1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Internal audit (ISO 9001:2008 8.2.2)

Discussion in 'ISO 9001:2008 - Quality Management Systems' started by Glenn0004, Apr 12, 2016.

  1. Glenn0004

    Glenn0004 Member

    Joined:
    Jan 7, 2016
    Messages:
    17
    Likes Received:
    1
    Trophy Points:
    2
    We have just completed a 3rd year re-accreditation audit against 9001:2008 one of the auditors observations was based upon our audit methodology, that may not determine whether the quality
    management system a) conforms to the planned arrangements, to the requirements of this International Standard and to the quality management system requirements established by the organization, and b) is effectively implemented and maintained.

    Our audit methodology is based on the the audit of ISO requirements within each business process as opposed to a person(s) (auditor) auditing a specific ISO requirement i.e. "4.2.3 Control of documents" as a separate and individual audit. Some ISO requirements such as document control will be applicable to ALL business processes while some i.e. 7.4.1 Purchasing process will only be audited during the scheduled audit for purchasing.

    Our external auditor view is that we should be auditing each specific ISO requirement as an individual audit.

    Any suggestions on the best approach?
     
  2. pkfraser

    pkfraser Active Member

    Joined:
    Aug 1, 2015
    Messages:
    93
    Likes Received:
    61
    Trophy Points:
    17
    Location:
    Aberdeen Scotland
    Well done!

    How else would you show that you are following a process approach to managing how you run the business?

    Perhpas you might ask your assessor...
     
  3. David Sanabria

    David Sanabria Active Member

    Joined:
    Jan 2, 2016
    Messages:
    50
    Likes Received:
    4
    Trophy Points:
    7
    Time to get an auditor that understand the value of process auditing - so call your registrar and make such request. Auditor are encourage to add value to the audit without consulting and it is obvious that your auditor has not evolved.
     
  4. MCW8888

    MCW8888 Well-Known Member

    Joined:
    Aug 17, 2015
    Messages:
    642
    Likes Received:
    198
    Trophy Points:
    42
    I agree, that you need to escalate this case to your Certifying Body. If there is a formal NC, please go through the process of dispute. To be fair, the auditor is probably telling you that because this is a recertification audit, you also have to do a sit down documentation review of the whole system (like the stage 1 audit) to make sure your QMS is still "bolted" to the ISO9001:2008 standard. I am facing situation right now. After I read all the Internal Audit reports, I have to do a QMS audit to make sure that every clause is covered- sort of playing it safe. Just in case the auditor asks for this and that, I give him this and that. Hope this helps.
     
  5. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    Since ISO 9001 only tell us WHAT to do, not HOW to do it, auditing against the clauses is just one-third of 8.2.2a. Your QMS must be audited against:
    1st part - PLANNED ARRANGEMENTS (e.g. product realization stages/procedures, monitoring and measurement stages, control plan, etc.);
    2nd part - THE REQUIREMENTS OF ISO 9001 STANDARD (i.e. these are the WHATs);
    3rd part - THE QMS REQUIREMENTS ESTABLISHED BY THE ORGANIZATION (i.e. these are the HOWs).
    Your CB auditor is out of line to call the "observation" against both 8.2.2a and 8.2.2b. To determine whether your QMS is effectively implemented and maintained, take the definition of "effectiveness" (i.e. extent to which planned activities are realized and planned results achieved). That means you have to check whether the expected outputs of your QMS processes are being delivered by implementing what you have committed to do. See also clause 4.1f which specifies "implement actions necessary to achieve planned results and continual improvement of these processes."

    This kind of auditing does not promote the PROCESS APPROACH principle espoused by ISO 9001. You can check conformance to the relevant clauses while auditing the processes of your QMS. This is clearly indicated in clause 4.1 which specifies "These processes shall be managed by the organization in accordance with the requirements of this International Standard."
     
  6. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    1,071
    Likes Received:
    722
    Trophy Points:
    112
    Location:
    USA
    I have seen the sample of, for example controlled document revision checks in process audits be declared as coverage of 4.2.3. But I wondered, why not audit document control as the process that it is? Would an overview of the entire process, plus maybe the results of all those sampled mini-audits, be a good idea? It would be a chance to assess for systemic issues. This is what I wonder if your CB was asking for. Same goes for training, record retention, and other support processes.
     
  7. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    This type of comment/observation/finding is what I detest most about auditors, I think. They have apparently provided ZERO evidence of where your methodology isn't demonstrating the requirements you've had cited, yet what you describe as your methodology seems (to me) to be the way process audits should be done. I'd ask why any requirement of the standard - especially document control - would be audited as a "stand alone" requirement unless, if considering "status and importance" it has changed. I'm thinking this auditor's comment was as simple as a "throw away" because you aren't fitting his "model" of how audits are supposed to be done. Tell the CB not to send that one back in future...
     
    MCW8888 likes this.
  8. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    1,071
    Likes Received:
    722
    Trophy Points:
    112
    Location:
    USA
    Since that CB auditor is not here to defend himself, it is not easy to be certain he was just issuing arbitrary requirements.

