Providing Auditee with Checklist prior to Audit

Helmut Jilling

Auditor / Consultant
#21
tsarlymayn said:
Hi there,

I am new here, I came across the forums when I was browsing the net for some information on how to conduct proper Environmental Management Audit based on ISO14001:2004 version.

Our company here in the Philippines will undergo certification audit for the new version of the ISO14001 and must conduct an internal audit.

I just don't know how to begin, what to include in the checklist, etc...I know of a process-based Quality Management Audit, how about in EM?

Could someone provide me a procedure or a method on EMS auditing?

It would really help a lot.

Thanks.

I appreciate your enthusiasm, but a key point of ISO 9001 and ISO 14001 are skills and competency. If oyu are new to this, and all of us were at one time, the first thing would be to get some training, reading some books (and the standard of course), and learning how to do it. Just getting a procedure and starting is not recommended, and would technically not even be compliant with the intent of ISO 14001 and ISO 19011.

It would make it easier, and result in better audits, if you learn first, and then audit. We have a saying in the USA, when you cut lumber, if you "measure once, you cut twice. Measure twice, only cut once..." Good luck to you in your effort.
 
Elsmar Forum Sponsor
#22
Annual planning

My principle issue is that coming up with a schedule for audits then constantly changing it is a bureaucracy that has management tending to ignore it, since the audit manager is always 'changing their mind'. Most audits aren't scheduled based on 'status and importance of the process'. Indeed, how can you schedule an audit out a whole 6 months to a year? If you have a crystal ball! The guidance in ISO 9004 tells how it should be, but no-one reads that document. Audits should be planned with input from interested parties. The idea of a whole calendar of audits, apart from some audits to clean up before an external audit, is old world. Sure your registrar wants to see that - but they can't give you a good reason. I was a registrar auditor since 1990 so I speak with some authority. Why not set a frequency of 1 audit per month (for example) then decide in the previous 30 days or so, what the scope/criteria of the audit is. An annual plan (as required by ISO/TS 16949) doesn't mean a full year's schedule. I've had more success with my clients doing it this way than the other conventional way, just to please a 3rd party.
After all, who are we doing audits for? Or maybe you have never thought about that? Better still, why do audits - just 'coz the standard requires them?

Andy
 

Helmut Jilling

Auditor / Consultant
#23
AndyN said:
My principle issue is that coming up with a schedule for audits then constantly changing it is a bureaucracy that has management tending to ignore it, since the audit manager is always 'changing their mind'. Most audits aren't scheduled based on 'status and importance of the process'. Indeed, how can you schedule an audit out a whole 6 months to a year? If you have a crystal ball! The guidance in ISO 9004 tells how it should be, but no-one reads that document. Audits should be planned with input from interested parties. The idea of a whole calendar of audits, apart from some audits to clean up before an external audit, is old world. Sure your registrar wants to see that - but they can't give you a good reason. I was a registrar auditor since 1990 so I speak with some authority. Why not set a frequency of 1 audit per month (for example) then decide in the previous 30 days or so, what the scope/criteria of the audit is. An annual plan (as required by ISO/TS 16949) doesn't mean a full year's schedule. I've had more success with my clients doing it this way than the other conventional way, just to please a 3rd party.
After all, who are we doing audits for? Or maybe you have never thought about that? Better still, why do audits - just 'coz the standard requires them?

Andy
I'm not quite sure where you are going, but I'll offer a couple comments. Perhaps your method works, and if so, fine. But I don't find any difficulty achieving the things you mention.

1. My consulting clients map out a years worth of audits on a simple annual schedule, similar to a vacation planner. One matrix, twelve months, lists each of the processes, and when we think we're going to do it. Common format, most of my clients do some similar thing, that's where I got the idea. The intent is to arrange audits into a logical linking of common processes. Also, tells the managers when they can expect us. If we need to change or adjust, it's not a problem. It also leaves trails so we can see if a particular audit has been rescheduled too often. And, I think it meets the requirement for an annual plan, but we do it for us, not the auditor.

