1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Setting up the ISO9001 for a sole proprietor company

Discussion in 'ISO 9001:2015 - Quality Management Systems' started by YK TANG, Jan 24, 2016.

  1. YK TANG

    YK TANG New Member

    Joined:
    Nov 26, 2015
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Hi all,

    I would like to seek experience from members here, if you have any experience helping clients to set up their ISO9001:2008 or ISO9001:2015, if the client is a sole-proprietor, i.e. he/she is a "One-person company".

    I have a friend who is running a small trading company, and he is basically a 'One-man company', where his operation is fairly simple. The operations is basically to understand the customers needs (he is in premium gifts business), and forward all his customers needs to his suppliers / contractors (outsourced) to produce them. he will sell them back to the customer.

    Now that he has acquired a job with a large company, and one of their policies is to have vendors ISO9001 certified. He is trying to go for the certification.

    Now, basically, if we are to read the ISO9001 requirements, everyone / every company regardless of size can be certified ISO9001. The whole implementation should not be difficult.

    Just a quick questions, in this case, how he/she is to perform "INTERNAL QUALITY AUDIT" ?


    Thanks
     
  2. Leonid

    Leonid Well-Known Member

    Joined:
    Jan 4, 2016
    Messages:
    164
    Likes Received:
    31
    Trophy Points:
    27
    Location:
    Moscow
    To subcontract a competent external auditor.
    This approach is used regardless the number of employees.
     
  3. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Perhaps you could guide the OP to what this means. Many claim to provide such services, but frequently all they do is emulate what a CB auditor does, once or twice a year...
     
  4. Leonid

    Leonid Well-Known Member

    Joined:
    Jan 4, 2016
    Messages:
    164
    Likes Received:
    31
    Trophy Points:
    27
    Location:
    Moscow
    The guide is ISO 9000:2015 cl.3.10.1 Note 3 which reads “Internal audits… are conducted by, or on behalf of, the Organization itself…” Please refer to “on behalf of”.
    Internal audits can be conducted, on behalf of the organization, by either a freelancer(s) or a CB. The freelancer can be a CB auditor. (The CB shall not provide internal audits to its certified clients - ref to ISO 17021:2015 Part 1 cl. 5.2.6).
    Internal auditors shall implement requirements of 9.2 which are similar to those implemented by CB auditors.
     
  5. RoxaneB

    RoxaneB Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    926
    Likes Received:
    1,081
    Trophy Points:
    92
    Location:
    Ontario, Canada
    Organizations, regardless of their size, can conduct internal audits in a manner that (a) ensures the requirements of the standard and the QMS are assessed and (b) works for - i.e., adds value to - the organization.

    So, yes, bringing in an external auditor is an option, but consider the various possibilities with that option.

    1. Hire someone
    2. Network with local small businesses and have them audit the organization (and the organization audits them)
    3. Local educational institutions that offer quality programs - students can gain real world knowledge.

    There is nothing in the standards that says the auditors need to have completed a course in auditing or the standards (it may help, however). The organization indicates what constitutes a competent auditor (i.e., one that will meet the needs of the organization while fulfilling the task of assessing conformance to the QMS/standard requirements) and will require some means of being able to demonstrate such competency. However, there are creative options out there for small organizations to consider above and beyond hiring a possibly expensive consultant who may or may not take the time to appreciate what the organization does beyond the black and white requirements.
     
  6. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    This is confusing! You say the auditor can be a CB auditor and then say the CB can't do internal audits. Do you mean the "freelancer" may happen to also work for a CB? Doesn't that reinforce my comment about some auditors just doing an audit which looks like a CB audit?
     
  7. David Sanabria

    David Sanabria Active Member

    Joined:
    Jan 2, 2016
    Messages:
    50
    Likes Received:
    4
    Trophy Points:
    7
    I would like to go with the concept of hiring a competent external auditor that does process audit. (Could be working for a CB or any other institution) - the key is - let the auditor explain to you how they would add value (without excess bureaucracy) to your QMS.
     
  8. hogheavenfarm

    hogheavenfarm Well-Known Member

    Joined:
    Jul 30, 2015
    Messages:
    220
    Likes Received:
    160
    Trophy Points:
    42
    The internal audit is very hard for very small companies. Typically they operate in niches where bringing another business in (exchange auditing) can cause loss of business or stolen proprietary information. They typically cannot return the favor because as a one person show they do not have the time to reciprocate with another business. Having a education option sounds interesting, but would require to to be close to schools or colleges that would do this. Hiring out for the average "tiny business" is a big expense also, as it must be a full audit, since the one operator show is directly responsible for every process (its all his own work), although the 2015 version has dropped this language, so maybe there is some leeway there.
    I have always believed that certification is much harder financially on very small operations, and this discourages adoption, after all, if his customer did not require it, he would likely stay uncertified, right?
    On the plus side, control in a small company is more easily accomplished since the decision making is concentrated.
     
