SBS - The best value in QMS software

Recent ISO 9001 Re-registration Audit Questions

M

mcgilla

#1
Hello everyone,

I'm actually looking to get some feedback on interpretations of a few things. We've just gone through our re-registration audit late last week. And while we didn't get any findings, our auditor's style is one that he hints towards things he's going to look at during our next surveillance. He was auditing our production processes and asked a few employees what our Quality Policy means to them. I wouldn't have given any better responses than many of my workers, however they didn't mention "continual improvement". Our policy states that, of course, but I feel this is getting to a nit picking stage of auditing our company. I don't see where it can be interpreted as needing to say those exact words. That's what I'm wondering about in your interpretations.. do my employees "HAVE" to say continual improvement. When my workers were questioned by our auditor about continual improvement, they all agreed that's what we do all of the time. It's a normal environment to them.

Second comes to another critical area of the standard.. Internal Auditing. He got hung up on "reporting results" meaning literally writing a report. I interpret that differently in that if I can report on the results in management review, that satisfies the standard. He specifically wanted observations, findings, recommendations, opportunity for improvement all on a report. The dynamic of our management staff is not one of fluff. We tell each other what was found, assign people who handle the task/action items, report the closing date, verify the action and discuss. What was not necessarily captured is our "discussion". Am I being too simplistic in my interpretation of reporting results. We've found that simple really allows for a great system. Our staff wears many hats, as I'm sure most everyone's does, so I'll have a mutiny on my hands if everyone has to read/write a lengthy report outside of management review of our system.

I appreciate any feedback.

Ed
 
Elsmar Forum Sponsor
L

lk2012

#2
Hi Ed,
your Auditor was having a bit of a grumpy nitpicker day wasn't he?

On the quality policy situation, I'd just add it to your colleague's training - you can even say that it's something the Auditor wants to hear. We have a similar situation, everyone's got to rattle off 'Zero Defect Policy' in that exact wording because that's what Volkswagen and the likes expect people to hear. :ca:

As for the internal audit reports - do your reports clearly show:
- audited department / process
- clauses you audited against
- audit findings
- observations / opportunities for improvement
- non-conformances
- corrective actions (or link to associated corrective action report) incl. responsibility
- sign-off

If yes, that should demonstrate the audit reporting process. You can always show supporting evidence such as minutes of meetings / progress reports / communication in emails... I know it's really difficult when the organisation's quite small and people really have to better things to do at work than fill in reports and forms. Give it a go and see how your Auditor likes it.

Worst-case scenario, you can always ask the Registrar to delegate your audit to a different auditor on the grounds of unprofessional conduct. Don't suffer in silence.
Good luck :cfingers:
Lil
 
J

Jamie_

#3
Has your auditor mentioned the lack of internal audit reports before? I personally have always had our auditors do audit reports along with issuing C/PARS if needed. IA reports are such an inherent part of the process to me, it never occurred to me that some don't do them - so I'm wondering if they said anything at any previous surveillance audits?

Fwiw audit reports don't have to be a nightmare. I personally write a detailed report, because that's how I like to do it and my handwriting completely illegible so I'd need to type my notes up anyway. But for my auditors who take well organized and legible notes the audit report can be a brief summary and refer to notes.

Questioning about including continuous improvement in their answers is weird to me. When he questioned them they affirmed you have this covered, so why does it need to be in their initial responses? To me that would seem to encourage coaching rather than assessing their genuine responses. Sounds counterproductive to me.
 
M

mcgilla

#4
Lil,

Yes, he was definitely having a grumpy day. The auditor mentioned that after auditing in Asia where, when you ask about the quality policy that is 1 page long, everyone stands at attention and recites it word for word, that there's no excuse for not being able to describe it in their own words. Yes, definitely grumpy.

In terms of Internal Audits, it's been a work in progress, it was cumbersome before and we're definitely leaning it out and trying to make sure we get everything we need, but also that it's something of value. No one wants to do anything that doesn't help the company, that's the thing he hasn't really grasped yet and since he only see's us as a snapshot audit instead of living what we do... ok now I'm writing a book, but the list of things for "reporting" I can see where I can improve things a bit and keep it lean.

Jamie, this was the first mention of it, nothing at previous surveillance audits. About two years ago we updated our procedure to this format and all was well. I won't pick on this particular auditor, we've had several during our registered time that will compliment our process one audit and then pick it apart the next. Probably the most inconsistent lot of people I've ever had to deal with. Had he started mentioning a non-conformance, I would have argued. But in referencing the standard to look to improve our process, it just says "reporting results" that doesn't mean a report to me, just a communication of those results. But I think Lil has got my gears turning for the streamlining of things.

