Structure and Method behind the Planning of 8.2.2 Internal Audit

G

glenn0004

Sometime ago I posted a thread to seek support in getting more from our internal audits - I'm glad to say that the advise was put to good use.
However...I have another quandry re 8.2.2 " An audit programme shall be planned, taking into consideration the status and importance of the processes and areas to be audited"....any advise on the best methodology to consider the " status and importance of the processes and areas to be audited"

We are a UK based company with a Head Office and warehouse, three smaller regional warehouses, 6 regional offices and 27 local branch locations across the UK, from where the local sales force and service engineers are based.

We currently visit each local branch and internal department once per year, main and regional warehouses twice and regional offices twice per year.

I want a bit more structure and method behind the planning......
 

somashekar

Leader
Admin
We currently visit each local branch and internal department once per year, main and regional warehouses twice and regional offices twice per year.
By default, you have fixed upon some sort of an annual frequency for your internal audit and that is good for a start.
Now changing that frequency without keeping any annual cutoff is all that you have got to do.
So what are the factors based on which the status and importance of processes can be determined by you, in order to change the audit frequency?
I just recollect some and you can think of more from your practical situation.
1. Changes in business
2. New product to design and development
3. New design outputs to production
4. Increased customer complaints
5. New personnel in processes
6. New parts for purchase / inspection
7. New added processes
8. Internal expansions
9. Results of previous audits
10. Increase in reject / scrap trends
11. New objectives established
12. Management review outputs
....
 
Last edited:
R

red66climb

Somashekar provided a great list of criteria to use for ranking importance. A risk-based approach to prioritizing areas of importance is also recommended. Generally, there is less risk in automated processes and higher risk in manual processes. You may also note that almost 100% of the criteria recommended are related to changes. These changes should be identified during Management Reviews as "Changes that may affect the QMS". If top management sees these as "important", then a formal Quality Plan that includes provisions for monitoring and measuring what's new, new Quality Objectives, and revisions to the audit schedule should all be considered.
 

AndyN

Moved On
The simple answer is:

Poor performance (process or product)
New/changed product, process, suppliers, customers (requirements), regulations, people, technology etc

And the impact of these on: customers, regulatory compliance or $$ (sorry) ??
should set the priority.
 

Jen Kirley

Quality and Auditing Expert
Leader
Admin
If I had used my week off more wisely I could have come up with a global audit plan to go with a paper I wrote about global auditing some time back. :naughty:

But instead I will just suggest the attached example of a long range schedule such as I have used in the past. If it was me, I would make such a long range plan for each site, side by side (okay separate them with a darkened column) on a single page of a spreadsheet. In this way I could begin to compare what processes in each site were getting more frequent audits from one reason or other. Later I would probably try to chart them somehow, but that's just because I like to play with spreadsheets. :D

Notice how some are set at three-year spans. They are low risk and have been running well. Others are at two-year spans. They are higher risk. Notice Process 28 is getting audited every year for awhile. That could be due to a major process change or significant issue that needs prolonged attention. Note that there is often an expectation among CB auditors that manufacturing processes get audited every year, which my matrix doesn't show. There is no clear requirement for that though; no "shall" in the standard tells us how often to audit a process, only that the audit schedule will be responsive to issues, needs and events.

I hope this helps!
 

Attachments

  • Audit planning matrix example.jpg
    Audit planning matrix example.jpg
    59.1 KB · Views: 645
Top Bottom