Why internally audit ISO clauses for ISO 9001:2000? (Small company)

B

Bob_M

#1
Why internally audit ISO clauses for 9k2k? (Small company)

My thinking may be a bit off here but I'll post it anyways...

With the change from ISO 9001:1994 which was very element and checklist oriented (typically) to 9k2k which is suppose to be process, flow and effectiveness based...

Why would you want/need to audit your company's compliance to the ISO standards ASSUMING YOU'VE PASSED REGISTRATION AND BUILT A GOOD SOLID SYSTEM THAT TRULY FOLLOWING ISO?

Shouldn't "good" systems really just be audited based on internal processes, procedures, and flow?

In theory the Quality Manager/ISO Coordinator/Someone should be verifying that all new/changed procedures/processes follow ISO BEFORE they are implemented.
-----------
This question stems the fact that we/I need to schedule our next "round" of Internal Audits in the not-to-distance future and our small company's auditors really don't 100% understand ISO but do know OUR requirements...

We don't want to focus just on ISO like our our 1994 style audits which really didn't do us any good... (Different Quality Manager)

Why waste time teaching/auditing to the ISO standards, when we are suppose to be focusing on the processes during IA?
-----------
If I'm way off please straighten me out!
I'm not quite sure how we're going to run our next round of IAs.
The last round was used as mainly a document auditing process while we were re-writing MOST of our procedures and work instructions (for our OWN needs), and it just happened to work well with our ISO upgrade process.
Our auditor was OK with this round's FOCUS, but we definately need to focus on the processes and objective evidence the next time...
 
Elsmar Forum Sponsor

Randy

Super Moderator
#2
You're nowhere near being off track, in fact you so much on it's scary! :eek:

Your audit should be against the implementation and continuing operation of your system that was established to meet the requirements of the standard. Your internal auditors needn't concern themselves with walking around looking for conformance to 7.whatever, they need to focus on the system and the system requirements (what we say vs. what we do). Now where it gets tricky is to show that the audit process is effective and that you are addressing all the 4.-8. stuff. You've got to audit the audit so-to-speak.

You're asking good questions and you're answering them at the same time.
 
J

Jimmy Olson

#3
Our internal audit system is set up to look for performance rather than compliance and we haven't had any problem. Of course compliance to the standard is in the back of our mind so no surprises come up during our regular audits.

Our schedule is broken down by areas and departments and we look at the processes for that area as well as our own procedures. As part of the planning for each audit we look at the standard and see what clauses apply for that area and that way we can claim that we are adressing the standard, but the focus is looking for improvement opportunities.

Based on what you mentioned so far it sounds like you're on track for a good system without any problems. Just make sure that you keep the standard in the back of your mind so you can keep the external auditors happy :D
 
B

Bob_M

#4
Re: Why internally audit ISO clauses for 9k2k? (Small company)

Randy said:
You're nowhere near being off track, in fact you so much on it's scary! !:eek:

Your audit should be against the implementation and continuing operation of your system that was established to meet the requirements of the standard. Your internal auditors needn't concern themselves with walking around looking for conformance to 7.whatever, they need to focus on the system and the system requirements (what we say vs. what we do). Now where it gets tricky is to show that the audit process is effective and that you are addressing all the 4.-8. stuff. You've got to audit the audit so-to-speak.

You're asking good questions and you're answering them at the same time.
Well at least I'm on track... It may be slightly to get our auditors to understand the "new" concept, but at the same time I still have some tweaking of our manual and process maps before our Upgrade Audit so maybe it will be easier to figure out/schedule/explain later...
(Maybe I'm worrying to soon again:bonk:)
-------------
If we are able to sucessfully audit our system to check
what we say vs. what we do
and judge the effectiveness of OUR systems
then in a (BSI) auditor's eyes we should be OK for covering internal audits?
 
#5
The only time you might need to reference the standard is when something changes, or in some rare instances you have no documentation that is directly auditable.

An example might be the designation of a Management Rep -- You might have who the management rep is documented [a record], but no where in you documentation is the "shall", that you would audit against. Without referencing the standard, you would not even be aware that a MR is required.
 
B

Bob_M

#6
Re: Why internally audit ISO clauses for 9k2k? (Small company)

db said:
The only time you might need to reference the standard is when something changes, or in some rare instances you have no documentation that is directly auditable.

