Preventive Action and Risk Assessment Audit

Audit Coordinator

Involved In Discussions
#1
Hello,
I found this site then a few months later, it was gone, and so HAPPY it's back now!!
Anyway, I am fairly new to quality (4 years) and am the audit coordinator for my company. I was certified as Lead QMS AS9100 auditor a year ago but it focused on clause auditing and not process auditing. So I am in the process of converting all of our audits for ISO 14001, AS9100, OHSAS 18001, and ISO 9001 from clause to process audits. Our quality manager and I have identified our processes, one of which is Preventative Action/Risk Assessment.
Knowing that more emphasis is placed on risk assessment in the newly released ISO 9001, I am wondering, first, if we should create an audit just for Preventive/Risk Assessment as a stand alone process audit or incorporate these elements into every other process audit.
If you think it should be audited as a stand alone audit, does anyone have an example of a preventative/risk assessment "checklist"? Personally, I'd rather incorporate it into all the other process audits as that would be a simpler audit to conduct; just asking each process owner how they plan on mitigating risk and documentation thereof.
Any advice or help is appreciated!
:confused:
 
Elsmar Forum Sponsor

John Broomfield

Staff member
Super Moderator
#2
For each process you audit you are concerned about the effectiveness of its controls in preventing nonconformity. These controls are a result of planning/designing the process with due regard for what could go wrong and the impact of the potential failure to meet requirements.

Being as you are concerned how well the system prevents nonconformity, you'll look first at the objective of the process and the actions taken on its inputs (material, data, information or person to which the process or work is meant to add value). How well does the system supply competent people and/or capable equipment to control the process? What is the behavior of the process and how does the person and/or machine know when to or not to take action before nonconforming output is the result?

While seeking evidence of risk-based thinking you'll see if these preventive controls are proportionate and in keeping with top management's toleration of risk so the controls are cost effective. This can be tricky because top management may not even be aware of the risks being taken. You may need to take evidence of such risks up the chain of command to determine their awareness and acceptance of significant risks of failure/ineffectiveness/nonconformity. In doing this part of the audit investigation you'll be determining the potential impact on customers and whether they have agreed to share the risk.

Lastly, you may sample the consequences of failing to adequately control the process and its inputs with due regard for the customer and other stakeholders.

In seeking evidence of effectiveness and conformity you may find evidence of what needs to be improved. By engaging the auditee in this process (and thinking) usually they see and agree the need for improvement just before you have to bring the evidence and nature of the nonconformity (includes ineffectiveness) to their attention for corrective action.


Sent from my iPad using Tapatalk
 

somashekar

Staff member
Super Moderator
#3
Hi.. Your audit to assess the effectiveness of process and interactions is welcome. However note that the new ISO 9001 wants you to apply a risk based thinking into the QMS activities.
Hence you seek answers to find the extent of though applied in every process, to assess whether the prospects and consequences of actions are well understood before interactions begin to happen. You would not look for any document, unless there is one made and you become aware.
Risk assessment applied to any area and maintained as a document are a different set of things based on internal or external requirement.
Risk based thinking is not risk assessment in total .....
 

Audit Coordinator

Involved In Discussions
#4
Thank you both for your replies. So, in short, it sounds like it's best to incorporate risked based thinking/assessment into each process audit. I understand what needs to be determined and why, I just didn't know how to approach it - as a process by itself or as an element of each process.
Thanks again for your input.
:thanx:
 

somashekar

Staff member
Super Moderator
#5
The prospects / consequences in a process can be due to risks foreseen at any element level. You will have to assess if such a thinking has gone through to determine risks at the probable elements level, and how that activity has been made robust to the extent possible and practicable. Its also perfectly fine if a specific risk is known and an awareness based decision is made to live with that risk. Please do not determine the risks as you perceive, and look for it in the audit. Rather your questions must bring out the risk based thinking application made.
 
Last edited:

Audit Coordinator

Involved In Discussions
#6
Hi,
Let me clarify what I was really asking.
First, I understand and agree with what has been stated above. My question really was regarding the approach. I can make it a stand alone audit or I can put those types of questions that probe risk based thinking into every process audit. When I say a stand alone audit, that means that the auditor would be working off of an audit format that would include only risk based questions but he/she would need to cover every relevant process in this audit.
The alternative is that these same types of questions would be integrated into all the process audits that I've already created. Does it make sense of what I'm really asking now? :mybad:

Later entry:
In doing more research, I've found the following, and have attached it to this posting. So, never mind my original question as this answers whether or not we will be be making Risk Management/Assessment a process audit or incorporating it into all the process audits....
:rolleyes:
 

