Process based Audit Approach vs. Clause based Audit Approach

Helmut Jilling

Auditor / Consultant
#31
Re: Process Audit Approach vs. Clause Audit Approach

I have a mental block over how and why elements would be audited...
In addition, I can't conceive why ...would you audit doc. control, or any one part of the standard? In my world, it's the interfaces between the processes where the problems lie, not in the pocess. So looking at the outputs/inputs etc is vital.
Not sure I agree, Andy. While I agree with you comments about the process approach, I also encourage people to fully audit the administrative or supporting processes, as well.

For example, core processes like Engineering and Production obviously should be fully audited. But, Calibration should as well.

If you don't, then calibration will only be audited by checking some gages while you are auditing something else. And, let's assume those gage records check out fine. Later, you check a few more, and so on. The activity (process) of Calibration never really gets audited, but it looked good when the interactions were checked. There could be problems with how the gages are calibrated, how MSA are done, even the basic metrollogy skills. These could hide under the surface, but would definitely come to light if the process itself is audited.

The same applies to other support processes, like Doc Control, and Internal Audits, etc.
 
Elsmar Forum Sponsor
#32
Re: Process Audit Approach vs. Clause Audit Approach

Helmut:
Since we're 'on the same page' in general, I'll attempt to expand on my thoughts and practices. I think I shared here (in another post) my patented 'football' audit planning tool. It's use promotes both the approach of a process but gives consideration to many other processes, support, management etc. Of course, it's in the planning that the processes are selected based on 'status and importance'. So, in practice I agree with you there.

My consideration is that for internal auditors I wouldn't suggest that 'calibration' got audited, without some serious consideration of the 'scope and criteria' which, together with 'status and importance', seem to be almost (for practical purposes) almost forgotten in virtually every internal audit programme.

To digress for a moment, Mr. Delong's post shows a typical legacy from the ISO 9000:94 and QS-9000 days - not what was the right thing to audit, but what external auditors deemed acceptable and (in their minds) compliant (what were they smoking?)

Back to my chain of thought - to audit 'calibration' could be a considerable undertaking without some specific focus on a particular aspect of what can be a very complex process. So, my position on audit planning is that simply to to select an 'element', department, procedure or whatever is less than useful albeit that you can get past many (not you Helmut) external auditors!
 

Stijloor

Staff member
Super Moderator
#33
Re: Process Audit Approach vs. Clause Audit Approach

To digress for a moment, Mr. Delong's post shows a typical legacy from the ISO 9000:94 and QS-9000 days - not what was the right thing to audit, but what external auditors deemed acceptable and (in their minds) compliant (what were they smoking?)
This is still an issue and I let you guess why this is..... Too many audits are still about "pleasing the auditor", not necessarily what's good for the organization. Re: many posts here at The Cove about: "our auditor said that ...."
 
J

JaneB

#34
Re: Process Audit Approach vs. Clause Audit Approach

:confused:Our parent company, a Germany based plan an internal audit every month (KPI 1 audit/month), and we have to follow them.
The audit is one ISO clause or element (described by the company as process) each at every month for the period of 2 years.

It is really bothering me since It is difficult fo me to audit as process approach because I have to audit as per element.This style of an audit is accepted by Germany CB.

I think I'll have a tough time with local auditor. Last certification audit he has raised the question of KPI for every process, since our company described each element as our process.

What you think ? Any idea
Uzaimi,

I feel for you - that's a very difficult situation to be in. I'd call it being 'between a rock and a hard place' as the English saying goes. You must do it as your parent company says - that won't change. But then your local auditor is not happy, and reasonably so.

I've worked with a German 'child' company with a German parent here, with a not dissimilar situation. I'd attempt something along the same lines as already discussed:

why can't a clause-based audit also be a process-based one? Document control is a process...so apply the audit throughout the site ensuring that everyone is following the appropriate protocols.
Also - seems to me that one of the real problems here is a difference between your local audit body and the German parent one. IF the German one is happy but yours isn't, there's a real issue there.

