Why internally audit ISO clauses for ISO 9001:2000? (Small company)

B

Bob_M

#1
Why internally audit ISO clauses for 9k2k? (Small company)

My thinking may be a bit off here but I'll post it anyways...

With the change from ISO 9001:1994 which was very element and checklist oriented (typically) to 9k2k which is suppose to be process, flow and effectiveness based...

Why would you want/need to audit your company's compliance to the ISO standards ASSUMING YOU'VE PASSED REGISTRATION AND BUILT A GOOD SOLID SYSTEM THAT TRULY FOLLOWING ISO?

Shouldn't "good" systems really just be audited based on internal processes, procedures, and flow?

In theory the Quality Manager/ISO Coordinator/Someone should be verifying that all new/changed procedures/processes follow ISO BEFORE they are implemented.
-----------
This question stems the fact that we/I need to schedule our next "round" of Internal Audits in the not-to-distance future and our small company's auditors really don't 100% understand ISO but do know OUR requirements...

We don't want to focus just on ISO like our our 1994 style audits which really didn't do us any good... (Different Quality Manager)

Why waste time teaching/auditing to the ISO standards, when we are suppose to be focusing on the processes during IA?
-----------
If I'm way off please straighten me out!
I'm not quite sure how we're going to run our next round of IAs.
The last round was used as mainly a document auditing process while we were re-writing MOST of our procedures and work instructions (for our OWN needs), and it just happened to work well with our ISO upgrade process.
Our auditor was OK with this round's FOCUS, but we definately need to focus on the processes and objective evidence the next time...
 
Elsmar Forum Sponsor

Randy

Super Moderator
#2
You're nowhere near being off track, in fact you so much on it's scary! :eek:

Your audit should be against the implementation and continuing operation of your system that was established to meet the requirements of the standard. Your internal auditors needn't concern themselves with walking around looking for conformance to 7.whatever, they need to focus on the system and the system requirements (what we say vs. what we do). Now where it gets tricky is to show that the audit process is effective and that you are addressing all the 4.-8. stuff. You've got to audit the audit so-to-speak.

You're asking good questions and you're answering them at the same time.
 
J

Jimmy Olson

#3
Our internal audit system is set up to look for performance rather than compliance and we haven't had any problem. Of course compliance to the standard is in the back of our mind so no surprises come up during our regular audits.

Our schedule is broken down by areas and departments and we look at the processes for that area as well as our own procedures. As part of the planning for each audit we look at the standard and see what clauses apply for that area and that way we can claim that we are adressing the standard, but the focus is looking for improvement opportunities.

Based on what you mentioned so far it sounds like you're on track for a good system without any problems. Just make sure that you keep the standard in the back of your mind so you can keep the external auditors happy :D
 
B

Bob_M

#4
Re: Why internally audit ISO clauses for 9k2k? (Small company)

Randy said:
You're nowhere near being off track, in fact you so much on it's scary! !:eek:

Your audit should be against the implementation and continuing operation of your system that was established to meet the requirements of the standard. Your internal auditors needn't concern themselves with walking around looking for conformance to 7.whatever, they need to focus on the system and the system requirements (what we say vs. what we do). Now where it gets tricky is to show that the audit process is effective and that you are addressing all the 4.-8. stuff. You've got to audit the audit so-to-speak.

You're asking good questions and you're answering them at the same time.
Well at least I'm on track... It may be slightly to get our auditors to understand the "new" concept, but at the same time I still have some tweaking of our manual and process maps before our Upgrade Audit so maybe it will be easier to figure out/schedule/explain later...
(Maybe I'm worrying to soon again:bonk:)
-------------
If we are able to sucessfully audit our system to check
what we say vs. what we do
and judge the effectiveness of OUR systems
then in a (BSI) auditor's eyes we should be OK for covering internal audits?
 
#5
The only time you might need to reference the standard is when something changes, or in some rare instances you have no documentation that is directly auditable.

An example might be the designation of a Management Rep -- You might have who the management rep is documented [a record], but no where in you documentation is the "shall", that you would audit against. Without referencing the standard, you would not even be aware that a MR is required.
 
B

Bob_M

#6
Re: Why internally audit ISO clauses for 9k2k? (Small company)

db said:
The only time you might need to reference the standard is when something changes, or in some rare instances you have no documentation that is directly auditable.

