Planning Internal Process Audits to the new standard - ISO 9001:2000

[VickiC - 2006]

I haven't audited to the new std yet and I need to get started SOON! The problem I am having is not a conceptual understanding as much as how to organize it. Let me explain (Note - I was just promoted to the corp auditor position recently and I have only been with my company a year - I wasn't even in the quality function coming in the door so I am green as can be about this system!): I met with our 3rd party auditor a few weeks ago and it all seemed clear then! What he suggested to do was take a single product line from each of our SBU's (we have 3) and audit it from beginning to end (PO/contract review to shipping and everything in b/w) considering the process flow focus of 2000 and not to forget the details of 1994 requirements. His theory is that if I do that and a fourth audit later of Management Responsibility relative to the results of the first 3 audits, that I will have sample audited all processes and requirements and that would be our audit cycle for the year. Now, that sounds good, but when I am organizing and planning, I am envisioning a ton of checklists for each area within a single SBU (contract review, planning, procurement, configuration mgt, etc.). Then, after I have gone thru all of those, I take a look at each areas effectiveness in "meeting the requirements and goals" individually and relative to processes before and after that particular one. YYYIIIIKKKEESSS! Tell me I am making way too big of a deal out of this! Do you agree with my auditor's direction? Any other comments?

 

[Randy Stewart]

Process Purpose

I have a similar situation, 2 SBUs and 2 design centers, prototype and production, fixtures and corporate housed in 3 buildings. Here's my approach.
Get a handle on the overall function (High Level review) and don't get too caught up in the small stuff. My audits usually start at the loading dock (incoming and outgoing) and work back from there. By the time you get into Contract Review etc. you can see how changes to the program happen, purchase orders are processed, and if any quality issues have been addressed. Review of the system processes should give you an idea of what to look for in the departments and once you get there you will get a feel for the details. Personaly, I don't use checklists they seem to make people only focus on the particular item listed and not the purpose of the function or requirement. I train our auditors to focus on the how it is accomplished and not so much on the why. We (the auditors) should be the ones with the knowledge of the standard, the people we audit are going by the procedure. The MR and such should have set up the system to match and address the standard.
When the audit team goes into the daily review, that is when we address the standard and compliance to it. Up until then it is really a procedure audit.
I schedule a week in each facility per audit.
Hope that helps.

 

[NYHawkeye - 2005]

Hi -

Your approach sounds somewhat similar to what we are doing.

In our audit procedure we are identifying three unique types of audits. The 1st type of audit will look at a specific process for compliance with their process documentation, records, objectives, etc.... The 2nd type of audit will look at the interfaces between two processes and will focus on how well the inputs and outputs between the two processes are working. The 3rd type of audit will be what we are calling a total QMS audit and will be as you described - we will take a particular sales order and track it from contract review through shipping.

It all sounds fairly complicated but so far each of the process teams (we have 8 of them) seems to appreciate how clearly we can describe the various types of audits and what the expectations will be. We are starting our audits to the new standard in mid-November so we will see how it works.

 

[VickiC - 2006]

Wow! Great feedback from you two. Thanks! May I ask you both your opinions on another deeper issue regarding this type of auditing?

One of our SBU QA Managers has a concern with the idea of focusing on one program/product at a time for an internal process audit and THAT being considered an adequate sample size from which to make an inference to an identified systematic deficiency. His point almost makes sense, considering there are about 15 programs going on simultaneously for the given SBU. However, in discussing this plan with our 3rd party auditor, our thought process was this: if a deficiency is found by doing a process audit of a given program, then, the QA Manager (or responsible person) should take this information and review his/her own system to determine why the deficiency occurred and how to "fix" it and prevent it from happening. Let's see, this is getting wordy. In other words, there should be a quality system established and all programs for a single SBU should be handled the same based on that system. So, if during a process audit of ONE program in that SBU a deficiency is identified, our auditor and myself think it is safe to make the inference that other programs MAY potentially experience the same deficiency given the right conditions.

Forgive me for struggling with how to put this into words!! I hope it doesn't send your thoughts in a tailspin and you can follow what I am trying to say! Your thoughts on this topic are most welcomed!!

 

[Sam]

"However, in discussing this plan with our 3rd party auditor, our thought process was this: if a deficiency is found by doing a process audit of a given program, then, the QA Manager (or responsible person) should take this information and review his/her own system to determine why the deficiency occurred and how to "fix" it and prevent it from happening."

VickiC,
Your third party auditor is correct. An audit is a random sampling of events in a process. However, as an internal auditor it might be wise to explore the situation a little deeper.

 

[VickiC - 2006]

Thanks Sam Goody! I had a conference call with our 3rd party auditor and the QA Manager this morning. We settled on EXACTLY what you just suggested. The bottom line is, we need to just get started, do the audit and we can adjust as we see fit along the way or evaluate the end results and react as we wish at that time.

I feel more comfortable now!

 

[Sam]

Glad I could help a fellow "Buckeye"

 

[Marc]

Just wondering if anyone has anything contempary to add to this thread.