Posts Tagged ‘Auditors’
ISO 9001, What Should I Be Auditing and How Often?
The ISO 9001 standard does not specifically tell you what processes need to be audited or how often they should be audited. It does however state that the audits you do perform should be planned, and based on status and importance. So what does this translate to mean? Should you audit everything process every year, maybe, maybe not. The standard does not tell you how often, how many or what to audit, you decide what makes since for your organization (where can you get the most value and keep your quality system functioning as intended).
The best advise that I can give is review your process maps, non-conformances, past internal and third party audits, and determine where your quality management system needs attention. Where are the black holes that cause lost time, lost money, customer dissatisfaction (where are the points that are or could significantly impact your ability to satisfy your customer or grow your business). Answer these questions and you will be able to develop a planned audit schedule that will add value to your quality system. Don’t audit every process every year unless every process in your system is not functioning as you intended it to or does not meet the ISO 9001 standard requirements. If this is the case you would not be certified in the first place. Don’t audit for the sake of auditing this is costly and time consuming, get the most out of your internal audits by making them address real issues that can improve the entire quality system.
How many audits should you conduct each year? You decide how many audits will be enough to keep your quality management system functioning properly. Keep in mind, you cannot successfully improve your processes unless you periodically review them. Nothing stays the same, so if you don’t review your processes periodically they will come back to bite you via loss of business, non-conformances, increased costs, obsolete documentation, and ultimately loss of certification.
Finding an ISO 9001 Auditor that fits the needs of your company
Finding an ISO auditor that fits well with your company is fundamental to a successful certification experience. You want to work with a person that you are comfortable with and that is comfortable with you! Here are some tips that you can follow to find an auditor that you know you will work well with your company:
Try to find a registrar that has somebody who can answer your questions, someone that you feel comfortable with and meets your financial requirements. Make sure the registrar has auditors with experience in your area. What good is a registrar that has an auditor that lives down the street from you if they’ve only audited service processes? They’ve never audited a machine shop, and you’re a machine shop.
You want an auditor that fits you and your company and gives you good observations and opportunities for improvement as they audit. Ask to talk with your potential auditor. It’s always nice to be able to converse with somebody so you get to know who they are before you meet them. If they are in the area, maybe they can drop in just to talk to you, just to put a face to the name.
Some registrars have auditors all over the United States and even some overseas. Be careful when you are trying to find an auditor close to you. Sometimes you are going to find that the auditor you like isn’t close to you. If you like that person, and are willing to pay travel expenses, the registrar should be happy to send that person to you.
Remember you are the customer, make sure you exercise your right to selecting the auditor that best fits your needs.
Quality Management Systems Auditing, Make It Worth Your Time
With the upgrade of the ISO9000 series of standards from the 1994 to 2008 series, the focus of the audits has shifted from purely procedural adherence towards measurement of the actual effectiveness of the quality management system or the total process, and the results that have been achieved through the implementation of a QMS. And now with the upgrades of the AS9100 quality standard, there are even more ways to develop and implement corrective and preventive actions that will greatly benefit the organization.
Audits are an essential management tool to be used for verifying objective evidence of processes, to assess how successfully processes have been implemented, for assessing the effectiveness of achieving any defined target levels, to provide evidence concerning reduction and elimination of problem areas. For the benefit of the organization, quality auditing should not only report non-conformances and corrective actions, but also highlight areas of good practice. By highlighting these areas other departments may share information and amend their working practices as a result, which contributes to continual improvement.
There are times that auditing feels like an arduous ordeal, and those being auditee feel as though they are being personally judged. The most important part of conducting an audit is to communicate with the auditee the intent of the audit and their role in it. For an audit to give meaningful information back to the organization, you must get the cooperation of those being audited. Let them know that the audit is not a tool to punish but rather an opportunity to improve the organization as a whole. Finds are not bad things, quite the contrary they are the building blocks for the continued success of the organization (continual improvement). Why not make it the responsibility of each employee to contribute at least one opportunity for improvement each year. Just think how much better your company will be after one year.
AS 9100C Is Here, Are You Ready?