2. ALL my auditing clients base their schedule on some sort of review of 'status and importance of the process'. It is a requirement, after all, and all of them do it. The result is either more time is being given to a particular audit or it is audited more frequently. Both methods meet the requirement and intent very well. Both are indicated on the annual schedule I described above.

3. Audits, and everything else within a company's system, clearly should be done for the benefit of the company, not the audit. The auditor is merely supposed to look over their shoulder, and review objective evidence to see that they have done the things that the standard and their systems state they are supposed to do. And determine if it was effective. If they do their things appropriately, I find that I can do my job pretty well, also.

Don't really have much conflict during my audits, except in rare cases where the client really does not understand the requirements, and therefore did not meet them. And, this is rare in my group of clients.

There are almost always more than one way to achieve desired results. As you spend some time on this forum, you'll find many good people with many ideas that are different than your own. Some are good, and some are not so good. But good always seems to rise to the top, eventually.

Welcome to the Cove, my friend.
 
Last edited:
#25
Dragging audits into the 21st century.....

What I've been trying to do here is help people to understand that internal audits often miss the issues that keep management 'sleeping with a foot out of bed'. That is to say, if the audit manager tries to schedule audits without seeking input from the management of the processes being audited, the audits will not be value added to management. With the advent of the ISO9001:2000 requirements which link processes, process measurements and quality objectives together, the internal audits should be being used (now) to verify and validate for management that they can 'trust' the process results. An audit programme which supports this approach (see ISO 9004 on self assessment, for example) requires much more management involvement in the planning and selection of what is to be audited and when (possibly even who does it). Scheduling audits without the active participation of management will miss the purpose or, at least, the results will be hit or miss.

When I teach auditing class most folks (even seasoned auditors who are upgrading skills etc) cannot talk to what 'status and importance' actually means - and those words have been in the standard for ever! Indeed, I had one 3rd party auditor in my class who had never heard it described before. Sure, everyone considers the 'previous audits' but that's what any self respecting auditor/audit manager should be doing anyways. Nearly everyone has been doing the same stuff - keeping a whole year's calendar, planning out all the processes, the 'ISO clauses', then changing them when there's n.c's - and missing the point entirely!

If you'd like to consider it this way; my experience has shown that internal auditors can find the same 'big buck' savings (potential) as a 6 Sigma team can (in one case over $8 million). A 6 Sigma project gets management support to direct the charter/focus of their efforts. So why not use that 'model' for internal audits?

Another take on how effective your audit scheduling is might be to ask your management why you are doing them and what's the reason for the schedule - can they tell you. I bet that for every other kind of schedule, production, maintenance, marketing etc., Management can tell you why. But what about the schedule for audits???

Just a thought
Andy
 

Helmut Jilling

Auditor / Consultant
#26
AndyN said:
What I've been trying to do here is help people to understand that internal audits often miss the issues ... That is to say, if the audit manager tries to schedule audits without seeking input from the management of the processes being audited, the audits will not be value added to management... Andy

Andy, I think most of us would agree that it is beneficial to get management to particpate in planning internal audits. For some it is difficult to get this involvement ahead of time. For some, they get it at the beginning of an audit.
 
L

lucasso

#27
Hi, All,

i didnt want to create a new topic, because my question is closely related to the title of this thread.
I'd like to ask your opinion on Why Internal Audits must be scheduled?

ISO9001 states that "The organization shall conduct internal audits at planned intervals <...>"

ISO17025 states that "The laboratory shall periodically, and in accordance with a predertimined schedule and procedure <...>"

The problem I see is that when everyone in the company knows when they are going be audited - a couple days before the audit they start cleaning up the mess, filling in misisng calibration protocls etc. And auditors find very few nonconformities, even though a couple days ago there were plenty. After the audit the employees go loose again until the next audit.

Any thoughts?
 
B

Boscoeee

#28
Hi, All,

i didnt want to create a new topic, because my question is closely related to the title of this thread.
I'd like to ask your opinion on Why Internal Audits must be scheduled?

