Posts Tagged ‘Audit’
Your Internal Auditing Process, Does It Hurt Or Help Continuous Improvement?
A Quality audit is the process of organized inspection of a quality management system carried out by an internal or external quality auditor or an audit team. It is an important part of organization’s quality management system and is a key element in the ISO quality system standard, ISO 9001.
Quality audits are typically performed at predefined time intervals and ensure that the institution has clearly-defined internal quality monitoring procedures linked to effective corrective and preventive actions. This can help determine if the organization complies with the defined quality system processes and can involve procedural or results-based assessment criteria.
With the upgrade of the ISO9000 series of standards from the 1994 to 2008 series, the focus of the audits has shifted from purely procedural adherence towards a process approach of the actual effectiveness of the Quality Management System and the results that have been achieved through the implementation of a QMS.
Audits are an essential management tool to be used for verifying objective evidence of processes, to assess how successfully processes have been implemented, for judging the effectiveness of achieving any defined objectives, to provide evidence concerning reduction and elimination of problem areas. For the benefit of the organization, quality auditing should not only report non-conformances and corrective actions, but also highlight areas of good practice. In this way other departments may share information and amend their working practices as a result, also contributing to continual improvement.
Internal audits should always be performed with the intension of improving the overall systems being audited, never as a fault finding or witch hunt practice designed to punish. If internal audits are properly executed with a spirit of open communication and real process improvement, this process can be the single most important driver for continual improvement. Done wrong, the internal quality audit processes can create a culture of fear which will hinder continual improvement. It is important that everyone within the organization clearly understands the objectives of quality auditing and their role in them.
AS9100 Initial Assessment, What Does It Involve?
The quality certification assessment for AS9100 has two main goals:
- Validating system compliance and implementation
- Determining system effectiveness
Initial assessments are conducted in two stages. The first stage involves determining the company’s state of readiness and defining the approach and duration of the second stage.
Prior to conducting a quality management system AS9100 certification audit, the following should have taken place:
- The documented system has been reviewed and approved
- A complete cycle of internal audits has been performed and the results covered in a formal management review
- You know exactly what SQA will be looking for, so there should be No Surprises
- All identified weaknesses in the system that were discovered in the pre-assessment have been effectively corrected
- The certification assessment date, audit team makeup, and audit schedule have all been developed and agreed upon
The Purpose of The Stage 2 ISO 9001 Audit
The purpose of the Stage 2 Assessment is to evaluate your entire management system against the requirements of Standards to ensure conformance for the purpose of initial registration.
Stage 2 Assessments cover the entire scope of the quality management system (all policies and procedures related to the requested scope of registration). Audit methodology may include: watching activities as they are performed, interviewing personnel and reviews of the the management system documentation. As nonconformities are identified, the auditors will discuss them with your representatives to assure understanding.
The Purpose of a Stage 1 Assessment
The stage 1 audit is primarily for scoping and planning an ISO 9001 certification audit (the stage 2 audit) and to allow the auditor to obtain an understanding of the organization. During the stage 1 audit the auditor will gain knowledge of organizations quality Management system, policies, objectives, risks, processes, locations, etc. It also may be used for the auditing body to communicate its needs and expectations to the auditee.
Activities performed at a stage 1 audit include:
• Identification of the key risks of the business and related statutory, regulatory aspects and compliance
• An assessment of whether the auditee’s defined processes are adequate to meet its objectives and customer requirements
• performing a Documentation Review
• This review should determine if the organization’s Quality Management system documentation adequately covers all the requirements of ISO 9001:2008. The review would normally be carried out at the auditee’s premises (unless otherwise requested and justified). As a result of this activity, a report should be provided that notes any deficient areas. As part of the documentation review, the auditor should assess the extent and availability of supporting procedures and process descriptions. Collecting necessary information regarding the scope of the organization’s management system, processes and location(s)
• planning of the future certification documentation, including the Scope statement
• Planning the certification (stage 2) audit, including the requirements for audit team selection
• Acquiring evidence that internal audits and management reviews are being planned, or performed, effectively
• Checking that the quality management system is implemented and ready for the stage 2 audit, including appropriate level of documents and supporting records.
• If the system is deficient in any way, the auditor should note this in the audit report, so that the organization has an opportunity to correct deficiencies prior to its certification (stage 2) audit.
• Agreeing to a date for the stage 2 audit
What Is The Objective Of the AS9100 Rewrite?
