1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Audit plans

Discussion in 'ISO 9001:2015 - Quality Management Systems' started by Kerri, Sep 29, 2020.

  1. Kerri

    Kerri Member

    Joined:
    Mar 13, 2018
    Messages:
    10
    Likes Received:
    8
    Trophy Points:
    2
    Good morning all. As most queries begin...I am new to this and have just had my first external surveillance audit so am running with it while it's so fresh in my mind. We are a small/medium electronics manufacturing business in the UK and Quality in the past has been very paperwork orientated and overly complicated. The auditor gave us 4 observations, and was keen for certain areas to be simplified to make life easier. As I am taking this over now is the perfect time to start!

    I am keen to simplify everything that I can, really so that everyone can get involved and not take the old attitude of 'hmmm, that's not my job'!

    I'm starting with internal audits. Our current system has a yearly schedule, driven by the clauses, with a matrix for who is auditing what area. The auditor will record their findings on a form with any actions being transferred onto another spreadsheet where the actions are tasked to individuals to complete. This may or may not happen and so the spreadsheet grows longer and longer. We have hundreds of procedures currently which are very detailed so most of the actions are centred around the procedures not being followed, when in actual fact they are, just not to the letter of the written procedure! This seems so complicated to me and really has no purpose. I'm keen to start a rolling monthly audit plan instead. I decide what will be audited that month (based on what is happening, business needs, staffing levels, etc) and issue those processes out to the auditors to audit. The audit would take place, remotely currently with evidence to support findings being provided but how would I display the findings? Would I just save the form with comments somewhere. Go back to creating a spreadsheet for actions?

    Any help or templates would be much appreciated! Thank you in advance
     
  2. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Hello Kerri and welcome, from an ex-pat Brit, here in the US of A...

    Don't worry about being new - we all were! It's great that you've identified the burdensome paperwork and it would be useful to know what your auditor is "observing". Experience shows that such comments, while well intentioned, may not be always accurate. If you'd cut 'n' paste those comments it would help us.

    This is indeed a great place to start improving. Internal audits shouldn't be scheduled around any (annual) calendar or focused on clauses. That your Certification auditor has not commented before shows they don't understand cl 9.2!

    I like that internal audits take a look at what's been happening or is planned to happen in a "window" of 30 days or so. Looking at business performance, customer feedback, supplier performance, internal issues etc is a very good thing to do. Meet with management to discover what they are losing sleep over. As the old adage goes "What gets measured gets managed" so what are they being measured on - you can bet it's not compliance to those hundreds of procedures!
     
  3. Kerri

    Kerri Member

    Joined:
    Mar 13, 2018
    Messages:
    10
    Likes Received:
    8
    Trophy Points:
    2
    Hi Andy! Thanks for the welcome. I watched one of your videos yesterday so know I'm in good hands here :D

    Observations were:
    1. Aspects & Impacts register to be fully reviewed and updated. Resources should be identified to allow this to progress over the coming months (I am planning to get these under one matrix as currently there are 2 related documents which are very complex and possibly some irrelevant information)

    2. It was noted that audits are running late due to Covid 19 impacts on the business with a number of staff still on furlough. The business should produce a plan to get audits back on track. (This is where I am starting)

    3. The business may consider a review of storage of documents to make it easier to identify. Full review to identify what records are required (again, this all need simplifying, we had issues during the audit with some documents being password protected leading to problems. Also a labyrinth of files to find what was needed)

    4. Monthly emergency tests records to be stored in correct files (again, just needs a simpler system of storage)

    I'm so pleased that some of my thoughts on audits make sense. We have so many procedures that are written and I'm keen to get these down to the real core processes and what is critical to the business. How would I prepare these procedures to make them simple? We have used visio in the past but again (but not everyone can access that), the procedures are so complicated and I really just need the bare bones of what is a crucial part of a procedure. Where would I start with this?

    My thoughts are if the system is simple then everyone will find it easy to get on board with quality!
     
    John C. Abnet likes this.
  4. Golfman25

    Golfman25 Well-Known Member

    Joined:
    Nov 6, 2015
    Messages:
    816
    Likes Received:
    402
    Trophy Points:
    62
    My thoughts. Yes, less is more. We use Visio as well, with a lot of notes/comments. We print them as PDFs so everyone can access the current version. As for the audits regarding procedures not being followed "to the letter" I found it helpful to review the audit results with the auditor prior to deciding if an action is warranted. If it's really minor, I would just make a note of for your future revisions. Good luck.
     
    Rustle likes this.
  5. Rustle

    Rustle Member

    Joined:
    Jun 23, 2020
    Messages:
    29
    Likes Received:
    4
    Trophy Points:
    2
    Location:
    Scotchland
    Agree that getting a simple audit schedule based on auditing areas of greatest importance and risk rather than clauses is best approach and happy to supply you a template for this. I also include an annual audit of all ISO clauses because some auditors expect to see this.
     
    Last edited: Sep 29, 2020
  6. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Kerri: Was this an ISO 9001 audit?

    #1 reads like an ISO 14001 observation.

    #2 is the result of the (not required) annual calendar of audits! The auditor is being "Captain Obvious" in making such a comment. In reality, there was no need for a completed calendar of audit events, so by not doing that and planning your audits as you described - to a rolling window - carefully sidesteps the need to do what was advised.

    #3 is a non-statement. Were there instances where records were not "identified". Don't overlook that (some) auditors cannot keep from making comments. What was the issue which prompted the comment?