The International Aerospace Quality Group (IAQG) released a revision to AS9100, the quality management system for the aviation, space and defense industries. But, unlike the recent release of ISO 9001:2008 (which was more of an amended version), Revision C will have noticeably more impact. Its benefits, however, far outweigh the impact of implementation. The new requirements are intended to make major improvements in quality and reductions in cost – throughout the supply chain.
The Standard includes several new requirements and clauses that focus on planning, project management, and risk management. It is intended to cover on-time delivery performance, the formal monitoring of customer satisfaction trends, and formal plans to ensure continual improvement – all of these new requirements are operation critical. IAQG’s mission is to radically raise the on-time, on-quality delivery (OTOQD) performance across aviation, space and defense industries.
So when should you begin to implement these new requirements? The answer is now. The IAQG has finally completed the training requirements for the registration auditors. Auditors will begin to be trained to AS9100C in May 2010. If your recertification is coming up soon you may want to consider integration of the new requirements now. Keep in mind those suppliers participating in the aviation, space and defense industries will be increasing required to become certified over the next five to ten years. Most, if not all of the primes will require participation from its suppliers and subcontracted service providers. If you want to be a player in these industries, at some point certification will be the only way to play. Are you ready?
ISO 9001 Internal Auditing What, When, How?
Most companies understand the idea of auditing but not the concept of “Process Auditing” as expected to be compliant within both ISO 9001 and their own quality management system. Even companies that are currently registered to the standard may not have a thorough means for evaluating its processes through their internal audit program. Which processes are expected to be audited under ISO 9001?
The ISO 9001:2008 standard is quite vague as to what should to be audited or even how often these processes should be reviewed. The standard indicates that audits be carried out at planned intervals to determine whether the quality management system conforms to the planned arrangements, to the requirements of the standard and the organizations own quality management system requirements. So what is an appropriate interval for your company? Ask yourself,” What is the worst that can happen and where could it happen”? Where are we having the most problems now? Look at your interrelationship of processes and pinpoint the likely areas that have the most chance of resulting in non-conformance. Conduct a risk assessment to determine where the highest risks are, and which risks may produce the most significant impact on your product performance (Status and importance of the processes). Now audit these processes, interview staff, observe activities and view relevant records then determine if there are weaknesses and assign corrective actions. Go back to these areas after the corrective actions are put in place and determine if the actions have accomplished the desired effect. If the actions are effective, close out the audit and move on to the next process.
Don’t audit a process for the sake of having an audit record to show an auditor. If a process is functioning properly it does not need to be audited once a year. Nowhere in the ISO 9001 standard does it say you have to audit all of your processes once a year. You are in the driver seat, and you will determine what, when, and how you will audit your system.
ISO 9001 Internal Auditing Success
The third party auditor will audit your system once or twice a year, so why do you have to conduct internal audits? The first and most obvious reason is, if you wait for the third party auditor to tell you your system is in trouble, you are missing the point of continuous improvement all together. The second reason is that the third party registrar does not consider the surveillance audit as an internal audit. The standard requires that “you” perform planned internal audits of your system based on status and importance of the processes and areas to be audited. If you do not know whether or not your quality management system conforms to your planned arrangements, or the standard, then how can you determine if you are improving? The ISO 9001 standard is based on the Plan, Do, Check, Act principle of continuous improvement. Internal Auditing is the “Check”, and without it you may never know when to act.
The internal audit process need not be a time consuming; there are many ways an internal audit can be accomplished. Every day we conduct countless audits without even knowing it. A manager who walks the plant floor may notice a process which is not working as intended, a worker may notice that the forms he, or she is using are outdated , receiving may find that the same supplier never send the correct paperwork with the products they provide; these are audits that never get documented. These audits are not planned, but they are audits none the less. The planned audits do not have to include all of the processes in your facility once a year, remember “Status and importance”. Go after the low hanging fruit first, (areas where you are having issues), then review the other areas as needed. Whatever you do, DO SOMETHING, or your entire quality system will fail to accomplish the goals and objectives you have set for your organization. My philosophy is simple, if you are going to invest the time and money to become certified, get the full value of certification or you will be wasting your resources for nothing.
Your Internal Auditing Process, Does It Hurt Or Help Continuous Improvement?
