ISO Certified! Now, what do I look for in Internal Audits?

V

Vandana Sharma

#1
Hi all,

We have passed the certification audit and we are now an ISO 9001:2000 certified company.

I am now supposed to conduct internal audits for my company and then target for surveillance audits in June 05.

What am I supposed to look for, apart from continual improvement.

Please help.

Vandana
 
Elsmar Forum Sponsor
A

AllanJ

#2
Vandana Sharma said:
Hi all,

We have passed the certification audit and we are now an ISO 9001:2000 certified company.

I am now supposed to conduct internal audits for my company and then target for surveillance audits in June 05.

What am I supposed to look for, apart from continual improvement.

Please help.

Vandana
That, of course, depends on what your management wants or expects from the internal audit program and whatever input it may wish from its supposedly regular management review meetings.

The most basic (I might venture, banal) matter is to look for compliance with the QMS and for the QMS to be compliant with that standard.

If you are unsure of what to look for or how to perform an audit, I would suggest these options:

1. Attend an audit training course. (As I have mentioned in another thread, there are plenty of them around but good ones are in a distinct minority.) If your company will not pay for training, buy a good book on the subject of "management audits" (Wallace at the Cove has some excellent suggestions on what to choose!)

2. Since presumably the registrar has "assessed" your internal audit function as a condition of awarding your ISO 9K certificate, ask whoever was the auditor that has done the internal audits so far what he/ she did. If, though, the registrar has not investigated the existence or efficacy of your company's internal audit programme, ask why your company was awarded the certificate.

3. Engage an outside auditor to perform an audit which you can observe. (A risky choice for one must hope that person is competent.)

4. Next time the registrar arrives watch what he/ she does. (If, as per 2., that registrar has not "assessed" your internal audit programme, I would not consider him/ her competent anyway, as per 3.)
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#3
You look for the same things you looked for (I presume you were involved) in the months before the registration: operations in compliance with the QMS and the standard.

The internal audit program is simply a regular set of checks to ensure the system is functioning as designed, to highlight needs for changes in activities or to note opportunities to improve the system itself.

I agree that an auditing course would make you feel more confident in the planning, execution and followup process of these checks.
 
V

Vandana Sharma

#4
I am a certified Internal Auditor

Thank you, for the immediate responses.

I am a certified internal auditor and a lead auditor. However I am little confused on data analysis, process\product monitoring and measurement.

We are doing same things that we did just before the certification. We have not revised our quality documents except for a quality form and a task procedure. I do not have anything to show for process measurements and improvement in any of the set systems.
 

RoxaneB

Super Moderator
Super Moderator
#5
Vandana Sharma said:
Thank you, for the immediate responses.

I am a certified internal auditor and a lead auditor. However I am little confused on data analysis, process\product monitoring and measurement.

We are doing same things that we did just before the certification. We have not revised our quality documents except for a quality form and a task procedure. I do not have anything to show for process measurements and improvement in any of the set systems.
How does your company ensure that its processes are under control? There must be measurements of some sort. And what is done with this information? Is it acted upon or left to sit on someone's desk?

Data analysis is just that...your company must have lots and lots of data and information. Customer feedback or complaints - does anyone look at the numbers for possible trends? Nonconforming product and corrective actions - does anyone look at the numbers for possible trends? Process and product measuresments - does anyone look at the numbers for possible trends?

You are doing the same things now that you did before. So....what were you doing then with all of this data coming in? How was it being looked at? Was it being looked at? What was being done with it?
 

Randy

Super Moderator
#6
How in the "H" did you guys get registered to ISO 9001:2000 and not know what to look for during internal audits? :jawdrop:

Internal audits should have been taking place before the registration audit not after! :frust:

I'd question this cert.................
 

Hershal

Metrologist-Auditor
Staff member
Super Moderator
#7
COMPLIANCE!!!!!!!!!!

Never, ever, audit to find non-conformities. Examine all available evidence to verify compliance. If there are non-conformities they will show up as you examine the evidence.

Randy, I agree with you.....IA should have been going well before registration.....

