posted 07 September 2000 10:19 AM               

I interviewed a registrar yesterday and he stated that we must audit all of the ISO elements before we can be certified. Where is this requirment stated, or is it implied in some way?

This is how my procedures are set-up right now. Management reviews quality system on a weekly and monthly basis. From these reviews, quartly audits will be scheduled. I beleive this satisfies the requirements for internal audits.

posted 07 September 2000 10:50 AM               

Anyway..its a registrar specific clause that I believe 99.99999% of them adhere to. It would be a waste of time and expense to come in if a company had not audited their own system for compliance first...sure would lead me (with my auditiors hat on) to look for more signs of a lack of commitment to the project if a company even suggested that they don't need to do a complete round before the registrar comes in......

posted 07 September 2000 11:21 AM               

quote:

---

Originally posted by CarolX:
Where is this requirment stated?

---

Nope - not "spelled out" in the standards - as well as the "implied requirement" of auditing every element/procedure/system doc. every year (on the basis of importance of course). And the implied requirement from our particular registrar that we ask the same internal audit questions based on specific standards statements for each sentence/a.b.c.d.... task-line in the standards - every year. (which IMHO is a bit overboard)BUT

I do agree with Barb - even though it isn't written "clearly stated" (out in the open) it is a good management/registrar practice under the current version.

Our external auditor did indicate recently though that the "methods of registration auditing" would be undergoing a change with the new FDIS write-up.

Regards
Jim
--------------------
Edited to correct html.

posted 07 September 2000 11:42 AM               

With regard to the 2000 version, and by reference the 1994 version, Cianfrani, Tsiakals and West make an interesting statement in their new book (ISO 9001:2000 Explained ISBN 0-87389-481-2).

"It is now clear" [2000 version] "that audits are to be carried out periodically. Thought this was implied before, it was not clearly stated. A on-time set of audits to comply with ISO 9001 in order to obtain registraion is not sufficient."

posted 07 September 2000 02:29 PM               

quote:

---

This is how my procedures are set-up right now. Management reviews quality system on a weekly and monthly basis. From these reviews, quartly audits will be scheduled. I beleive this satisfies the requirements for internal audits.

B]

---

posted 07 September 2000 03:52 PM               

Jim - I concur - periodically means just that. What ever is neccessary, along with the evidience of review to back it up.

Laura - weekly review of inspection results, customer returns, and customer contacts. Monthly review of scrap and rework.

Our field is much to competative to allow internal audits to be truly helpful to us.

Lots to think about .... thanks everyone for your input.

posted 07 September 2000 05:09 PM               

More telling is when a registrar hits you during the registration audit for something that they should have spotted during document review or the pre-assessment.

But - I do see these early internal audits as a learning function and I do agree they can be (and typically are) helpful. In some companies they are, in my opinion, quite necessary. I wouldn't do an implementation without a complete round of internal audits late in the project either by me or the company.

> "PERIODICALLY" is CLEAR?

I agree. I don't see this as a change at all from the 1994 version.

> This is how my procedures are set-up right now. Management reviews
> quality system on a weekly and monthly basis. From these reviews,
> quartly audits will be scheduled. I beleive this satisfies the
> requirements for internal audits.

Management review is required to review the results of internal audits but is not related to internal audits (can't substitute for).

> Barb - If I have done my job completely, my procedures should describe
> exactly how we are doing things now. My "proof" would be, how are we
> doing it a year from now? That is when I feel an audit is much more
> effective.

Audits are supposed to prove people are following your procedures and that your systems work. I'm not sure how you're linking procedure content with "..how we're doing it in a year...' Procedures do change and to some extent it is expected (continuous improvement?) that many will change over a year. So - whether or not you're doing something the same way next year as you are now is a non-issue.

I have not been through an implementation where everyone was following procedures as written. Internal audits are supposed to root these people out.

> Our field is much to competative to allow internal audits
> to be truly helpful to us.

posted 07 September 2000 05:18 PM               

quote:

---

Originally posted by Randy:
Around here periodically means within the last millinium.

