What are general examples of audit findings with ISO 9001:2015?

[Jen Kirley]

The consultant we are using tells me that his clients struggle most with the Context of the Organization and how to link that to having a strategic plan of some kind and how to change the quality management system to implement the plan. They say the auditors who are doing the upgrade audits aren't hardly spending any time on that, but write up calibration and other things they've seen in previous visits.

A friend recently attended a quality conference and one of the speakers said that the Certification Body audit findings data didn't come close to addressing the product quality issues in their industry. I think Mr. Vianna posted a chart which showed that the #1 Major finding was auditor training.

My clients struggle with Context the most, usually because the organization's business plan has never been available to the Management Rep. and silos still exist. Everywhere I go, people are overthinking this requirement as well as that of risk.

We are exhorted to look out for the end customers' interests and the subject of calibration is still poorly misunderstood (no thanks to the scarcity and obscurity of good references on the subject) so I do still write the majority of my action requests on calibration requirements, usually involving follow up for OOT gauges.

I have been writing fewer document control action requests lately, and more OFIs based on the widely perpetuated idea that every scrap of paper the organization uses must be under formal document control.

 

[Randy]

I mean nothing negative, but it makes me wonder if that represents the real problems or is this the "comfort zone" of the auditors? When a standard brings fluff and "hard to audit" issues such as leadership, context, knowledge management, risk and opportunities, etc. I suspect many auditors will avoid the discomfort and converge to their safe zones of tangible, "black&white" requirements such as calibration, document control, records, etc.

As I said several times, here and elsewhere, it does not matter if a requirement exists in a standard or not, until the organization is held accountable to comply with it, by an auditor, either internal or external.

I can guarantee that the majority of organizations already certified to 9001:2015 don't comply with the requirement to have the QMS integrated in the organization business processes, but very few auditors would have the intestinal fortitude to write that "failure mode" up in an audit. Until the conformity assessment practices are aligned with the standard, it does not matter what the standard says.

IAF, and ISO/CASCO when are you going to wake up?

Well 4ell, maybe I'm messing up here as well and will make somebody else's blog this week.

But I can guarantee that the organizations I've audited have for years incorporated their QMS into the business process

 

[Albert G.]

Thank you all for your informative replies!

4. ISO9001:2015 awareness training to all employees in the system; must provide sign in sheet to show evidence that they are trained.

Would you mind expanding a bit on that? What exactly do you mean by awareness here?

 

[ReworkIT]

We have just completed an upgrade to the new ISO9001:2015. There was a zero findings. If you are going through this process the first time, here are the findings that I have experience from other audits:

4. ISO9001:2015 awareness training to all employees in the system; must provide sign in sheet to show evidence that they are trained.

I'm interested to read this. How can an auditor make an nonconformity for something that isn't a requirement? In my organization we didn't do this. OUr consultant didn't suggest this as no-one apart from management needs to know the standard (maybe the internal auditor). Did you put this is a procedure etc?

 

[Joe Cruse]

That one was the first to catch my eyes, and left me wondering what I'd missed in the standard, lol. I'd like to see the registrar's comments on that one, myself. I understand the requirements of communication within an organization that are dictated by the standard; quality policy, responsibilities and authorities for relevant roles, objectives, organizational knowledge, individual contribution to the effectiveness of the QMS and implications of not conforming with its requirements, necessary documented information, etc. I have yet to find where the standard states that there has to be an ISO 9001:2015 Awareness Training session held with all employees covered under the certified QMS.

We generally do a QMS orientation at new hire orientation, including who we are, who gets our products and how our work impacts our world, and include something about the QMS, QP, and objectives. This gets repeated annually when we perform required annual safety training. There IS documentation to show who took part in this.

 

[Big Jim]

This is what happens when auditors write a nonconformance cite only the clause number and do it from memory.

They cite 7.3 (or any other element) without paying attention to what it really says.

If they were to write the nonconformance properly they would include the verbiage of the standard that covers the offense.

This is a horrible overreach and should be challenged with the certification body.

Remember that you get what you tolerate. If you allow auditors to make up their own rules, that's what you get.