What QMS Internal Audits must cover and ISO 9001

Colin

Quite Involved in Discussions
As some of you may know, I am in the process of getting a 2 day QMS IA course registered with IRCA here in the UK - in fact it is being assessed on Thursday and Friday of this week.

Imagine my surprise when I have just received an email telling me that the course criteria have changed! OK, it won't affect this week but the changes have to be implemented by 31st July 2013. :mad:

The main point though is a statement in the covering information which says:

The aim of this course is to provide students with the knowledge and skills required to perform an internal audit of part of a quality management system based on ISO 9001 (or equivalent) and report on the effective implementation and maintenance of the management system in accordance with ISO 19011.

Note to Training Organisations ? Where applicable, reference to internal auditors determining conformity to the management system standard will be removed from internal auditor training criteria as they are updated. This is the role of the Auditor/Lead Auditor Training course. (my Bold)

Clause 8.2.2 of ISO 9001 states that '... conduct internal audits at planned intervals to determine whether the QMS a) conforms to planned arrangements, to the requirements of this International Standard .... (my Bold again)

The question is, if internal auditors don't do this check, who does? Is this saying that all organisations need to have an Auditor/Lead Auditor in their ranks?
 

dsanabria

Quite Involved in Discussions
Re: QMS Internal audits and ISO 9001

Not sure I understand the question of "if internal audits don't do this check".

What check are you making a reference to?
 

Marc

Fully vaccinated are you?
Leader
Going back to the mid-1990's, to me it has always been the case that internal auditors cover compliance to the documented QMS and have nothing to do with compliance to the standard (in this case ISO 9001). That is the registrar's job.

That is how I taught my internal auditing courses going back to the 1990's because expecting internal auditors to fully understand the ISO 9001 standard was not realistic. The person responsible for internal audits for compliance with/to the standard (ISO 9001 in this case) within the company was typically the Quality Manager or Audit Manager.
 

somashekar

Leader
Admin
Note to Training Organisations – Where applicable, reference to internal auditors determining conformity to the management system standard will be removed from internal auditor training criteria as they are updated. This is the role of the Auditor/Lead Auditor Training course. (my Bold)
I guess that the internal audit trainings must align with the intent of the ISO9k in a way as to be checking and evaluating the process and interactions of the organization or the business process mapping. The underlying ISO 9k requirements automatically gets covered as the audit maturity grows. The ability to audit the ISO9k 'shall' requirements in the absence of 'shall' documented procedures for me is the KEY. The internal audit must flow with the process flow and not come back each time to what the standard states.
For me the major part of the internal audit training is to rise the intent knowledge of the ISO9k clauses and further to build competency to check and evaluate (audit) the business processes in line with the intent.
 

Colin

Quite Involved in Discussions
Re: QMS Internal audits and ISO 9001

Not sure I understand the question of "if internal audits don't do this check".

What check are you making a reference to?

Sorry, it was a poorly worded question. What I saying is that clause 8.2.2 required the organisation (as part of internal audits) to verify that the QMS meets the requirements of ISO 9001.

IRCA are now stating that their course criteria for internal auditor training will not require auditors to verify compliance with the standard because they see that as the job of an auditor/lead auditor.
 

Colin

Quite Involved in Discussions
Going back to the mid-1990's, to me it has always been the case that internal auditors cover compliance to the documented QMS and have nothing to do with compliance to the standard (in this case ISO 9001). That is the registrar's job.

That is how I taught my internal auditing courses going back to the 1990's because expecting internal auditors to fully understand the ISO 9001 standard was not realistic. The person responsible for internal audits for compliance with/to the standard (ISO 9001 in this case) within the company was typically the Quality Manager or Audit Manager.

I agree Marc that the main function of the internal auditor is to verify compliance between the QMS and current practice. I also agree that we can not expect internal auditors to become thoroughly conversant with the requirements of ISO 9001.

However, is is too much to ask that they include some elements of the standard in their audits, given some guidance from their quality manager? e.g. If someone is auditing sales, take a look at 7.2 when doing their preparation. We can also ask that they look at the likes of records and document control and perhaps 6.3 & 6.4.
 

