging out.

Next, hopefully I could develop a picture of your organization, and get an idea of the critical processes (what is important). If I observe holes/deficiencies in these processes, my back-up alert meter will be pegging out.

If your previous audit findings are being addressed, the critical processes are not out of control (hopefully I don't miss which is the true critical process), and there is evidence that upper management is sincere about improving/maintaining the quality system, maybe you can squeek by this audit until you can get things under control. As you well know, alert management they may be able to dodge a bullet, but they are quickly reloading!!

I know you're an experienced auditor, and you are probably good enough to "fool the auditor" on a couple of things. I would resist that temptation. First, you have too many problematic areas to try to cover up. Next, if you cover up, and "pass", who would benefit? You did not create this mess, and it was not created overnight.

Off the cuff question: Were there ever any customer audits? Given a moderate product/customer mix, surely some on-site audits would have noted some issues.

Good luck, and again thanks for sharing your issue.
 

SteelMaiden

Super Moderator
Trusted Information Resource
there have been some good comments here. for my :2cents: , get your internal audits performed and write up those findings. Beyond that, I agree with Randy pretty much. Make sure you have your schedule set up, who is guiding, who is picking up lunch, and make sure that everyone who needs to be in the opening and closing meetings is aware of the time.

At this late date, you are probably not going to make any huge difference in the system, but you can make a difference in perception of how you (your company) is reacting to a bad situation.

You really need to decide if you are needed only to get through the surveillance, or if you are wanted to make a difference in the long run. good luck.
 
P

potdar

Re: 3rd Party Audit Preparation

I would be curious to hear more from the auditors in our midst relating to this.

If your client (auditee, if you will) called you and informed you of the things we are discussing here, what would be your reaction? Would it be one of, "OK, let's see what you've got and take it from there." Or would it be one of. "I got my pencil sharpened and I want to write some N/C's."

I guess what I would like to determine is that if a auditee was candid and providing the appearance of trying to correct failing system, does that go further than hiding information and steering an auditor away from known problems?

I am sure that auditors have to realize that new quality managers and management reps. have to clean up a lot of sh*t, every time. If the new person is making great strides towards implementing positive cultural change and really working the tools (process audits, CARs, etc) but the timing is off due to their start date and the auditor's arrival, is that not a better approach?

Love to hear your thoughts.

Thanks

For an auditee who really wants to shape up, the best contribution from an auditor is a frank appraisal of his system with some NCs leading to the root causes of his situation.

A soft approach for being candid is not a help. A constructive approach is. And those NCs are a very important part of it.
 
Top Bottom