Hershal
 
V

Vandana Sharma

#8
Randy said:
How in the "H" did you guys get registered to ISO 9001:2000 and not know what to look for during internal audits? :jawdrop:

Internal audits should have been taking place before the registration audit not after! :frust:

I'd question this cert.................
What is the need to get so.... frustrated... i thought this forum was to get new ideas and suggestions. Ofcourse IA was going well...and will go well.... and we will pass the surveillance audits. Why should anyone question the certification....?

We have quality policy, we have quality manual in compliance to ISO90001:2000, We have departmental objectives, we are improving on our technology and we have satisfied customer. I'm sure that is what compliance is all about!!!

I highly object to the language on the repsonse....
 
V

Vandana Sharma

#9
Thank you... that was much sensible then other responses. Yes we do have bug tracking system in place. These are reviewed periodically by the management. Corrective actions are taken, Preventive actions are initialized. We have management and people involvement and above all we do have satified customers.

As continual improvement, we do have regualr and better interactions with customers for midproject queries etc.

Thanks.
 

RoxaneB

Super Moderator
Super Moderator
#10
Vandana Sharma said:
We have quality policy, we have quality manual in compliance to ISO90001:2000, We have departmental objectives, we are improving on our technology and we have satisfied customer. I'm sure that is what compliance is all about!!!
What we possibly experiencing here is a communication problem, Vandana. Your question was read by several of us to indicate that you don't do Internal Audit, but further communicating indicates that you actually wish to improve upon your audits. Is this correct?

Reading that you have a quality policy and manual is well and good, but do your internal audits investigate how these documents are used and, more importantly, understood by your employees? Do they serve a purpose other than to merely exist? Can the material they contain be better communicated to the employees?

I think it's wonderful that you have satisfied Customers...but how do you know this? What data is being collected and analyzed to verify this statement of yours? That's the kind of "data analysis" you could look at on an internal audit.

Vandana Sharma said:
Thank you... that was much sensible then other responses. Yes we do have bug tracking system in place. These are reviewed periodically by the management. Corrective actions are taken, Preventive actions are initialized. We have management and people involvement and above all we do have satified customers.

As continual improvement, we do have regualr and better interactions with customers for midproject queries etc.
Are the actions taken within your corrective/preventive process verified for adequacy? Are the root causes analyzed to see if there are repeating occurences of root causes (meaning that the problem has not be adequately addressed)?

And, as I said before, it's great that your Customers are happy...what actions are you taking to keep them happy? You are meeting their needs now...are there plans in place to meet their needs in the future?
 
