Process vs Elements/Checklist - Is the old method of auditing the clauses still legal

P

Pat McGhie

#1
Hello everyone,

a little background, recently transferred to a new company. They are ISO 9001-2000 Certified. Originally, 6 years ago to 1994, renewed 3 years ago and 2 years back upgraded if you will to 9001-2000. They are do for a new certificate audit in a few months.

The situation, they are still performing internal audits to the clauses of the standard with a checklist. They started to look into the process approach to auditing and at the last surveillance audit in October 05, it was listed as an observation that they pursue that approach.

2 issues are now upon me. The first being that they have not done any audits since last july. I am trying to get training in for an audit team on the process approach. My question now, is the old method of auditing to the clauses still legal (as we did not get a non-conformance) or is the process approach mandatory?

Thank you, I searched the forum but could not find the specific. Idea now is get the audits caught up the old way and then proceed to work towards process approach but likely not fully implemented by the 3rd party certificate audit.

Pat McGhie
 
Elsmar Forum Sponsor
#2
Nothing 'illegal', but.........

why are you wasting your time 'getting caught up' using the old element approach? - that was a bad approach anyway, even if an external auditor bought it. You are stuck with what it is - a failed audit system. With such a situation an effective external auditor is more likely to issue a major against a lack of management commitment or an ineffective management review, since a key requirement - internal audits - is on it's knees. Paint that picture to your management and get the training course you need, get an on-site 'lab' audit with the instructor (I always recommend that) and use the training session as OJT and as a 'real' audit. The get the internal audit process fixed.

Andy
 

Helmut Jilling

Auditor / Consultant
#3
Pat McGhie said:
Hello everyone,

a little background, recently transferred to a new company. They are ISO 9001-2000 Certified. Originally, 6 years ago to 1994, renewed 3 years ago and 2 years back upgraded if you will to 9001-2000. They are do for a new certificate audit in a few months.

The situation, they are still performing internal audits to the clauses of the standard with a checklist. They started to look into the process approach to auditing and at the last surveillance audit in October 05, it was listed as an observation that they pursue that approach.

2 issues are now upon me. The first being that they have not done any audits since last july. I am trying to get training in for an audit team on the process approach. My question now, is the old method of auditing to the clauses still legal (as we did not get a non-conformance) or is the process approach mandatory?

Thank you, I searched the forum but could not find the specific. Idea now is get the audits caught up the old way and then proceed to work towards process approach but likely not fully implemented by the 3rd party certificate audit.

Pat McGhie

You are clearly in a difficult position.

I agree with Andy, you should use the process approach widely being talked about.

However, you should also know, that both the ANAB and the Automotive IAOB expect and require a process approach being applied to your QMS. The TS Rules are pretty clear, if you have automotive exposure.

The ANAB's instructions to the CBs are pretty clear, however, their documents are a bit less direct, but making progress. There is one recent guidance document from ANAB with promotes the process approach. I will attach a copy with this post.
 

Attachments

P

Pat McGhie

#4
agree with time waste but...

AndyN said:
why are you wasting your time 'getting caught up' using the old element approach? - that was a bad approach anyway, even if an external auditor bought it. You are stuck with what it is - a failed audit system. With such a situation an effective external auditor is more likely to issue a major against a lack of management commitment or an ineffective management review, since a key requirement - internal audits - is on it's knees. Paint that picture to your management and get the training course you need, get an on-site 'lab' audit with the instructor (I always recommend that) and use the training session as OJT and as a 'real' audit. The get the internal audit process fixed.

Andy

Andy, thank you for the reply... we are not trying to waste our time. I agree with you that it is and we moving forward. We have auditors who have audited nothing as they were all waiting for someone to take some initiative. It has been taken, we are proceeding with the process approach, I already have a quote and my proposal will be to management on Monday... I expect it will be signed the same day based on previous conversations with the owner.

The issue occurs with "catchup". Should we do "something" (which is show some audit prograqm even though element based ) with our current team until the training can be completed and we transition over? My boss is saying that yes, we should as it shows an attempt to maintain while we pursue the improvement.