Can you switch certifiers to the same as the German? Then at least you would have some have leverage to get THEM to sort out their inconsistencies, if such there be. Note that I'm not attempting to take up the issue of whether process-based auditing is superior to clause-based, as IMO it's an obvious 'well, of course it is', but looking for some practical ways of dealing with your particular problem.

I would try feeding back info from your audit results to the German company, but... trying to turn around a parent co, let alone a German parent co is, um, shall we say not a challenge for the faint-hearted.
 
2

20110108 Request

#35
Re: Process Audit Approach vs. Clause Audit Approach

To answer the question above, ISO 9001 is being amended to read "determine" based upon the reasoning that, although similar, the words “Identify” and “Determine” have slightly different meanings.

To identify is to recognize or establish something as being a particular thing.

To determine is to apply reason and reach a conclusive decision.

Therefore, to determine the processes implies more analysis and judgment than merely identifying them.
 
#36
Re: Process Audit Approach vs. Clause Audit Approach

This is still an issue and I let you guess why this is..... Too many audits are still about "pleasing the auditor", not necessarily what's good for the organization. Re: many posts here at The Cove about: "our auditor said that ...."
No guessing required (on my part)!:notme:

It manifests itself superficially as pleasing the CB auditor, true - the root of the cause is in the training! Internal auditors and CB auditors get the same training! So when one sees the others work, it looks good and when the her one knows what the auditor is going to look for, they prepare to please them.........

As I have posted many times before, the training course requirements have to change to distiguish between internal and external audit requirements - Is anyone from RABQSA or IRCA reading this?? Hello...............?
 
P

pinpin - 2009

#37
Re: Process Audit Approach vs. Clause Audit Approach

I disagree with a "# of nonconformances" KPI, as well. It is subject to too many variables...not to mention I would hope that the goal is 0. If the result is greater than zero, action must be taken, but we're already taking action on the nonconformances (I hope) so now we're simply repeating ourselves.

If the goal is not zero, I really would question the expectation to receive nonconformances. There was once a joke about a company who said they would accept 3 defective parts out of 10,000 (or something to the effect). So, the supplier shipped 3 defective parts for every 10,000 shipped. If we expect 5 nonconformances, we'll get them.

For mature systems, the KPI of "# of major nonconformances issued by external" can be help as it's potentially indicative of a system becoming lax or complacent in its maturity.

Too often we see little nit-pit stuff issued as a minor and I certainly would not want to have a skewed KPI because someone was in a bad mood.

Personally, looking for the repetitive issues holds more value to me as it means we have not truly addressed the root cause.

I understand what you are saying and, to some degree, agreee with you. But does this mean that every nonconformance detected by the external auditor, you also issue one internally to find out why the auditors did not locate it? Sounds like extra work and some serious finger-pointing.

Auditing is sampling. We know this. We can not be expected to see everything when we audit. This is the nature of auditing. This is the nature of the process.

Again, I think you're almost right. External Auditors should be evaluating our system's requirements and determining if we are meeting the standard's requirements and actually doing what we say we will do. Of course there is the element of subjectivity where they must ascertain if our internal audit programme is effective, but again, the nature of auditing is sampling and we can not expect our internal auditors to see everything that the external will.
Dear RC Beyette,

KPI is for us to concentrate on our effort to maintain control or improve. It does not mean once we do not acheive we must take action right away. We need to assess the situation in the first place. Some professionals said no matter what circumstances must take action to either change the KPI to a lower one that you can meet or ...). :(I disagree.

We do not need to issue NC to our internal audit process to address why our internal auditor did not locate it but was found by external auditor. Again, we merely need to base on that to assess why we did not, so that we may find our inadequacy, not for the sake of issue NC.

Correct, I never say that we must expect to see everthing when we audit using samples. Again, it merely let us have a chance of assessing why we did not find, is it bcoz of ineffective sampling or simply a matter of luck. Yes, everyone know what sampling is, but the significant difference in audit results is between effective sampling and ineffective. This is what an auditor must possess!