ISO9001 states that "The organization shall conduct internal audits at planned intervals taking into consideration the status and importance of the processes and areas to be audited<...>"

ISO17025 states that "The laboratory shall periodically, and in accordance with a predertimined schedule and procedure <...>"

The problem I see is that when everyone in the company knows when they are going be audited - a couple days before the audit they start cleaning up the mess, filling in misisng calibration protocls etc. And auditors find very few nonconformities, even though a couple days ago there were plenty. After the audit the employees go loose again until the next audit.

Any thoughts?
I have a bunch of comments, however:caution:

If in fact what you say is true, then perhaps the internal audit process is not rigorous enough. I have added the remainder of the standards clause on this subject.

IMHO, the IA process is a tool (required tool, but only a tool), if having (multiple ) planned routine IA will keep the lab and production boys on their toes and up to speed with documentation and protocols, that is okay with me. I use the IA as part of a larger thought process to drives employees to be more "Audit Ready" on a routine basis. I found that as a strategy is quite useful in working with the quality and manufacturing folks.....:yes:

After a period of time, the folk get the idea that the IA is not going away and recognize its value, so generally they tend to keep things up in a more positive manner.
 

bobdoering

Stop X-bar/R Madness!!
Trusted Information Resource
#29
The problem I see is that when everyone in the company knows when they are going be audited - a couple days before the audit they start cleaning up the mess, filling in missing calibration protocols etc. And auditors find very few nonconformities, even though a couple days ago there were plenty. After the audit the employees go loose again until the next audit.

Any thoughts?
Well, that is why Automotive started pushing layered audits. It was no mystery that this was going on, go they essentially have people audit every week, with layers of management participating in the audit. That way, the clean-up is smaller, the system is "kept up" more routinely. It is like 5S'ing the system.

That being said, if you are suspicious that is an issue, then perhaps certain areas should have a higher internal audit frequency. After all, the frequency is not stated to allow you to do what you think you need to in order to keep up your system.

I am not so sure "snap quizzes" are going to be the way to do it. You want to develop a culture of allowing the auditors to find things as a genuine help to the system, and snap quizzes do not project that approach. It projects more of a "gotcha' attitude, which will have people bury the skeletons deeper.
 
#30
The problem I see is that when everyone in the company knows when they are going be audited - a couple days before the audit they start cleaning up the mess, filling in misisng calibration protocls etc. And auditors find very few nonconformities, even though a couple days ago there were plenty. After the audit the employees go loose again until the next audit.

Any thoughts?
Two! What are their management doing? If there's so much 'house keeping' what the h*ck are their supervision doing? Sleeping on the job?

