Why internally audit ISO clauses for ISO 9001:2000? (Small company)

B

Bob_M

#1
Why internally audit ISO clauses for 9k2k? (Small company)

My thinking may be a bit off here but I'll post it anyways...

With the change from ISO 9001:1994 which was very element and checklist oriented (typically) to 9k2k which is suppose to be process, flow and effectiveness based...

Why would you want/need to audit your company's compliance to the ISO standards ASSUMING YOU'VE PASSED REGISTRATION AND BUILT A GOOD SOLID SYSTEM THAT TRULY FOLLOWING ISO?

Shouldn't "good" systems really just be audited based on internal processes, procedures, and flow?

In theory the Quality Manager/ISO Coordinator/Someone should be verifying that all new/changed procedures/processes follow ISO BEFORE they are implemented.
-----------
This question stems the fact that we/I need to schedule our next "round" of Internal Audits in the not-to-distance future and our small company's auditors really don't 100% understand ISO but do know OUR requirements...

We don't want to focus just on ISO like our our 1994 style audits which really didn't do us any good... (Different Quality Manager)

Why waste time teaching/auditing to the ISO standards, when we are suppose to be focusing on the processes during IA?
-----------
If I'm way off please straighten me out!
I'm not quite sure how we're going to run our next round of IAs.
The last round was used as mainly a document auditing process while we were re-writing MOST of our procedures and work instructions (for our OWN needs), and it just happened to work well with our ISO upgrade process.
Our auditor was OK with this round's FOCUS, but we definately need to focus on the processes and objective evidence the next time...
 

Randy

Super Moderator
#2
You're nowhere near being off track, in fact you so much on it's scary! :eek:

Your audit should be against the implementation and continuing operation of your system that was established to meet the requirements of the standard. Your internal auditors needn't concern themselves with walking around looking for conformance to 7.whatever, they need to focus on the system and the system requirements (what we say vs. what we do). Now where it gets tricky is to show that the audit process is effective and that you are addressing all the 4.-8. stuff. You've got to audit the audit so-to-speak.

You're asking good questions and you're answering them at the same time.
 
J

Jimmy Olson

#3
Our internal audit system is set up to look for performance rather than compliance and we haven't had any problem. Of course compliance to the standard is in the back of our mind so no surprises come up during our regular audits.

Our schedule is broken down by areas and departments and we look at the processes for that area as well as our own procedures. As part of the planning for each audit we look at the standard and see what clauses apply for that area and that way we can claim that we are adressing the standard, but the focus is looking for improvement opportunities.

Based on what you mentioned so far it sounds like you're on track for a good system without any problems. Just make sure that you keep the standard in the back of your mind so you can keep the external auditors happy :D
 
B

Bob_M

#4
Re: Why internally audit ISO clauses for 9k2k? (Small company)

Randy said:
You're nowhere near being off track, in fact you so much on it's scary! !:eek:

Your audit should be against the implementation and continuing operation of your system that was established to meet the requirements of the standard. Your internal auditors needn't concern themselves with walking around looking for conformance to 7.whatever, they need to focus on the system and the system requirements (what we say vs. what we do). Now where it gets tricky is to show that the audit process is effective and that you are addressing all the 4.-8. stuff. You've got to audit the audit so-to-speak.

You're asking good questions and you're answering them at the same time.
Well at least I'm on track... It may be slightly to get our auditors to understand the "new" concept, but at the same time I still have some tweaking of our manual and process maps before our Upgrade Audit so maybe it will be easier to figure out/schedule/explain later...
(Maybe I'm worrying to soon again:bonk:)
-------------
If we are able to sucessfully audit our system to check
what we say vs. what we do
and judge the effectiveness of OUR systems
then in a (BSI) auditor's eyes we should be OK for covering internal audits?
 
#5
The only time you might need to reference the standard is when something changes, or in some rare instances you have no documentation that is directly auditable.

An example might be the designation of a Management Rep -- You might have who the management rep is documented [a record], but no where in you documentation is the "shall", that you would audit against. Without referencing the standard, you would not even be aware that a MR is required.
 
B

Bob_M

#6
Re: Why internally audit ISO clauses for 9k2k? (Small company)

db said:
The only time you might need to reference the standard is when something changes, or in some rare instances you have no documentation that is directly auditable.

