The 10 Essential ISO 9001:2000 Audit Questions

C

ccochran

#1
The 10 Essential Audit Questions

Howdy, all:

Here's something that's sure to stir some opinions and emotions. It's my list of what I consider to be the 10 Essential Audit Questions for ISO 9001:2000: http://www.insidequality.com/index.v3page?v2_group=0&p=5229&ct=cdisplay&nt=true&cd_eid=22692. I would be very interested in hearing your own ideas on critical lines of questioning in an audit.

Talk to you soon,
CC

~~~~~~~~~~~~~~~~~~~~~~~~~~~
Craig Cochran
Center for International Standards & Quality
Georgia Institute of Technology
[email protected]
 
Elsmar Forum Sponsor
W

WALLACE

#2
Craig,
They look good to me.
Are these questions (In your opinion and experience) used or usable, within an internal audit scenario.
I understand they are system audit in nature yet, I would probably re-word the questions to arrive at a generic internal audit interpretation.
Great article, I'm going to take time to assess the value of use within an internal audit.
Wallace.
 
D

David Mullins

#3
These questions might be OK for QA managers, but I’d bet many terms you’ve used wouldn’t be understood by most Exec’s in an immature (but certified) organisation.
1. How do you contribute to achieving your organization's objectives?
Do they know where the organisation’s objectives can be found?
2. What happens if your product, materials or supplies are nonconforming?
Answers I’ve heard:
What’s nonconforming.
Or,
I’m a sales rep / consultant / supervisor / etc, I don’t make a product.
3. How do you access product requirements?
How do you know what your customer wants to keep him happy?
(Equality isn’t pertinent here, as women are never happy)
4. How are problems prevented?
I’d go for a more simple version, like, Have you had any problems that have had to be fixed, and \did they try to stop the problem happening again?
5. How do you use data on customer perceptions?
How do you know what your customer thinks of you / your product?
DATA? Isn’t he in Star Trek?
6. How are customer complaints handled?
Do customers ever complain, and if so, what do you do about it?
7. How does top management review the organization's performance?
This is a natural follow-on question from question 1.
If I could only ask ten questions, I’d sneak this into somewhere else.
8. What evidence can you provide of continual improvement?
I’d be tempted to include SUSTAINED continual improvement – or even, how do you ensure gains from improvements aren’t lost over time? This determines if the QMS is really a functional part of the organisation.
9. How are training needs determined?
I really don’t like the structure of this question, and I’ve heard it used many times. Mind you, I can’t improve on it as a one-liner.
10. What's the most important thing about your job?
What the ….? Sounds like a good way to start a fight. You’re not there to decide if they’re important, just on compliance sound management practice
 
M

mshell

#5
Great questions Craig. I am sure that everyone will benefit from them. I will be sharing them with our other internal auditor this morning. :applause:

Love the map Claus. :applause:
 
R

Rachel

#6
Craig,

Perfect timing! We just wrapped up a two-day internal auditor training course yesterday...I plan on forwarding this article to all those that attended. Every article I've read of yours so far has been very well-written - and *easy to understand*...which is really important, considering the struggles that most folks are having with this whole "process audit" style.

Keep posting your article links, please - I really get a lot of good tips and knowledge out of your writing. :applause:

Cheers,
-R.
 

Randy

Super Moderator
#7
I probably get around as much as anyone and get to observe a larger variety of organizations than most including many "service" type of organizations. Lately my 1st two questions are starting to be:

Who is your customer?

What is your product?

It's amazing how many organizations either have identified both wrong or not really at all.
 

RoxaneB

Super Moderator
Super Moderator
#8
David Mullins said:
These questions might be OK for QA managers, but I’d bet many terms you’ve used wouldn’t be understood by most Exec’s in an immature (but certified) organisation.
Isn't that the point? I mean these Executives are responsible for communication and commitment and resource provision. If they do not understand the terms, is that not indicative of a larger problem?

Then again, as Auditors, we need to have the ability to rephrase the questions so that the person we are talking with understands what we are asking. We also need to understand the Organization and the environment/culture/vocabulary before we go in. These questions are generic - I'm sure you can use substitute different words.

David Mullins said:
1. How do you contribute to achieving your organization's objectives?
Do they know where the organisation’s objectives can be found?
IMO, I would find it much more beneficial to the system's effectiveness if the Executives understood how they contribute to the achievement of objectives than their ability to find the objectives. Some people just aren't computer-saavy...so I get phone calls asking me how to find things. That's okay to me...as long as that same person can tell me their role in meeting the objectives.