A question to all, must we prove we audited all the clauses in TS before we can get certified to TS? The standard says to audit base on status and importance........We may not have time to cover all the clauses while we are concentrating our effort by doing audit on some key issues or key areas. Any CB auditors can clarify this?:thanks::thanx:
 

Jim Wynne

Staff member
Admin
#38
Re: Process Audit Approach vs. Clause Audit Approach

I disagree with a "# of nonconformances" KPI, as well. It is subject to too many variables...not to mention I would hope that the goal is 0. If the result is greater than zero, action must be taken, but we're already taking action on the nonconformances (I hope) so now we're simply repeating ourselves.

If the goal is not zero, I really would question the expectation to receive nonconformances. There was once a joke about a company who said they would accept 3 defective parts out of 10,000 (or something to the effect). So, the supplier shipped 3 defective parts for every 10,000 shipped. If we expect 5 nonconformances, we'll get them.
Sorry, but this idea of "If we say we'll accept x "bad" parts in a lot of y, we'll get them" has no basis in reality, and stems from Phil Crosby's misguided Zero Defects fantasies. While in practical terms there usually isn't any reason to "accept" (i.e., pay for) nonconforming product, there is no data anywhere that indicates that such a statement or policy causes or allows anything bad to happen. The simple fact is that there are instances when nonconforming product is (a) inevitable, or (b) inconsequential in the grand economic scheme of things.
 
Last edited:

Jim Wynne

Staff member
Admin
#39
Re: Process Audit Approach vs. Clause Audit Approach

To answer the question above, ISO 9001 is being amended to read "determine" based upon the reasoning that, although similar, the words “Identify” and “Determine” have slightly different meanings.

To identify is to recognize or establish something as being a particular thing.

To determine is to apply reason and reach a conclusive decision.

Therefore, to determine the processes implies more analysis and judgment than merely identifying them.
Using your definitions, how is it possible to rationally identify without determining? In other words, if I identify certain processes as having specified properties, haven't I determined that the specified properties exist? Once again, ISO gives us a distinction without a meaningful difference.
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#40
Re: Process Audit Approach vs. Clause Audit Approach

Once again, ISO gives us a distinction without a meaningful difference.
If any sane mind ever did a cost/benefit analysis on the amount of time, energy, money, saliva, ink, paper, etc...spent on the ISO 9001:2008 amendment, heads should roll.

As I mention in my webinars on the subject, ISO 9001:2008 is a non-issue simply because there are no significant changes to the document. Nevertheless, since 2004/2005, countless TC176 and TAG meetings have happened, to debate and discuss the (non)changes to ISO 9001. With all the travelling involved, documents being printed and re-printed, what is the environmental impact of this process? And what is the end result? An amended document which means NOTHING different from the previous version. How many tons of CO[sub]2[/sub] and other grenhouse gases have been unnecessarily added to the climate change problem?

While the words in the ISO standards have to be carefully chosen, since the documents are translated in numerous languages, playing semantics games with no real gain is a waste, imho.
 