An example might be the designation of a Management Rep -- You might have who the management rep is documented [a record], but no where in you documentation is the "shall", that you would audit against. Without referencing the standard, you would not even be aware that a MR is required.
Good Point!
Although that should not be a problem unless there was no "ISO" champion/cooridinator or actual quality manager in the future.
------------
To be honest ISO 9k2k sounds very easy on the surface.
But upgrading, implementing, and auditing are not as easy or easy to plan (at least for me).
I'm sure I'll be looking for specific help when I need to work on the IA planning/scheduling.
 

howste

Thaumaturge
Super Moderator
#7
8.2.2 Internal audit
The organization shall conduct internal audits at planned intervals to determine whether the quality management system
a) conforms to the planned arrangements (see 7.1), to the requirements of this International Standard and to the quality management system requirements established by the organization, and
b) is effectively implemented and maintained.
You still need to audit to make sure that your system conforms to the ISO requirements. The focus should really be on 8.2.2b once the system is established, though IMO.
 

Randy

Super Moderator
#8
Re: Re: Why internally audit ISO clauses for 9k2k? (Small company)

Bob_M said:
If we are able to sucessfully audit our system to check
what we say vs. what we do
and judge the effectiveness of OUR systems
then in a (BSI) auditor's eyes we should be OK for covering internal audits?

I thought I was looking thru the eyes of a BSI auditor (if a part-time one counts) ;)

Just make sure during the course of your audit process that the essential requirments are being addressed. How you say you do it and how you do it are up to you. Within your audit plan you might want to provide some visual guidance as to how the 4.-8. dribble is being maintained or whatever.

The audit plan is essential. You need to be sure that your plan addresses the neat things like objective, scope and criteria. One of the easiest ways to do this is to use ISO 19011:2002, 6.4.1 Preparing the audit plan.

The audit plan should cover the following:
a) the audit objectives;
b) the audit criteria and any reference documents;
c) the audit scope, including identification of the organizational and functional units and processes to be audited;
d) the dates and places where the on-site audit activities are to be conducted;
e) the expected time and duration of on-site audit activities, including meetings with the auditee’s management
and audit team meetings;
f) the roles and responsibilities of the audit team members and accompanying persons;
g) the allocation of appropriate resources to critical areas of the audit.
The audit plan should also cover the following, as appropriate:
h) identification of the auditee’s representative for the audit;
i) the working and reporting language of the audit where this is different from the language of the auditor and/or
the auditee;
j) the audit report topics;
k) logistic arrangements (travel, on-site facilities, etc.);
l) matters related to confidentiality;
m) any audit follow-up actions.


Use this as a guide. Audit success (as with anything else) begins with planning.

You've got you head screwed on pretty good here ;)
 
C

Craig H.

#9
Bob

I remember discussing this in a previous thread, but I couldn't find it.

The way I look at it is this. We design our quality system with ISO 9001 (9004) in mind. Our internal audits do look at the standard itself, but almost always focus on making sure we do what we say we do (as has just been mentioned). The external audit is much more focused on the standard, but if we get caught not doing something in one of our procs, "DING".

I am not sure this is intentional, but people tend to gravitate toward what they are most familiar/comfortable with.

JMHO
 
S

Shaun Daly

#10
We never have audited our system v ISO itself after registration.

As other peole have done, we audited our performance (and compliance to our system).

However, as I read somewhere recently - things degrade with time.

Changes to your system should be approved as ISO compatible before implementation, but........

If your organisation is anything like mine, you have a 100 people running about like lunatics introducing new products, inhabiting new buildings, a constant turnover of staff;

Can you(we) be everywhere, everywhen?

After a few hiccups here I am starting to take the view that a complete system check TO ISO is not such a bad idea every now & then.

Once a year? How long will it take for a small company to do this. 1 day? 2?

How many embarrasing NC's during surveillance audits will it save?
 
