1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

audit programme - consideration factor

Discussion in 'ISO 9001:2015 - Quality Management Systems' started by wywy2020, Mar 18, 2016.

  1. wywy2020

    wywy2020 Member

    Joined:
    Sep 23, 2015
    Messages:
    13
    Likes Received:
    2
    Trophy Points:
    2
    how u guys show to auditor that the audit programme has take into consideration of the below:

    9.2.2 The organization shall:

    a) plan, establish, implement and maintain an audit programme(s) including the frequency, methods, responsibilities, planning requirements and reporting, which shall take into consideration the importance of the processes concerned, changes affecting the organization, and the results of previous audits;
     
  2. hogheavenfarm

    hogheavenfarm Well-Known Member

    Joined:
    Jul 30, 2015
    Messages:
    220
    Likes Received:
    160
    Trophy Points:
    42
    Usually the program itself (an overview) is documented (the 'plan' part) in a procedure or Quality Manual, and records are kept of the result and frequency (the 'maintain' part). The criticality is determined based on defectives data or some other measure of the process performance. I generally submit this in the management review in the form of a risk matrix, and that determines the order of the internal audits. The 'frequency' depends on criticality, some processes need to be monitored more often than others. I avoid hard and fast dates and schedules, basing the need on the above, and the fact we have very limited resources to do this (just me usually). Some may be once a year or more, some may be longer, it depends on the process and what it can effect.
     
    PaulJSmith and Andy Nichols like this.
  3. Claes Gefvenberg

    Claes Gefvenberg Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    230
    Likes Received:
    208
    Trophy Points:
    42
    Location:
    Eskilstuna, Sweden
    Same here. We plan the next audit based on the result of the previous one. The default frequency is a year, but a good result can keep us away for 18 months, a really poor one will mean that we are back in six months, and an absolute shambles obviously means a re-audit. Stick and carrot in one, while enabling us to direct our meager resources to where they will be most useful... ;)
     
    MCW8888 likes this.
  4. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Sometimes you just have to explain...
     
    Paul Simpson likes this.
  5. Qualmx

    Qualmx Well-Known Member

    Joined:
    Oct 7, 2015
    Messages:
    464
    Likes Received:
    59
    Trophy Points:
    27
    Location:
    Mexico
    Show the documented procedure, the plan, the competency of auditors,the records of audits,minutes of meeting of management review ,where is revised the audit status, the findings report, etc.
    Regards
     
  6. wywy2020

    wywy2020 Member

    Joined:
    Sep 23, 2015
    Messages:
    13
    Likes Received:
    2
    Trophy Points:
    2
    actually our annual audit program are repeated every year where all area are cover once in a year. Off course previous year are analyzed but we didn't really "use it" to incorporate into our program.
    I would say what the auditor expect is something like urs where process criticality are taken into consideration to decide frequency of audit.
    will that mean that every year ur audit frequency will change depends on previous result?
     
    Claes Gefvenberg likes this.
  7. Padym

    Padym Active Member

    Joined:
    Oct 19, 2015
    Messages:
    55
    Likes Received:
    8
    Trophy Points:
    7
    Great insights into this aspect. I have got a query, i.e.

    Does the standard require ..?
    a) to cover all clauses in 3-year window?
    b) to cover all process at each site at least once in 3 years
    c) to show the matrix of clauses elements covered against at the time of re-certification audit.
    For system clauses like Management review, control documents & records - should it be site wise each year, or process wise

    I'm aware that standard doesn't state requirements of these accept it should be based on the importance and status, but would like to seek your experience and recommended guideline for an organization having 4 sites, strength 300 staff and multiple processes.
     
  8. Claes Gefvenberg

    Claes Gefvenberg Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    230
    Likes Received:
    208
    Trophy Points:
    42
    Location:
    Eskilstuna, Sweden
    Yes, more or less. There is also a textbox in our audit application where we write down our reasoning when deciding the date for the next audit... Just in case "some C body" asks. :D
     
  9. RoxaneB

    RoxaneB Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    926
    Likes Received:
    1,081
    Trophy Points:
    92
    Location:
    Ontario, Canada
    My audit program does require looking at any previous audit results that generated findings to the process - not to confirm the closure (because hopefully, they've been closed a while), but more to see if the corrective actions (and corresponding results) have been sustained.
     
  10. Padym

    Padym Active Member

    Joined:
    Oct 19, 2015
    Messages:
    55
    Likes Received:
    8
    Trophy Points:
    7
    Does it mean, that there are no requirements of such to cover all elements of ISO9001 ?
     