    #4 Again, what was actually happening? A simple case of records not making it to the actual filing system? Delayed? How long?

    TBH - these sound, to me, like a visit to the doctors office and being told "you're overweight"... OK, but that's not helpful in identifying a plan of action.
     
  7. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    You'd have to understand the root cause. Who created the documentation? Commonly, in the ISO world, management don't participate and hence neither do their employees, when creating documents. Often the person made responsible for getting the company certified takes on the role of document creator. Worse, they might contract with a consultant who gives/sells them a bunch of templates and such, without the understanding of how it fits or the need to tailor them to suit (that's expensive). And external auditors seem incapable of determining that the (delivered) documents aren't actually what the company does!

    A course of action would be to get your top manager on board with reducing the bureaucracy because it's not adding any value, other than keeping an ISO certificate on the wall. If your organization is having issue with customers or meeting internal goals for process/product/service conformity, the documentation may be partly to blame. Suggest that management each (naturally) own one or more processes and that they are responsible for the quality of the content and whether their people are following the documented process. Your role as auditor is to verify/confirm the process is being followed AND is the reason for (good) performance (or not) which drive improvements.
     
    John C. Abnet likes this.
  8. Kerri

    Kerri Member

    Joined:
    Mar 13, 2018
    Messages:
    10
    Likes Received:
    8
    Trophy Points:
    2
    Some really insightful advice here, thanks guys! You've hit the nail on the head really. Previously the person in charge of Quality wrote all documentation (with minimal input from others) and it comes as no surprise that once audited things kind of fell apart. My thoughts are to share this workload, as you say to suggest that department managers 'own' their critical processes and are therefore responsible for their people following these processes. These critical processes can then be audited on a rolling monthly schedule.

    In terms of our observations, I agree. Not really helpful and not really a plan of action :rolleyes:
     
    Andy Nichols likes this.
  9. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Great! Exactly what's required. In discussing what audits are supposed to do, I liken them to having your kids go to stay at their friends' house for a weekend. Not at the grandparents etc, just their BFF's. Hearing from the other parents that your kid "done good" without you to watch and correct them, is validation that they know what to do. That's like an audit...
     
    Kerri likes this.
  10. John C. Abnet

    John C. Abnet Well-Known Member

    Joined:
    May 23, 2017
    Messages:
    709
    Likes Received:
    510
    Trophy Points:
    92
    Location:
    Upper Midwest- USA
    Good day @Rustle
    Concerned by the comment "...of all ISO clauses...auditors expect to see this".

    I would council that no organization should do anything for the sake of the auditor.

    Nowhere in the standard does it require "...all of the ISO clauses..." to be audited. On the contrary, the standard requires a "process approach". The ISO authors have, for many years now, been trying to change the mindset and culture of siloed/independent clauses and instead of get us to view the QMS through the established processes.

    Hope this helps.
    Be well.
     
  11. Rustle

    Rustle Member

    Joined:
    Jun 23, 2020
    Messages:
    29
    Likes Received:
    4
    Trophy Points:
    2
    Location:
    Scotchland
    I didn't used to use full-clause checklists, instead preparing a correlation to demonstrate that the not-based-on-iso-clauses audit checklists did cover all the requirements of the standard but still found some auditors expected to see checklists showing that every clause has been checked. I suppose this isn't that unreasonable, we should be able to demonstrate that internal audits have checked the management system meets the requirements and my aim is always to achieve this in the simplest and least work manner (I sometimes only get 1 days consultancy to get management systems setup and ISO compliant).
    Now I make sure the full-clause checklist is completed first and then the client is free to plan and complete internal audits based on what they think is important without worrying about ISO compliance.

    & I always council my clients to nod and agree with the auditor (we then go for them after the report is submitted if they have raised anything they shouldn't have ;) )
     
  12. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Seriously?
     
  13. BradM

    BradM Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    394
    Likes Received:
    314
    Trophy Points:
    62
    Location:
    Arlington, TX
    Hello there! And welcome!

    I have a question about something you indicated.

    "We have hundreds of procedures currently which are very detailed so most of the actions are centred around the procedures not being followed, when in actual fact they are, just not to the letter of the written procedure!"

    Set aside for a second audits and such. Does your organization need to start with an overhaul of your procedures? Are they too wordy and detailed? Do they have to be that detailed?
     
  14. Kerri

    Kerri Member

    Joined:
    Mar 13, 2018
    Messages:
    10
    Likes Received:
    8
    Trophy Points:
    2
    Hi Brad

    Yes and this is certainly something I am looking at. I aim to get the procedures down to critical procedures only - rather than everything!
     
    BradM likes this.
  15. BradM

    BradM Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    394
    Likes Received:
    314
    Trophy Points:
    62
    Location:
    Arlington, TX
    A well written procedure is worth its weight in gold. Hopefully you can get them to a point where they aren’t overly detailed and complex.
     
    Kerri likes this.
  16. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Kerri: This concerns me. When you put yourself in this position, you draw a target on your back. Get management to decide what needs to be kept or otherwise.
     
  17. Kerri

    Kerri Member

    Joined:
    Mar 13, 2018
    Messages:
    10
    Likes Received:
    8
    Trophy Points:
    2
    Thanks for your concern Andy but when I say I, I mean that process owners will make the decision on what is critical, not me personally. I am merely sowing the seeds in their heads on how we are approaching this from now on!
     
    Andy Nichols likes this.
  18. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    :);):cool::D