1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

What is an audit?

Discussion in 'ISO 19011 - Auditing Management Systems Guidelines' started by Andy Nichols, Jun 13, 2016.

  1. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    For those organizations who have been compliant to ISO 9001:2008, what are you doing differently in your internal audits to meet the 2015 requirements (if anything)?
     
  2. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    I believe there shouldn't be any difference. The intent of both versions are the same. The old and new definitions of audit are the same. But I'll be interested to know if the other members of QFO will provide examples.;)
     
    David Graham and Andy Nichols like this.
  3. Nick1

    Nick1 Member

    Joined:
    Jan 27, 2016
    Messages:
    49
    Likes Received:
    20
    Trophy Points:
    7
    Most of our customers haven't changed much regarding the internal audit, though when we talk to them they do tell us that they focus a bit more on the risks. Some of them performed a risk analysis on a department level which makes it relatively easy to audit what the different departments do to mitigate these risks. As an example: Customer default is a financial risk. During the audit of the financial department/ financial procedures they check if there are credit checks with the smaller customers and high risk customers before executing the order.

    The audit in it self hasn't changed but the focus of the audit changed a bit.
     
  4. Jamie Lill

    Jamie Lill Member

    Joined:
    Mar 17, 2016
    Messages:
    35
    Likes Received:
    1
    Trophy Points:
    7
    Management review record and your internal audit is all you need. When people start doing risk assessments, gap analysis pages of documentation this is not required.
    You have to show risk based thinking not perform a risk assessment. To show the auditor risk based thinking our example was before every quote is sent back to the customer it is revived by management to ensure we have not missed anything that could cost us money.
    That's it.
     
  5. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    But this isn't about the question asked, Jamie. I'm not interested in management review, risk assessments or what an external auditor should be shown.
     
  6. Jamie Lill

    Jamie Lill Member

    Joined:
    Mar 17, 2016
    Messages:
    35
    Likes Received:
    1
    Trophy Points:
    7
    I am just responding to the post above this was brought up so it fair game to post
    As for any changes no!
     
  7. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    So, what was your internal audit program doing before?
     
  8. Jamie Lill

    Jamie Lill Member

    Joined:
    Mar 17, 2016
    Messages:
    35
    Likes Received:
    1
    Trophy Points:
    7
    Well lets define an an audit.
    If you walk through the company and see garbage or a cluttered work area, and report this you are doing an audit.
    If you notice unmarked material while walking thru the shop and report this, you are doing an audit.
    If you look a work order card and notice mistakes and bring them up you are doing an audit.
    if you look at a quotation and comment you are doing an audit.

    All you do is have to record you what you do (your business)

    As for what changed in my audit (nothing) is what we do every day at work.

    You do not need pages of check list for an audit it what you do every day.

    Record this and this is your audit
     
  9. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    This is not considered to be an audit, if we define audit under the normative references in ISO 9000 etc. What you describe aren't management systems audits, which are required by ISO 9001. What you describe is something else and cannot be considered in this discussion. What did you do to meet ISO 9001:2008 internal audits?
     
  10. Jamie Lill

    Jamie Lill Member

    Joined:
    Mar 17, 2016
    Messages:
    35
    Likes Received:
    1
    Trophy Points:
    7
    Where do you get your definition of an audit, please show me in the standards what the definition of an audit is. As you say normative references in ISO 9000, please direct me in the standard to the definition.
    These are audits unless you can show me the definition in the standard 9001:2008 or 9001:2015
     
  11. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    ISO 9001:2008 and 2015, both use ISO 9000 as their normative references. Please check as I don't currently have access to my on-line library. You should also check ISO 19011 as a guideline which is in the bibliography to ISO 9001:2015 (and 2008). You CAN ignore these definitions - but only at your peril...
     
  12. Jamie Lill

    Jamie Lill Member

    Joined:
    Mar 17, 2016
    Messages:
    35
    Likes Received:
    1
    Trophy Points:
    7
    They have procedures for and audit but not a definition. They have rules for an audit but not a definition.
    Therefore what I do is and audit.
    Unless a ISO definition is in the standards, which is not.
     
  13. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    I'd suggest that this is taken to another thread as it's not answering the original intent of my question.
     
  14. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    3.13 Terms related to audit

    3.13.1 audit
    systematic, independent and documented process for obtaining objective evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled.
     
  15. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    3.1 audit
    systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled.

    The "audit evidence" of ISO 19011:2011 was changed into "objective evidence" by ISO 9000:2015.
     
    Andy Nichols likes this.
  16. David Graham

    David Graham Member

    Joined:
    Apr 22, 2016
    Messages:
    15
    Likes Received:
    5
    Trophy Points:
    2
    Location:
    Calgary, Alberta. Canada
    I am changing nothing, my audit scheme is my audit scheme, I use objective evidence always for findings both positive and negative. Nothing should change, the standard was rearranged a bit, and expanded but our QMS is our QMS, our business has not changed.
     
  17. MCW8888

    MCW8888 Well-Known Member

    Joined:
    Aug 17, 2015
    Messages:
    642
    Likes Received:
    198
    Trophy Points:
    42
    We completed a cycle of Internal Audit to 2015. What I did differently was to be clear on the CRITERIA for auditing the process. My criteria has to be the documented information of the process and the associated ISO standard. For example for manufacturing, the criteria was the Control Plan and all the work instructions associated with it. I walk that Control Plan and when I find a gap, I ask the operator lots of questions around why he is not in compliance and what would be the impact of skipping a step. Then I verify if the performance indicator of that process and if I find no evidence that skipping the step does not impact the results negatively, I look at the ISO standard and call this finding an OFI. Next time I come back I review if they have eliminated this step because it is of no value to the process or improve to make it fit for purpose. This is how I changed my auditing practice after ISO9001:2008.
     
  18. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    May I ask what the basis of scheduling audits was? When were they planned to happen?
     
  19. Dave Goodrich

    Dave Goodrich New Member

    Joined:
    Jun 16, 2016
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    We have completed a few audits per 2008. To incorporate 2015, we are compiling risks to a specific process and how they are managed (Work Instruction, Inspection, outside testing etc.) In addition to this, we discuss the risks within the system that may impact their process. A good portion of this can be accomplished just by talking about that day's or weeks schedule and any adverse impacts to it (short raw materials etc.).

    As usual, part of the prep is reviewing customer returns, defects etc. We then tie that into the risk severity and impact.
     
  20. Jamie Lill

    Jamie Lill Member

    Joined:
    Mar 17, 2016
    Messages:
    35
    Likes Received:
    1
    Trophy Points:
    7
    Our audits happen all the time, no fixed duration. When you do (your work) and check something customer quotation to response, I call this an audit.
    You can have a planed frequency 2 twice a year Audit includes checking paper work quotes to responses to see if they have been properly filled out.
    We do thiss all year long and call it and audit. We discuss risk all the time, when we respond to a quote we will try and reduce our monetary risk and as well as our delivery reputation. This shows how your perform risk based thinking. This will be documented as well brought up at the management review.
    Do all audits have to be documented(no the don't). They can be discussed at the MRM. We have made the ISO standard fit (our business) whilst keeping to the ISO standard. There is no need to keep pages and pages of documentation, it is just your business.