The Elsmar Cove Business Standards Discussion Forums More Free Files Forum Discussion Thread Post Attachments Listing Elsmar Cove Discussion Forums Main Page

Welcome to the Elsmar Cove!
Business Standards Information Exchange

First off, you might want to take a read through some interesting Forum Threads on Subcontracting Internal Audits.

Internal Quality Audits - ISO 9001 Element 8.2.2

The supplier shall establish and maintain documented procedures for planning and implementing internal quality audits to verify whether quality activities and related results comply with planned arrangements and to determine the effectiveness of the quality system.

Internal quality audits shall be scheduled on the basis of the status and importance of the activity to be audited and shall be carried out by personnel independent of those having direct responsibility for the activity being audited.

The results of the audits shall be recorded (see 4.16_ and brought to the attention of the personnel having responsibility in the area audited. The management personnel responsible for the area shall take timely corrective action on the deficiencies found during the audit.

Follow-up audit activities shall verify and record the implementation and effectiveness of the corrective action taken (see 4.16).


20 The results of internal quality audits form an integral part of the input to management review activities (see 4.1.3).

21 Guidance on quality system audits is given in ISO 10011.

Inclusion of Working Environment
Suitable working environment shall be considered as part of the internal audit process.

ISO 9001:2008 -- Internal Audit - Clause 8.2.2

The company shall conduct internal audits at planned intervals to determine whether the quality management system

a) Conforms to the planned arrangements (see 7.1), to the requirements of ISO 9001:2008 and to the quality management system requirements established by the company, and

b) Is effectively implemented and maintained.

An audit program shall be planned, taking into consideration the status and importance of the processes and areas to be audited, as well as the results of previous audits. The audit criteria, scope, frequency and methods shall be defined. Selection of auditors and conduct of audits shall ensure objectivity and impartiality of the audit process.

Auditors shall not audit their own work.

The responsibilities and requirements for planning and conducting audits, and for reporting results and maintaining records (see 4.2.4) shall be defined in a documented procedure.

The management responsible for the area being audited shall ensure that actions are taken without undue delay to eliminate detected nonconformities and their causes. Follow-up activities shall include the verification of the actions taken and the reporting of verification results (see 8.5.2).

NOTE See ISO 10011-1, ISO 10011-2 and ISO 10011-3 for guidance.

8.2.2 correlates to the old 4.17 of ISO 9001:1994. The new standard states that your company must plan and conduct periodic internal audits to determine whether your quality management system:

a) Conforms to the ISO 9001:2008 standard, and

b) Has been effectively implemented and maintained.

Your company may take into consideration the status and importance of the activities and areas to be audited and the results of previous audits when planning your audit program. You must define the audit scope, frequency and methodologies. Your audits must be conducted by someone other than the personnel who perform the activity being audited.

You must also have a documented procedure that includes the responsibilities and requirements for conducting audits, ensuring the audit is independent, recording the results of the audit and reporting the results of the audit to management.

In summary, Internal Quality Audits are required to ensure that the quality system is working effectively and is in conformance with the ISO 9001:2008 standard. Internal Audits are a key component of your QMS, they provide a means for measuring, analyzing and improving your management system. Audits are also a very important input to the Management Review process. The accuracy, scope and reporting of the results of your internal audits are critical in enabling your management to identify the need for corrective actions and preventive action.

The ISO 9001:2008 standard has helped to clarify the auditing requirement. ISO 9001:94 was a little vague when it called for audits to "determine the effectiveness of Quality System". The new standard now is more prescriptive, pointing to the purpose of the audit as to "determine whether the quality management system a) conforms to the requirements of this (ISO 9001:2008) International Standard, and b) has been effectively implemented and maintained." The use of checklists is still a valuable tool for auditing.

You must define the audit scope, frequency and your audit method, in doing this you must place into consideration the importance of activities and areas within your company to be audited, obviously placing the most importance on the areas having the most effect on quality. This is not a new requirement of ISO 9001:2008.

When choosing your auditor you must select an individual other than one who performs the activity being audited. The Internal Quality Audits are often assigned to the financial manager. however the quality manager, as the management representative, will usually maintain responsibility for the development of, and implementation of the quality audit activity. Internal quality auditors will require training; in addition those performing audits can start their activity during development and implementation, to ensure that the quality system reflects reality and is being deployed effectively.