David Mullins said:
2. What happens if your product, materials or supplies are nonconforming?
Answers I’ve heard:
What’s nonconforming.
Or,
I’m a sales rep / consultant / supervisor / etc, I don’t make a product.
As an auditor, explain what nonconforming is or explain that their service is their product. People get nervous under audit or, worse yet, throw up obstacles to make your audit horrific. Personally, I think that a good auditor is aware of these kinds of situations/tricks and is able to work through this.

David Mullins said:
3. How do you access product requirements?
How do you know what your customer wants to keep him happy?
(Equality isn’t pertinent here, as women are never happy)
Ignoring the equality comment - assuming that was a joke - your question is valid. :agree1:

David Mullins said:
4. How are problems prevented?
I’d go for a more simple version, like, Have you had any problems that have had to be fixed, and \did they try to stop the problem happening again?
Craig's question focuses on preventive action and your's focuses on corrective. I feel that the Craig's earlier question on nonconforming product will result in a response leading into corrective action.

David Mullins said:
5. How do you use data on customer perceptions?
How do you know what your customer thinks of you / your product?
DATA? Isn’t he in Star Trek?
Good "first step" question on finding how the Customer's perceptions are ascertained. Follow it up with how the data is used.

David Mullins said:
6. How are customer complaints handled?
Do customers ever complain, and if so, what do you do about it?
True...maybe the organization being audited has no customer complaints and as 7.2.3 falls under the 1.2 Application rules, I guess an organization can exclude complaints from their system. Your "two step" question equals Craig's "one step"...both are valid.

David Mullins said:
7. How does top management review the organization's performance?
This is a natural follow-on question from question 1.
Only if the question was directed to members of top management. If it was directed to someone on the floor, I'd ask Q7 like "How do you find out how the company is performing" or something along those lines.

David Mullins said:
8. What evidence can you provide of continual improvement?
I’d be tempted to include SUSTAINED continual improvement – or even, how do you ensure gains from improvements aren’t lost over time? This determines if the QMS is really a functional part of the organisation.
Wouldn't the evidence support the sustained gains? Maybe because I'm thinking of my own system here, but we show history on our improvement projects...the sustaining is documented, the CI is documented, the progress is documented.

David Mullins said:
9. How are training needs determined?
I really don’t like the structure of this question, and I’ve heard it used many times. Mind you, I can’t improve on it as a one-liner.
I pick a position within the company and ask, "How is it determined what a XXX needs to be trained on?" Followed with "Once trained, how is XXX's competency determined?"

David Mullins said:
10. What's the most important thing about your job?
What the ….? Sounds like a good way to start a fight. You’re not there to decide if they’re important, just on compliance sound management practice
Personally, I like the question. It's a broad, all-encompassing question that can open so many doors! They may talk about adhereing to training or documentation or following operational controls. They may talk about ensuring product quality, meeting requirements, dealing with Customers, handling Suppliers. The question didn't imply, IMO, that the auditor was determining if the individual was important...far from it....it's such an "un-audit-like" question and gives the individual a chance to toot their own horn. Many of our people take pride in their work and being given this opportunity to talk about why they're important, their role in the system, is often quite welcome.
 

Mike S.

Happy to be Alive
Trusted Information Resource
#10
It is some of the "sub-questions" on #10 I have the most problems with (if you were manager here what would you do differently; what should your manager know that he or she currently doesn't know, etc.) I think you could open Pandora's box on this one and I do not see a direct connection to ISO requirements. These questions seem, IMO, more suited to someone within the organization who is trying to learn more about it and/or improve it, but not from an outside registration auditor. JMO.
 
Thread starter Similar threads Forum Replies Date
A Policies Mandatory or essential for ISO 27001 implementation IEC 27001 - Information Security Management Systems (ISMS) 6
J Essential Requirements Checklist w/o ISO 13485 CE Marking (Conformité Européene) / CB Scheme 7
L ISO 14971 - Annex C question C.2.34 "Essential performance" ISO 14971 - Medical Device Risk Management 2
S Essential Gap Analysis Checklist Components for ISO Certification ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
R ISO IEC EN 62366 Usability Engineering Essential Requirements IEC 62366 - Medical Device Usability Engineering 8
