Process vs Elements/Checklist - Is the old method of auditing the clauses still legal

K

kei_ko

#21
i think Pat is on the right path... all the best to you :)

regarding auditing using the process approach, i am keen to know what audit tools and objective evidences other organizations are using... what can you show to external / third party auditors to demonstrate the fact that you are "using" it? so far i have seen internal audit procedures, audit schedules, checklists, audit matrix and audit trail records... please share your comments!

thanks in advance :)
 
Elsmar Forum Sponsor

Helmut Jilling

Auditor / Consultant
#22
kei_ko said:
i think Pat is on the right path... all the best to you :)

regarding auditing using the process approach, i am keen to know what audit tools and objective evidences other organizations are using... what can you show to external / third party auditors to demonstrate the fact that you are "using" it? so far i have seen internal audit procedures, audit schedules, checklists, audit matrix and audit trail records... please share your comments!

thanks in advance :)
I look for:
1. A schedule based on the processes.
2. I review some audits to see if the sequence of the process was audited,
3. Whether interactions to other processes were traced, and
4. Whether the audit evaluated effectiveness.
 

Hershal

Metrologist-Auditor
Staff member
Super Moderator
#23
Pat McGhie said:
My question now, is the old method of auditing to the clauses still legal (as we did not get a non-conformance) or is the process approach mandatory?
Does it matter which approach you use? In my opinion, the important parts are (1) that the audits are being completed, and (2) that they are effective.

If those two components are there and working properly, use any method that is appropriate for the organization.

Hershal
 

Helmut Jilling

Auditor / Consultant
#24
Hershal said:
Does it matter which approach you use? In my opinion, the important parts are (1) that the audits are being completed, and (2) that they are effective.

If those two components are there and working properly, use any method that is appropriate for the organization.

Hershal

But the whole point of the new ISO is to improve and optimize each process, and how it interacts with the linking processes. So, if you don't apply the process approach, and develop each process, you end up with a system very similar to the old ISO 9001. No gains.

The lab audits are focused on technical ability, so that is a much easier application for the staright forward approach.
 
M

mlthompson

#25
I'm finding that debating the process approach vs elemental approach is futile. It is being enforced despite what each of us may personally feel.

So I quess, rather than debate further, I would like to ask the forum on how you apply the process approach to your organization. Please include issues raised by your auditor to meet their personal expectations/interpretations and also those items you do that makes the process approach work for you.

I'm asking this because the ISO standard refers to the process approach but doesn't explicitly define what is required to pass certification/surveillance audits.
 

Helmut Jilling

Auditor / Consultant
#26
mlthompson said:
I'm finding that debating the process approach vs elemental approach is futile. It is being enforced despite what each of us may personally feel.

So I quess, rather than debate further, I would like to ask the forum on how you apply the process approach to your organization. Please include issues raised by your auditor to meet their personal expectations/interpretations and also those items you do that makes the process approach work for you.

I'm asking this because the ISO standard refers to the process approach but doesn't explicitly define what is required to pass certification/surveillance audits.

I'm surprised this thread went dead. I think you asked a good question. I'm an auditor and consultant, so I'll share some of what I commonly see.

Most companies are defining two types of processes, sometimes three. The two most common types are:

customer oriented processes (the key, critical path processes that affect the product and the customer). Common examples are Sales, Design, APQP or Engineering, Purchasing, Manufacturing, Storage and Shipping. There can be other versions as well, of course.

support processes (the administrative, supporting processes). Common examples are Training, Management, Calibration, Maintenance, Quality, Internal Auditing, Corrective Action, Controlling Docs & Records. I also see processes like IT Support, Continual Improvement, HR with some regularity. There are others, but these are frequent ones.

Some few companies define a third type as management oriented processes, which is just a subset of support processes, with a particular link to management activities. Only a few of my clients define this as a group. Most simply lump them into their support processes group.

Most clients develop a high level map to show how these core processes sequence, and describe the interactions of the supporting processes. Most clients also use some sort of a flow chart, process map or turtle diagram to describe each process, and how it breaks out.

Lastly, most also have a procedure for each process, which further describes the things they need to communicate about each process that has not already been covered in the charts. Then, where needed additional work instructions and forms exist, pretty much the same ones they had under the previous version of ISO.

It is also becoming more common to see ISO 14001 and maybe Safety integrated with their ISO 9001 or TS systems.
 
Last edited:

Hershal

Metrologist-Auditor
Staff member
Super Moderator
#27
hjilling said:
But the whole point of the new ISO is to improve and optimize each process, and how it interacts with the linking processes. So, if you don't apply the process approach, and develop each process, you end up with a system very similar to the old ISO 9001. No gains.

The lab audits are focused on technical ability, so that is a much easier application for the staright forward approach.
I agree the desire is to optimize and improve.....that does not mean however that any specific internal audit approach is the best for all.