Being Audited

In the course of seeking conformance, concerns or nonconformance's may become evident, but it is important that everyone involved understand that the intent is to seek conformance. Conclusions must be based on objective evidence, observation, interview and documents.

If auditing is understood as a staff persecution or a 'witch-hunt,' then do not be surprised when (not if, but when) the members of your company respond with suspicion, distrust and even hostility. It is extremely important that management appreciate the purpose and principles of quality system auditing and that the auditors conduct themselves accordingly.

The results of an audit should indicate whether the quality system is properly implemented and maintained. These results are considered by management for action as necessary.

A positive and constructive attitude toward auditing can make the exercise enjoyable for both the auditor and the auditee. Most people enjoy telling you what they know and how good they are at their job. In addition, without an air of suspicion and distrust, auditees are likely to confide concerns or suggestions that are in the company's best interest to address and not simply lay blame.

One way to ensure that everyone understands and retains a good perspective on the intent of a management system audit, is to develop an audit mission statement. A two or three sentence statement that captures the positive and constructive intent of your company's audit program can help keep the auditor and auditee on track.

Finally, Quality System audits are not surprise audits! They are planned and everyone knows when it will happen, and what elements or departments will be audited. There should be no surprises, as this tends to foster mistrust towards the audit process, and a feeling of "them versus us" between your company and the auditors.

Potential Audit Questions

1. Who in your company is responsible for auditing your Quality Management System? Who reports the result of the audits? If non-conformances arise from an audit, who is notified and who is responsible for following up?

2. How are audits received in your company? Do employees take them negatively or positively? Describe what is done in your company to try to curtail negativity arising from internal audits? In a perfect world, what would you do to ensure a positive response to audits?

3. How will your company determine whether the quality system has been "effectively implemented and maintained"? Will you treat this requirement differently than the requirement to determine the "effectiveness of your quality system"? Please explain your interpretation.

The Intent

The intent is to ensure that internal systems are up, running and working as documented. To be sure, it is in the best interest of a company to have an external audit source. Many larger corporations have corporate audit staffs which travel to each facility. The major cavat in the intent is to provide an unbiased auditor. Witness, an auditor may not audit an area in which he/she works.

Many companies outsource calibration. The intent of the calibration related requirements of ISO and QS is to ensure calibrated measurement and test equipment. It really doesn't matter how the company gets there. The extent and degree of outsourcing of calibration services can vary from shipping instruments to another company to having a company coming to the facility for onsite services including recall responsibilities. Bottom line is they want evidence that calibrated IM&TE (not forgetting gages, etc) is used in production related activities.

In many ways an external source for internal auditing needs can exceed what a company can provide internally at minimal cost, including:

970512 - One Person's View

Date: Mon, 12 May 1997 11:01:28 -0600
From: ISO Standards Discussion
Subject: Re: Q:Outsourcing internal audits/Turner/McKeogh/Diamond
From: "DiamondTim"

I would like to offer my results of contracting internal audits. Most of what I have read on the topic has been negative. I'm not sure if these statements are based on experience or expectations. My company's initial approach at ISO consisted of training internal auditors, personnel from various levels in the organization and from all departments. Personnel were selected based in their personality (the most difficult thing for auditors to do is to "get along with everyone, especially in sticky situations") and then interviewed privately. When this process was complete, there was one department that was not represented by the auditor team. The department V.P. selected someone and had them trained with the others. After just 2-3 audits, that person quit. When called by the V.P., I said my second qualification for the auditors, after explaining the responsibilities, was "does this interest you (they already knew the first question)? If not interested, I did not want them to be a part of the team because I did not feel they would do an adequate job. The rest of the team continued with the audits until I discussed during a Management Review meeting the possibility of contracting these services. Since then, (two years ago) we have contracted every audit and have had exceptionally good results. We have always had difficulties in crossing departmental boundaries, as do most organizations. By documenting procedures, ISO did help with this but it did not eliminate the feelings when someone from another department came in to do an audit. By contracting the audits, this has been eliminated. We have someone with experience from other companies and other industries that can offer suggestions. We have someone that is involved in audits daily so it stays fresh on their mind. We have someone that can get people to tell him things they don't want to and make them like it. When that is achievable, you can get answers to any questions you need anywhere within the organization. My vote is to CONTRACT YOUR AUDITS !!!

Return to the Services Page

The Elsmar Cove