  9. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Of course, under the 2015 requirements, there is no longer the "the auditor can't audit their own work" clause... So, the sole proprietor could audit their work...
     
    hogheavenfarm likes this.
  10. Leonid

    Leonid Well-Known Member

    Joined:
    Jan 4, 2016
    Messages:
    164
    Likes Received:
    31
    Trophy Points:
    27
    Location:
    Moscow
    1. About a freelancer being CB auditor.
    CB widely contract freelance auditors to do audits. Usually these auditors are trained and qualified by the same CB. Each auditor signs a statement of impartiality and no conflict of interest.
    2. About self-auditing:
    ISO 9001:2015 cl.9.2.2 reads: "The organization shall: c) select auditors and conduct audits to ensure objectivity and the impartiality of the audit process. Please pay attention to "impartiality". Self-audit wil not be impartial.
    ISO 17021:2015 Part 1 cl. 4.2.4 reads: "Threats to impartiality may include but are not limited to the following: b) Self-review: threats that arise from a person or body reviewing the work done by themselves.
     
  11. hogheavenfarm

    hogheavenfarm Well-Known Member

    Joined:
    Jul 30, 2015
    Messages:
    220
    Likes Received:
    160
    Trophy Points:
    42
    I think self audit can be impartial under certain conditions, such as following a premade audit checklist composed by others outside the area of review. If issues are found, then followup would have to be by an 'impartial' auditor, but for overall evaluation, a checklist will work in this case.
     
    Pancho and Andy Nichols like this.
  12. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    How have you determined this? BTW - the impartiality mentioned in ISO 17021 has little/no bearing on ISO 9001 internal audits... so citing it is not really relevant to the discussion - since the OP is only interested in ISO 9001.

    I'm not sure what bearing this has on the topic. Of course, if a CB trains its auditors then they ARE going to do a third party audit - which is reason enough to avoid contracting with someone who also works for a CB, unless they can competently identify the differences in approach between the two types of audit...
     
  13. Golfman25

    Golfman25 Well-Known Member

    Joined:
    Nov 6, 2015
    Messages:
    816
    Likes Received:
    402
    Trophy Points:
    62
    I don't know. They way I see it, I know people who where multiple hats: consult, do internal audits for small companies, and third party audits for CBs.

    With a one person show, internal audits obviously become problematic. So contracting with someone to do the audit is simple, if not expensive. I am intrigued by the apparent allowance to audit your own work.
     
  14. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    They may, but there's a big difference in how to do internal vs CB audits. How many know that?
    Feedback from the ISO survey - mainly from small companies. Why should they be forced to seek outside help vs being responsible for different aspects of the processes. We don't all have the luxury of not auditing our own work...
     
  15. PaulJSmith

    PaulJSmith Well-Known Member

    Joined:
    Jul 30, 2015
    Messages:
    107
    Likes Received:
    113
    Trophy Points:
    42
    Location:
    Midwestern USA (STL area)
    The Note at the end of 9.2 references ISO 19011 for guidance, which I believe also calls for independence from the activity being audited. As much as I support the idea, especially for small businesses, I just don't see being able to convince a CB that self-auditing is acceptable.
     
  16. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Why should you? There's no criteria in ISO 9001 anymore and ISO 19011 is guidance. "Independence" is what you say it is! Americans - those after the declaration of same - were still the same folks doing the same things, they just didn't have the same ruler...
     
  17. Leonid

    Leonid Well-Known Member

    Joined:
    Jan 4, 2016
    Messages:
    164
    Likes Received:
    31
    Trophy Points:
    27
    Location:
    Moscow
    Any CB auditor will evaluate self-auditing as nonconformity since indepndence of the audit is not ensured. Refer to ISO 9000:2015 cl 3.13.1 "audit is ...independent...process ...".
     
  18. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    1,071
    Likes Received:
    722
    Trophy Points:
    112
    Location:
    USA
    The standards' intent has always been objectivity in the audit function. It might be useful to divert attention from the requirements by the letter and focus on the fact that most of us are less likely to notice an issue in our own work than that of others. That can be from familiarity and/or interpretation/misinterpretation of requirements.

    I am a contract CB auditor and every year must list organizations I have been employed by, or performed services for, in the last year. We are not able to audit any of these organizations within a 2-year period. I doubt that will change.

    It would be nice if it was easier to find companies to swap auditing services with.
     
  19. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    If I have to look in a mirror, do I need somebody in my side to tell me those that need fixing?
     
  20. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    1,071
    Likes Received:
    722
    Trophy Points:
    112
    Location:
    USA
    Maybe. It is a natural tendency to accept that which we have created or implemented. In some cases there may also be a limited understanding of the standard, though admittedly that point is not the major focus of this discussion.