Scheduling: Your systems says who schedules audits. ISO does not have a requirement for management to schedule them or anything like that.
The status and importance issue from ISO is one of the originals. QS-9000 has led everyone to the once a year 'criteria'. The original intent was to let the company decide, based upon reason, what to audit and when. If you are having problems in a specific area or with a specific system, more frequent audits are 'expected'. One area that was often passed over for long periods were systems like traceability (remember for some companies traceability is not much of an issue) where no problems were evident for a year or two or more there was justification to spread your audit for that out to maybe 18 months. Document control was another one which - well, as you audit just about anything you're automatically seeing whether document control is effective and whether the system is being followed. You're asking people to show you their documentation, explain about their records, etc. From this (and I have seen registration audits where document control was 'passed' by the fact of all the other audits) you could argue that (assuming no 'recent' findings) 18 months or 2 years would be sufficient for a document control audit. On the other hand, an auditor could argue for at least yearly audits because of the criticality of document control (importance).
Since QS-9000 sunk in and with thanks to the push by the ASQC and 'the auditors' (to the extreme of wanting companies to 'register' or 'certify' their internal auditors - can you say $$$?), the 1 year for auditing everything at least once is pretty much expected.
Just remember the words: Status and Importance.
Status: Are there recent problems? When was it last audited?
Importance: Your judgement as to how important or critical a system is.
If you are walking to lunch and pass a container and see nonconforming product what do you do? It's not a formal audit - you're on your way to lunch. But it is a concern so I suspect you would notify the appropriate operator, supervisor or whoever. Then, a determination would be made at to whether a corrective action was required or not, but at the least the nonconforming product would be identified and appropriate nonconformance system aspects would apply - loging the findings or however your system works.
I can't see any difference in a 'mini' audit. If you identify a nonconformance you use the appropriate system to rspond. And yes - I would log them as audits. That's what they are, aren't they???
One of the things I have done in most implementations is to schedule 'walk-throughs' where I simply go department by department for small samples to assess compliance status. It is high risk, small sample size, but if you're finding a lot of things the problems are obviously serious. I reported findings - they reacted. The only difference is in implementation, prior to the registration audit, the system findings were typically not a driver for a corrective action unless no progress has been made. This is discussed in the latest implementation guide. (I don't think this is addresed in the posted 'example' slides and I'm not updating them again - only the guide files which are for sale - can't give away everything...)
-> I guess what I was pointing to was the definition of the
-> Mgt Rep. "ensuring that processes needed for the quality
-> Management system are established, implemented and
-> maintained". To me, that "could suggest" monitoring Top
-> Management's quality planning.
I don't think the intent is to require upper management to directly oversee internal audit scheduling. The schedule and the results of audits are supposed to be presented during management review.
My advise is to continue to schedule yourself but be prepared to explain your reasoning for the schedule. Heck - there are several clients I do audits for about yearly (see below - we're now on 14 month cycle). Two of them have really neat audit schedules. They have a calandar on the wall and each winter when they replace it they write in the audit dates that I will be there the coming year. Now, this is just a typical wall calendar like your insurance company or bank would give you or send you. I go over each system. No complaints yet (going on 4 years for both of them). The audits have always gone very well, so I do include in my write up my OPINION that nothing indicated a need for any audits prior to the next scheduled audit. By the way, we currently schedule audits at 14 month frequencies now because the audits have always gone well (as have the survalience audits by the registrar) with no complaints by the registrar. Remember, these are small companies - one 14 people and one about 35 people.
The biggest thing here is to understand YOUR internal audit system, what internal audits are supposed to do, and to be ready to explain what you do and what your reasoning is.
-> Auditors can be swayed by their expectations, and part of
-> the job of the Management Rep is to put those
-> expectations into perspective for the company the auditor
-> is auditing.
Yes.