Thanks for responses thus far.
Ed
 
L

lk2012

#5
I know exactly what your auditor meant by people standing up to attention rattling off the policy word-by-word. He forgot to add that they might not always understand the real life use of it though. ;)
As an Auditor, I'd rather see people understanding the gist of the policy and telling it in their own words, or even better in their own actions, than mindlessly regurgitating words.

Good luck with your streamlining, let us know if there's anything I or other Covers can do to help :bigwave:
 
J

Jamie_

#6
A page long and they can recite it? I have ours printed on cards and everyone keeps one in their plastic ID pocket. Ours is 16 words long and I'd quit before I'd attempt to get everyone to memorize it, much less a page. That's terrifying!

I really like your approach to make sure what you're doing has value - nothing will get people to ignore procedures faster than a lot of busy work done solely for the benefit of the registrar - it has to mean something.
 
P

pldey42

#7
If it's any help, clause 5.3.d requires the quality policy to be communicated and understood; it doesn't say, "and recited verbatim."

Clause 8.2.2 does require records of internal audits to be maintained and that's typically done with reports or a spreadsheet or database of findings (nonconformities etc.) not so much for auditors, but to enable corrective actions to be tracked to closure and for trend analysis, for example the same NC recurring; if it's all done verbally (and the OP seems to suggest that it is) there's a risk of things falling between stools, even with the best will in the world. If it takes an hour to interview someone and there's a nonconformity, it surely only takes a few minutes more to write it up - one sentence to quote the requirement and another sentence for the nonconformity. together with the evidence.

E.g. Clause 5.3.d requires the quality policy to be communicated. Of 12 people interviewed, 6 said, "What quality policy?" Not that, in this case, they did.

Pat
 
M

mcgilla

#8
If it's any help, clause 5.3.d requires the quality policy to be communicated and understood; it doesn't say, "and recited verbatim."

Clause 8.2.2 does require records of internal audits to be maintained and that's typically done with reports or a spreadsheet or database of findings (nonconformities etc.) not so much for auditors, but to enable corrective actions to be tracked to closure and for trend analysis, for example the same NC recurring; if it's all done verbally (and the OP seems to suggest that it is) there's a risk of things falling between stools, even with the best will in the world. If it takes an hour to interview someone and there's a nonconformity, it surely only takes a few minutes more to write it up - one sentence to quote the requirement and another sentence for the nonconformity. together with the evidence.

E.g. Clause 5.3.d requires the quality policy to be communicated. Of 12 people interviewed, 6 said, "What quality policy?" Not that, in this case, they did.

Pat
Information in spreadsheets and nonconforming databases exist with regard to any issue. The auditor wanted a written report on the audit, much more than even the few sentences you suggest. I questioned adding a bit more detail to where we already log our internal audit items, actions, completion dates, responsibility, etc. and he wanted a report. He's writing a report to give to my organization, our auditors need to write reports.

I'm not arguing against any suggestions by any means, just his interpretation of what reporting results required. We've had this gentleman for a couple of years now, I know our registrar will circle a new auditor in within the next year or two and I'll get to learn the new person's tendencies. He had just never brought it up as an issue in the past few audits, until last week.

I'll need to ask more questions in the future and not just be the occasional lurker.. great feedback!!
 

somashekar

Staff member
Super Moderator
#9
I questioned adding a bit more detail to where we already log our internal audit items, actions, completion dates, responsibility, etc. and he wanted a report.
I am wondering what actions you mean here ...
Are they the audit outputs., the conforming and non-conforming situations with your audited sample information ?
If you do not have these, then you are not having records of audit.
 
M

mcgilla

#10
We do have those, records was not an issue, there are plenty of records, the issue and discussion was lack of a written report. My question to the auditor was basically if I put the information on our spreadsheet instead of in two different electronic formats, if that would satisfy his need for a written report. He really wanted a narrative of every conformance and non-conformance. For instance, he left 8 bullet points with me on our effective processes and areas for potential improvement. I will get no less than a 10 page report from him listing document numbers with revision information and the narrative of his conversation with the people he audited.

Our internal dynamic is not that narrative, we like points of interest, fix them and check their effectiveness. I just have to meld that with a little narrative into our system and I'll argue all day that we absolutely meet the requirement.
 
