ISO Certified! Now, what do I look for in Internal Audits?

Sidney Vianna

Post Responsibly
Staff member
Admin
#11
Vandana Sharma said:
Why should anyone question the certification....?
We have quality policy, we have quality manual in compliance to ISO90001:2000, We have departmental objectives, we are improving on our technology and we have satisfied customer. I'm sure that is what compliance is all about!!!
Based on your original post, it is still unclear if an internal audit had taken place, prior to your certification audit. However, IFyour organization was awarded certification to ISO 9001, under an IAF signatory Accreditation Scheme, without an internal audit performed before hand, the Certification Body is contravening the requirements of ISO Guide 62. The IAF Guidance to ISO Guide 62 stipulates: “…G.2.1.43. Certification/registration shall not be granted until there is sufficient evidence to demonstrate that the arrangements for management review and internal audit have been implemented, are effective and will be maintained….”

While I can not ascertain if that was indeed your organization’s situation, I can see why some people could question the validity of your certificate, vis a vis the requirement mentioned above.

In my personal opinion, Randy jumped to a conclusion without definitive evidence, something that auditors should never do, and he knows that very well, since he teaches lead assessor courses. So you might want to clarify if your organization had had an effective internal audit prior to the external auditor assessment.
 
Elsmar Forum Sponsor
A

AllanJ

#12
Randy said:
How in the "H" did you guys get registered to ISO 9001:2000 and not know what to look for during internal audits? :jawdrop:

Internal audits should have been taking place before the registration audit not after! :frust:

I'd question this cert.................
Whe I wrote my post the same questions Randy asks went through my mind as well. Of course, Sidney is asking more or less what I asked in his remark "So you might want to clarify if your organization had had an effective internal audit prior to the external auditor assessment."

But, Randy, I am probably not alone if I added my jaw would not drop, as your emoticon shows; and, inany case, I tend to question all ISO 9K certs as I am wearied with horror stories. It would seem to me our friend's original posting might just be an indicator of another one. If Sidney's question (above) is answered, "No", we would indeed have one: something to which I was hinting.
 
V

Vandana Sharma

#13
Of course, we had 2 IAs before pre-assessment audit, 1 IA after pre-assessment and these were conducted by lead assessors. Findings were discussed in Management Review meetings, necessary Corrective actions or Preventive actions were initialized and verified. Evidence of these was also recorded.
 

Randy

Super Moderator
#14
Vandana Sharma said:
Thank you, for the immediate responses.

I am a certified internal auditor and a lead auditor. However I am little confused on data analysis, process\product monitoring and measurement.

We are doing same things that we did just before the certification. We have not revised our quality documents except for a quality form and a task procedure. I do not have anything to show for process measurements and improvement in any of the set systems.
Hi all,

We have passed the certification audit and we are now an ISO 9001:2000 certified company.

I am now supposed to conduct internal audits for my company and then target for surveillance audits in June 05.

What am I supposed to look for, apart from continual improvement.

Please help.

Vandana


Does anyone not see the incongruity here that jumped out and bit me in the fanny? We have someone claiming to be a certified internal and lead auditor who also states he does not know what to look for during an internal audit. His original post in "RED" gave me an indication that I may have misinterpreted that the IA process was just now starting after the awarding of the cert. He also is saying that in addition to auditing he is has the task of showing what the process measurements are and what the system improvements consist of....Is he auditing his own work also? It would seem to me that he should be shown the information, not develop it.

I'm sorry and have no intention to offend pardner, but my "DUH" buzzer is going off and I'm tripping over numerous audit trails based upon what you've put across here.
 
Last edited:
A

AllanJ

#15
Randy said:
Hi all,


Does anyone not see the incongruity here that jumped out and bit me in the fanny?
Yes, Randy I suspect a good few of us do. But, as my earlier posts tries to politely state: it all sounds like just another of the horror stories so common in the ISO 9K world and poor performance of too many registrars. Yes, one accepts there are diligent individual people working for registrars but there are too many who are not and who should not be personally certified as auditors. And there are certain registrars (i.e. companies) who are such a disgrace, seeing auditing as a cash cow, not as a responsible service that the RABQSA should feel ashamed they have not thrown them out.


The problem is not so much with the hapless individual who posts such questions: it is in the general rotten state of affairs in the ISO 9K registration business that has prevailed unaddressed for too many years.
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#16
I was also confused about the original question: "What am I supposed to look for, apart from continual improvement."

My "duh buzzer" went off too, I just didn't say anything about that. I instead suggested a course in auditing, because a high-quality course will cover this question as did the course I took for lead ISO 14001 auditor.