Marc

Fully vaccinated are you?
Leader
<snip> However, is is too much to ask that they include some elements of the standard in their audits, given some guidance from their quality manager? e.g. If someone is auditing sales, take a look at 7.2 when doing their preparation. We can also ask that they look at the likes of records and document control and perhaps 6.3 & 6.4.
Yes, in my opinion. It's hard enough, especially in smaller companies, to expect lower level employees who are typically "drafted" to be internal auditors to understand the requirements of the standard. It's hard enough to have just 1 person in a company who really understands ISO 9001 (which is being discussed here). This is from my training course circa 1996: Reasons To NOT Address Compliance In Internal Audits which I have been giving away free for over 12 years now.

This is all really silly even looking at the "change" to "process audits" in the 2000 standard which was really no different than the 2008 revision where *NO* significant changes were made. Compliance to the standard necessitated process audits back in the 1994 version. If you were auditing to the clauses by necessity you had to go through the company's QMS procedures including floor level documents (aka "process audits"). The only change was one of verbiage and a net $$$$ to the ISO folks to force companies to buy the new standard.

I have never changed my opinion that for all intents and purposes ISO 9001 has not significantly changed since the 1994 version. That said, I made mucho $$$ on ISO 9001 (not to mention QS-9000, TS 16949, ISO 14001, etc.). I will not say it is all a scam, but it isn't rocket science.

I was lucky. I got into the "game" early. I have done well financially by the standards for over 20 years. But - They're not rocket science.

My cavat #1 here is that there are many standards which I believe in as necessary and appropriate. ISO 9001 is not one of them. It's a consultant's and trainer's dream as far as $$$ goes, but that's about it.

You know - I take pride in this forum because anyone in the world who has the motivation can come here and get for *FREE* all the information they need to implement ISO 9001 (and a number of other standards) without paying consultants $$$ to hold their hand. That includes internal auditing.

My cavat #2 is that it *does* take motivation to use the Elsmar Cove forum, along with the many other free resources on the internet these days, to learn from if one wants to avoid paying a consultant and/or trainer $$$$.

I am sure this post will not bring me accolades, but this is my opinion.
 

somashekar

Leader
Admin
I agree Marc that the main function of the internal auditor is to verify compliance between the QMS and current practice. I also agree that we can not expect internal auditors to become thoroughly conversant with the requirements of ISO 9001.

However, is is too much to ask that they include some elements of the standard in their audits, given some guidance from their quality manager? e.g. If someone is auditing sales, take a look at 7.2 when doing their preparation. We can also ask that they look at the likes of records and document control and perhaps 6.3 & 6.4.
Simple put, what is stated in bold goes to say this as I gather...
The internal audit records of compliance or non compliance to the established QMS and to the management system standard to which audited must be evident, however there is no need that the reference to the exact clauses of the management standard be made.
 

TPMB4

Quite Involved in Discussions
Marc - I think you are so right with your comments on 9k. I'm new to it (less than a year with it as a main component of my job) but I can see the money benefit to consultants just because companies need the piece of paper to do business these days.

From my point of view I have no formal training, no letters after my name and probably never will. Yet I am doing my job. I guess I am living evidence that it is not rocket science!!! However I have had the use of many consultants with quite possibly centuries worth of experience behind me. I think you guess where they come from...The Cove!! People giving free here what they could charge as a consultancy...talk about altruistic!

Back to the OP, if I read your posts right they are basically saying the IA course is the one for footsoldiers who basically check what their copmpany does against procedures and the QMS. To check if all this conforms to the ISO9k you need to do the IA course then the higher level Auditor/Lead Auditor course. Sounds like a con to someone in a small to medium enterprise who is unlikely to get funding for the IA course let alone the higher one as well. Yet I'm expected to be able to do both roles (well the role needing the higher qualification, I have IAs to do the other bits).

As an aside, is there any requirement in either 9k, 19001 or TS16949 to have formal auditing training? What I mean do you have to have a certificate or evidence of being trained by someone who has the qualifications (bits of expensive paper) to train auditors?
 
T

tyker

I share Colin's confusion.

I am currently seeking an AS9100 internal auditor course for some of my people. I expect them to return from that course competent to conduct internal audits in accordance with AS9100 clause 8.2.2 in its entirety including the bit about determining if the system conforms to the requirements of the standard. Otherwise I shall be asking for my money back.

I'm afraid, Colin, that your current location, through no fault of your own, appears to be somewhere between a rock and a hard place. Good luck extracting yourself.
 
Top Bottom