Objectives of Internal Audit 8.2.2 (a) - Explanation needed in plain English!!

[gspyrou]

Hi everyone,

This is my first post and still trying to find myway through this forum sight.

I must say that I have obtained through existing threads some very usefull explanations regarding various matters relating to ISO 9001 that I was a bit confused with.

I am not sure what the element 8.2.2 (a) regarding Internal Audit means exactly:

Determine whether the QMS conforms to the planned arrangements (see 7.1) . Does this mean to deternime whether the QMS conforms with the services provision processes planned and developed by the company? In other words "Are the proceesses developed and used in providing our services identical to those described in the QMS?"

Determine whether the QMS conforms to the QMS requirements establised by the organisation. Here I find it difficult to get the meaning.

My company is a service provider.

Any help will be much appreciated.

Thanks

 

[AgnieszkaSz]

Hi,
in very plain English and from bitter experience - it means checking whether all these beautiful declarations and process descriptions and instructions are really implemented. Whether they are alive - or just slogans.
Jokes aside - with really good process owners, the lead auditor should agree the objectives of a particular internal audit (at preliminary meeting, when fixing the date); a process owner usually knows gaps in his or her own area and - ideally - would want to repair them somehow.
As for objectives of audit programme for a given year - I had an objective for 2009 "to review the system after implementation of big organizational changes". This depends on your company's needs.

 

[gspyrou]

Internal Audit ISO elem 8.2.2 (a) - Interpreatation needed in plain English!!

Many thanks for your explanation.

I was actully hoping to receive from someone a specific interpretation for each of these 2 requirements of ISO 9001 element 8.2.2.

I guess I did not phrase my post title accurately. I therefore changed it accordingly.

Thanks once again

 

[alspread]

Determine whether the QMS conforms to the planned arrangements (see 7.1) . Does this mean to deternime whether the QMS conforms with the services provision processes planned and developed by the company? In other words "Are the proceesses developed and used in providing our services identical to those described in the QMS?"

Determine whether the QMS conforms to the QMS requirements establised by the organisation. Here I find it difficult to get the meaning.

1. Are all of the systems working as planned. You need to go around and witness and collect evidence periodically to assure yourself (and a certification auditor) that everything is working as planned. A checklist of questions with pass or fail results and corrective actions for deficiencies found.
2.) At the seme time you need to make sure that it is compliant to both the requirements of the ISO standard and any requirements you may have deemed appropriate for your own organization.

You need to plan this activity (i.e. some kind of schedule that you intend to follow). The people doing the checking (auditors) can't check their own work or area.

Good luck

 

[samsung]

In addition to above, two more important aspects of auditing that I can recall, are to determine

(1) if the established system will continue to conform to the requirements now & in future.

(2) if there's an improvement (no matter how much) or atleast there exists some signs of improvement from the previous stage.

 

[ISO 9001 Guy]

Determine whether the QMS conforms to the planned arrangements (see 7.1) . Does this mean to deternime whether the QMS conforms with the services provision processes planned and developed by the company? In other words "Are the proceesses developed and used in providing our services identical to those described in the QMS?"

Thanks

Does the system conform to the planned arrangements in 7.1.? In other words, "Does the system conform to the service provision planning required of 7.1?" Are we doing realization the way we planned? (A separate but related question is, "Is the way we are doing it effective/efficient/in need of improvement?" Just because you are doing it as planned--conforming to planned arrangements--does not necessarily mean that "how you do it" is effective or efficient.)

"Are the processes developed and used in providing our services identical to those described in the QMS?" This is a loaded question and a good one. It depends upon how your QMS is structured. Often times, processes described in QMS documentation do NOT reflect the processes being operated, instead they reflect requirements pertaining to processes being operated. (This is a common, standard-based approach.) If QMS documentation is based upon the standard instead of being based upon processes, then the processes developed and used in providing your services are not identical to those described in the QMS.

 

[gspyrou]

Thanks you all for your assistance.

The information I received through this thred has been very enlightening.

 

[JaneB]

Gspyrou, Here's an example to illustrate the difference between ISO 9001 requirement and one that your organisation has set:

Assume you're auditing one of your service delivery processes:
1. You might audit to see that all personnel on the assignment(s) had the required competencies - most likely via revieweing the records that your organisation has that demonstrate this, eg, job descriptions, qualifications, etc etc (clause 6.2)
2. Assume your service includes giving weekly written reports to the client. Your organisation has mandated the use of a particular template & format for those reports to go in, and that a manager (in your company) must first review the report pre-client delivery. That's an 'in-house requirement'. You would then audit to see whether all those things were being done for your audit sample(s).

 

[gspyrou]

Gspyrou, Here's an example to illustrate the difference between ISO 9001 requirement and one that your organisation has set:

Assume you're auditing one of your service delivery processes:
1. You might audit to see that all personnel on the assignment(s) had the required competencies - most likely via revieweing the records that your organisation has that demonstrate this, eg, job descriptions, qualifications, etc etc (clause 6.2)
2. Assume your service includes giving weekly written reports to the client. Your organisation has mandated the use of a particular template & format for those reports to go in, and that a manager (in your company) must first review the report pre-client delivery. That's an 'in-house requirement'. You would then audit to see whether all those things were being done for your audit sample(s).

JaneB thanks for your examples which are quite illustative. How would you define "Planned Arrangements" in the context of internal auditing (i.e. to explain to the auditee during the opening meeting of internal audit this requirment of ISO).

I have made some research and having combined the various versions of definitions given I have reached this concusion:

Planned arrangements are all the arrangements made by the company to meet the requirements of the external and internal parties that directly affect or are affected by the company such as, clients, suppliers, regulatory bodies, management etc. They include agreements, contracts, proposals, laws, regulations policies, strategies, objectives e.t.c., and the prescriptive and descriptive documents derived therefrom. The audit establishes whether the QMS has been designed and includes all the necessary processes to implement and meet those requirements.


What is your opinion?

Thanks in advance

 

[AndyN]

How would you define "Planned Arrangements" in the context of internal auditing (i.e. to explain to the auditee during the opening meeting of internal audit this requirement of ISO).

I'm not sure you need to! An internal audit shouldn't be addressing - directly - the requirements of the ISO standard. The scope, criteria etc should be your organizations qms - those planned arrangements - not anything that ISO 9001 (13485 etc) states...

A clue is that if you find yourself having to interpret 'Iso-speak' there's something wrong!