What to expect during an ISO 9001 audit

Marc · Sep 26, 2019

Ed Panek said:
If you dont have one create a spreadsheet that list the requirement and the document you have that addresses it. The auditor is going to go down a list asking for things. They wont ask always by the usual standard names so having a cheat sheet like this is helpful. This has created a lot of stress for us because I immediately thought I missed something when I knew that wasnt possible.

For example, the auditor might ask "Show me that you review your quality goals and discuss progress." You could ask "what section of the standard are you referencing?" An ISO 9001 auditor might say "section 9.3" You look at your cheat sheet and show 9.3 is Management Review. You might bring up an SOP for Management Review and also the MR minutes and hand them to him.

We made this type of cross reference when we did the first gap analysis. Every sentence of every requirement in the standard (or standards) was listed first. I highly recommend it. I know there are examples here. A Search for the words gap analysis will surely bring some examples up.

Attachment Listing search for gap analysis

Michael_M · Sep 26, 2019

Marc said:
Things may have changed, but I do not remember any requirement in any standard (AS9100 may now - I don't have a copy to check) which required any employee to recite the quality policy verbatim.

No, the employee does not need to know the quality policy verbatim, however [war story] this auditor was making sure "the quality policy shall be communicated, understood, and applied within the organization". As I was escorting the auditor, I was getting the feeling he was 'looking' for someone to not know so he could write an NC on it, he asked 100% of the people he talked to and he talked to almost everyone.

Marc said:
I also printed out the company quality policy, like you on standard business card stock and gave them to employees.

Actually, I stole the idea from one of your posts many years ago. Until I read that statement, I did not remember where I got the idea to print the quality policy on a business card, but I do have to say it has saved me a lot of grief [Don't get me started on my grief with the quality policy].

Michael_M said:
1. If they do not know an answer; "I don't know, but lets go find out" is a perfectly reasonable answer so long as they actually go find the answer.

Marc said:
Never saw that. IF they know their job and how to do it, their responsibilities, documentation which affects them, they know the answer unless the auditor asks a question which is outside the employee's job and responsibilities.

I don't think I have seen it either as most people directly answer the auditors questions without issue, after thinking about it, I think I will continue to tell people this however. The main reason: I think it helps to remove fear. Most of the time they do not know what questions will be asked so they start to fear the potential questions. By adding this, they know they have a 'way out'. This also could be done using the practice audits, however, I have only ever experienced audits from this one company I work for so my experience is limited regarding the actual auditor and the questions they ask. [war story] The first three years (AS9100c) I had the same auditor and by the third audit, I knew his approach and method. The upgrade to D we changed auditors and he did things completely different and the audit prep I did was not that great for his style.

Ed Panek · Sep 26, 2019

"What does your company Quality Policy mean to you?"

I dont like that question because it seems like a platitude. Words dont mean anything. 50% of people get divorced after swearing to God that they wont. Actions are what should be audited - not touchy-feely stuff.

Sidney Vianna · Sep 26, 2019

Ed Panek said:
Actions are what should be audited .

Right on. Asking people about the quality policy is, for the most part, a totally useless activity and waste of time. But I have asked that question during an audit, after I uncovered situations such as:

Someone knowingly shipping nonconforming product, without customer's concurrence
Salespeople deliberately lying to customers about shipping dates and product specifications
Supply chain people admitting that they select suppliers on price alone

In instances like that make sense you asking about their awareness of the quality policy and ask them to explain why they have violated it.

GunLake · Sep 26, 2019

Just went through my first audit here last month.
1. Every person he talked to he asked what the quality policy meant to them. (He did not like it when they would try to read it word for word and would stop them)
2. Make sure employees know the non-conforming policy.
3. Make sure you have evidence of internal audits being completed.
4. Evidence of Management reviews taking place.
5. Like others have stated. Don't answer more than whats being asked.
6. Don't lie because they will want EVIDENCE of everything.

Ed Panek · Sep 26, 2019

Sidney Vianna said:
Right on. Asking people about the quality policy is, for the most part, a totally useless activity and waste of time. But I have asked that question during an audit, after I uncovered situations such as:

Someone knowingly shipping nonconforming product, without customer's concurrence

Salespeople deliberately lying to customers about shipping dates and product specifications

Supply chain people admitting that they select suppliers on price alone

In instances like that make sense you asking about their awareness of the quality policy and ask them to explain why they have violated it.