Thread starter Similar threads Forum Replies Date
tony s An organization's Internal Audit Office certified to ISO 9001:2015 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 28
V Certified Internal auditor is necessary? ISO 9001 requirement? Quality Management System (QMS) Manuals 4
Q Internal Laboratories in TS 16949 companies - Certified vs. ISO 17025? ISO 17025 related Discussions 5
L ISO 14001 Lead Internal Auditor - Is there a certified training requirement? ISO 14001:2015 Specific Discussions 6
V Does an internal calibration laboratory need to be certified on ISO 17025? ISO 17025 related Discussions 3
A ASL requirement when the supplier is certified for ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 6
J Possible to get ISO 13485 certified with only OEM Product? ISO 13485:2016 - Medical Device Quality Management Systems 4
B Can we be ISO 9001 certified without a physical office? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
F ISO Certified companies - Is there a list of certified companies that I can access ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
C CE marking for general IVD (self-certified) & ISO 13485 QMS requirements - auditing EU Medical Device Regulations 6
M Is it possible to get iso 13485:2016 certified as a one man band ISO 13485:2016 - Medical Device Quality Management Systems 1
J Can subsidiaries use the holding company's ISO 9001 QMS and be classified as ISO 9001 certified? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
Q Does our material suppliers’ supplier have to be at least ISO 9001 certified? IATF 16949 - Automotive Quality Systems Standard 3
M Case study - If the restaurant (ISO 9001:2015 certified) was run by 2 persons covering cooking and purchasing processes (Mother and Father) supported ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
M ISO 80079-34 certified contract manufacturer needed Other ISO and International Standards and European Regulations 2
S Critical supplier - Obligated to have an ISO-certified QMS? ISO 13485:2016 - Medical Device Quality Management Systems 8
L Please help me with the process of getting ISO 9001 certified Quality Management System (QMS) Manuals 15
C Must your reference standard provider be ISO17034 certified to meet your testing lab's ISO 17025 certification requirements? Other ISO and International Standards and European Regulations 2
C ISO 13485 certified as precursor to regulatory compliance to 21 CRF Part 820? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 7
M Are Medical device Raw material suppliers required to be ISO 13485 certified ISO 13485:2016 - Medical Device Quality Management Systems 13
F It is required that External labs be also certified to ISO 9001? IATF 16949 - Automotive Quality Systems Standard 37
M Thank you, thank you, thank you - we are ISO 9001:2015 certified! Covegratulations 8
S IATF16949:2016 certified without ISO:9001:2015 IATF 16949 - Automotive Quality Systems Standard 9
A Does AS9100 require Suppliers to be Certified to ISO or AS? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 8
N "Sterile" missing on the CE Certificate - ISO 13485 Certified Contract Manufacturer ISO 13485:2016 - Medical Device Quality Management Systems 5
G What are steps to be followed to get ISO 9001:2015 certified ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
x-files [Thermal Power plant KOSTOLAC, SERBIA] Sucessfully certified to ISO 50001 Sustainability, Green Initiatives and Ecology 1
L Risk Management in an IVD, ISO 13485 certified company ISO 14971 - Medical Device Risk Management 2
Q ISO 9001 Certified but not complying with ISO clauses ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
JoCam Use of ISO Logos if company is not certified by an accredited certification body ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 20
L Should I wait to get certified to ISO 9001:2015 ? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
L Looking for an ISO 13485 Certified Body in the US Registrars and Notified Bodies 28
Richard Regalado Project Plan of New ISO 22301 BCMS Certified Company Business Continuity & Resiliency Planning (BCRP) 1
L Suppliers Problem - One of our material suppliers is not ISO certified ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
R Which large corporations require their suppliers to be ISO 9001 certified? Registrars and Notified Bodies 14
J TS 16949 Certification for 20 out of 70 ISO 9001 Certified Lines IATF 16949 - Automotive Quality Systems Standard 4
R ISO is certified to ISO 14001:2004 - What are their Significant Environmental Aspects ISO 14001:2015 Specific Discussions 2
B ISO 9001 Certified Company and acquisition of non-ISO 9001 Certified Companies ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
F QMS has not been maintained. How do we stay certified to ISO 9001? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 27
S What is the ISO 17025 Certified Laboratory Requirement for External Calibration? ISO 17025 related Discussions 8
P What are the benefits of certified ISMS for ISO 27001 standard? IEC 27001 - Information Security Management Systems (ISMS) 3
R Key Process Indicators (KPIs) for ISO 9001:2000-certified Service Organization ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
T If a company becomes TS 16949 certified does it still need ISO 9001 certification? IATF 16949 - Automotive Quality Systems Standard 12
GStough Beating a Dead Horse?....ISO-registered or ISO-certified....THAT Is The Question ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
S Database of ISO 13485 Certified Pharmaceutical Companies ISO 13485:2016 - Medical Device Quality Management Systems 1
L Time Required to Implement ISO 27001 if ISO 9001 certified & SOX compliant? IEC 27001 - Information Security Management Systems (ISMS) 3
R Demographics - Company Size Distribution is for ISO 9001 Certified Companies ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
C Start from Scratch: How to get my company ISO 13485 certified ISO 13485:2016 - Medical Device Quality Management Systems 11
L Do ISO 13485 Certified Organizations need to have Control Plans and FMEAs? ISO 13485:2016 - Medical Device Quality Management Systems 11
N ISO 9001:2008 Self Certified using "Canned" Procedures to ISO Certified by Registrar ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11

Similar threads

Top Bottom