An example might be the designation of a Management Rep -- You might have who the management rep is documented [a record], but no where in you documentation is the "shall", that you would audit against. Without referencing the standard, you would not even be aware that a MR is required.
Good Point!
Although that should not be a problem unless there was no "ISO" champion/cooridinator or actual quality manager in the future.
------------
To be honest ISO 9k2k sounds very easy on the surface.
But upgrading, implementing, and auditing are not as easy or easy to plan (at least for me).
I'm sure I'll be looking for specific help when I need to work on the IA planning/scheduling.
 

howste

Thaumaturge
Trusted Information Resource
#7
8.2.2 Internal audit
The organization shall conduct internal audits at planned intervals to determine whether the quality management system
a) conforms to the planned arrangements (see 7.1), to the requirements of this International Standard and to the quality management system requirements established by the organization, and
b) is effectively implemented and maintained.
You still need to audit to make sure that your system conforms to the ISO requirements. The focus should really be on 8.2.2b once the system is established, though IMO.
 

Randy

Super Moderator
#8
Re: Re: Why internally audit ISO clauses for 9k2k? (Small company)

Bob_M said:
If we are able to sucessfully audit our system to check
what we say vs. what we do
and judge the effectiveness of OUR systems
then in a (BSI) auditor's eyes we should be OK for covering internal audits?

I thought I was looking thru the eyes of a BSI auditor (if a part-time one counts) ;)

Just make sure during the course of your audit process that the essential requirments are being addressed. How you say you do it and how you do it are up to you. Within your audit plan you might want to provide some visual guidance as to how the 4.-8. dribble is being maintained or whatever.

The audit plan is essential. You need to be sure that your plan addresses the neat things like objective, scope and criteria. One of the easiest ways to do this is to use ISO 19011:2002, 6.4.1 Preparing the audit plan.

The audit plan should cover the following:
a) the audit objectives;
b) the audit criteria and any reference documents;
c) the audit scope, including identification of the organizational and functional units and processes to be audited;
d) the dates and places where the on-site audit activities are to be conducted;
e) the expected time and duration of on-site audit activities, including meetings with the auditee’s management
and audit team meetings;
f) the roles and responsibilities of the audit team members and accompanying persons;
g) the allocation of appropriate resources to critical areas of the audit.
The audit plan should also cover the following, as appropriate:
h) identification of the auditee’s representative for the audit;
i) the working and reporting language of the audit where this is different from the language of the auditor and/or
the auditee;
j) the audit report topics;
k) logistic arrangements (travel, on-site facilities, etc.);
l) matters related to confidentiality;
m) any audit follow-up actions.


Use this as a guide. Audit success (as with anything else) begins with planning.

You've got you head screwed on pretty good here ;)
 
C

Craig H.

#9
Bob

I remember discussing this in a previous thread, but I couldn't find it.

The way I look at it is this. We design our quality system with ISO 9001 (9004) in mind. Our internal audits do look at the standard itself, but almost always focus on making sure we do what we say we do (as has just been mentioned). The external audit is much more focused on the standard, but if we get caught not doing something in one of our procs, "DING".

I am not sure this is intentional, but people tend to gravitate toward what they are most familiar/comfortable with.

JMHO
 
S

Shaun Daly

#10
We never have audited our system v ISO itself after registration.

As other peole have done, we audited our performance (and compliance to our system).

However, as I read somewhere recently - things degrade with time.

Changes to your system should be approved as ISO compatible before implementation, but........

If your organisation is anything like mine, you have a 100 people running about like lunatics introducing new products, inhabiting new buildings, a constant turnover of staff;

Can you(we) be everywhere, everywhen?

After a few hiccups here I am starting to take the view that a complete system check TO ISO is not such a bad idea every now & then.

Once a year? How long will it take for a small company to do this. 1 day? 2?

How many embarrasing NC's during surveillance audits will it save?
 