I remain confused after reading that our poster has an auditing certificate. Does this mean:

A. The course was of such poor quality that no discussion was given regarding metrics that indicate process functions, operations proceeding according to the QMS and standard, and results?

B. The QMS has no metrics in place, not having clearly defined how the system will show effects like customer satifaction? Mr. Sharma says "Yes we do have bug tracking system in place. These are reviewed periodically by the management. Corrective actions are taken, Preventive actions are initialized. We have management and people involvement and above all we do have satified customers.

As continual improvement, we do have regualr and better interactions with customers for midproject queries etc. "
yet doesn't mention how they know things are going and seems unsure about what to look for in an audit.

C. The audit program is not defined well enough to give guidance on how audits are to be conducted?

D. There is no one there that understands quality management enough to provide guidance on precisely how to ensure the system is functioning through organized checks and observations?

General comments have been made questioning why registration went through while an auditor doesn't know what to look for. This suggests there is a gap in any of three areas: Metrics structure, training, or audit program structure. The reason I remain confused is that I had thought there need to be a series of at least two audit rounds prior to registration: to show the system is both functioning in accordance to, and responding to the program. Having these rounds of audits means there should be no more need for questions like "What do I look for?"

But maybe we just have a communication problem. We needn't make a person feel bad when what he seems to want is technical insight. So let me take a step backward and respond again to the original question. As per my experience in internal auditing, I recommend You look for evidence that the system is functioning in accordance to the QMS.

1. You go through the standard's elements pragmatically and objectively, and ask yourself: "How do I know we are in compliance with the standard--what should I look for?" There should be some description, somewhere, of how the system will record its successes and failures. You plan to look at these indicators. If none exist, you ask yourself "How can I verify that the process is functioning as it should?" and take/chart some counts yourself.

2. Per a schedule of selected elements (you can't do them all at once) you examine the procedures and work instructions to familiarize yourself with the manner in which they comply with the standard.

3. You look for controlled documents being current, appropriately distributed and used.

4. You observe processes to see that they are functioning as the system describes they will within the standard's requirements. This means following work as it is being done, interviewing people and taking notes per the checklist that you have developed. You do not look for "Gotchas!" or people making mistakes. They should be observable as the lack of successes if you look for successes.

5. You check that nonconformances are being addressed in a manner that seeks to prevent the problems from reoccurring, and followed up that the "fixes" remain as durable activities or send them back into the NC loop for more attention.

6. You examine data collection to ensure the system is functioning as it claims to: how you know customers are happy; that their concerns are being addressed in a manner that resolves their concerns; that data is collected that shows trends, indicating improvements or opportunities for improvement.

7. You verify that management is reviewing the data you provide them, as well as process-indicative data and responding to it in a pattern of improvement versus firefighting.


Does this help?
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#18
Randy said:
You're nicer than me Jen :)
Yes. I have practice. During my work day I often exhibit a deadpan in the face of "duh buzzers" (a good term!) because not taking my students seriously is sure to invite their shutting down.

There, as here, I think it's good to avoid that problem, especially where there can be communication barriers and details left out of questions.
 
A

AllanJ

#19
Perhaps the original question posed by our friend, Vandana Sharma, is becoming moot. I have today had verbal confirmation from Europe that various companies are being allowed to disregard/ discontinue their internal auditing and maintain their certification to ISO 9K.

From the communication I received, it would appear certain of the best known registrars are agreeable to this.

Does anyone have any similar confirmation?
 
A

AllanJ

#20
Further to my last posting on the matter of registrars agreeing to a discontinuation of internal auditing, here is a chat room posting that I responded to:

"...because the reactions of all the many senior managers I have interviewed on the subject of internal quality auditing vary from boredom through resignation to simmering anger. It seems it's only the 'quality experts' who think that such techniques are helpful.

Some companies in the UK (Yell is a prime example) have negotiated with their ISO 9001 certification bodies to remove internal auditing as a requirement because it had no business advantage."



What a sad state of affairs this reflects.
 