An example might be the designation of a Management Rep -- You might have who the management rep is documented [a record], but no where in you documentation is the "shall", that you would audit against. Without referencing the standard, you would not even be aware that a MR is required.
Good Point!
Although that should not be a problem unless there was no "ISO" champion/cooridinator or actual quality manager in the future.
------------
To be honest ISO 9k2k sounds very easy on the surface.
But upgrading, implementing, and auditing are not as easy or easy to plan (at least for me).
I'm sure I'll be looking for specific help when I need to work on the IA planning/scheduling.
 

howste

Thaumaturge
Super Moderator
#7
8.2.2 Internal audit
The organization shall conduct internal audits at planned intervals to determine whether the quality management system
a) conforms to the planned arrangements (see 7.1), to the requirements of this International Standard and to the quality management system requirements established by the organization, and
b) is effectively implemented and maintained.
You still need to audit to make sure that your system conforms to the ISO requirements. The focus should really be on 8.2.2b once the system is established, though IMO.
 

Randy

Super Moderator
#8
Re: Re: Why internally audit ISO clauses for 9k2k? (Small company)

Bob_M said:
If we are able to sucessfully audit our system to check
what we say vs. what we do
and judge the effectiveness of OUR systems
then in a (BSI) auditor's eyes we should be OK for covering internal audits?

I thought I was looking thru the eyes of a BSI auditor (if a part-time one counts) ;)

Just make sure during the course of your audit process that the essential requirments are being addressed. How you say you do it and how you do it are up to you. Within your audit plan you might want to provide some visual guidance as to how the 4.-8. dribble is being maintained or whatever.

The audit plan is essential. You need to be sure that your plan addresses the neat things like objective, scope and criteria. One of the easiest ways to do this is to use ISO 19011:2002, 6.4.1 Preparing the audit plan.

The audit plan should cover the following:
a) the audit objectives;
b) the audit criteria and any reference documents;
c) the audit scope, including identification of the organizational and functional units and processes to be audited;
d) the dates and places where the on-site audit activities are to be conducted;
e) the expected time and duration of on-site audit activities, including meetings with the auditee’s management
and audit team meetings;
f) the roles and responsibilities of the audit team members and accompanying persons;
g) the allocation of appropriate resources to critical areas of the audit.
The audit plan should also cover the following, as appropriate:
h) identification of the auditee’s representative for the audit;
i) the working and reporting language of the audit where this is different from the language of the auditor and/or
the auditee;
j) the audit report topics;
k) logistic arrangements (travel, on-site facilities, etc.);
l) matters related to confidentiality;
m) any audit follow-up actions.


Use this as a guide. Audit success (as with anything else) begins with planning.

You've got you head screwed on pretty good here ;)
 
C

Craig H.

#9
Bob

I remember discussing this in a previous thread, but I couldn't find it.

The way I look at it is this. We design our quality system with ISO 9001 (9004) in mind. Our internal audits do look at the standard itself, but almost always focus on making sure we do what we say we do (as has just been mentioned). The external audit is much more focused on the standard, but if we get caught not doing something in one of our procs, "DING".

I am not sure this is intentional, but people tend to gravitate toward what they are most familiar/comfortable with.

JMHO
 

Shaun Daly

Involved In Discussions
#10
We never have audited our system v ISO itself after registration.

As other peole have done, we audited our performance (and compliance to our system).

However, as I read somewhere recently - things degrade with time.

Changes to your system should be approved as ISO compatible before implementation, but........

If your organisation is anything like mine, you have a 100 people running about like lunatics introducing new products, inhabiting new buildings, a constant turnover of staff;

Can you(we) be everywhere, everywhen?

After a few hiccups here I am starting to take the view that a complete system check TO ISO is not such a bad idea every now & then.

Once a year? How long will it take for a small company to do this. 1 day? 2?

How many embarrasing NC's during surveillance audits will it save?
 