Thread starter Similar threads Forum Replies Date
C How will I Internally Audit my BPO Center for ISO 9001:2000 Internal Auditing 8
C Can You Internally Audit a Process You Own? Internal Auditing 25
K Requirements for 2nd languages? I can't even audit them internally IATF 16949 - Automotive Quality Systems Standard 59
M Metal parts bonding/grounding on Class II, internally powered with functional earth? IEC 60601 - Medical Electrical Equipment Safety Standards Series 0
R Figure 16 and INTERNALLY POWERED devices IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
C Method of Monitoring our Internally Produced Non-Conforming Products Quality Tools, Improvement and Analysis 7
T Are internally found Medical Device Software "Bugs" Complaints? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 3
D Sharing ISO Standards internally on company computers ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
S Internally powered ME with non-conductive applied parts IEC 60601 - Medical Electrical Equipment Safety Standards Series 2
R Isolation of Internally Powered (3.3 Vdc) ME Equipment IEC 60601 - Medical Electrical Equipment Safety Standards Series 1
R Single Fault Condition for Internally Powered Medical Device IEC 60601 - Medical Electrical Equipment Safety Standards Series 4
S Should Client Controlled Procedures be Controlled Internally by us as well? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
R Referencing and Controlling Labels & Stickers used internally throughout Production Document Control Systems, Procedures, Forms and Templates 1
H How do we use AS9101D internally? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
A Internally Powered Medical Device and Dielectric Strength IEC 60601 - Medical Electrical Equipment Safety Standards Series 17
D Means Of Protection of the Video OUT of an Internally powered device IEC 60601 - Medical Electrical Equipment Safety Standards Series 5
M All Internally Generated Documents ? Required to be Controlled or Not All? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 19
J What PPM (Parts Per Million) targets do you use internally? Quality Tools, Improvement and Analysis 9
B Calibration of "Z" class ring gauges internally using a CMM General Measurement Device and Calibration Topics 5
B Can I calibrate Optical Comparators internally? General Measurement Device and Calibration Topics 24
A Gauges on pressure tank - What is the best way to calibrate a psi gauge internally? General Measurement Device and Calibration Topics 6
L Posting portion of standards internally? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
E Wall Internal Auditor Training - Done internally Training - Internal, External, Online and Distance Learning 7
N API Q1 Audit Surveillance - Questions Oil and Gas Industry Standards and Regulations 2
A Alternative to on site audit in China EU Medical Device Regulations 2
J Help to understand and response to API AAR during the re-certification audit Oil and Gas Industry Standards and Regulations 17
B Internal audit checklist Internal Auditing 5
V Internal Audit Software IATF 16949 - Automotive Quality Systems Standard 5
J Internal Audit Schedule IATF Internal Auditing 3
Mikey324 External calibration - Finding in our 3rd party audit General Measurement Device and Calibration Topics 58
C ISO 14001 Internal Audit - Opportunity for Improvement ISO 14001:2015 Specific Discussions 2
P Does FDA require certification for quality system internal audit for auditor? Qualification and Validation (including 21 CFR Part 11) 1
J Stage 2 audit initial cert, few data points ISO 13485:2016 - Medical Device Quality Management Systems 4
S Corrections not allowed during audit ISO 13485:2016 - Medical Device Quality Management Systems 7
P Looking to outsource Internal Audit - MDSAP competent auditor needed Other Medical Device Regulations World-Wide 9
R GFE Audit - Violation? GFE Location Controls AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 0
D Help Me. Non conformitty in External Audit IATF 16949 - Automotive Quality Systems Standard 13
M How to answer ISO9001:2015 audit finding of old revisions of documents being used? Document Control Systems, Procedures, Forms and Templates 8
B UKRP to what level should you audit Class I Technical Documentation? UK Medical Device Regulations 0
I Audit is tomorrow but I refused to participate Misc. Quality Assurance and Business Systems Related Topics 16
I ISO 17025:2017 / ANAB 3125 - Articulating / Communicating Risks vis-a-vis Audit Findings ISO 17025 related Discussions 2
D Verify Audit Trail of SaaS system Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 3
D Re-labeler - audit the supplier EU Medical Device Regulations 2
J Outsourced Internal Audit requirements for Aerospace Suppliers AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 21
A PPAP question for audit APQP and PPAP 16
D Number of people to be interviewed during an internal audit? Internal Auditing 10
B Gamma Quarterly Audit Medical Device and FDA Regulations and Standards News 1
A Anxiety - ISO Re-registration Audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 69
Ed Panek Auditor MDR (Presub audit) finding EU Medical Device Regulations 2
Q Easy CARs for Internal Audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 14

Similar threads

Top Bottom