Thread starter Similar threads Forum Replies Date
C How will I Internally Audit my BPO Center for ISO 9001:2000 Internal Auditing 8
C Can You Internally Audit a Process You Own? Internal Auditing 25
K Requirements for 2nd languages? I can't even audit them internally IATF 16949 - Automotive Quality Systems Standard 59
C Method of Monitoring our Internally Produced Non-Conforming Products Quality Tools, Improvement and Analysis 7
T Are internally found Medical Device Software "Bugs" Complaints? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 3
D Sharing ISO Standards internally on company computers ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
S Internally powered ME with non-conductive applied parts IEC 60601 - Medical Electrical Equipment Safety Standards Series 2
R Isolation of Internally Powered (3.3 Vdc) ME Equipment IEC 60601 - Medical Electrical Equipment Safety Standards Series 1
R Single Fault Condition for Internally Powered Medical Device IEC 60601 - Medical Electrical Equipment Safety Standards Series 4
S Should Client Controlled Procedures be Controlled Internally by us as well? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
R Referencing and Controlling Labels & Stickers used internally throughout Production Document Control Systems, Procedures, Forms and Templates 1
H How do we use AS9101D internally? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
A Internally Powered Medical Device and Dielectric Strength IEC 60601 - Medical Electrical Equipment Safety Standards Series 17
D Means Of Protection of the Video OUT of an Internally powered device IEC 60601 - Medical Electrical Equipment Safety Standards Series 5
M All Internally Generated Documents ? Required to be Controlled or Not All? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 19
J What PPM (Parts Per Million) targets do you use internally? Quality Tools, Improvement and Analysis 9
B Calibration of "Z" class ring gauges internally using a CMM General Measurement Device and Calibration Topics 5
B Can I calibrate Optical Comparators internally? General Measurement Device and Calibration Topics 22
A Gauges on pressure tank - What is the best way to calibrate a psi gauge internally? General Measurement Device and Calibration Topics 6
L Posting portion of standards internally? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
E Wall Internal Auditor Training - Done internally Training - Internal, External, Online and Distance Learning 7
P Filled in F48/F49 for internal audit ISO 17025:2017 Internal Auditing 0
A IRIS audit - Discussion about Special Processes General Auditing Discussions 11
J Internal audit random sampling methodology Internal Auditing 2
D Major NC from last audit not fixed not sure how to fix General Auditing Discussions 9
X Sample SOC2 audit report (or a redacted one) IEC 27001 - Information Security Management Systems (ISMS) 0
D Lead time to schedule an ISO 13485 audit Auditing Quality and Environmental Management Systems 2
G Organizing internal audit program for an Integrated QHSE Management System Internal Auditing 13
S Does anyone have a checklist to prepare for ISO 13485, Stage I audit? ISO 13485:2016 - Medical Device Quality Management Systems 1
W How do you phrase your internal audit questions? Internal Auditing 3
Z Steps to take before an MDSAP audit for Canada Canada Medical Device Regulations 2
V Csv, excel format - audit trail file of HPLC system ( Empower, openlab, EZchrom or any other ) Qualification and Validation (including 21 CFR Part 11) 0
G Not accepting a non conformity during an audit General Auditing Discussions 11
K IATF audit day requirements table 5.2 IATF 16949 - Automotive Quality Systems Standard 6
Q ISO 9001/IATF 16949 Audit Finding Question - Document Retention IATF 16949 - Automotive Quality Systems Standard 10
M IATF - Internal Audit 3 year span Internal Auditing 4
Q Audit report template ISO 9001/14001 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
Q ISO 9001-2015 Internal audit finding Internal Auditing 12
lanley liao How to understand this words that the planning of internal audit shall take into consideration the results of previous audits? Oil and Gas Industry Standards and Regulations 10
P Audit check for IT company (ISO 9001) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
D Supplier audit Medical Device and FDA Regulations and Standards News 2
M Go Live With New ERP System before Recertification Audit General Auditing Discussions 6
A Add MDSAP to Internal Audit Schedule Medical Device Related Regulations 0
A Define timeline for Major and Miner Audit finding General Auditing Discussions 4
J IATF 16949 Internal Audit question - Auditor's responsibility Internal Auditing 6
A API Monogram audit review process Oil and Gas Industry Standards and Regulations 4
S IATF 16949 Internal Audit Example IATF 16949 - Automotive Quality Systems Standard 11
B Remote IATF 16949 audit preparation General Auditing Discussions 10
M AS9100D Registrar pre-audit requirements AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 15
I Do I need to sign off my annual audit calendar? Internal Auditing 2

Similar threads

Top Bottom