Thread starter Similar threads Forum Replies Date
tony s An organization's Internal Audit Office certified to ISO 9001:2015 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 28
V Certified Internal auditor is necessary? ISO 9001 requirement? Quality Management System (QMS) Manuals 4
Q Internal Laboratories in TS 16949 companies - Certified vs. ISO 17025? ISO 17025 related Discussions 5
L ISO 14001 Lead Internal Auditor - Is there a certified training requirement? ISO 14001:2015 Specific Discussions 6
V Does an internal calibration laboratory need to be certified on ISO 17025? ISO 17025 related Discussions 3
A ASL requirement when the supplier is certified for ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 6
J Possible to get ISO 13485 certified with only OEM Product? ISO 13485:2016 - Medical Device Quality Management Systems 4
B Can we be ISO 9001 certified without a physical office? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
F ISO Certified companies - Is there a list of certified companies that I can access ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
C CE marking for general IVD (self-certified) & ISO 13485 QMS requirements - auditing EU Medical Device Regulations 6
M Is it possible to get iso 13485:2016 certified as a one man band ISO 13485:2016 - Medical Device Quality Management Systems 1
J Can subsidiaries use the holding company's ISO 9001 QMS and be classified as ISO 9001 certified? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
Q Does our material suppliers’ supplier have to be at least ISO 9001 certified? IATF 16949 - Automotive Quality Systems Standard 3
M Case study - If the restaurant (ISO 9001:2015 certified) was run by 2 persons covering cooking and purchasing processes (Mother and Father) supported ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
M ISO 80079-34 certified contract manufacturer needed Other ISO and International Standards and European Regulations 2
S Critical supplier - Obligated to have an ISO-certified QMS? ISO 13485:2016 - Medical Device Quality Management Systems 8
L Please help me with the process of getting ISO 9001 certified Quality Management System (QMS) Manuals 15
C Must your reference standard provider be ISO17034 certified to meet your testing lab's ISO 17025 certification requirements? Other ISO and International Standards and European Regulations 2
C ISO 13485 certified as precursor to regulatory compliance to 21 CRF Part 820? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 7
M Are Medical device Raw material suppliers required to be ISO 13485 certified ISO 13485:2016 - Medical Device Quality Management Systems 13
F It is required that External labs be also certified to ISO 9001? IATF 16949 - Automotive Quality Systems Standard 37
M Thank you, thank you, thank you - we are ISO 9001:2015 certified! Covegratulations 8
S IATF16949:2016 certified without ISO:9001:2015 IATF 16949 - Automotive Quality Systems Standard 9
A Does AS9100 require Suppliers to be Certified to ISO or AS? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 8
N "Sterile" missing on the CE Certificate - ISO 13485 Certified Contract Manufacturer ISO 13485:2016 - Medical Device Quality Management Systems 5
G What are steps to be followed to get ISO 9001:2015 certified ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
x-files [Thermal Power plant KOSTOLAC, SERBIA] Sucessfully certified to ISO 50001 Sustainability, Green Initiatives and Ecology 1
L Risk Management in an IVD, ISO 13485 certified company ISO 14971 - Medical Device Risk Management 2
Q ISO 9001 Certified but not complying with ISO clauses ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
JoCam Use of ISO Logos if company is not certified by an accredited certification body ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 20
L Should I wait to get certified to ISO 9001:2015 ? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
L Looking for an ISO 13485 Certified Body in the US Registrars and Notified Bodies 28
Richard Regalado Project Plan of New ISO 22301 BCMS Certified Company Business Continuity & Resiliency Planning (BCRP) 1
L Suppliers Problem - One of our material suppliers is not ISO certified ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
R Which large corporations require their suppliers to be ISO 9001 certified? Registrars and Notified Bodies 14
J TS 16949 Certification for 20 out of 70 ISO 9001 Certified Lines IATF 16949 - Automotive Quality Systems Standard 4
R ISO is certified to ISO 14001:2004 - What are their Significant Environmental Aspects ISO 14001:2015 Specific Discussions 2
B ISO 9001 Certified Company and acquisition of non-ISO 9001 Certified Companies ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
F QMS has not been maintained. How do we stay certified to ISO 9001? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 27
S What is the ISO 17025 Certified Laboratory Requirement for External Calibration? ISO 17025 related Discussions 8
P What are the benefits of certified ISMS for ISO 27001 standard? IEC 27001 - Information Security Management Systems (ISMS) 3
R Key Process Indicators (KPIs) for ISO 9001:2000-certified Service Organization ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
T If a company becomes TS 16949 certified does it still need ISO 9001 certification? IATF 16949 - Automotive Quality Systems Standard 12
GStough Beating a Dead Horse?....ISO-registered or ISO-certified....THAT Is The Question ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
S Database of ISO 13485 Certified Pharmaceutical Companies ISO 13485:2016 - Medical Device Quality Management Systems 1
L Time Required to Implement ISO 27001 if ISO 9001 certified & SOX compliant? IEC 27001 - Information Security Management Systems (ISMS) 3
R Demographics - Company Size Distribution is for ISO 9001 Certified Companies ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
C Start from Scratch: How to get my company ISO 13485 certified ISO 13485:2016 - Medical Device Quality Management Systems 11
L Do ISO 13485 Certified Organizations need to have Control Plans and FMEAs? ISO 13485:2016 - Medical Device Quality Management Systems 11
N ISO 9001:2008 Self Certified using "Canned" Procedures to ISO Certified by Registrar ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11

Similar threads

Top Bottom