Internal Auditing to ISO 9001 - How to schedule/plan and perform an ISO audit
- Thread starter Crusader
- Start date
Re: Internal Auditing to ISO 9001:2000 - How to schedule/plan and perform an ISO audi
Also see: Creating an Internal Audit Schedule
Also see: Creating an Internal Audit Schedule
P
PVieira
Re: Internal Auditing to ISO 9001:2000 - How to schedule/plan and perform an ISO audi
Crusader ....
This will be wordy & I hope worth it.
First of all I'm not quite sure why you are trying to do your readiness review in a couple months, if you or your auditors are not familiar with process auditing. You should have a complete audit cycle done to your new Quality system, before this happens.
I have been certified to QS9000 as a lead auditor and am currently certified as a QMS auditor to ISO9001:2000. I wonder how your Quality system is set up and what level of success your company will have if your management has literally no "commitment" to its system.
I have read several of your and the others remarks and am surprised at some of the conversation.
I will address you posts in order: I hope this helps simplify things for you. I know that lost feeling.
We set up our entire system as flow charts, which make process auditing real easy. I can send you and example if you need one. Your process flow becomes an instant checklist. (Its nice and easy) just remember:
The KISS Principle
DEFINITION - The KISS (Keep It Simple, Stupid) Principle is self-descriptive and recognizes two things:
1. People (including product and service users) generally want things that are simple, meaning easy to learn and use.
2. A company that makes products or furnishes services may find simplicity an advantage for the company as well, since it tends to shorten time and reduce cost. (Where the company is trying to use the principle on behalf of users, however, design time may take longer and cost more, but the net effect will be beneficial since easy-to-learn-and-use products and services tend to be cheaper to produce and service in the long run.)
Your schedule is to audit each of your processes, the fewer you have the smaller your schedule. We also have to include product realization audits we do 2-3 each audit cycle.
Training can be expensive, and speaking from experience I understand your dilemma. Here is a very inexpensive ($160.00 per person or haggle) alternative that my company used to train and qualify our internal auditors (www).Caliso9000.(com) it is an on-line at your own pace training course. (And “No” I am in no way affiliated with Caliso)
As far as your corner pocket problem (LMAO that's a term we use as well), I will tell you we have had a non-conformance written by our registrar to upper management for lack of resources. Which should be identified at your management review. (An ISO requirement)
and finally, we used the turtle only for the development of our QMS...
GOOD LUCK!
Crusader ....
This will be wordy & I hope worth it.
First of all I'm not quite sure why you are trying to do your readiness review in a couple months, if you or your auditors are not familiar with process auditing. You should have a complete audit cycle done to your new Quality system, before this happens.
I have been certified to QS9000 as a lead auditor and am currently certified as a QMS auditor to ISO9001:2000. I wonder how your Quality system is set up and what level of success your company will have if your management has literally no "commitment" to its system.
I have read several of your and the others remarks and am surprised at some of the conversation.
I will address you posts in order: I hope this helps simplify things for you. I know that lost feeling.
We set up our entire system as flow charts, which make process auditing real easy. I can send you and example if you need one. Your process flow becomes an instant checklist. (Its nice and easy) just remember:
The KISS Principle
DEFINITION - The KISS (Keep It Simple, Stupid) Principle is self-descriptive and recognizes two things:
1. People (including product and service users) generally want things that are simple, meaning easy to learn and use.
2. A company that makes products or furnishes services may find simplicity an advantage for the company as well, since it tends to shorten time and reduce cost. (Where the company is trying to use the principle on behalf of users, however, design time may take longer and cost more, but the net effect will be beneficial since easy-to-learn-and-use products and services tend to be cheaper to produce and service in the long run.)
Your schedule is to audit each of your processes, the fewer you have the smaller your schedule. We also have to include product realization audits we do 2-3 each audit cycle.
Training can be expensive, and speaking from experience I understand your dilemma. Here is a very inexpensive ($160.00 per person or haggle) alternative that my company used to train and qualify our internal auditors (www).Caliso9000.(com) it is an on-line at your own pace training course. (And “No” I am in no way affiliated with Caliso)
As far as your corner pocket problem (LMAO that's a term we use as well), I will tell you we have had a non-conformance written by our registrar to upper management for lack of resources. Which should be identified at your management review. (An ISO requirement)
and finally, we used the turtle only for the development of our QMS...
GOOD LUCK!
Re: Internal Auditing to ISO 9001:2000 - How to schedule/plan and perform an ISO audi
This may not address the original post, from 2005 (I'm guessing Crusader has resolved her issues!), but............
Your schedule is to audit each of your processes, the fewer you have the smaller your schedule. We also have to include product realization audits we do 2-3 each audit cycle.
This may not be accurate, since it doesn't address the requirement to audit based on status and importance. Audits should be done on a 'pull' system, not a 'push'. Don't 'push' audits on management. Find out where their processes are not delivering to the customers and/or organization's objectives, then go audit the process to find out why.
It's not necessary to cover eveything once a year - that's a ficticious registrar requirement. Find an appropriate schedule, then decide what to audit flexibly...........
This may not address the original post, from 2005 (I'm guessing Crusader has resolved her issues!), but............
Your schedule is to audit each of your processes, the fewer you have the smaller your schedule. We also have to include product realization audits we do 2-3 each audit cycle.
This may not be accurate, since it doesn't address the requirement to audit based on status and importance. Audits should be done on a 'pull' system, not a 'push'. Don't 'push' audits on management. Find out where their processes are not delivering to the customers and/or organization's objectives, then go audit the process to find out why.