W ISO 14001 - Essential Environmental Aspects List - Seeking Comments ISO 14001:2015 Specific Discussions 6
D Essential performance and EMC immunity testing IEC 60601 - Medical Electrical Equipment Safety Standards Series 4
normhowe Why is RCA essential? Problem Solving, Root Cause Fault and Failure Analysis 19
Bev D Essential References for Practical Quality Engineering Misc. Quality Assurance and Business Systems Related Topics 0
W IEC 60601 - Essential performance c.2.34 IEC 60601 - Medical Electrical Equipment Safety Standards Series 2
C Essential Design Output(s) and Design transfer 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 11
shimonv IEC 60601-1 Essential Performance - Is the signal accuracy specification an essential requirement? IEC 60601 - Medical Electrical Equipment Safety Standards Series 4
K Comparison essential requirements EU compared to those of MDSAP countries Other Medical Device Regulations World-Wide 3
M Informational TGA – Essential principles checklist (medical devices) Medical Device and FDA Regulations and Standards News 2
M Brazil and Japan - Essential requirements Other Medical Device Regulations World-Wide 3
M Informational TGA Consultation: Proposed changes to medical device essential principles for safety and performance Medical Device and FDA Regulations and Standards News 0
rezayatmand IEC 60601-2-18 Medical electrical equipment - Part 2-18: Particular requirements for the basic safety and essential performance of endoscopic equipmen IEC 60601 - Medical Electrical Equipment Safety Standards Series 2
G Essential Requirements Checklist - (MDD 93/42 / EEC) Misc. Quality Assurance and Business Systems Related Topics 2
M Informational TGA Webinar: Essential Principles to software Medical Device and FDA Regulations and Standards News 0
B Essential Performance of a Cone Beam Computed Tomography Device IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
Z In which country is essential to have and IEC 60601 CB Report? Other Medical Device Related Standards 0
C CMDR Essential (Safety & Effectiveness) Requirements Checklist? Canada Medical Device Regulations 9
D IEC 60601-1 - Essential performance doesn't make sense IEC 60601 - Medical Electrical Equipment Safety Standards Series 10
D Essential Requirements Checklist for Standalone Software CE Marking (Conformité Européene) / CB Scheme 10
Rincewind Pressure energy - Essential Requirements (MDD/MDR) EU Medical Device Regulations 2
D IEC 60601-1 - Performance limits for essential performance IEC 60601 - Medical Electrical Equipment Safety Standards Series 4
N Essential requirements checklist needed? ISO 13485:2016 - Medical Device Quality Management Systems 4
D Essential performance, accompanying documents....confused IEC 60601 - Medical Electrical Equipment Safety Standards Series 4
K IEC 60601-1 and Essential Performance IEC 60601 - Medical Electrical Equipment Safety Standards Series 5
M IEC 60601 - Limits of agreement as Essential Performance IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
S Medical Device Changes and How to Assess Their Impacts to Essential Requirements EU Medical Device Regulations 2
A Essential Requirement Checklist For Medical Device CE Marking (Conformité Européene) / CB Scheme 4
R Essential Performance of Mechanical Device? IEC 60601 - Medical Electrical Equipment Safety Standards Series 6
K Essential Requirements Checklist references EU Medical Device Regulations 10
D IEC 60601-2-44: 202.101 Immunity Testing of Essential Performance IEC 60601 - Medical Electrical Equipment Safety Standards Series 0
K New Product Essential Requirements Cheat Sheet EU Medical Device Regulations 6
A Regarding Essential Requirements Checklist ISO 13485:2016 - Medical Device Quality Management Systems 9
M Is it essential to do the Fractional Test for ETO Revalidation? ISO 13485:2016 - Medical Device Quality Management Systems 1
L "Potential" Essential Performance in IEC 60601-2-54 (Definition) IEC 60601 - Medical Electrical Equipment Safety Standards Series 9
E Particular standards, essential performance in EMC Immunity Test IEC 60601 - Medical Electrical Equipment Safety Standards Series 2
D What are the Essential Quality Books in the last 15 years Book, Video, Blog and Web Site Reviews and Recommendations 3
M "Basic Safety" versus "Essential Performance" IEC 60601 - Medical Electrical Equipment Safety Standards Series 12
G Audit of essential QMS processes General Auditing Discussions 11
somashekar GMP (Good Manufacturing Practices) essential information URL Manufacturing and Related Processes 1
I Defending "No Essential Performance" for a Surgical Video Camera IEC 60601 - Medical Electrical Equipment Safety Standards Series 13
R Minimum Essential Receiving Inspection (M.E.R.I.) Inspection, Prints (Drawings), Testing, Sampling and Related Topics 3
J Project Specific Documentation - Completion and filing of all essential records ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
S Innovation in ER (Essential Requirements) Checklists EU Medical Device Regulations 6
S Canada - Essential Requirements Checklist for MDD 93/42/EEC Canada Medical Device Regulations 8
E Question on approval of the EU Essential Requirements Matrix - MDD Requirements EU Medical Device Regulations 1

Similar threads

Top Bottom