    I would further add that the support process of document control is expected to be audited as an important component of an effective management system. The management system is expected to be audited for effectiveness, so I would expect to see coverage at least once in a registration cycle even if the process has not changed.

    It might not pass the "straight face test" if the NC were sent in to dispute, however, if the process was sampled throughout the other process audits. I cannot see the audit documentation so it is not appropriate to say much more than this with certainty.
     
  9. MarkMeer

    MarkMeer Well-Known Member

    Joined:
    Dec 3, 2015
    Messages:
    138
    Likes Received:
    62
    Trophy Points:
    27
    There is definitely no need to have "separate and individual" audits for each section...that would be ridiculous.

    It sounds like you're already fulfilling the requirements, but it's just not clear to the auditor.

    Perhaps it's just a matter of clearly stating a scope on each audit record that lists the ISO sections (and QMS requirements) covered?
     
  10. MCW8888

    MCW8888 Well-Known Member

    Joined:
    Aug 17, 2015
    Messages:
    642
    Likes Received:
    198
    Trophy Points:
    42
    It is very tedious to plan a good process audit. The auditors have a full plate so they tend to play it safe. Conduct a pseudo process audit but stay in the comfort zone on auditing the clauses. I do not like it.
     
  11. David Sanabria

    David Sanabria Active Member

    Joined:
    Jan 2, 2016
    Messages:
    50
    Likes Received:
    4
    Trophy Points:
    7
    WOW-- Tedious to plan a good process audit - are you kidding.

    Planning a process audit is so much easier than a clause audit - example - auditing your purchasing process versus you clause audit ... example : I am auditing your 4.2.3, 4.2.4, 6.0, 7.4.1, 7.4.2 etc....
     
    Jennifer Kirley likes this.
  12. MCW8888

    MCW8888 Well-Known Member

    Joined:
    Aug 17, 2015
    Messages:
    642
    Likes Received:
    198
    Trophy Points:
    42
    Have you linked everything to effectiveness?
     
  13. David Sanabria

    David Sanabria Active Member

    Joined:
    Jan 2, 2016
    Messages:
    50
    Likes Received:
    4
    Trophy Points:
    7
    etc... (Risk, Effectiveness, Calibration, Non conformance, Continuous improvement, Inspection............. etc.
     
  14. MCW8888

    MCW8888 Well-Known Member

    Joined:
    Aug 17, 2015
    Messages:
    642
    Likes Received:
    198
    Trophy Points:
    42
    Unfortunately the CB auditors are functioning in a different space and the IAOB are pressing them to audit not only effectiveness of the process but to the clauses. They do not have that luxury to plan ahead before visiting the client.
     
  15. David Sanabria

    David Sanabria Active Member

    Joined:
    Jan 2, 2016
    Messages:
    50
    Likes Received:
    4
    Trophy Points:
    7
    Not sure where you got this info but it is not accurate.

    First, when you audit a process - you must audit to the standards

    Second, what ANAB and IAQG is looking is for process audits - not the auditor looking at each clause - (for example - 7.2 Contract Review Process, 7.4 Purchasing Process, 7.3 Engineering Process and 7.5 Production / Manufacturing Process). I would add Quality Manual, Management and Management review , NCR MRB, Customer Satisfaction and Internal audits. NOTE: I just provided a typical audit plan for 3 days.

    Third, The usage of a checklist is optional but the clauses that were audited must be part of the Matrix and PEARS submitted to the CB
     
  16. MCW8888

    MCW8888 Well-Known Member

    Joined:
    Aug 17, 2015
    Messages:
    642
    Likes Received:
    198
    Trophy Points:
    42
    Thank you for the feedback. CB auditor is suppose to audit our Quality Management system documentation and evaluate it for effectiveness. And when they find any deviation to our management system, they are going to the standards to determine our conformance. This process is not really seamless. But that's what it is.
     
  17. David Sanabria

    David Sanabria Active Member

    Joined:
    Jan 2, 2016
    Messages:
    50
    Likes Received:
    4
    Trophy Points:
    7
    In fact, the roles of CB auditor is to audit your QMS for compliance and effectiveness. Effectiveness is cover under Management Review (Metric) and other areas.

    You internal auditor should be looking at your procedures, documentation and effectiveness of the QMS processes.
     
  18. MCW8888

    MCW8888 Well-Known Member

    Joined:
    Aug 17, 2015
    Messages:
    642
    Likes Received:
    198
    Trophy Points:
    42
    I think our conversation is out of the scope of Glenn's question.
     
  19. David Sanabria

    David Sanabria Active Member

    Joined:
    Jan 2, 2016
    Messages:
    50
    Likes Received:
    4
    Trophy Points:
    7
    Actually, while we both enjoyed the interaction of ideas and points of view - it fits whitin the teaching moments of the auditing process and hopefully someone would be more educated through this process - Thanks :)
     
  20. MCW8888

    MCW8888 Well-Known Member

    Joined:
    Aug 17, 2015
    Messages:
    642
    Likes Received:
    198
    Trophy Points:
    42
    Thanks. unfortunately, there are auditors and there are AUDITORS- I mean external ones. Not all of them are created equal. The ones in this forum seems to be what I would classify as the best ones.