Re: Process based Internal Audits, instead of auditing to the elements of the standar
So, back to the original question......would I in actuality have audited 3-4 processes in my example? Would this fly with my registrar during a surveillance audit?
And how do you incorporate all the elements of the standard when auditing in this manner? ie: How does this relate to the Quality Policy / Mgmt Review?
Thanks
You would not be auditing all four processes. You'd be auditing how effectively those four processes interact with, or support the original process. So you might visit four people, but three of them only briefly in order to verify their effective parts in handling the sample you drew when you started. If these other three processes are planned to receive their own audits, now isn't the best time. This one action can't really count as auditing all four of them for surveillance purposes unless you drew a large enough sample and were thorough while covering the questions in all these four groups. I would soon feel muddled.
Not every clause can reasonably be covered in every audit. You'd need to plan to ask a minimum of certain questions regarding needed controls such as how nonconformances are handled, how the process owner knows things are going well, traceability, control of documents and records, preservation of product, training and so on. Other questions can regard how well the process is being performed to plan, the outcomes, how managers are informed of problems and their responses, the auditees' awareness levels, and so on. You might want to examine the procedures to see how well they provide the needed plans to maintain compliance and value to the organization--I call that a "desk audit." It plays a part in almost all of my audits, as well as a review of computerized records that verify the process is going according to plan and in compliance to standard(s).
That said, you're not limited to a scope. If you're on a shop floor doing an audit of a certain process, I think it's a fine idea to record PMs, calibration, cleanliness, and safety aspects while you're there. Then, when it's time to audit these processes (planned maintenance, calibration etc) the sample has already been taken and compliance had been verified; you'd only need to audit the processes' management.
This last point is why I think process auditing is a good idea. It gives a chance to find a problem in any one of these contributing areas in between their regularly scheduled audits.
An audit management tool attached in
this thread includes a count of the times clauses have been covered in audits. Look way to the right on the spreadsheet.
Management reviews the audit metrics, and other things they find important like nonconformance data. Management is welcome to look at audit reports, but doesn't need to know details of how the audits were done or how the program knows if the standard is completely covered--unless they ask, of course.
I hope this helps!