I see process and clause approaches and often nowadays a mixture in the labs and inspection bodies that I assess.

As I said, so long as they are complete and effective, then the best approach is what is best for the organization, be it process, clause, or a mixture.

Hope this helps.

Hershal
 
#28
An internally audited 'process'

could look quite different from it's result than an external audit result.

'H', I'm thinking that you've put the IATF 'spin' on things, by refering to the COPs, MOP's and SOP's. I believe that the whole AIAG thing about teaching auditors the turtle and stuff like that isn't totally appropriate for internal auditors.

In fact, with the advent of the ISO 9001:2000 standard, my approach to auditing has shown a bigger divide between internal and external auditor behaviours.:eek:

Apart from one or two 'systems audits' the main focus of internal audits should be to 'rifle shot' the parts of the process/system (including the 'interfaces' (what you call the interaction??) to give management a read-out on what's going on (as independent eyes). Validation of their process issues, if you'd like to think of it that way.

This is quite different to what most internal audit programs do - but then I believe that most are only there to appease the registrars and, if it weren't for registration, management wouldn't give audits even 'lip service':mg:

So, in many ways, I think Hershal is fairly accurate. A 'process audit' could result in an audit that looks like an 'element', department or some other approach. My take is that it depends on what was planned to happen and if the auditors did an effective job of 'sniping' at the issue........:yes:

WOW - now what replies will we get?:mg:

Andy
 

Helmut Jilling

Auditor / Consultant
#29
AndyN said:
could look quite different from it's result than an external audit result.

'H', I'm thinking that you've put the IATF 'spin' on things, by refering to the COPs, MOP's and SOP's. I believe that the whole AIAG thing about teaching auditors the turtle and stuff like that isn't totally appropriate for internal auditors.

In fact, with the advent of the ISO 9001:2000 standard, my approach to auditing has shown a bigger divide between internal and external auditor behaviours.

Apart from one or two 'systems audits' the main focus of internal audits should be to 'rifle shot' the parts of the process/system (including the 'interfaces' (what you call the interaction??) to give management a read-out on what's going on (as independent eyes). Validation of their process issues, if you'd like to think of it that way.

This is quite different to what most internal audit programs do - but then I believe that most are only there to appease the registrars and, if it weren't for registration, management wouldn't give audits even 'lip service.'

So, in many ways, I think Hershal is fairly accurate. A 'process audit' could result in an audit that looks like an 'element', department or some other approach. My take is that it depends on what was planned to happen and if the auditors did an effective job of 'sniping' at the issue........:yes:

Andy

I think we are looking at this very differently. I'll share some thoughts.

Not really trying to promote an IATF approach. I don't promote MOPs at all. But I have always differentiated between the core or critical path processes (that move product from Sales through Engineering through Production and Shipping) (COPs) separate from the supporting processes (all the support, admin and other stuff) (SOPs). The acronyms are not required for ISO or TS. I just use the acronyms as shorthand, because they are relatively well known.

The important thing is ISO (or TS) intends to help you optimize all your processes and interactions (the term used by the standard in 4.1.b). Optimizing core processes often takes a different approach than optimizing the supporting processes.

Much of the low hanging fruit remains in the supporting processes. We have focused on the core processes for years, and left the supporting processes to struggle on their own.

The Big 3 stress product, when their biggest sins are in the supporting processes and process interactions. Those processes need control also. But they get little attention.

I don't see any divide between how internal and external auditors are supposed to approach this. Both are to audit how effective the processes and the process interactions are functioning. Not just compliance, but how well they function. The internal auditors just are more intimately familiar with the nuances of how things function (leading to what I termed before a "micro-level" audit approach, while I do a macro-level approach.)

The CBs and ABs clearly are demanding a process approach (at least in the USA). Any auditor that does not do that will be slapped with a significant nonconformance. And, both the IATF and ANAB have written articles or Rules that require internal audits to follow a process approach. We really can't arbitrarily decide we want to do an elemnt approach instead. That doesn't meet the requirements, though I suppose it can be added on top, as an extra audit.

A good internal audit program is there to help the company improve, not just satisfy an external audit. It is much too costly to merely dot the i's and cross the t's.

I'll really go out on a limb, and say a company that accepts that will lose in the long run, and a manager who condones that should be fired. But, hey, it's my money being wasted. There are a lot of automotive companies struggling, and a lot of them are companies that accept this lame approach. Which is cause and which is effect?

Well, there's some of my thoughts.
 