Thread starter Similar threads Forum Replies Date
C How will I Internally Audit my BPO Center for ISO 9001:2000 Internal Auditing 8
C Can You Internally Audit a Process You Own? Internal Auditing 25
K Requirements for 2nd languages? I can't even audit them internally IATF 16949 - Automotive Quality Systems Standard 59
C Method of Monitoring our Internally Produced Non-Conforming Products Quality Tools, Improvement and Analysis 7
T Are internally found Medical Device Software "Bugs" Complaints? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 3
D Sharing ISO Standards internally on company computers ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
S Internally powered ME with non-conductive applied parts IEC 60601 - Medical Electrical Equipment Safety Standards Series 2
R Isolation of Internally Powered (3.3 Vdc) ME Equipment IEC 60601 - Medical Electrical Equipment Safety Standards Series 1
R Single Fault Condition for Internally Powered Medical Device IEC 60601 - Medical Electrical Equipment Safety Standards Series 4
S Should Client Controlled Procedures be Controlled Internally by us as well? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
R Referencing and Controlling Labels & Stickers used internally throughout Production Document Control Systems, Procedures, Forms and Templates 1
H How do we use AS9101D internally? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
A Internally Powered Medical Device and Dielectric Strength IEC 60601 - Medical Electrical Equipment Safety Standards Series 17
D Means Of Protection of the Video OUT of an Internally powered device IEC 60601 - Medical Electrical Equipment Safety Standards Series 5
M All Internally Generated Documents ? Required to be Controlled or Not All? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 19
J What PPM (Parts Per Million) targets do you use internally? Quality Tools, Improvement and Analysis 9
B Calibration of "Z" class ring gauges internally using a CMM General Measurement Device and Calibration Topics 5
B Can I calibrate Optical Comparators internally? General Measurement Device and Calibration Topics 22
A Gauges on pressure tank - What is the best way to calibrate a psi gauge internally? General Measurement Device and Calibration Topics 6
L Posting portion of standards internally? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
E Wall Internal Auditor Training - Done internally Training - Internal, External, Online and Distance Learning 7
B IATF16949 audit requirement - Auditor request UCL and LCL must be show Xbar-R, IATF 16949 - Automotive Quality Systems Standard 6
T COVID, Furlough and ISO9001 Surveillance Audit Coffee Break and Water Cooler Discussions 2
R External Audit and Certificate prorogation due to the pandemic General Auditing Discussions 10
Dean Bell Implementation of Controls as per SOA for Stage 2 Audit IEC 27001 - Information Security Management Systems (ISMS) 0
G Logistic organization and controls - IATF/ISO 9001 audit Nonconformance and Corrective Action 2
Geoff Cotton Performing a Delta Audit General Auditing Discussions 12
N ISO 19011:2018 - 5.4.2 "...audit program should engage in appropriate continual development..." Training - Internal, External, Online and Distance Learning 4
G MSA check list to audit IATF 16949 - Automotive Quality Systems Standard 8
L Open Positions During AS9100 Audit AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
L Stage 2 audit - Requirement for 3 months of records ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
F Who can sit in/perform an API audit? Oil and Gas Industry Standards and Regulations 2
L Manufacturing Process Audit Help IATF 16949 - Automotive Quality Systems Standard 6
H AS9100 Checklist for Internal Audit needed AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
A What are the pros and cons of using an audit software for internal auditing? General Auditing Discussions 4
F Internal Audit before Pre-Assessment ISO 17025 related Discussions 2
Q Internal audit plan template Internal Auditing 5
G Self Assessment Audit from a new potential customer General Auditing Discussions 3
L Internal audit during COVID-19 restrictions ISO 13485:2016 - Medical Device Quality Management Systems 5
M OEM asking for NC report after certification audit. IATF 16949 - Automotive Quality Systems Standard 3
Ooi Yew Jin Customer E audit preparation Quality Manager and Management Related Issues 2
N Audit non-compliance API Q1 - Use of External Documents 4.4.4 in Product Realization Oil and Gas Industry Standards and Regulations 4
J Remote Audit Experiences - June 2020 General Auditing Discussions 26
F Product audit sampling plans IATF 16949 - Automotive Quality Systems Standard 3
O ISO13485 implementation - Are internal audits expected before stage 1 audit? Design and Development of Products and Processes 3
M Supplier Audit Report - Template for second party audit wanted Lean in Manufacturing and Service Industries 1
Stefan Mundt AS9100D Major nonconformity due to recurrence of a NC during a subsequent CB audit. AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
B Using Unreleased Documents & Process Maps for Internal Audit purposes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
Q ISO 9001:2015 man days for surveillance audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
F ISO 13485 - EU countries that could request another audit ISO 13485:2016 - Medical Device Quality Management Systems 2

Similar threads

Top Bottom