Thread starter Similar threads Forum Replies Date
F Recent ISO 9001 audit - Pallet/spool heat treat records ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
D Recent changes to ISO 14971 - SOP required for managing standard revisions ISO 13485:2016 - Medical Device Quality Management Systems 1
H Listing the gaps between EN ISO 14630:2012 and recent vesions Other Medical Device Related Standards 1
L Lessons Learned from our recent ISO/TS 16949:2009 Surveillance Audit IATF 16949 - Automotive Quality Systems Standard 2
G Supplier delivered recent PPAP, should he deliver yearly layout inspection? IATF 16949 - Automotive Quality Systems Standard 4
W Non-Conformance from recent Audit carried out on Purchasing AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 11
S IFU on web page - Consequences if the most recent one is not uploaded EU Medical Device Regulations 3
A Internal Audit - Findings - Recent Internet Audit (Prior to Certification) IEC 27001 - Information Security Management Systems (ISMS) 7
T Before recent Quality Standards - History Coffee Break and Water Cooler Discussions 11
G Free ASTM Standards? Recent Court Ruling making their standards free? Various Other Specifications, Standards, and related Requirements 10
G Recent Updates to 21 CFR Part 820? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 3
B What is the most recent version of MEDDEV 2.4/1 rev8 ISO 13485:2016 - Medical Device Quality Management Systems 6
J AS9100 & recent amendments to FAA Title 14 (14 CFR) Federal Aviation Administration (FAA) Standards and Requirements 2
Steve Prevette A recent presentation on SPC and "Leading Indicators" Statistical Analysis Tools, Techniques and SPC 23
J Angularity or Composite profile - Angularity callout on a recent print Inspection, Prints (Drawings), Testing, Sampling and Related Topics 4
ScottK Observations on recent interviewees... Career and Occupation Discussions 8
A Where to Find the Most Recent Standards? Other ISO and International Standards and European Regulations 7
RoxaneB A much "needed speeding ticket" - Results of recent external audit General Auditing Discussions 7
P Recent article from the BBC website (American Automotive) World News 20
ScottK My recent ISO9001 Kickoff Presentation - powerpoint .ppt - By request ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
W Recent graduate from Texas A&M University Career and Occupation Discussions 6
A Anyone Hear about a recent AS Mandate Letter from UTC and Boeing? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
T Some Recent Linux Info After Work and Weekend Discussion Topics 1
D GM Controlled Shipping Restriction due to a recent quality issue Customer and Company Specific Requirements 2
M Change in Constitution / Ownership of firm -------ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 1
P ISO 9001 certification with zero customers? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
M ISO 14971 Determination of Competent Persons ISO 14971 - Medical Device Risk Management 4
R Clinical accuracy and repeatability of IR(infrared) thermometer, no maximum error criteria is recommended in ISO Other Medical Device Related Standards 10
Q The scope of ISO 21534 Other Medical Device Related Standards 0
A What must be recorded? (ISO 9001:2015, subclause 10.2) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
M ISO 14971:2019: Criteria for overall residual risk ISO 14971 - Medical Device Risk Management 4
B Updated IATF 16949 - Will IATF 16949 get revised when ISO 9001:202X is released? IATF 16949 - Automotive Quality Systems Standard 4
S ISO 9001:2015 vs 21 CFR Part 211 matrix Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 0
N Quality Compliance Officer - ISO 13485, London Job Openings, Consulting and Employment Opportunities 1
T ISO 17025: Lockout/Tagout Requirement ISO 17025 related Discussions 1
N ISO 9001 implementation in a Gold exporting business ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
M Does the ISO 9001:2015 standard require a disaster recovery plan or emergency response plan ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
E ISO 13485 QMS certification as a Supplier ISO 13485:2016 - Medical Device Quality Management Systems 8
A Environmental Compliance obligations and risks (ISO 14001:2015 6.1.3) ISO 14001:2015 Specific Discussions 3
R ISO 17025 vertical audit checklist wanted Document Control Systems, Procedures, Forms and Templates 2
A Tips and Tricks to understand ISO 9001 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
M ISO 9001 Major Nonconformance Internal Audit Schedule/COVID-19 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
T ISO 13485:2016 Clauses related to process matrix ISO 13485:2016 - Medical Device Quality Management Systems 3
K ISO 50001 Consultant wanted Paid Consulting, Training and Services 0
K Comparison wanted: ISO 15378:2018 vs. PS9000:2016 Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 0
B ISO 9001 - "Remote Audit Fee" Registrars and Notified Bodies 13
R Risk control measures as per ISO 14971 ISO 14971 - Medical Device Risk Management 6
John C. Abnet ISO 45001:2018 (5.4 - Consultation and participation of workers) Occupational Health & Safety Management Standards 10
Sidney Vianna What ISO Standard (under the TC 176) supports the UN Sustainable Development Goal #10? ASQ, ANAB, UKAS, IAF, IRCA, Exemplar Global and Related Organizations 11
S ISO 15223-1:2020 Symbols Other Medical Device Related Standards 1

Similar threads

Top Bottom