K

kalliz50

#30
I've searched your site and perhaps you are aware of where I might find this info or have some type of template that I can use as a starting point - although each company and process is different - I am trying to implement process auditing structure versus "standards" auditing to my internal audit procedure - is there something which would list for example "purchasing" and then if this process is audited what "standards" it will "hit" during theprocess ... I can do it manually but if I had something basic I can expand on it would save me time. Thanks,
 
Thread starter Similar threads Forum Replies Date
B Process Audit Elements for Service Industry please Process Audits and Layered Process Audits 9
5 Process based Internal Audits, instead of auditing to the elements of the standard Internal Auditing 21
S Example of EMS Process Flow with interaction of core elements - Chemical industry Miscellaneous Environmental Standards and EMS Related Discussions 8
W Auditing the Task (Process) Elements - Visual Map Attached General Auditing Discussions 74
Raffy Statistical Process Control - ISO 11462-2:2001 Key elements of an SPC System Statistical Analysis Tools, Techniques and SPC 1
J Need Help with FPY Data in Assembly Process Manufacturing and Related Processes 7
A When someone refuses to follow a process.... Misc. Quality Assurance and Business Systems Related Topics 21
E Software maintenance Process Software maintenance Process to IEC 6204? IEC 62304 - Medical Device Software Life Cycle Processes 3
R AS5553 Clause 3.1.7 f - "Implement a returns process....." AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
normhowe "The Problem with Quality Management: Process orientation, controllability and zero-defect processes as modern myths" Book, Video, Blog and Web Site Reviews and Recommendations 2
Judy Abbott General temperature used in the blasting process and laser process Manufacturing and Related Processes 2
B SOP for CNC turret punching machine for sheet metal process Manufacturing and Related Processes 0
A API Monogram audit review process Oil and Gas Industry Standards and Regulations 4
R AS9102 FAI Change in Material / Process Supplier AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
A Process mapping Process Maps, Process Mapping and Turtle Diagrams 1
R MDEL Process Canada Medical Device Regulations 4
optomist1 Rates Daily or Hourly Process Improvement Training Consultants and Consulting 2
S Manufacturing Process FDA FOIA Medical Device and FDA Regulations and Standards News 3
S Manufacturing Process FDA FOIA US Food and Drug Administration (FDA) 4
B Toyota PPAP Process - Three Questions APQP and PPAP 3
R Changes vs CMO - How can we simplify this process? Supplier Quality Assurance and other Supplier Issues 3
A Ethics Committee Review Process for IVD Products EU Medical Device Regulations 2
V Laser Welding Process - Impact on Electrical Properties Reliability Analysis - Predictions, Testing and Standards 4
Q Process: Knowledge Section 7.1.6 of ISO 9001:2015 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
L Documented Information in Internal Audits Process (9.2) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
A Sampling plan for in-process QC (medical devices) Inspection, Prints (Drawings), Testing, Sampling and Related Topics 13
R MRB (Material Review Board) Process using MS Sharepoint or MS Teams Manufacturing and Related Processes 2
M Clinical Benefit of device that only aids in a process for managing or treating disease EU Medical Device Regulations 2
C In-process inspection - Tooling and assembly lines for automotive companies AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 6
M Efficacy of an IT process after a cyber attack ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
N Sterilization Protocol Change in Validation Process and further impacts ISO 13485:2016 - Medical Device Quality Management Systems 1
N Riveting - special process Manufacturing and Related Processes 11
M Material incoming to the production process reflected in PFMEA FMEA and Control Plans 9
A API Spec Q1 Purchasing Process - Supplier Reevaluation based on Supplier Risks 5.6.1.4 Oil and Gas Industry Standards and Regulations 17
B Handling lower detection limits for SPC and process performance Statistical Analysis Tools, Techniques and SPC 1
D Measurables for Plastic Injection molding process Manufacturing and Related Processes 1
S Cleaning process center change ISO 13485:2016 - Medical Device Quality Management Systems 4
Z Rapid audit template for plastic parts manufacturing process Manufacturing and Related Processes 12
R Inspection and Work order process Inspection, Prints (Drawings), Testing, Sampling and Related Topics 9
T ISO 13485:2016 Clauses related to process matrix ISO 13485:2016 - Medical Device Quality Management Systems 3
A How to reduce the process SPC monitoring Capability, Accuracy and Stability - Processes, Machines, etc. 3
John Predmore Configuration Management as a process instead of a procedure AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 10
R PCBA process validation Qualification and Validation (including 21 CFR Part 11) 2
U Internal Auditor not trained but done Audit for some process Nonconformance and Corrective Action 5
B Two excellent examples of process capability analysis from Quality Magazine Capability, Accuracy and Stability - Processes, Machines, etc. 5
D ECO (Engineering Change Order) process questions ISO 13485:2016 - Medical Device Quality Management Systems 7
S Sterilization validation after changing sterilization process provider Qualification and Validation (including 21 CFR Part 11) 3
Pau Calvo Quality Management process is mandatory in ISO9001? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
Tagin Template or Checklist for Process Change Document Control Systems, Procedures, Forms and Templates 5
LostLouie Manufacturer divorced from Design process, is he justified in design process deficiencies? ISO 13485:2016 - Medical Device Quality Management Systems 9

Similar threads

Top Bottom