ISO Certified! Now, what do I look for in Internal Audits?

  • Thread starter Thread starter Vandana Sharma
  • Start date Start date
V

Vandana Sharma

Hi all,

We have passed the certification audit and we are now an ISO 9001:2000 certified company.

I am now supposed to conduct internal audits for my company and then target for surveillance audits in June 05.

What am I supposed to look for, apart from continual improvement.

Please help.

Vandana
 
SQCpack - Communicate Quality Metrics
Elsmar Forum Sponsor
Vandana Sharma said:
Hi all,

We have passed the certification audit and we are now an ISO 9001:2000 certified company.

I am now supposed to conduct internal audits for my company and then target for surveillance audits in June 05.

What am I supposed to look for, apart from continual improvement.

Please help.

Vandana
Click to expand...

That, of course, depends on what your management wants or expects from the internal audit program and whatever input it may wish from its supposedly regular management review meetings.

The most basic (I might venture, banal) matter is to look for compliance with the QMS and for the QMS to be compliant with that standard.

If you are unsure of what to look for or how to perform an audit, I would suggest these options:

1. Attend an audit training course. (As I have mentioned in another thread, there are plenty of them around but good ones are in a distinct minority.) If your company will not pay for training, buy a good book on the subject of "management audits" (Wallace at the Cove has some excellent suggestions on what to choose!)

2. Since presumably the registrar has "assessed" your internal audit function as a condition of awarding your ISO 9K certificate, ask whoever was the auditor that has done the internal audits so far what he/ she did. If, though, the registrar has not investigated the existence or efficacy of your company's internal audit programme, ask why your company was awarded the certificate.

3. Engage an outside auditor to perform an audit which you can observe. (A risky choice for one must hope that person is competent.)

4. Next time the registrar arrives watch what he/ she does. (If, as per 2., that registrar has not "assessed" your internal audit programme, I would not consider him/ her competent anyway, as per 3.)
 
You look for the same things you looked for (I presume you were involved) in the months before the registration: operations in compliance with the QMS and the standard.

The internal audit program is simply a regular set of checks to ensure the system is functioning as designed, to highlight needs for changes in activities or to note opportunities to improve the system itself.

I agree that an auditing course would make you feel more confident in the planning, execution and followup process of these checks.
 
I am a certified Internal Auditor

Thank you, for the immediate responses.

I am a certified internal auditor and a lead auditor. However I am little confused on data analysis, process\product monitoring and measurement.

We are doing same things that we did just before the certification. We have not revised our quality documents except for a quality form and a task procedure. I do not have anything to show for process measurements and improvement in any of the set systems.
 
Vandana Sharma said:
Thank you, for the immediate responses.

I am a certified internal auditor and a lead auditor. However I am little confused on data analysis, process\product monitoring and measurement.

We are doing same things that we did just before the certification. We have not revised our quality documents except for a quality form and a task procedure. I do not have anything to show for process measurements and improvement in any of the set systems.
Click to expand...

How does your company ensure that its processes are under control? There must be measurements of some sort. And what is done with this information? Is it acted upon or left to sit on someone's desk?

Data analysis is just that...your company must have lots and lots of data and information. Customer feedback or complaints - does anyone look at the numbers for possible trends? Nonconforming product and corrective actions - does anyone look at the numbers for possible trends? Process and product measuresments - does anyone look at the numbers for possible trends?

You are doing the same things now that you did before. So....what were you doing then with all of this data coming in? How was it being looked at? Was it being looked at? What was being done with it?
 
How in the "H" did you guys get registered to ISO 9001:2000 and not know what to look for during internal audits? :jawdrop:

Internal audits should have been taking place before the registration audit not after! :frust:

I'd question this cert.................
 
COMPLIANCE!!!!!!!!!!

Never, ever, audit to find non-conformities. Examine all available evidence to verify compliance. If there are non-conformities they will show up as you examine the evidence.

Randy, I agree with you.....IA should have been going well before registration.....

Hershal
 
Randy said:
How in the "H" did you guys get registered to ISO 9001:2000 and not know what to look for during internal audits? :jawdrop:

Internal audits should have been taking place before the registration audit not after! :frust:

I'd question this cert.................
Click to expand...
What is the need to get so.... frustrated... i thought this forum was to get new ideas and suggestions. Ofcourse IA was going well...and will go well.... and we will pass the surveillance audits. Why should anyone question the certification....?

We have quality policy, we have quality manual in compliance to ISO90001:2000, We have departmental objectives, we are improving on our technology and we have satisfied customer. I'm sure that is what compliance is all about!!!

I highly object to the language on the repsonse....
 
Thank you... that was much sensible then other responses. Yes we do have bug tracking system in place. These are reviewed periodically by the management. Corrective actions are taken, Preventive actions are initialized. We have management and people involvement and above all we do have satified customers.

As continual improvement, we do have regualr and better interactions with customers for midproject queries etc.

Thanks.
 
Vandana Sharma said:
We have quality policy, we have quality manual in compliance to ISO90001:2000, We have departmental objectives, we are improving on our technology and we have satisfied customer. I'm sure that is what compliance is all about!!!
Click to expand...

What we possibly experiencing here is a communication problem, Vandana. Your question was read by several of us to indicate that you don't do Internal Audit, but further communicating indicates that you actually wish to improve upon your audits. Is this correct?

Reading that you have a quality policy and manual is well and good, but do your internal audits investigate how these documents are used and, more importantly, understood by your employees? Do they serve a purpose other than to merely exist? Can the material they contain be better communicated to the employees?

I think it's wonderful that you have satisfied Customers...but how do you know this? What data is being collected and analyzed to verify this statement of yours? That's the kind of "data analysis" you could look at on an internal audit.

Vandana Sharma said:
Thank you... that was much sensible then other responses. Yes we do have bug tracking system in place. These are reviewed periodically by the management. Corrective actions are taken, Preventive actions are initialized. We have management and people involvement and above all we do have satified customers.

As continual improvement, we do have regualr and better interactions with customers for midproject queries etc.
Click to expand...

Are the actions taken within your corrective/preventive process verified for adequacy? Are the root causes analyzed to see if there are repeating occurences of root causes (meaning that the problem has not be adequately addressed)?

And, as I said before, it's great that your Customers are happy...what actions are you taking to keep them happy? You are meeting their needs now...are there plans in place to meet their needs in the future?
 
You must log in or register to reply here.

Similar threads

A
It takes *how long* to conduct a system audit!?
Replies
9
Views
577
Jen Kirley
Jen Kirley
Quality_Goblin
What to do about Internal Audit Findings
Replies
4
Views
757
Randy
Randy
D
Internal Audit Plan and Audit Checklist per AS9100
2
Replies
12
Views
2K
Jtavo
J
S
Is Design and Development needed to be in the quality manual if excluded from scope in ISO 13485?
Replies
5
Views
229
Ed Panek
Ed Panek
M
ISO to AS9100 nightmare
Replies
4
Views
345
mattador78
M
Back
Top Bottom