1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Double auditing?

Discussion in 'ISO 9001:2015 - Quality Management Systems' started by Qualmx, Apr 19, 2019.

  1. Qualmx

    Qualmx Well-Known Member

    Joined:
    Oct 7, 2015
    Messages:
    464
    Likes Received:
    59
    Trophy Points:
    27
    Location:
    Mexico
    Hi everyone
    How do you perform an audit, like this case.
    Scope .
    Compliance vs 9001 2015
    For example 4.4.1 c vs 8.1 b1
    Both refer to processes, criteria for control.
    If they are the same, when auditing, you audit only 4.4 or 8.1? What's usual?
    The same happens in several clauses
    How auditors do in this case?
    Other question
    What is the best practice when auditing in this case.
    An auditor can find a minor problem, e.g. three documents with wrong revision.
    From here
    One criteria is To write down the nc.
    While other criteria is to say to auditee, correct it, and I just mention it, but don't write down NC.
    What to do, and what depend on to choose one or other criteria?
    Thanks
     
  2. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    1,071
    Likes Received:
    722
    Trophy Points:
    112
    Location:
    USA
    Good day Qualmx,

    It is possible to apply more than one clause to a finding. That said, some may apply more specifically to given situations than others.

    The standard is essentially set up in Plan-Do-Check-Act. 4.4.1 is in planning, 8.1 is in control (doing). 8.1 includes more detail in what that process control planning and implementation is to include. It might help to purchase the document ISO/TC 9002:2016, Quality management systems — Guidelines for the application of ISO 9001:2015. In 4.4.1 it begins by saying:
    In 8.1 it begins by saying:
    If people are doing activities critical to customer satisfaction but processes and their controls have not been defined, I would cite the "plan" clause(s) as applicable: 4x, or perhaps 6x.

    If processes have been identified and developed but are not being followed, I usually apply the "do" section of clauses, such as 7.x and 8.x.

    If I find three controlled documents being used in wrong revision, it is generally a nonconformity. Control of versions is best found in 7.5.3.2. ISO 9002:2016 describes it in part as:
    When outdated versions are found in use, yes they need to "correct it" but that also includes discovering and resolving why the wrong revision is in use at the place of work. This second step is intended to help prevent recurrence or occurrence elsewhere, a requirement of 10.2.
     
    Qualmx likes this.
  3. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Is the scope "compliance vs ISO 9001:2015? If it is, that's your problem. You shouldn't be auditing "clauses". You really should be auditing processes and then decide which are the applicable requirements of ISO 9001 which are affected. I'm left wondering that, with such a basic question, what your audit training told you to do. Did you get some auditor training?
     
    Last edited: Apr 20, 2019
  4. Qualmx

    Qualmx Well-Known Member

    Joined:
    Oct 7, 2015
    Messages:
    464
    Likes Received:
    59
    Trophy Points:
    27
    Location:
    Mexico
    Thanks Andy and Jenni
    Andy
    Even if you audit processes you may find this case, it is not so?
    On the other hand, when a system is implemented for first time, there should be a type of audit to ensure all clauses are covered by all processes, don you think like that? I don't know how to name this type of audit and I think it should be focused to cover everything in my opinion.
    Finally, you are right, I received a poor trained and want to improve my skills, could you recommend me a book or similar reading?
    Thanks
     
  5. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    I have written a book on auditing you could try.

    What you describe is a compliance audit. But all clauses don't have to be covered by all processes. You don't have to check everything every time.
     
  6. Qualmx

    Qualmx Well-Known Member

    Joined:
    Oct 7, 2015
    Messages:
    464
    Likes Received:
    59
    Trophy Points:
    27
    Location:
    Mexico
    Thanks, could You Tell us Thr name of the Hook and how can we get it?
    Thanks
     
  7. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    1,071
    Likes Received:
    722
    Trophy Points:
    112
    Location:
    USA
    While we are required to assess effective implementation of the standards' requirements, I agree with Andy that the focus should be on the customer and the process. Identifying clauses takes a "back seat" in priorities. I also agree that not all clauses are to be audited in each process. We identify which apply to what process. In case it helps, I have attached a tool kit in the Resources forum that has an example matrix that suggests which clauses might apply to which process.

    Craig Cochran has excellent books on ISO 9001:2015 In Plain English. One of them is about auditing.
     
    Qualmx likes this.
  8. Qualmx

    Qualmx Well-Known Member

    Joined:
    Oct 7, 2015
    Messages:
    464
    Likes Received:
    59
    Trophy Points:
    27
    Location:
    Mexico
    Thanks Jenni and Andy
    I really appreciate your time and help
     
  9. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Qualmx likes this.
  10. Qualmx

    Qualmx Well-Known Member

    Joined:
    Oct 7, 2015
    Messages:
    464
    Likes Received:
    59
    Trophy Points:
    27
    Location:
    Mexico
    Jenni
    In kit you provided,
    In 7.1.2 infrastructure , all included
    In 7.2 competence, all included
    In 9.2 audit, only one
    In 7.1.6 org knowledge , only some.
    What was your criteria to define who are involved?, it is not clear for me.
    For example, 4.1 , 4.2 is clear , is for top management, but why don't to audit also to the rest of processes, since also they involved?
    In 7.1.2 infrastructure , is for all, but if this is a Process, wouldn't enough to audit the owner of that process.?
    7.2 competence, to ensure competency the responsible is the owner of human resource process, is enough to audit to him/her, instead all processes?
    In 7.1.6 org knowledge, why only some of them if all are involved?
    In 9.2 audit, why only one, if everybody is involved in audits?
    So, finally, the criteria is it to audit the responsible of process managing the clause , or all processes involved in the clauses or both?
    Could you clarify it please?
    Thanks
     
    Last edited by a moderator: Apr 23, 2019
  11. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    1,071
    Likes Received:
    722
    Trophy Points:
    112
    Location:
    USA
    Infrastructure is only part of 7.1. The rest is resources, a wide assortment of types. If you have a process that does not require resources, please feel free to leave that out.

    Similarly, if you have processes that do not need competence to succeed, feel free to leave that out. (I am not aware of any.)

    Internal audit is a process that reviews other processes; but although Procurement would at some point be audited, the Procurement process is not usually responsible for the requirements listed in 9.2.

    Organizational knowledge is specifically planned in order to ensure required skill sets are not lost if a key person leaves. Not all processes will likely carry that concern. The organization decides.
     
    Qualmx likes this.