The objectives of AS9100:2009 are to:
- Incorporate ISO 9001:2008 changes
- Expand the scope to include aviation, space, and defense as well as land and sea based systems for defense applications
- Ensure alignment with IAQG strategy (On-Time and On-Quality Delivery performance)
- Adopt new requirements based on stakeholder needs
- Improve existing requirements where stakeholders identified a need for clarification, including when a documented quality management procedure is required
There are major changes to the AS9100:2009 release that affect how companies implement AS9100 for the first time or upgrade from a previous version of the standard:
- A customer focus on On-Time and On-Quality Delivery performance in the Aerospace, Defense, and Space Industries, which will directly impact the implementation as a whole.
- A significant focus on Planning and Project Management including characteristics flow down
- A significant increased role for risk management and mitigation
- Changes companies need to focus on from ISO 9001:2008
- A major change in the auditing from a “checklist focus” to Performance Auditing from AS9101
The Goal Of The AS9101 Rewrite
The AS9101 rewrite goal is to provide requirements on process auditing and development of the AS9100 audit approaches and tools that focus not only on conformity, but also on effectiveness of a quality management system (QMS). The AS9101 proposal is to develop an enhanced audit process for evaluating process-based management systems that aligns with ISO 17021 and consists of:
- Process-based information gathering.
- Assessment or analysis and audit planning.
- Development of performance-based and process-oriented audit methods and techniques.
- The ability to capture objective evidence of process conformity and effectiveness.
The AS9101 Rev D has aligned itself with the process approach for quality management systems as indicated in the 9100-series of standards. There are four basic questions asked when evaluating quality management systems which is linked to each process which is being audited:
- is the process identified and appropriately defined?
- are the responsibilities assigned?
- are the procedures implemented and maintained?
- is the process effective in achieving the desired results?
Are Your Suppliers Meeting The Requirements Of ISO 9001:2008?
There are various ways in which your supplier can claim that its quality management system meets the requirements of ISO 9001:2008. These include:
- Supplier’s declaration of conformity: Your supplier makes a declaration affirming that its QMS meets ISO 9001:2008 requirements, usually supported by legally-binding signatures. This declaration can be based on your supplier’s internal audit system, or on second party or third party audits;
- Second party assessment: your supplier is audited directly by its customer (e.g., by you, or by another customer, whose reputation you respect) to check if its QMS meets ISO 9001:2008 requirements and your own requirements – sometimes used in contractual “business-to-business” transactions;
- Third party certification: your supplier uses an accredited Certification Body (Registrar) to audit and verify it’s conformity to ISO 9001:2008 requirements. This third party then issues a certificate to your supplier describing the scope of its QMS, and confirming that it conforms to ISO 9001:2008.
AS 9100: How Often Will We Be Audited?
Each type of audit will have its own schedule. Often companies will have more frequent internal audits than third-party audits, especially during the early stages of your as9100 certification and implementation. These early audits help employees become more comfortable with the audit process, eliminate any problems in the quality management system, and thus help ensure the company will “pass” the registration audit.
WHAT IF WE DON’T PASS THE ISO 9001 REGISTRATION AUDIT?
There are basically three things that can happen in a registration audit:
- Your company may “pass ”the iso audit, (in official language, your company will be “recommended for registration”), in which case the company will receive its official registration in about a month.
- Your company may be told that a follow-up visit must be scheduled and that if corrective action on all nonconformities found during the audit is successfully completed by that visit, registration will be issued.
- Your registrar may find that your company has quite a bit of work to do before it will be ready for registration, and another registration audit will have to be scheduled.
In all cases, the registration auditor will report all findings to your management before he or she leaves, so that your company knows where it stands.
The ISO Standard Says That Internal Audits Cannot be Completed by Someone Involved in the Activity. How Does a Small Business Meet This Requirement?
An organization that has fewer resources must look to other options, like outsourcing or cross-functional activities, to fulfill internal requirements for audit. There are many individuals and organizations that provide internal audit services to small companies at a fraction of the cost of employing personnel full time. The contracted individual or organization manages the planning process for internal audit based on your established procedures or you can develop the plans for ongoing internal audit. Another option is to train individuals within your organization that can perform internal audits and alternate audit activities between processes. For small companies this is often not possible as people are actively involved in all the processes and activities of the company; therefore, outsourcing is a better option to ensure objectivity.