Developing a ISO 9001:2015 Internal Audit Plan and Schedule

Being currently Active Duty (hurry the hell on, retirement!), I'm applying a lesson learned through service and am thinking of changing the internal audit schedule into something like a 10% Property Inventory. While I'll be looking at every Line Item Number, I'll only be looking at a small number of everything we've got going on.

Example: we have 16 procedures and something like 200 Work Instructions. I'm going to scour 2 Procedures and 20 instructions to ensure adherence to 2008 and also ensure that they're prepared for 2015. I'm going to ask every department something like 5-10 questions. Next month, I scour 2 different Procedures and 20 more instructions.

In 10 months, I'll have examined 20 Procedures and 200 Work Instructions, touched every part of what we're calling the Quality Manual, and have even allowed myself time and experience to revisit old business and verify CARs and FMEAs that might have been lacking during the previous year.

What say yall? How much sense does this idea make?

QSM_Rick said:

Being currently Active Duty (hurry the hell on, retirement!), I'm applying a lesson learned through service and am thinking of changing the internal audit schedule into something like a 10% Property Inventory. While I'll be looking at every Line Item Number, I'll only be looking at a small number of everything we've got going on.

Example: we have 16 procedures and something like 200 Work Instructions. I'm going to scour 2 Procedures and 20 instructions to ensure adherence to 2008 and also ensure that they're prepared for 2015. I'm going to ask every department something like 5-10 questions. Next month, I scour 2 different Procedures and 20 more instructions.

In 10 months, I'll have examined 20 Procedures and 200 Work Instructions, touched every part of what we're calling the Quality Manual, and have even allowed myself time and experience to revisit old business and verify CARs and FMEAs that might have been lacking during the previous year.

What say yall? How much sense does this idea make?

Click to expand...

Chances are good that the majority of your procedures are not what you should focus your time on just yet. Most of the requirements in operational control are not new, though the language looks somewhat different.

First thing is to get your Context items defined, then your main processes, then risks for these processes.

Once having done that, you can decide which procedures are operational controls for the risks you've defined and work on them via your prioritized list.

Jen Kirley said:

Chances are good that the majority of your procedures are not what you should focus your time on just yet. Most of the requirements in operational control are not new, though the language looks somewhat different.

First thing is to get your Context items defined, then your main processes, then risks for these processes.

Once having done that, you can decide which procedures are operational controls for the risks you've defined and work on them via your prioritized list.

Click to expand...

Chapters 4, 8, 7, then all others. In that sequence. Am I hearing your suggestion correctly?

This is a quick snapshot of what it is I've come up with. I'll be sitting down with the rest of the management team today to talk about this outline, the changes to our Internal Audit Procedure, and a couple of other topics. It's our intent to use these internal audits as a tool for gap analysis between 08 and 15. what say yall?

• Become familiar with audit instructions per selected area (see below). Copy the appropriate instructions into Audit Instructions block of F-004 Audit Worksheet:
  • Training: Ensure that a proper training procedure is accurate, understood, and implemented effectively. Verify requirements of each position is established and published. Verify appropriate On the Job Training is being conducted. Perform audit by:

[FONT=&quot] i. [/FONT]Audit the training program against the Quality Manual Clause 6.2.2
[FONT=&quot] ii. [/FONT]Audit the training program against P-016
[FONT=&quot] iii. [/FONT]Audit the training program against W-040 and W-073
[FONT=&quot] iv. [/FONT]Audit Training Matrix and Training Documents to ensure records and materials are current and present, verifying at least three (3) Training Documents and employee records are current and present
[FONT=&quot]1. [/FONT]Report which classes were viewed and copy into appropriate Internal Audit folder
[FONT=&quot]2. [/FONT]Report which employees were reviewed and report their names and observed findings on F-004 Audit Worksheet
[FONT=&quot] v. [/FONT]When applicable, copy retraining and reevaluation records into appropriate Internal Audit folder
[FONT=&quot] vi. [/FONT]Create no fewer than seven (7) questions for interviews
[FONT=&quot]
[/FONT]

Jen, the audit program manager you created is amazing! Thank you for sharing it

Thank you very much, Jen

As someone who is still working towards understanding how to apply the 9001"2015 requirements to our organization, I must say the audit piece is the most confusing to me.

As I work to document our audit plan I'm having trouble taking our list of processes (a task by itself) and matching them up with the clauses to audit against.

What are the minimum processes you must have per ISO9001:2015? Is it just LEadership, Planning, Support, Operations, Perf Eval and Improvement?

FYI... The requirement is no longer "annually" (however, per the rules a full system audit is required for certification).

See 9.2.2.2 on Pg 50 of the IATF Standard:

"The organization shall audit all QMS processes over each THREE YEAR CALENDAR PERIOD..."

See, now, I just had to google IATF to know out what you are talking about.

I'm working from the ISO9001 International Standard, Fifth Edition (2015-09-15). We had a quality system in place for years that we've used to manage our organization. Now, we have a customer who said, "Not good enough!" "You must be ISO9001 Certified or we are going somewhere else". So, of course, management said no problem because we already have a system in place.

Now, I'm trying to apply the ISO 9001 requirements to what we have in place, with minimal changes. But I'm having difficulty understanding exactly what is required since the document is so vague.

Jadey52803 said:

As someone who is still working towards understanding how to apply the 9001"2015 requirements to our organization, I must say the audit piece is the most confusing to me.

As I work to document our audit plan I'm having trouble taking our list of processes (a task by itself) and matching them up with the clauses to audit against.

What are the minimum processes you must have per ISO9001:2015? Is it just LEadership, Planning, Support, Operations, Perf Eval and Improvement?

Click to expand...

There is no minimum list of processes - your organization determines what all of the processes are in your system. No doubt you already have processes in place, perhaps they just haven't been named or clearly defined yet. I would suggest that you don't get carried away with too many processes. Generally 6-10 major processes would do for most organizations. Here's an example of a process map I posted here years ago as an example.