It's not necessary to cover eveything once a year - that's a ficticious registrar requirement. Find an appropriate schedule, then decide what to audit flexibly...........
Last edited:
D
DaMann
Re: Internal Auditing to ISO 9001:2000 - How to schedule/plan and perform an ISO audi
I have to agree with this post as we were hit with a minor non-conformance
due to the fact there was no justified way to show my "compentency" and ability to preform an Internal Audit. Our Corrective action was to send me to a 3 day course for internal auditor training. I actually learned a few things i did not know.
I have to agree with this post as we were hit with a minor non-conformance
due to the fact there was no justified way to show my "compentency" and ability to preform an Internal Audit. Our Corrective action was to send me to a 3 day course for internal auditor training. I actually learned a few things i did not know.
Q
qualityboi
Using standard clauses titles to name processes
The ISO clauses however, are structured to a process audit. I see no problem in making the design, manufacturing and facility departments part of a larger product realization process on an audit schedule. This approach I believe is the best one, especially for siloed organizations where you have great difficulty process mapping because you may have many departments with different methods for what should be systemic processes, eg, corrective action, document control, training etc.
Sure I know 3rd party auditors could be writing us up for not having systemic processes but where in the standard does it state you must be systemic? It's only implicity implied and I am not about to argue with our CEO to change the org structure. When external auditors even try to go there each individual department manager just states that they have their own way of meeting requirement because of their specific needs...Is this wildly inefficient...in some cases it is, and some cases it is actually true. One still has to get out an audit plan that will align to the company structure, meet ISO requirements, and still be somewhat effective and feasible.
After 12 yrs of auditing and ending up with a huge audit schedule comprised of about 80 processes (all of which are critical to the product and customer satisfaction). I decided to take the approach above mainly because our company (and the majority of American companies) do not manage by process, but manage by personnel in charge of functional (often siloed) departments or areas. This has cut our internal schedule to less than half 30-33 audits.
The ISO clauses however, are structured to a process audit. I see no problem in making the design, manufacturing and facility departments part of a larger product realization process on an audit schedule. This approach I believe is the best one, especially for siloed organizations where you have great difficulty process mapping because you may have many departments with different methods for what should be systemic processes, eg, corrective action, document control, training etc.
Sure I know 3rd party auditors could be writing us up for not having systemic processes but where in the standard does it state you must be systemic? It's only implicity implied and I am not about to argue with our CEO to change the org structure. When external auditors even try to go there each individual department manager just states that they have their own way of meeting requirement because of their specific needs...Is this wildly inefficient...in some cases it is, and some cases it is actually true. One still has to get out an audit plan that will align to the company structure, meet ISO requirements, and still be somewhat effective and feasible.
Last edited by a moderator:
P
PVieira
Re: Internal Auditing to ISO 9001:2000 - How to schedule/plan and perform an ISO audi
wweng7
Here is the example you asked for..... I hope it helps.
If you have any questions feel free to contact me and I will monitor this thread for the next few days as well.
Good Luck,
P Vieira
wweng7
Here is the example you asked for..... I hope it helps.
If you have any questions feel free to contact me and I will monitor this thread for the next few days as well.
Good Luck,
P Vieira
Helmut Jilling
Auditor / Consultant
Re: Using standard clauses titles to name processes
I agree that 80 processes would be way too many. I would assume many of those were actually sub-processes, and the system was broken down into too many smaller pieces. The averages I see range from 15-20 processes.
I would argue it is wildly ineffective. That one "Super Process" is probably 75% of your organization's core activities. If you audit that as one processes, you hide the whole point of seeing how the processes (and depts.) interact. This is the very silo thing that the process approach is designed to audit through.
Most companies are not changing their departmental structure, but that's OK. But the system has to be designed to view it as a process approach. Over time the metrics and audits can be designed to measure the effectiveness between these processes. The two are compatible with each other, if done well.
Agree on that point, but I don't think your Super-Process would meet that intent.
I agree that 80 processes would be way too many. I would assume many of those were actually sub-processes, and the system was broken down into too many smaller pieces. The averages I see range from 15-20 processes.
I would argue it is wildly ineffective. That one "Super Process" is probably 75% of your organization's core activities. If you audit that as one processes, you hide the whole point of seeing how the processes (and depts.) interact. This is the very silo thing that the process approach is designed to audit through.
Most companies are not changing their departmental structure, but that's OK. But the system has to be designed to view it as a process approach. Over time the metrics and audits can be designed to measure the effectiveness between these processes. The two are compatible with each other, if done well.
Agree on that point, but I don't think your Super-Process would meet that intent.
Y
YoYoW
Re: Internal Auditing to ISO 9001:2000 - How to schedule/plan and perform an ISO audi
Here my old ISO/ TS audit schedule. Let me know if this helps you at all.
Here my old ISO/ TS audit schedule. Let me know if this helps you at all.
This is an old thread but I want to add to it anyway.
I made an Audit Program Manager tool for integrated ISO 9001:2015 and ISO 14001:2015 systems. The contents are not specifically required by the standards, but are designed to help plan, perform, track results of and maintain follow up for internal audits.
I will follow up with a 9001 only version - today I added the tabs for the report and corrective action templates.
I hope this helps!
I made an Audit Program Manager tool for integrated ISO 9001:2015 and ISO 14001:2015 systems. The contents are not specifically required by the standards, but are designed to help plan, perform, track results of and maintain follow up for internal audits.
I will follow up with a 9001 only version - today I added the tabs for the report and corrective action templates.
I hope this helps!
Similar threads