Attachments

Last edited:
Thread starter Similar threads Forum Replies Date
C Is Risk Based Decision Making part of Preventive Action Preventive Action and Continuous Improvement 5
B Risk Analysis - Voiding CPAR's (Corrective Preventive Action Request) Nonconformance and Corrective Action 17
C If it doesn't prevent a non-conformance, is it a preventive action? IATF 16949 - Automotive Quality Systems Standard 13
R Evaluating the need for preventive action Preventive Action and Continuous Improvement 3
B Stakeholder Initiated Corrective and Preventive Action Misc. Quality Assurance and Business Systems Related Topics 5
B Corrective and Preventive Action (CAPA) A Key Process of the Quality Management System Dec 17... Training - Internal, External, Online and Distance Learning 0
M Training in 8D Problem Solving as a Preventive Action? Problem Solving, Root Cause Fault and Failure Analysis 9
J If Corrective and Preventive Action were truly Effective IATF 16949 - Automotive Quality Systems Standard 3
R Preventive Action - confusing ISO 13485:2016 - Medical Device Quality Management Systems 5
Q Preventive Action - How to call the prevention when there is not a clause ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
somashekar The Preventive Action Demystified ISO 13485:2016 - Medical Device Quality Management Systems 8
Q Evaluating Effectiveness of a Preventive Action after Closure Preventive Action and Continuous Improvement 7
K CAPA (Corrective and Preventive Action) - ISO 13485 Nonconformance and Corrective Action 1
J Software and Methods for Tracking CAPA (Corrective and Preventive Action) items US Food and Drug Administration (FDA) 3
A Preventive Action or Corrective Action - Paper cuts Nonconformance and Corrective Action 14
M Corrective and Preventive Action - Prevent Recurrence is not Preventive Action? Nonconformance and Corrective Action 24
K Definition Correction, Corrective Action and Preventive Action - Definition of terms Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 28
F Software recommendations for corrective and preventive action Quality Assurance and Compliance Software Tools and Solutions 2
K Corrective and preventive action for Non Conformance on PFMEA FMEA and Control Plans 30
B Struggling With Writing PA (Preventive Action) Procedure Preventive Action and Continuous Improvement 11
E Can anyone share a Preventive Action Form or Template ? AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 3
W Compliance to 8.5.2 Corrective action 8.5.3 Preventive action ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
P Customer Complaint Preventive Action Assistance Preventive Action and Continuous Improvement 3
T Corrective Action and Preventive Action in a Holding Company Nonconformance and Corrective Action 6
M What is Preventive Action taken as part of a Corrective Action? Nonconformance and Corrective Action 5
MarilynJ6354 Definition Improvement Suggestion vs. Preventive Action - Clear Definitions and Differences Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 6
C The prudence of combining non-conformance reports with corrective/preventive action Nonconformance and Corrective Action 10
N Corrective and Preventive Action in 8D Problem Solving Nonconformance and Corrective Action 21
B Near Miss = Preventive Action Request (PAR)? Miscellaneous Environmental Standards and EMS Related Discussions 1
M Boosting a Preventive Action System Quality Manager and Management Related Issues 2
D CAPA (Corrective and Preventive Action) Flow Chart example wanted Preventive Action and Continuous Improvement 3
J Can Corrective Action be the same as Preventive Action? Nonconformance and Corrective Action 33
sagai Preventive Action vs. Corrective Action as defined by 21CFR820 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 10
R Does FDA require monitoring competitor device failures for preventive action? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
C Nonconformance, Corrective and Preventive Action Procedure(s)? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
Q Recommendations for criteria on creating a CAPA (Corrective and Preventive Action) ISO 13485:2016 - Medical Device Quality Management Systems 8
L How to deal with too many CARs (Corrective Action Requests), PARs (Preventive Action) Nonconformance and Corrective Action 25
B Certification Body insist on evidence of Preventive Action during Stage 2 audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
P Lessons Learned Identification - Potential Preventive Action Responsibilities Preventive Action and Continuous Improvement 4
N Combining both Corrective Action and Preventive action procedures into one SOP Nonconformance and Corrective Action 4
T Action plan: How to manage actions, preventive actions and opportunities of improv? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
sagai Should Corrective Action be segregated from Preventive Action? ISO 13485:2016 - Medical Device Quality Management Systems 10
B Electronic Corrective/Preventive Action Report for our Customer Service Department Nonconformance and Corrective Action 9
B Corrective and Preventive Action Procedure for Customer Service Nonconformance and Corrective Action 5
Q Recover a Damaged CAPA (Corrective and Preventive Action) Project Preventive Action and Continuous Improvement 6
P FDA Part 820 Clause 820.100 Corrective and Preventive Action 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 3
M Preventive Action Process question - ISO 9001 Clause 8.5.3 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 24
C Corrective Action and Preventive Action for Operator Error (Cosmetic - Handling) Preventive Action and Continuous Improvement 15
6 Preventive Action - Help Needed. Input for Training and Sustenance Preventive Action and Continuous Improvement 3
L Non Conformity (Nonconformance) Report & Preventive Action Requirements ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 23
Similar threads


















































Top Bottom