QMS ISO 9001 Auditing Guidelines

Posted March 21, 2009 - 10:43 by isohelpline

This section will provide you guidelines for auditing a quality management system based on ISO 9001. Because ISO 9001 (after year 2000 revision) does not require organizations to have documented procedures for every thing they do and because auditors are used to audit against documented procedures as 1994 edition required documented procedures for almost every clause (18 out of 20), auditors need to develop certain additional skills to audit a non documented quality management system.

Why additional guidelines are required?

Auditors have developed checklists based on the "documented procedures" required by 1994 edition and as this is no longer the case with 2008 edition auditors need to develop new approaches to audit such systems.

Auditors will need to be able to identify and audit core business and support processes. They will need to be able to use process mapping, flow diagrams as well as procedures in auditing QMS.

Year 2008 no longer stays at compliance to the requirements but calls for effectiveness and efficiency of processes within organization's QMS.

Additionally, Auditor will have to keep in mind eight quality management principles while auditing, which means understanding role of measurement in supporting a factual approach to decision making and ensure continual improvement.

Auditing the Quality Management System (QMS)

To carry out audit, auditor must work through following steps:

The auditor will now have to deal with the top management (unlike audit of 1994 edition when only "Management Representative" was audited for management related issues) to understand key issues in the organization and auditing business (or QMS) improvement focusing on critical processes.

Once the critical processes that are vital to deliver the quality objectives are identified and auditor has visualized the flow chart, verification of its implementation may begin.
Note: Organizations may prepare flow charts where processes may be "mapped" by breaking down each processes into its sub-processes to an increasing level of detail.

Collecting and verifying information

The on-site audit process can be summarized as follows:

Identify source of information from document review, area of operation of critical processes.

Gathering and selecting the information from document review, interviewing and observation etc.

Verifying the collected information against set norms. This will be your audit evidence.

Comparing audit evidence against audit criteria. This will be your audit finding.

Reviewing audit finding (during audit team meeting) and making audit conclusions.

Audit evidence:

Audit evidences may be collected from:

Interviews;

Observations of activities and the surrounding work environment and conditions;

Documents, for example, policy, objectives, plans, procedures, instructions, licenses and permits, specifications, drawings, contracts, orders;

Records, such as, inspection records, minutes of meetings, reports or logbooks on customer complaints and other relevant communication from external interested parties, audit reports, monitoring programmes and results of measurements;

Data summaries, analysis, matrices and performance indicators;

Records of the basis of relevant sampling programmes and the procedures for ensuring effective quality control of sampling and measurement processes;

Reports from other sources, for example, customer feedback, external reports, and vendor (supplier) ratings.

Audit findings:

The audit evidence should be evaluated against the audit criteria to determine the audit findings. An audit finding can indicate either conformity or nonconformity with requirements. Audit findings may be graded in accordance with the audit plan.

Review
Quality policy (policies)

Evaluate
Quality objectives at each relevant function and level

Analyse
Critical processes to achieve objectives the activities, processes and measures that are essential to achieve objectives

Identify
Support process that may be necessary and appropriate to maintain critical processes

Audit
The processes, documentation, controls, records

Notes:
1. focus audit on people, processes, controls, records, products/ services
2. Consider the effectiveness and efficiency of processes

Identification of Processes

Audit should begin with review of "Quality Manual". The organizations will have to provide a Quality Manual (clause 4.2.2). The manual should contain a description of the interaction of the processes included in the quality management system (clause 4.2.2 c).

Quality manual should include Quality Policy (clause 5.3) and establish measurable quality objectives for product, processes, and at relevant functional level and evolve QMS planning (clause 5.4.2).

The organization should have adopted "process approach" and should have given consideration to eight quality management principles and defined processes of QMS (clause 4.1) including processes required for realization of product (clause 7.1)

The focus of the audit will be those processes, which are essential to achieve the objectives. These should be linked to clauses of the standard where appropriate.

Monitoring and measurement for continual improvement

To audit organizations to ISO 9001:2000 effectively, the auditor will need to understand how the monitoring and measurement of information is able to contribute to:
o Continual improvement of the QMS.
o Establishing measurable quality objectives (5.4.1).

The organizations should have identified and established processes for the monitoring and measurement of:
o     customer satisfaction (8.2.1)
o     internal audit (8.2.2)
o     the capability of processes (8.2.3)
o     characteristics of product (8.2.4)

There should be a system available for recording, collecting, analysing, summarizing and communication of relevant data needed to monitor and improve the organization's performance (8.4).

The results of measurements should show levels of achievement, trends and variation. The causes of trends and variations should be identified and understood by management.

The use of statistical techniques should be determined for analysing data, including verifying product conformity and the effectiveness of the quality management system (8.1). Statistical techniques should be suitable for the application.

The result of analysis of data from the improvement activities should be one of the inputs to the management review process (5.6.2). The information and data collected should be used throughout the organization to support effective and efficient management.

The objective of the standard is to apply measurement, analysis and improvement techniques (clause 8) to establish priorities for the organization, review them periodically.

The data should be verified on a continual basis for accuracy and completeness.

Benchmark for all the processes (including customer satisfaction, 8.2.1) are established and used as an improvement tool.

There should exist effective internal communication for communicating the information resulting from the analysis of measurements.

Monitoring and measurement for processes

The organizations will have to apply suitable methods of monitoring and measurement to evaluate process performance (8.2.3).
Examples of such measurements could be related to:

accuracy

timeliness

dependability

reaction time of process and people to special internal and external requests

cycle time

effectiveness and efficiency of people

utilization of resources and technologies

cost reduction

Auditor can not expect evidence for all and every example sighted above but depending on the size and type of organization and product, some of these and/or other issues may be of concern.
Auditor may find evidences for measurements in:

product measurement records

inspection and test reports

materials release notices

certificates

electronic data

process control reports / charts

Process Improvement

The organization will need to provide evidence of planning and implementation of the processes necessary for continual improvement that can be applied to whole quality system (clause 8.5.1) with an objective to improve internal effectiveness as well as enhancing customer satisfaction.

The improvement process may take input from:

validation data

test data

requirements and feedback from interested parties.

financial data

product performance data

service delivery data

Auditors will need to evaluate the use of these measurement tools when auditing organizations to ISO 9001:2008 so as to gain confidence that the organization is able to demonstrate the continual improvement of the effectiveness of their quality management system (8.1)

Tags:

Login or register to post comments
2824 reads

Syndicate ISOhelpline RSS

(c) 1998 - 2010 Innovative Matrix Softech Pvt. Ltd.
Regd. Office; A-401 Satellite Township, Petbasheerabad, Qutubullapur, Jeedimetla (V), Hyderabad - 500 005, India.
Training Centre: 704 Chennoy Trade Centre, S. D. Road, Paradise Circle, Hyderabad - 500 003, India.
ISOhelpline is a registered trademark owned by Manoj Jain | Privacy Policy | License Agreement | About us | Contact us
Some of the contents of Ebooks (available free) and other postings by the user may be part of a copyrighted material. This material is used for educational purpose and for promotion of awareness regarding the subject matter as permitted by fair use clause in copyright laws of India and other parts of the world. If you are author of the content and feel that same should be removed from this site, please send a email regarding the same identifying yorself as owner of the material and justifying its removal. We will take prompt action on the same.

User login

Search

Primary links

Books / Guides

New Topics

Active Forums

ISOhelpline Resources

Most Popular

Today's:

All time:

Last viewed: