Some departments don't have Quality Objectives - Non Conformity?

[howste]

Should not the auditor be auditing against both the quality manual / procedures and the ISO 9001 standard?

It says that in my copy of the standard.

Emphatically, No! Let me explain:

The ISO standard is the reference/requirement for the design of the quality management system. Once the system is designed and meets the relevant requirements, it's implemented and the auditors verify that implementation. If they discover an implementation issue, they will report it and it will automatically become a non-conformity to the standard, won't it?

To audit to the design, once the system is built is like checking a house for building regs. after the owner moves in and lives there! Too darned late!

We read here, daily, about internal auditors who get all wound around the axle about what ISO says, then management don't understand, or take corrective actions and on and on - in the main because they have been taught, at a Lead Auditor course, to audit to the standard - and that's all they know!

The house I live in has had many modifications done to it by the owner (me) after it was built and it passed inspection. I've torn out linoleum and put tile in the kitchen, front entry, laundry room, and bathroom. I've changed the color of many of the walls with paint. I've finished most of the basement that was previously unfinished including new walls, electrical wiring, plumbing, etc. To expect that I can ignore the building codes after the house is built can be costly dangerous.

Just like my house, the QMS is not static, and once it's built there will be changes. I can't throw out the rule book after it's built. I need to make sure it meets my needs, and meets the standard requirements.

 

[AndyN]

It doesn't say that at all, unless you've made an unauthorized change to the standard!

You are missing my point. After the house is built, is the wrong time to determine if the architect complied with the building code! Just as with product QC, it's no use to wait until the product has been made to start findings the design has errors. THAT's what I'm saying...

The issue here is that auditing to ISO is all we hear about! The focus is on the unique (wrong) part of that requirement. It's unnecessary to go out into the workplace, armed with an ISO checklist, to do an audit, to determine if the requirements are being met to comply with that particular part of 8.2.2. I think that some external auditors just don't get that bit...

The changes to your howse, Howste, should comply with code in your planning. You shouldn't be boldly going and then awaiting a Building Inspector to tell you if you did it right - they should be confirming you plans were correctly implemented to code - so your analogy doesn't suit, since I'm not saying that the 'rule book' should be thrown out! It's applied at a different point in the process!

(Sheesh, I'm beginning to feel like the people who discovered the world isn't flat)

 

[Big Jim]

Jim, you clearly have your views on many topics. They don't agree with mine - we've taken differing stances on many topics and I know well enough that whatever I post, you have a different viewpoint. My position has long been that, for example, just because a course teaches internal auditors to 'interpret' the standard doesn't mean it was the effective thing to do! As I've posted many, many times before here, we read daily about people who can't relate their audit findings in a manner that management understand. Where did the training stand on that? Do we expect management to know the words of ISO? I hope not!

Furthermore, the course content requirements of accredited auditor courses, hasn't changed in eons, based as it was on second party techniques. Where's the improvement in that? I could go on.

I've had too many experiences of ineffective audits, to agree with your approach, Jim. I can't imagine what yours has been, but we won't see eye to eye, clearly!

Auditors should not be "intrepreting" the standard. Any auditors, 1st party, 2nd party, or 3rd party. They do need to apply it though. Internal auditors do need to apply what I cited from 8.2.2.

"The organization shall conduct internal audits at planned intervals to determine the quality management system a) conforms to the planned arrangements, to the requirements of this international standard, and to the quality management system requirements established by the organization . . . "

How can you dodge that?

 

[howste]

The changes to your howse, Howste, should comply with code in your planning. You shouldn't be boldly going and then awaiting a Building Inspector to tell you if you did it right - they should be confirming you plans were correctly implemented to code - so your analogy doesn't suit, since I'm not saying that the 'rule book' should be thrown out! It's applied at a different point in the process!

I followed the code when I made the changes. I made decisions about wiring that made sense for me. I calculated how many outlets, lights, appliances, etc. should be on one circuit breaker, and determined the gauge of wire to use. I checked the design against the code and the needs of top management (my wife) before I implemented. When I finished I "audited" against the code, and to confirm that the finished result met the needs of top management. I didn't wait until an "external auditor" confirmed it. No one wants my house to be functional and safe more than me and my wife.

The point is that my house needs to meet my needs and the code at the same time. Just because the house met the code when it was built doesn't mean I shouldn't check against the code later. ISO 9001 clearly states that internal audits shall cover both internal and standard requirements.

 

[somashekar]

Andy, My opinion is that if Quality Manual says that quality objectives must be created at the HR and purchasing levels, their absence will be NC against the process owner and not against Quality Manual (or against MR in most of the cases).
The process owner must have read the controlled copy of quality manual requiring q.objectives in his deptt. If he could not make objectives, this is problem with the process owner.
Moreover, i would again say, during internal audit absence of the q.objectives in both processes should be raised as NC. The intent during internal audit is to raise max number of NC to keep the QMS healthy and to prevent any major NC arising during external audit.
If all department would take advantage of words 'relevant functions' then system will be too dilute to be effective.
Rameshwar

I beg to differ.
Let us not understand that roles and responsibilities are objectives. All departments have relevant functions to perform. There is no Shall for every department (function) to establish objectives. This is a task for top management to drive such that departments establish quality objectives at relevant functions, and the top management can see its measure and assess the QMS ability to be meeting the stated quality policy, and thus the effectiveness of their QMS.
Alas, how often top management know little or all about clause 5 of ISO9001 ~~~~
How often does the management review outputs contain a new set quality objective and how often do internal auditors go into the management review to see if any such quality objectives have been established or revised for relevant functions...
Internal auditors ask for objectives measurement at all departments and to fall in line all departments set quality objective, show monitoring same. This grows a feeling that all departments must establish objectives.
To put objectives in the quality manual is never asked for.

 

[PE-2011]

Dear Mr.Somasekhar, Good explanation.

I have not seen yourself involved in the discussion about appointing MR in a separate thread. I would request you to kindly involve in that discussion or please tell here ..... the questions was....

An organization can appoint more than one MR?
An organization can appoint Consultant as MR?

Can you please.......... Regards, Maheswari

Dear Mr.Somasekhar. Please ignore this quote as by the time I quoted this you already involved in that discussion. Thanks a lot dear

 

[AndyN]

I followed the code when I made the changes. I made decisions about wiring that made sense for me. I calculated how many outlets, lights, appliances, etc. should be on one circuit breaker, and determined the gauge of wire to use. I checked the design against the code and the needs of top management (my wife) before I implemented. When I finished I "audited" against the code, and to confirm that the finished result met the needs of top management. I didn't wait until an "external auditor" confirmed it. No one wants my house to be functional and safe more than me and my wife.

The point is that my house needs to meet my needs and the code at the same time. Just because the house met the code when it was built doesn't mean I shouldn't check against the code later. ISO 9001 clearly states that internal audits shall cover both internal and standard requirements.

Hmmmm, so you audited your own work, eh?

 

[Sidney Vianna]

It doesn't say that at all, unless you've made an unauthorized change to the standard!

You are missing my point. After the house is built, is the wrong time to determine if the architect complied with the building code! Just as with product QC, it's no use to wait until the product has been made to start findings the design has errors. THAT's what I'm saying...

The issue here is that auditing to ISO is all we hear about! The focus is on the unique (wrong) part of that requirement. It's unnecessary to go out into the workplace, armed with an ISO checklist, to do an audit, to determine if the requirements are being met to comply with that particular part of 8.2.2. I think that some external auditors just don't get that bit...

The changes to your howse, Howste, should comply with code in your planning. You shouldn't be boldly going and then awaiting a Building Inspector to tell you if you did it right - they should be confirming you plans were correctly implemented to code - so your analogy doesn't suit, since I'm not saying that the 'rule book' should be thrown out! It's applied at a different point in the process!

(Sheesh, I'm beginning to feel like the people who discovered the world isn't flat)

Andy, the standard CLEARLY states that internal audits must check ALSO for conformance against the Standard. The one thing I believe is being missed from this discussion is the fact that there is a difference between assessing the system against the ISO 9001 requirements (during an internal audit) and ASKING questions directly from the ISO Standard to the auditees.

An internal audit is (or should be) a multi-layered activity. Some of the layers should involve the assessment of the process command media, a.k.a. documentation against the applicable requirements, e.g., ISO 9001. If the process design and accompanying documentation satisfies the requirements of the applicable standards, THEN, by assessing the activities against the organization's own documents, I would be indirectly assessing the system against the standard.

Howste mentioned something that is critical. QMS's are dynamic entities. Processes change all the time. Sometimes, people making changes to the processes fail to maintain it's conformance to an applicable standard, such as ISO 9001. Internal audits, many times, are the first (and only) check if a process is in continual conformance with the standard.

If the internal audit did not have a component of verification against the standard, certainly many systems would drift into non-conformance along the way.

So, and in summary, there is a significant difference between having internal auditors asking questions straight/directly from the ISO 9001 standard (which I agree with you is counterproductive) AND having internal audits also checking if the QMS maintains conformance against the standard (which is a requirement of the standard itself and must not be neglected.)

 

[Jim Wynne]

Auditors should not be "intrepreting" the standard. Any auditors, 1st party, 2nd party, or 3rd party. They do need to apply it though.

perhaps, but...
This has come up before, and will probably come up again, but "interpret" doesn't mean "to make up one's own definitions." The ISO requirements can't be applied without interpretation--understanding the meaning of the requirements. Look at the first and eighth definitions here.

 

[howste]

Hmmmm, so you audited your own work, eh?

Yes, I did. That particular code doesn't state that I can't.