'Process Approach' to ISO 9000 Internal Audits - Identify an 'owner' for each process

[M Greenaway]

'Process Approach' to internal audit

Have any of you guys adopted the 'process approach' to internal auditing ?

What does it mean ?

Can anyone provide an example of an audit undertaken in this new style ?

 

[NYHawkeye - 2005]

We are in the process of developing our new approach to audits for 9001:2000 - we have not done an acutal audit yet but I can tell you what is changing.

As part of our 2000 conversion we have identified an "owner" for each of our processes. The process owners are responsible for identifying the interfaces between their process and other processes. Metrics and improvement objectives are being written for both what happens inside the process and for the interfaces. While the internal audits will continue to review what is happening inside the process the empahsis will be shifted to the effectiveness of the interfaces.

This will be new for our company but should help emphasize to the process owners the importance of the links with the other processes and hopefully get interface issues on the table sooner for resolution.

Bottom line is that our audits will not be changing dramatically but the focus will be shifted to the interfaces.

 

[M Greenaway]

NY

How does your proposed internal audit programme address whether the process/interfaces in question comply with any applicable requirements of ISO9001:2000 ?

 

[Russ]

NYHawkeye,
This is about the same approach we are using. Then again we have been doing more of this kind of auditing all along. I have just included more of the people involved with the result of each process and emphsized audit trails to our internal auditors. It is finally starting to take shape as we audit in this new way. It is definitely a more efficient audit. If you are like us you will start finding all kinds of little problems you never knew existed.

Just my 2 cents worth!

 

[NYHawkeye - 2005]

M Greenaway said: How does your proposed internal audit programme address whether the process/interfaces in question comply with any applicable requirements of ISO9001:2000 ?

If I am understanding your question correctly I would say that our actual audit process is not really changing at all with regards to meeting the stated requirements of the standard. We will be auditing each process just as we always have against each of the requirements.

By changing our emphasis to the interfaces and tieing in with the reqirement for improvement objectives for each process we believe that we are addressing the "process approach" and will be in a position to better communicate to senior management what is working well with our processes. Top management expects each process owner to take care of the internals of their process but we hope to get them more involved in helping resolve interface issues.

So.....the detailed audit against the "hard" requirements of the standard is changing very little - we are modifying the approach to hopefully address some of the "soft" requirements of the new standard.

 

[Carl Exter]

I'm not sure that I understand the difference of process auditing. Auditing processes as opposed to what?

At our company I am responsible for scheduling the internal audits. So far this year we have audited design, production documentation, subcontractor (oops! "Supplier) evaluation. product returns, international customer support, corrective and preventive action (well, that one's pending due to an auditor on business trip), component release and approval, and test equipment control and maintenance.

Each of our audits is conducted using a checklist that I create, a couple of procedural flowcharts, and previous audit findings or corrective actions as appropriate. Most audits cross departmental boundaries.

Are we doing process auditing?!? Can anyone please enlighten me? I have more audits to schedule but now I'm leary of doing so until I understand what's going on with this in 9K2K.

Thanks in advance for your feedback! It's highly valued.

 

[Carl Exter]

P.S.

I know the standard states "The application of a system of processes within an organization, together with the identification and interactions and managing of these processes can be referred to as the 'process approach'." But I don't understand what this means, and their "Figure 1" diagram doesn't help.

Thanks.

 

[Sam]

A process has three basic components; Inputs, activities, outputs.
The audit should determine if we have the inputs to perform the activities to achieved the desired output.
Questions asked would relate to:
- equipment
- training, knowledge, skills,
- Performance indicators,
- Work Instructiond, Procedures, Methods.

I'm just starting this type of auditing, so it will be awhile before I can determine if it is effective.

 

[NYHawkeye - 2005]

Sam -

What approach are you taking to audit the inputs and outputs?

Auditing the activities themselves seems pretty straightforward and not much different than what we have done in the past. Auditing the ins and outs seems a little more challenging but perhaps where some real benefit can be gained.

Thanks

 

[energy]

Broad Scope

NYHawkeye said:

Sam -

What approach are you taking to audit the inputs and outputs?

Auditing the activities themselves seems pretty straightforward and not much different than what we have done in the past. Auditing the ins and outs seems a little more challenging but perhaps where some real benefit can be gained.

Thanks

Auditing the in and outs is the same as auditing procedures referenced in another procedure. The audit trail, so to speak. We still have to limit the scope of the audit or the auditor will be missing for days!