posted 01 May 2001 01:51 PM               

This is what I state in our Procedure. Let me know if this helps.

posted 01 May 2001 05:46 PM               

QS-9000 Element 4.1 3 states that all elements of the quality system need to be reviewed during management review, at defined frequencies.

QS-9000 Element 4.17 says that internal audits must be scheduled on the basis of the status and importance.......

Where does it say that all elements of QS-9000 must be audited (4.1.7) on a yearly basis?

Where does it say that all elements must be reviewed (4.1.3) on a yearly basis?

Just my personal opinion, but good business practice has led us to do a full internal audit of all elements yearly and report those results to management review for documentation that management has reviewed all elements of the quality system.

(This is in addition to the more valuable
product/process/dock audits)

posted 02 May 2001 03:10 PM               

quote:

---

Originally posted by Fire Girl:
My last maintenance audit, my registrar was not pleased with how I schedule audits. The standard states that audits should be scheduled based on status and importance. What exactly is meant by this? I thought I knew but apparently I don't!

Thanks

---

[This message has been edited by ISO GUY (edited 02 May 2001).]

posted 03 May 2001 10:10 AM               

I think that status & importance is a variable thing based on your company.

Status- Are there lots of N/C's and CPA's in this element? If there are lots of problems in one area than you should be auditing it more.

Importance- That will depend on your company. At different companies there may be some elements which are more important than others.

posted 03 May 2001 06:19 PM               

quote:

---

Originally posted by Fire Girl:
ISO Guy

I think that status & importance is a variable thing based on your company.

Status- Are there lots of N/C's and CPA's in this element? If there are lots of problems in one area than you should be auditing it more.

Importance- That will depend on your company. At different companies there may be some elements which are more important than others.

How's that for an answer?

---

I like it!

Just to add to importance, there is "some" guidance in appendix B of QS-9000. They say that customer complaints/supplier response, internal audit, management review, and continuous improvement are to be reviewed during all on-site audits. We use this to assist us in defining importance.

posted 03 May 2001 09:25 PM               

Auditors can be swayed by their expectations, and part of the job of the Management Rep is to put those expectations into perspective for the company the auditor is auditing.

posted 06 May 2001 05:06 AM               

I have a query too!! I saw that ISOGUY & few others have mentioned that the internal audit schedule to be approved during the Management Review Meeting. Is this a requirement? In my case, I never put the internal audit schedule for approval during the Management Review meeting. All our group companies internal audit schedules are approved by me as MR and followed. Any comments?

{Its been a while since I visited this forum and made some contribution...Been too busy out of QA!! - this note for all those who have missed me!! }

posted 06 May 2001 05:55 AM               

I have always worked for smaller companies and for either the President or General Manager, so this organization of duties has worked well.

posted 08 May 2001 03:29 PM               

If an area asks me to come out and help them with conformance to standards I act as an internal consultant and don't write anything, just point out gaps and provide them with advice/information. Then they're audited later per the schedule. On the other hand, if they ask me to audit them (usually just before the registrar is due), it's a sort of 'mini' audit that I do write reports against.

Is this an answer to the question?

posted 08 May 2001 04:38 PM               

Let me tell you what I think a mini audit is. This is what we do: Usually just before an audit I ask all the employees to get involved in what I call mini audits. I have them check out an area that they do not work in. I usually don't log these audits, I just mention at our morning production meetings that there were discrepancies in a certain area. Perhaps I should log them in our Internal Audit Book?

posted 08 May 2001 05:26 PM               

The status and importance issue from ISO is one of the originals. QS-9000 has led everyone to the once a year 'criteria'. The original intent was to let the company decide, based upon reason, what to audit and when. If you are having problems in a specific area or with a specific system, more frequent audits are 'expected'. One area that was often passed over for long periods were systems like traceability (remember for some companies traceability is not much of an issue) where no problems were evident for a year or two or more there was justification to spread your audit for that out to maybe 18 months. Document control was another one which - well, as you audit just about anything you're automatically seeing whether document control is effective and whether the system is being followed. You're asking people to show you their documentation, explain about their records, etc. From this (and I have seen registration audits where document control was 'passed' by the fact of all the other audits) you could argue that (assuming no 'recent' findings) 18 months or 2 years would be sufficient for a document control audit. On the other hand, an auditor could argue for at least yearly audits because of the criticality of document control (importance).

Since QS-9000 sunk in and with thanks to the push by the ASQC and 'the auditors' (to the extreme of wanting companies to 'register' or 'certify' their internal auditors - can you say $$$?), the 1 year for auditing everything at least once is pretty much expected.

Just remember the words: Status and Importance.

Status: Are there recent problems? When was it last audited?

Importance: Your judgement as to how important or critical a system is.

If you are walking to lunch and pass a container and see nonconforming product what do you do? It's not a formal audit - you're on your way to lunch. But it is a concern so I suspect you would notify the appropriate operator, supervisor or whoever. Then, a determination would be made at to whether a corrective action was required or not, but at the least the nonconforming product would be identified and appropriate nonconformance system aspects would apply - loging the findings or however your system works.

I can't see any difference in a 'mini' audit. If you identify a nonconformance you use the appropriate system to rspond. And yes - I would log them as audits. That's what they are, aren't they??

One of the things I have done in most implementations is to schedule 'walk-throughs' where I simply go department by department for small samples to assess compliance status. It is high risk, small sample size, but if you're finding a lot of things the problems are obviously serious. I reported findings - they reacted. The only difference is in implementation, prior to the registration audit, the system findings were typically not a driver for a corrective action unless no progress has been made. This is discussed in the latest implementation guide. (I don't think this is addresed in the posted 'example' slides and I'm not updating them again - only the guide files which are for sale - can't give away everything...)

-> I guess what I was pointing to was the definition of the
-> Mgt Rep. "ensuring that processes needed for the quality
-> Management system are established, implemented and
-> maintained". To me, that "could suggest" monitoring Top
-> Management's quality planning.

I don't think the intent is to require upper management to directly oversee internal audit scheduling. The schedule and the results of audits are supposed to be presented during management review.

My advise is to continue to schedule yourself but be prepared to explain your reasoning for the schedule. Heck - there are several clients I do audits for about yearly (see below - we're now on 14 month cycle). Two of them have really neat audit schedules. They have a calandar on the wall and each winter when they replace it they write in the audit dates that I will be there the coming year. Now, this is just a typical wall calendar like your insurance company or bank would give you or send you. I go over each system. No complaints yet (going on 4 years for both of them). The audits have always gone very well, so I do include in my write up my OPINION that nothing indicated a need for any audits prior to the next scheduled audit. By the way, we currently schedule audits at 14 month frequencies now because the audits have always gone well (as have the survalience audits by the registrar) with no complaints by the registrar. Remember, these are small companies - one 14 people and one about 35 people.

The biggest thing here is to understand YOUR internal audit system, what internal audits are supposed to do, and to be ready to explain what you do and what your reasoning is.

-> Auditors can be swayed by their expectations, and part of
-> the job of the Management Rep is to put those
-> expectations into perspective for the company the auditor
-> is auditing.