Last edited:
Thread starter Similar threads Forum Replies Date
V Internal Audit - Process based vs. Procedure based AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 11
RoxaneB Process-based auditing in 14001 - Seeking Reviews: Audit Schedule Content Feedback General Auditing Discussions 9
I ISO 13485 Practical Internal Audit Checklist - Standard vs. Process Based Internal Auditing 26
M ISO 9001:2000 Process Based Internal Quality Audit Plan General Auditing Discussions 11
A API Spec Q1 Purchasing Process - Supplier Reevaluation based on Supplier Risks 5.6.1.4 Oil and Gas Industry Standards and Regulations 17
S How to start with ISO process in project based team - Documentation Document Control Systems, Procedures, Forms and Templates 4
M Informational Critical Thinking and the Process of Evidence-Based Practice Medical Device and FDA Regulations and Standards News 0
T GRR based on part tolerance or process variation. Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 7
M APQC PCF (Process Classification Framework) and ISO 9001 - Processes Based Approach ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
K Changing from Procedure based to Process based Competency Evaluations General Auditing Discussions 5
A Suggestions for a UK based course in Process Auditing wanted Training - Internal, External, Online and Distance Learning 2
W AS9100C Process based manual Design and Development of Products and Processes 4
T Where in the ISO 9001 standard it asks for process based auditing? Process Audits and Layered Process Audits 6
G Validating a Process Based on Lot Release Criteria Inspection, Prints (Drawings), Testing, Sampling and Related Topics 3
T Are "process based" and craftsmanship mutually exclusive? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
Q Introducing Process based approach on Production Floor Manufacturing and Related Processes 6
M Seeking input for a process-based quality management system training course ISO 13485:2016 - Medical Device Quality Management Systems 1
B Sample Size based on Process Capability Indices (Pp/Ppk)? Capability, Accuracy and Stability - Processes, Machines, etc. 20
V Relevance of Process Based Auditing (PEAR) to regulated industry. US Food and Drug Administration (FDA) 3
M Changing PFMEA (Process FMEA) RPN Values based on a Rejection FMEA and Control Plans 5
J Integrating a Project Model in a Process Based Organization ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
Z Reduced Sampling based on Process Capability (AS9100 Standard) Inspection, Prints (Drawings), Testing, Sampling and Related Topics 3
D Process4.biz and other Visio based Process Management Tools Human Factors and Ergonomics in Engineering 2
T Are MSA?s (Measurement System Analysis) Process or Gage Based? Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 20
P Definition Dock-to-Stock Process based on Historical Quality Performance of a Part and Supplier Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 8
5 Process based Internal Audits, instead of auditing to the elements of the standard Internal Auditing 21
N I'm still not grasping the idea of Process Based Internal Audits Process Audits and Layered Process Audits 19
V Process Based Organization Chart that lists processes instead of departments? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 25
M PFMEA Severity - What is Process FMEA Severity estimation based on? FMEA and Control Plans 77
S Getting started with statistically based process improvement The Reading Room 12
Manix What provision is made for the Process of Implementing Project based work in TS16949? IATF 16949 - Automotive Quality Systems Standard 3
T Implementing the Process Based Approach - Reality check needed ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 15
F How to use Total Variation based on Process or Tolerance? Page 60 of the MSA manual Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 2
V Process approach based internal auditing Internal Auditing 1
A Where's the value add in product audits when your process is inspection based? IATF 16949 - Automotive Quality Systems Standard 9
C Simple four-box process model - Referenced in ASQ Process-based auditing course General Auditing Discussions 5
L 20 Factors based QMS to TS 16949 Process based Quality Management System IATF 16949 - Automotive Quality Systems Standard 1
Gman2 MY thoughts on 'process based' auditing ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 24
D Feature-Based Processing Recommended Business Process Guideline (THE-5) Various Other Specifications, Standards, and related Requirements 0
Marc Functional vs Process Based Documentation Document Control Systems, Procedures, Forms and Templates 13
J Need Help with FPY Data in Assembly Process Manufacturing and Related Processes 7
A When someone refuses to follow a process.... Misc. Quality Assurance and Business Systems Related Topics 21
E Software maintenance Process Software maintenance Process to IEC 6204? IEC 62304 - Medical Device Software Life Cycle Processes 3
R AS5553 Clause 3.1.7 f - "Implement a returns process....." AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
normhowe "The Problem with Quality Management: Process orientation, controllability and zero-defect processes as modern myths" Book, Video, Blog and Web Site Reviews and Recommendations 2
Judy Abbott General temperature used in the blasting process and laser process Manufacturing and Related Processes 2
B SOP for CNC turret punching machine for sheet metal process Manufacturing and Related Processes 0
A API Monogram audit review process Oil and Gas Industry Standards and Regulations 4
R AS9102 FAI Change in Material / Process Supplier AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
A Process mapping Process Maps, Process Mapping and Turtle Diagrams 1

Similar threads

Top Bottom