I understand on that point. If the basics of the QMS are not being followed there is a serious issue with the QUality Policy not being followed.

blackholequasar · Sep 26, 2019

I have an audit coming up next month - not my first ISO 9001, but my first with the company I'm currently at. We just changed our quality policy and now I'm thinking of taking a page out of your guys' books and printing them on business cards! We do have it posted throughout our facility. Typically in the past when an auditor has asked someone about the policy, they just point them in the direction of it. And typically the follow-up question is how the employee may interpret the policy. I've had auditors ask me to prove how the policy aligns with our quality objectives, as well. They love their quality policy checks! Haha

Marc · Sep 26, 2019

Ed Panek said:
"What does your company Quality Policy mean to you?"

I dont like that question because it seems like a platitude. Words dont mean anything. 50% of people get divorced after swearing to God that they wont. Actions are what should be audited - not touchy-feely stuff.

Well.... I think it came from "...if you have a quality policy what good is it if all of the employees don't know what it means...". Remember, this was some years ago. Also, compare it to the idiocy of asking multiple employees to *recite the quality policy verbatim*, as was mentioned earlier. Even having to have a "quality policy" was (is) BS because they are are always BS required statements the sincerity of which are often quite questionable. (As to divorce, I always think of Newt Gingrich and his second wife... "Yeah, so you have cancer and are in the hospital. I met a prettier and much younger gal so here are the divorce papers I filed. I gotta go now. I have Bill Clinton to go after because he lied about getting a BJ and I want to see to it that he is impeached for that. Goodbye, you old cancerous bag." And Gingrich claims he's a Christian...)

blackholequasar said:
And typically the follow-up question is how the employee may interpret the policy

= "What does the company quality policy mean to you?" And, whether by requirement or otherwise, what good is a quality policy if employees can not say what it means to them {and how it affects them and how it applies to them}?

Sidney Vianna said:
But I have asked that question during an audit, after I uncovered situations such as:

You're promoting "gotcha" audits. Such situations should have been identified in appropriate audit areas, in my opinion, not by coincidence when asking about a company's quality policy. I maintain my long held belief that quality policy statements are BS. What a company does, whether they explicitly state it or not, is what is important in my opinion.

Michael_M said:
I think I will continue to tell people this however. The main reason: I think it helps to remove fear.

As I have said, to remove fear you have to bond with the employees, including those who are on the floor doing the actual work. Now, it you really want to eliminate fear (and put an auditor {or auditors} on the defensive), you can do what I did in a number of companies. We had t-shirts printed up with the company logo on the front and on the back it said, in BIG letters: "Audit Me! I'm Ready!" which even top management wore. I may still have one or two somewhere in storage here (I keep souvenirs...). Expensive, but fun and it really motivates people.

Also see: ISO Motivators - Ideas for visual aids throughout the plant and Informational - Is Identification of Risks and Opportunities required for QMS Processes? (I've mentioned the t-shirt bit before)

Michael_M said:
the audit prep I did was not that great for his style.

Preparation for an audit should never have anything to do with an auditor's "style".

Sidney Vianna · Sep 26, 2019

Marc said:
You're promoting "gotcha" audits. Such situations should have been identified in appropriate audit areas, in my opinion, not by coincidence when asking about a company's quality policy. I maintain my long held belief that quality policy statements are BS. What a company does, whether they explicitly state it or not, is what is important in my opinion.

It seems you did not understand what I wrote, because I also believe that quality policy statements are empty words blowing in the wind, for the most part. What I tried to convey is that, after I found a significant breach of INTENT to satisfy customers, I followed up with a question about the quality policy. Some of these people had even memorized the statement, but their ACTIONS clearly showed they were not following the INTENT of the quality policy.

AMIT BALLAL · Sep 26, 2019

There is a YouTube channel called "getisohelp", there are some roleplay videos that can be helpful.

What to expect during an ISO 9001 audit

Marc

Fully vaccinated are you?

Michael_M

Ed Panek

QA RA Small Med Dev Company

Sidney Vianna

Post Responsibly

GunLake

Involved In Discussions

Ed Panek

QA RA Small Med Dev Company

blackholequasar

The Cheerful Diabetic

Marc

Fully vaccinated are you?

Sidney Vianna

Post Responsibly

AMIT BALLAL

Similar threads