A Quality audit is the process of organized inspection of a quality management system carried out by an internal or external quality auditor or an audit team. It is an important part of organization’s quality management system and is a key element in the ISO quality system standard, ISO 9001.
Quality audits are typically performed at predefined time intervals and ensure that the institution has clearly-defined internal quality monitoring procedures linked to effective corrective and preventive actions. This can help determine if the organization complies with the defined quality system processes and can involve procedural or results-based assessment criteria.
With the upgrade of the ISO9000 series of standards from the 1994 to 2008 series, the focus of the audits has shifted from purely procedural adherence towards a process approach of the actual effectiveness of the Quality Management System and the results that have been achieved through the implementation of a QMS.
Audits are an essential management tool to be used for verifying objective evidence of processes, to assess how successfully processes have been implemented, for judging the effectiveness of achieving any defined objectives, to provide evidence concerning reduction and elimination of problem areas. For the benefit of the organization, quality auditing should not only report non-conformances and corrective actions, but also highlight areas of good practice. In this way other departments may share information and amend their working practices as a result, also contributing to continual improvement.
Internal audits should always be performed with the intension of improving the overall systems being audited, never as a fault finding or witch hunt practice designed to punish. If internal audits are properly executed with a spirit of open communication and real process improvement, this process can be the single most important driver for continual improvement. Done wrong, the internal quality audit processes can create a culture of fear which will hinder continual improvement. It is important that everyone within the organization clearly understands the objectives of quality auditing and their role in them.
The Purpose of The Stage 2 ISO 9001 Audit
The purpose of the Stage 2 Assessment is to evaluate your entire management system against the requirements of Standards to ensure conformance for the purpose of initial registration.
Stage 2 Assessments cover the entire scope of the quality management system (all policies and procedures related to the requested scope of registration). Audit methodology may include: watching activities as they are performed, interviewing personnel and reviews of the the management system documentation. As nonconformities are identified, the auditors will discuss them with your representatives to assure understanding.
The Purpose of a Stage 1 Assessment
The stage 1 audit is primarily for scoping and planning an ISO 9001 certification audit (the stage 2 audit) and to allow the auditor to obtain an understanding of the organization. During the stage 1 audit the auditor will gain knowledge of organizations quality Management system, policies, objectives, risks, processes, locations, etc. It also may be used for the auditing body to communicate its needs and expectations to the auditee.
Activities performed at a stage 1 audit include:
• Identification of the key risks of the business and related statutory, regulatory aspects and compliance
• An assessment of whether the auditee’s defined processes are adequate to meet its objectives and customer requirements
• performing a Documentation Review
• This review should determine if the organization’s Quality Management system documentation adequately covers all the requirements of ISO 9001:2008. The review would normally be carried out at the auditee’s premises (unless otherwise requested and justified). As a result of this activity, a report should be provided that notes any deficient areas. As part of the documentation review, the auditor should assess the extent and availability of supporting procedures and process descriptions. Collecting necessary information regarding the scope of the organization’s management system, processes and location(s)
• planning of the future certification documentation, including the Scope statement
• Planning the certification (stage 2) audit, including the requirements for audit team selection
• Acquiring evidence that internal audits and management reviews are being planned, or performed, effectively
• Checking that the quality management system is implemented and ready for the stage 2 audit, including appropriate level of documents and supporting records.
• If the system is deficient in any way, the auditor should note this in the audit report, so that the organization has an opportunity to correct deficiencies prior to its certification (stage 2) audit.
• Agreeing to a date for the stage 2 audit
WHAT IF WE DON’T PASS THE ISO 9001 REGISTRATION AUDIT?
There are basically three things that can happen in a registration audit:
- Your company may “pass ”the iso audit, (in official language, your company will be “recommended for registration”), in which case the company will receive its official registration in about a month.
- Your company may be told that a follow-up visit must be scheduled and that if corrective action on all nonconformities found during the audit is successfully completed by that visit, registration will be issued.
- Your registrar may find that your company has quite a bit of work to do before it will be ready for registration, and another registration audit will have to be scheduled.
In all cases, the registration auditor will report all findings to your management before he or she leaves, so that your company knows where it stands.