My real question is would the "non process based" audits (say they were 80% of the program) be legal at our soon to aarive recertification audit. At that point we would be trained, program in place but only a small percent of process based complete.

Pat
 
P

Pat McGhie

#5
hjilling said:
You are clearly in a difficult position.

I agree with Andy, you should use the process approach widely being talked about.
Thank you both for the doc and the reply. We do not have automotive exposure at the moment, the driving guidline is strictly our own ISO 9001-2000.

There is no question on the merits of process approach and we are proceeding. Management is also behind this. The real question is should we continue our element based audits and will they be legal until we comlete the training and transition.

Pat
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#6
Hi Pat,

If the overall question is "What should we do to catch up" my question to you is, how often do the audits take place according to the audit procedure? Are you clearly past schedule--lapsed audits?

If you are in non-conformance with your own procedure a CAR may be required to record the discrepancy for your upcoming recert.

I would not perform a flurry of audits just to catch up, using an approach not recommended; I would use this time to ramp up to the process approach.

Is the audit procedure among those out of periodicity? If so, I would do that one first, write a CAR and fix it by ramping up with process audit training and observations of auditors performing the new method.

When a round of the new audits successfully complete, I would do a follow up audit of the audit procedure to close out that CAR.
 
#7
Or maybe kick Management Review into gear........

and record that management understand the issue. That way, you'll get benefit from showing that management do 'care' (even if only on paper) and that the action Jennifer is suggesting (good one Jen!) is linked to some 'management commitment'. Yes, I know they probably don't fully 'get it', but if we are talking audit survival when your registrar comes in to visit, then do what it takes. :eek: I'm thinking that if they've approved some training budget, they will support a realization of the situation. Also, you'll need to look closely at why the audit system has failed. Maybe we can diagnose it here for you?;)

Andy
 

Antonio Vieira

Involved - Posts
Trusted Information Resource
#8
Remenber just this.
In all the registrars I know the check list we have to use when auditing a QMS is the standard written in an inquisitive form. So this is a requirement check list. And it has to be that way, as 3rd party audit the main thing we have to check is that all the requirements of the standard are fulfilled.
In an internal audit things are different. In this kind of audit you know that your system is according to that standard and you can check just if what you have written is being correctly done...
 

Helmut Jilling

Auditor / Consultant
#9
António Vieira said:
Remenber just this.
In all the registrars I know the check list we have to use when auditing a QMS is the standard written in an inquisitive form. So this is a requirement check list. And it has to be that way, as 3rd party audit the main thing we have to check is that all the requirements of the standard are fulfilled.
In an internal audit things are different. In this kind of audit you know that your system is according to that standard and you can check just if what you have written is being correctly done...

In the USA, a 3rd party audit using a checklist based on the standards is completely forbidden by the accreditation bodies (ANAB/RAB). It would be an automatic major NC against the auditor and certification body by the witness auditor. It was my understanding that RvA would not accept it either. So, it surprises me that it is still acceptable practice in Europe.
 

Antonio Vieira

Involved - Posts
Trusted Information Resource
#10
If that’s forbidden, how are you sure you’ve checked all the requirements of the standard?
The ISO 9001:2000 3rd party audit will give the organization a certificate that shows it is in accordance with the standard. The auditor must check all its requirements.
If you don’t use a check list that has all of them you mail fail...

US Registrars here are also using those kinds of check lists. In my opinion correctly...
 
