Process vs Elements/Checklist - Is the old method of auditing the clauses still legal

Pat McGhie

Inactive Registered Visitor
#1
Hello everyone,

a little background, recently transferred to a new company. They are ISO 9001-2000 Certified. Originally, 6 years ago to 1994, renewed 3 years ago and 2 years back upgraded if you will to 9001-2000. They are do for a new certificate audit in a few months.

The situation, they are still performing internal audits to the clauses of the standard with a checklist. They started to look into the process approach to auditing and at the last surveillance audit in October 05, it was listed as an observation that they pursue that approach.

2 issues are now upon me. The first being that they have not done any audits since last july. I am trying to get training in for an audit team on the process approach. My question now, is the old method of auditing to the clauses still legal (as we did not get a non-conformance) or is the process approach mandatory?

Thank you, I searched the forum but could not find the specific. Idea now is get the audits caught up the old way and then proceed to work towards process approach but likely not fully implemented by the 3rd party certificate audit.

Pat McGhie
 

AndyN

A problem shared...
Staff member
Super Moderator
#2
Nothing 'illegal', but.........

why are you wasting your time 'getting caught up' using the old element approach? - that was a bad approach anyway, even if an external auditor bought it. You are stuck with what it is - a failed audit system. With such a situation an effective external auditor is more likely to issue a major against a lack of management commitment or an ineffective management review, since a key requirement - internal audits - is on it's knees. Paint that picture to your management and get the training course you need, get an on-site 'lab' audit with the instructor (I always recommend that) and use the training session as OJT and as a 'real' audit. The get the internal audit process fixed.

Andy
 

Helmut Jilling

Auditor / Consultant
#3
Pat McGhie said:
Hello everyone,

a little background, recently transferred to a new company. They are ISO 9001-2000 Certified. Originally, 6 years ago to 1994, renewed 3 years ago and 2 years back upgraded if you will to 9001-2000. They are do for a new certificate audit in a few months.

The situation, they are still performing internal audits to the clauses of the standard with a checklist. They started to look into the process approach to auditing and at the last surveillance audit in October 05, it was listed as an observation that they pursue that approach.

2 issues are now upon me. The first being that they have not done any audits since last july. I am trying to get training in for an audit team on the process approach. My question now, is the old method of auditing to the clauses still legal (as we did not get a non-conformance) or is the process approach mandatory?

Thank you, I searched the forum but could not find the specific. Idea now is get the audits caught up the old way and then proceed to work towards process approach but likely not fully implemented by the 3rd party certificate audit.

Pat McGhie

You are clearly in a difficult position.

I agree with Andy, you should use the process approach widely being talked about.

However, you should also know, that both the ANAB and the Automotive IAOB expect and require a process approach being applied to your QMS. The TS Rules are pretty clear, if you have automotive exposure.

The ANAB's instructions to the CBs are pretty clear, however, their documents are a bit less direct, but making progress. There is one recent guidance document from ANAB with promotes the process approach. I will attach a copy with this post.
 

Attachments

Pat McGhie

Inactive Registered Visitor
#4
agree with time waste but...

AndyN said:
why are you wasting your time 'getting caught up' using the old element approach? - that was a bad approach anyway, even if an external auditor bought it. You are stuck with what it is - a failed audit system. With such a situation an effective external auditor is more likely to issue a major against a lack of management commitment or an ineffective management review, since a key requirement - internal audits - is on it's knees. Paint that picture to your management and get the training course you need, get an on-site 'lab' audit with the instructor (I always recommend that) and use the training session as OJT and as a 'real' audit. The get the internal audit process fixed.

Andy

Andy, thank you for the reply... we are not trying to waste our time. I agree with you that it is and we moving forward. We have auditors who have audited nothing as they were all waiting for someone to take some initiative. It has been taken, we are proceeding with the process approach, I already have a quote and my proposal will be to management on Monday... I expect it will be signed the same day based on previous conversations with the owner.

The issue occurs with "catchup". Should we do "something" (which is show some audit prograqm even though element based ) with our current team until the training can be completed and we transition over? My boss is saying that yes, we should as it shows an attempt to maintain while we pursue the improvement.

My real question is would the "non process based" audits (say they were 80% of the program) be legal at our soon to aarive recertification audit. At that point we would be trained, program in place but only a small percent of process based complete.

Pat
 

Pat McGhie

Inactive Registered Visitor
#5
hjilling said:
You are clearly in a difficult position.

I agree with Andy, you should use the process approach widely being talked about.
Thank you both for the doc and the reply. We do not have automotive exposure at the moment, the driving guidline is strictly our own ISO 9001-2000.

There is no question on the merits of process approach and we are proceeding. Management is also behind this. The real question is should we continue our element based audits and will they be legal until we comlete the training and transition.

Pat
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#6
Hi Pat,

If the overall question is "What should we do to catch up" my question to you is, how often do the audits take place according to the audit procedure? Are you clearly past schedule--lapsed audits?

If you are in non-conformance with your own procedure a CAR may be required to record the discrepancy for your upcoming recert.

I would not perform a flurry of audits just to catch up, using an approach not recommended; I would use this time to ramp up to the process approach.

Is the audit procedure among those out of periodicity? If so, I would do that one first, write a CAR and fix it by ramping up with process audit training and observations of auditors performing the new method.

When a round of the new audits successfully complete, I would do a follow up audit of the audit procedure to close out that CAR.
 

AndyN

A problem shared...
Staff member
Super Moderator
#7
Or maybe kick Management Review into gear........

and record that management understand the issue. That way, you'll get benefit from showing that management do 'care' (even if only on paper) and that the action Jennifer is suggesting (good one Jen!) is linked to some 'management commitment'. Yes, I know they probably don't fully 'get it', but if we are talking audit survival when your registrar comes in to visit, then do what it takes. :eek: I'm thinking that if they've approved some training budget, they will support a realization of the situation. Also, you'll need to look closely at why the audit system has failed. Maybe we can diagnose it here for you?;)

Andy
 

Antonio Vieira

Involved - Posts
#8
Remenber just this.
In all the registrars I know the check list we have to use when auditing a QMS is the standard written in an inquisitive form. So this is a requirement check list. And it has to be that way, as 3rd party audit the main thing we have to check is that all the requirements of the standard are fulfilled.
In an internal audit things are different. In this kind of audit you know that your system is according to that standard and you can check just if what you have written is being correctly done...
 

Helmut Jilling

Auditor / Consultant
#9
António Vieira said:
Remenber just this.
In all the registrars I know the check list we have to use when auditing a QMS is the standard written in an inquisitive form. So this is a requirement check list. And it has to be that way, as 3rd party audit the main thing we have to check is that all the requirements of the standard are fulfilled.
In an internal audit things are different. In this kind of audit you know that your system is according to that standard and you can check just if what you have written is being correctly done...

In the USA, a 3rd party audit using a checklist based on the standards is completely forbidden by the accreditation bodies (ANAB/RAB). It would be an automatic major NC against the auditor and certification body by the witness auditor. It was my understanding that RvA would not accept it either. So, it surprises me that it is still acceptable practice in Europe.
 

Antonio Vieira

Involved - Posts
#10
If that’s forbidden, how are you sure you’ve checked all the requirements of the standard?
The ISO 9001:2000 3rd party audit will give the organization a certificate that shows it is in accordance with the standard. The auditor must check all its requirements.
If you don’t use a check list that has all of them you mail fail...

US Registrars here are also using those kinds of check lists. In my opinion correctly...
 

Top