Scheduling Internal Audits - What should I be auditing and when

[Amanda H]

Hi

Just a quick note to say THANK YOU! to everyone who helped with my enquires January last year (especially a BIG THANKYOU to David Mullins). We ended up putting the whole quality certification on hold and it raised it's "ugly" head about March this year. I was given six weeks to sort it all out, prepare the new manual/processes etc to the new standards and pass certification. I ended up doing it in 5 weeks !!!!!! Thanks David for the information you sent, it really helped me get my head around a few things before the crunch time came about.

Now, for my new problem, scheduling internal audits........ I'm finding it hard to work out what I should be auditing and when. For the past few months as I have found different things that need attention and have fixed them I then note them as found in an "audit" after it's all fixed and record my findings and how we plan to deal with it in the future etc . However with our initial audit for certification they said I needed show a schedule for future audits. Why am I finding this so hard???? Am I looking at this in the wrong way? Anyone else in the same boat.
Please, if anyone can shed some light and get this through my thick head I'd be grateful.

 

[Claes Gefvenberg]

Congratulations...

Hi Amanda,

Glad to see you made it. Five weeks??? Wow... That would have been five tough weeks, I presume?

Anyway: Have a good look at the Auditing forum. I'm sure you'll find good hints there: ISO 19011 and ALL Auditing Discussions

(I'll copy this thread to that forum)

Now... You obviously listed your processes. How about setting a schedule for auditing them? I'll enclose the Excel tool I use for audit planning.

Best of luck

/Claes

 

[Amanda H]

Thanks for the reply Claes, I will sift through the past threads in Auditing. I did have a very hectic 5 weeks to gain certification, I was so exhausted I decided to have a breather from it all, but now I find myself 3mths down the track with a lot of work to do. Never mind, it will happen!
We have broken our audits into 3 catergories, Financial, Quality and Safety audits. Financial and Safety are easy as identifing areas of concern stick out clearly. I'm finding the Quality audits (the processes) the task I keep putting off. I seem to have a real "block" even working out where to start......... but slow and steady wins the race I guess.

 

[Tom W]

Amanda - great job, now the real work beings. Continuous improvement and development of your system. Good Luck. You will enjoy the return on your investment. Auditing your quality system can be an event in itself, but if you could get a copy of the registrars checklist it would give you a good starting point to get system type audits going. Then aduit to your procedures and work instructions as well and you are on your way. Process audits and product audits are effective, but only if the corrective actions are effective and the process is taken seriously. Like I said - good luke and have fun.

 

[RosieA]

Hi Amanda,
I've taken 3 companies through the ISO process from scratch and in each case I have used the same approach: I use the first year of auditing to baseline the processes. I audit every work area at least once (some critical processes like Design Control, where experience tells me I'll find issues, will be done more than once.)

I use that baseline year to create the plan for year two, based on the number and seriousness of the findings from year one, and on the area being audited's importance to the QMS. Obviously, Design is more important than HR, etc.

I use the same process at the end of each year when setting the plan for the coming year. It's tried and true.

Best of luck....5 weeks is incredibly fast! Did you do it in this dimension?

 

[David Mullins]

Congratulations, it finally happended. Hope the family has coped through it all!

Looking at your org chart (if you've got one) gives you an insight into how you can set up your audit schedule. People usually structure the organisation in the same way they see it - by areas, or functions, or processes, whatever. Splitting up your audit schedule the same way is often convenient, efficient and meaningful.

I'll send you some examples early next week - I'm flat out at the minute - much like you usually are from what I recall.

 

[Marc]

Scheduling Internal Audits

We have broken our audits into 3 catergories, Financial, Quality and Safety audits. Financial and Safety are easy as identifing areas of concern stick out clearly. I'm finding the Quality audits (the processes) the task I keep putting off. I seem to have a real "block" even working out where to start.

Current comments or suggections for what to audit and when, including reasons for prioritizations?

 

[Helmut Jilling]

Amanda - great job, now the real work beings. Continuous improvement and development of your system. Good Luck. You will enjoy the return on your investment. Auditing your quality system can be an event in itself, but if you could get a copy of the registrars checklist it would give you a good starting point to get system type audits going. Then aduit to your procedures and work instructions as well and you are on your way. Process audits and product audits are effective, but only if the corrective actions are effective and the process is taken seriously. Like I said - good luke and have fun.

Just a reminder, the "system" internal audits in TS (8.2.2.1) have to be to your processes, not to a set clause based checklist. This is not the same as the "manufacturing process" audits mentioned in (8.2.2.2).

I am told both the IAOB and ANAB consider this a major nonconformity if the process approach is not applied to audits.

 

[Helmut Jilling]

Current comments or suggections for what to audit and when, including reasons for prioritizations?

I find that id companies have developed proper process maps for each main customer oriented process, and defined and mapped each support process appropriately, then internal auditing becomes pretty clear and straightforward. It is when these documents are incomplete or not understood, that auditing and managing becomes overwhelming.

I don't recall any clients who had these things well developed, who didn't have a pretty worthwhile internal audit program. But they are a key part of the audit criteria, so obviously, if these documents are not effective, the audit becomes ineffective as well. Then the whole thing ends up only being an exercise done for the registrar, rather than for the good of the company.

That is why, IMO, the discussion on another thread as to whether you can do all that in one process, or in a one page manual, misses the whole point.

I suggest, if a company is struggling with internal audits, I would recommend they reread cl. 4.1, and ascertain whether they really have all those steps properly defined and identified. For novices, a good series of turtle diagrams may be a useful starting point.