Thread starter Similar threads Forum Replies Date
B Process Audit Elements for Service Industry please Process Audits and Layered Process Audits 9
5 Process based Internal Audits, instead of auditing to the elements of the standard Internal Auditing 21
S Example of EMS Process Flow with interaction of core elements - Chemical industry Miscellaneous Environmental Standards and EMS Related Discussions 8
W Auditing the Task (Process) Elements - Visual Map Attached General Auditing Discussions 74
Raffy Statistical Process Control - ISO 11462-2:2001 Key elements of an SPC System Statistical Analysis Tools, Techniques and SPC 1
J Need Help with FPY Data in Assembly Process Manufacturing and Related Processes 7
A When someone refuses to follow a process.... Misc. Quality Assurance and Business Systems Related Topics 21
E Software maintenance Process Software maintenance Process to IEC 6204? IEC 62304 - Medical Device Software Life Cycle Processes 3
R AS5553 Clause 3.1.7 f - "Implement a returns process....." AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
normhowe "The Problem with Quality Management: Process orientation, controllability and zero-defect processes as modern myths" Book, Video, Blog and Web Site Reviews and Recommendations 2
Judy Abbott General temperature used in the blasting process and laser process Manufacturing and Related Processes 2
B SOP for CNC turret punching machine for sheet metal process Manufacturing and Related Processes 0
A API Monogram audit review process Oil and Gas Industry Standards and Regulations 4
R AS9102 FAI Change in Material / Process Supplier AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
A Process mapping Process Maps, Process Mapping and Turtle Diagrams 1
R MDEL Process Canada Medical Device Regulations 4
optomist1 Rates Daily or Hourly Process Improvement Training Consultants and Consulting 2
S Manufacturing Process FDA FOIA Medical Device and FDA Regulations and Standards News 3
S Manufacturing Process FDA FOIA US Food and Drug Administration (FDA) 4
B Toyota PPAP Process - Three Questions APQP and PPAP 3
R Changes vs CMO - How can we simplify this process? Supplier Quality Assurance and other Supplier Issues 3
A Ethics Committee Review Process for IVD Products EU Medical Device Regulations 2
V Laser Welding Process - Impact on Electrical Properties Reliability Analysis - Predictions, Testing and Standards 4
Q Process: Knowledge Section 7.1.6 of ISO 9001:2015 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
L Documented Information in Internal Audits Process (9.2) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
A Sampling plan for in-process QC (medical devices) Inspection, Prints (Drawings), Testing, Sampling and Related Topics 13
R MRB (Material Review Board) Process using MS Sharepoint or MS Teams Manufacturing and Related Processes 2
M Clinical Benefit of device that only aids in a process for managing or treating disease EU Medical Device Regulations 2
C In-process inspection - Tooling and assembly lines for automotive companies AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 6
M Efficacy of an IT process after a cyber attack ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
N Sterilization Protocol Change in Validation Process and further impacts ISO 13485:2016 - Medical Device Quality Management Systems 1
N Riveting - special process Manufacturing and Related Processes 11
M Material incoming to the production process reflected in PFMEA FMEA and Control Plans 9
A API Spec Q1 Purchasing Process - Supplier Reevaluation based on Supplier Risks 5.6.1.4 Oil and Gas Industry Standards and Regulations 17
B Handling lower detection limits for SPC and process performance Statistical Analysis Tools, Techniques and SPC 1
D Measurables for Plastic Injection molding process Manufacturing and Related Processes 1
S Cleaning process center change ISO 13485:2016 - Medical Device Quality Management Systems 4
Z Rapid audit template for plastic parts manufacturing process Manufacturing and Related Processes 12
R Inspection and Work order process Inspection, Prints (Drawings), Testing, Sampling and Related Topics 9
T ISO 13485:2016 Clauses related to process matrix ISO 13485:2016 - Medical Device Quality Management Systems 3
A How to reduce the process SPC monitoring Capability, Accuracy and Stability - Processes, Machines, etc. 3
John Predmore Configuration Management as a process instead of a procedure AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 10
R PCBA process validation Qualification and Validation (including 21 CFR Part 11) 2
U Internal Auditor not trained but done Audit for some process Nonconformance and Corrective Action 5
B Two excellent examples of process capability analysis from Quality Magazine Capability, Accuracy and Stability - Processes, Machines, etc. 5
D ECO (Engineering Change Order) process questions ISO 13485:2016 - Medical Device Quality Management Systems 7
S Sterilization validation after changing sterilization process provider Qualification and Validation (including 21 CFR Part 11) 3
Pau Calvo Quality Management process is mandatory in ISO9001? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
Tagin Template or Checklist for Process Change Document Control Systems, Procedures, Forms and Templates 5
LostLouie Manufacturer divorced from Design process, is he justified in design process deficiencies? ISO 13485:2016 - Medical Device Quality Management Systems 9

Similar threads

Top Bottom