  11. wywy2020

    wywy2020 Member

    Joined:
    Sep 23, 2015
    Messages:
    13
    Likes Received:
    2
    Trophy Points:
    2
    I know, but the question is how the previous audit result deciding your audit program and frequency? problematic area need to audit more often?
     
  12. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    It is ONE of the inputs. Not the only one. An audit program is one - or many - audits. The frequency of audits, as you say, may depend on problem areas (or processes) being audited earlier/often.
    If this was a requirement it would be IN the standard. It isn't.
    Correct. It's NOT in the standard to do those things. Ask yourself why is there an internal audit requirement in the standard. Why would TC 176 include a requirement to do internal audits? That might help you to learn and understand better. It has NOTHING to do with certification. So why would anyone want to audit their management system?
    You are missing the point. The 2008 standard shows you you should consider "status and importance". How did you do that and audit everything equally?
     
  13. wywy2020

    wywy2020 Member

    Joined:
    Sep 23, 2015
    Messages:
    13
    Likes Received:
    2
    Trophy Points:
    2
    ya....mind to share your annual audit program?
    does it mean that:
    i) critical process / dept are audited more often
    ii) previous audit result with high findings are audited more often
    iii) however, none of the process can be excluded and must be audited once a year?
     
  14. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    My annual audit program? Never had one! And audit program ISN'T a calendar. An audit program is a number of audits, based on status/importance etc (now importance and changes) etc. You can "calendar" some events that need auditing.

    Critical to what? Some processes are critical but rarely cause problems or have changes.
    Previous audits with high findings - depends on what was found - not a numerical value! Maybe the auditor was over zealous.
    Nothing HAS to be audited once a year.
     
  15. hogheavenfarm

    hogheavenfarm Well-Known Member

    Joined:
    Jul 30, 2015
    Messages:
    220
    Likes Received:
    160
    Trophy Points:
    42
    i) yes
    ii) yes
    iii) possibly, although our procedure states "the goal of the audit program is to audit each process annually, however this is subject to the allocation of resources and considerations of criticality and importance."
     
  16. wywy2020

    wywy2020 Member

    Joined:
    Sep 23, 2015
    Messages:
    13
    Likes Received:
    2
    Trophy Points:
    2
    does that mean that your yearly program is different from year to year after taking into the above consideration factors?
     
  17. hogheavenfarm

    hogheavenfarm Well-Known Member

    Joined:
    Jul 30, 2015
    Messages:
    220
    Likes Received:
    160
    Trophy Points:
    42
    yes, the order and frequency varies year to year, however the initial order is set at the final year end management review for the coming year. It may change, but we have 'planned' the audits at that time.
     
  18. Quality Renegade

    Quality Renegade Member

    Joined:
    Oct 7, 2015
    Messages:
    7
    Likes Received:
    12
    Trophy Points:
    2
    Location:
    London, England
    Please take a look at the attached file, it might help? The tracker is a bit rough around the edges, but it covers 3 different process dimensions/characteristics, and other factors [No. of customer complaints/CA/NC,etc.] to derive a score that determines the audit frequency for each process entered. This feeds through to the audit programme, the audit finding schedule and OFI/NC charts. Basically, it maps our interpretation of the PDCA approach to auditing our system and our processes.

    I've recently developed it as way to substantiate most/all of the above keywords/requirements from clause 9.2.2 and other clauses such as 10.2. Our project's management team, which includes client representatives seem to think it's the right approach, which is always a step in right direction!

    Inspiration came from some older, similar trackers that i had downloaded from Elsmar's [RIP] file attachments over the years. The tracker is a hybrid of many useful nuggets [hence avatar] i found there.

    Anyway, hope it helps!
     

    Attached File(s): 1. Scan for viruses before using. 2. Report any 'bad' files by reporting this post. 3. Use at your own Risk.:

  19. hogheavenfarm

    hogheavenfarm Well-Known Member

    Joined:
    Jul 30, 2015
    Messages:
    220
    Likes Received:
    160
    Trophy Points:
    42
    Essentially I do what QR said above, calculate a RPN number from the data I have, then set a priority order based on this. This is proposed as the "audit schedule" for the coming year, yet our wording allows us to deviate from the schedule should other factors suddenly arise during the coming year. As such, the proposed schedule may not end up exactly that way, but should be close.
     
  20. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Wow, how complicated is that? Why does it have to be so complex?