---

Yipes!! How true, how true...............

But there is always time for corrective action.

posted 07 September 2000 07:03 PM               

quote:

---

Originally posted by CarolX:

Laura - weekly review of inspection results, customer returns, and customer contacts. Monthly review of scrap and rework.

---

If you're calling the weekly/monthly management review as the required management review, then I hope you "periodically" look at additional information. This is a review of the data or results of your quality system. Most companies look at that data at similar frequencies, but the required management review should be a much more detailed agenda. I think Marc had a pdf file with a typcial management review agenda.

posted 08 September 2000 09:57 AM               

quote

> Our field is much to competative to allow internal audits
> to be truly helpful to us.

I would like to hear your reasoning for this statement.

Absolutely ---
We are a small sheet metal house. In this area, this type of business is very competative, with cost being the most deciding factor by our customers. We can save them thousands of dollars by providing them quality product, on time at a reasonable cost, but if Fabricating Freddy down the street can do it for $.05 cheaper, we are out of luck ...... therefore - where am I being most effective in my organization -- auditing the processes via inspection, or auditing procedures??? And since we are small, I have the luxury of being able to track errors to specific personel....this allows me to immediately identify those people that need additional training.

Please do not misunderstand that I am not completely "anti-audit", but at this point, I feel, for our business, it is putting the cart before the horse.

I hope that clarifies things a bit.

posted 10 September 2000 12:07 AM               

If you follow these people so closely you should integrate this aspect of your company systems into internal audits. Sounds like you're pretty much doing the same thing. Yup - you'll have paper work to provide evidence.

The question becomes, if Fabricating Freddy down the street can do it for $.05 cheaper, why is this? Might even be that Fabricating Freddy 's owner takes less out of the business and thus can afford to keep prices lower than yours. Is Fabricating Freddy 's registered to ISO? Do your customers require you to be ISO? Maybe your sales force should find customers who do not require ISO if Fabricating Freddy 's do not.

I'm not hyping internal audits - my belief is a company should not need them. But then there is reality... ISO requires them. Period. You don't have a choice if you want to register. It is not a situation where you can exclude elements of compliance because for one reason or another you don't like the requirement. How you do this is up to you.

On the other hand you can buy an outside 'internal audit'. I do them for a few companies. One company of about 40 people takes me about 6 hours one day a year on-site.

posted 12 October 2000 01:33 PM               

Only when a system is fully implemented with documented effectiveness should the formal registration process begin. By doing this all employees are aware of the system and believe in its effectiveness.

When all personnel are on board and know what to expect, the registration process will not be overwelming and the usual stress levels will be greatly reduced.

posted 29 October 2000 01:19 PM               

Section 8.2.2 Internal Audit
"The organization shall conduct internal audits at planned intervals to determine whether the quality management system..."

Where does PERIODICALLY come in? It is only a statement by someone in a book. The full section of the FDIS, 8.2.2 seems pretty clear it is not a periodical function, but a well planned and defined function.

Oh, and to the actual thread: I would not go into a preassessment without a full internal audit first, don't know a registrar that would (I agree with a lot of what has been stated as to the why of this), and when contracted for a job, an internal audit is almost a requirement for me for certain scopes of work. Either I perform one, they perform one or one has been performed (and well documented) recently. How can you assess the current status - of readiness or compliance or effectiveness or level of current implementation if you don't have some sort of benchmark to start from?

Can't pull the cart unless the horse is harnessed properly.

posted 04 January 2001 06:25 AM              

I am an Internal Auditor in the UK (qualified MIIA-UK) and am presently working on an Environmental Audit.

Is not the dilema caused by the use of the term "audit", hence we confuse internal audit with quality audit?

It seems that the quality audit is performed by the same people who implement the Environment Management System, so there is no independence and objectivity.

Also, in the UK, it takes 3years and exams to become a Qualified Internal Auditor, but how long does it take to become a "Quality Auditor".