To answer your question about scheduling, please read this
 
Thread starter Similar threads Forum Replies Date
Le Chiffre Online training available for ISO/IEC 17021-1: Requirements for bodies providing audit and certification of management systems Training - Internal, External, Online and Distance Learning 3
Sidney Vianna Providing confidence to lenders of Renewable Energy projects Sustainability, Green Initiatives and Ecology 0
J Sister-company providing parts is only ISO 9001 registered IATF 16949 - Automotive Quality Systems Standard 7
J Extent of 2017/745: providing 3rd party mass produced devices to NHS patients EU Medical Device Regulations 0
M Informational US FDA Draft Guidance – Providing Regulatory Submissions for Medical Devices in Electronic Format – Submissions Under Section 745A(b) of the Federal F Medical Device and FDA Regulations and Standards News 0
Sidney Vianna ISO/TS 17033:2019 Providing confidence in Ethical Claims Other ISO and International Standards and European Regulations 0
S Providing IFU (Instructions for Use) in multiple languages EU Medical Device Regulations 0
M IATF 16949 - 8.5.6.1.1 Providing a list of process controls: Does this requirement add value to QMS? IATF 16949 - Automotive Quality Systems Standard 4
M Specifications Aerospace - Who is responsible for providing the correct specification(s) AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 14
O ISO 9001:2015 4.4.1 - Providing Evidence of QMS Processes "Shalls" ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
A Does anyone have experience providing a summary of Pre-IDE discussions in the 510k US Food and Drug Administration (FDA) 1
M Providing accompanying Medical Device Accessories CE Marking (Conformité Européene) / CB Scheme 2
K Providing Confidence that Quality Requirements will be Fulfilled ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
S What are the next steps after providing response to FDA 483 ? US Food and Drug Administration (FDA) 7
Ajit Basrur New Guidance - Providing Regulatory Submissions in Electronic Format US Food and Drug Administration (FDA) 1
R Help on providing Pesticide Details US Food and Drug Administration (FDA) 1
B Providing a potential Customer with a Sample Medical Device in Brazil Other Medical Device Regulations World-Wide 1
T Providing Instructions for Use (IFU) vs. 'Help' pages 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 3
A Example of Design (Clause 7.3) for Organizations providing Transport Service ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
bio_subbu FDA releases draft guidance on Providing Regulatory Submissions in Electronic Format Other US Medical Device Regulations 1
B Calibration Requirements in Organizations Providing Engineering Services General Measurement Device and Calibration Topics 5
M AS9100 Rev C - Determining, Providing and Maintaining" Infrastructure AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 7
S Providing Evidence of Compliance to MIL-I-45208A and ISO 9001:2008 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
M Scope Clarification for company providing NDT service ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
O Simple process for providing Serial/Lot Numbering for our product Document Control Systems, Procedures, Forms and Templates 5
V ESD testers and providing calibration service - 7.6.3.2 External Laboratory IATF 16949 - Automotive Quality Systems Standard 3
M Delayed PPAP - Supplier has delayed providing PPAP for 2 years APQP and PPAP 25
R TS Certification Scope - Semiconductor subcontractor providing assembly and testing IATF 16949 - Automotive Quality Systems Standard 14
Steve Prevette Business Model for Providing Statistical Services Service Industry Specific Topics 5
M Where is (waldo) the customer? Providing consultancy for a "Marketing Company" ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
T Providing A2LA w/ Proficiency Test results General Measurement Device and Calibration Topics 5
a_bardi FMEA and service providing - FMEA examples in fixed network carriers sector or CATV FMEA and Control Plans 2
T Reliability & Maintainability - No customers providing input into the R&M area Reliability Analysis - Predictions, Testing and Standards 3
GStough Auditing Against Criteria Unfamiliar to Auditee - Yea or Nay? General Auditing Discussions 11
K Tips for Auditee Training ISO 13485:2016 - Medical Device Quality Management Systems 4
S Experiences as a female auditor / auditee Career and Occupation Discussions 36
S Why auditee names are not mentioned in Audit Report? General Auditing Discussions 2
L How to deal with resistance from auditee(s) Internal Auditing 20
somashekar Internal Audit without a person as auditee Internal Auditing 6
S Internal Audit Findings Summary Rewrite by an Auditee ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
F How to Calm a Nervous Auditee Internal Auditing 14
K Sending Audit Questions to the Auditee in Advance Internal Auditing 20
Howard Atkins What you as an auditee should know about your CB (Certification Body) Registrars and Notified Bodies 0
Jen Kirley What do you do when an auditee says "No thank you" Internal Auditing 86
P What to do when an Auditee Falsifies or Cheated on Records Internal Auditing 6
A What do you do if you have the feeling that your auditee could be lying? Internal Auditing 58
M What to do when Auditee refuses to sign Audit Report General Auditing Discussions 91
J Auditee offered help with anything in nonconformities Internal Auditing 16
P Internal Audit Finding - Root Cause Analysis: Auditor or an Auditee Responsibility? Internal Auditing 24
B Could ISO 22000 auditee hold Auditor Responsible for subsequent safety breaches? Food Safety - ISO 22000, HACCP (21 CFR 120) 16

Similar threads

Top Bottom