QMX
The Auditing Process Made Simple

Jim Robison, contributing editor

Do you have to perform internal Quality Audits? If so, the following process outline has been provided as simple-to-use tool and a handy reference for ISO 9001:2000, element 8.2.2:

Internal Audit - Process Outline

Plan the Audit (4-8 hours)

  1. Contact/notify the auditees & manager

  2. Schedule the audit (agree upon date & time of audit, opening meeting & closing meeting)

  3. Confirm the location of audit (usually auditee's office)

  4. Tell auditee the name of the auditors (if more than one)

  5. Develop the Scope of the audit (ISO elements, QMS procedures & customer requirements)

  6. Read the ISO 9001:2000 requirements, QMS procedures, and supporting documentation

  7. Review the past audit reports & action items

  8. Develop a Checklist

  9. Include past due action items on the current audit checklist

  10. Include fundamental checklist questions. For example:

    • What's the company Q Policy?
    • What training have you had to perform your job?
    • What procedures or documentation do you follow?
    • What (Quality) records to you keep or produce as you perform your job?

  11. Familiarize yourself with forms and records referenced in the QMS procedures and supporting documentation

  12. Forward checklist to auditees & manager before audit (time permitting)
Perform the Audit (4-8 hours)

  1. Conduct a Pre-Audit meeting with department/function manager, and review:

    • Purpose of the audit
    • Scope of the audit (ISO elements, QMS procedures, project procedures)
    • Expected time required
    • How results will be reported

  2. Conduct the audit:

    • Introduce yourself and other team member
    • Explain the purpose of the audit
    • Explain the Scope of the audit (ISO elements, QMS procedures & supporting documentation)
    • Give an expected time required by Auditees
    • Ask questions & collect evidence as appropriate
    • Review results with auditee, as appropriate
    • Thank auditee for his time

  3. Conduct Closing meeting with the department/function manager:

    • Review preliminary results
    • Summarize number of major and minor non-conformances, concerns & strengths
    • Discuss nature and basis of each non-conformance and concern
    • Review and discuss conclusions
    • Optional: Discuss to-be-recommended improvements/corrective actions
Report the Audit Results and Follow-up (4-8 hours)

  1. Prepare draft audit report in your company format

    • Derive template from existing audit reports if possible

  2. Mail electronic copy of draft report to the Lead Auditor or ISO Management Rep

  3. Submit notes, checklists, evidence, etc. to the Lead Auditor or Management Rep

  4. Filed in QMS MFC with audit report ----hardcopy is acceptable

    • Electronic copies may be submitted with draft report

  5. The Lead Auditor or ISO Management Representative then:

  6. Verifies non-compliance category assignment (major, minor, concern)

    • Adds recommended corrective actions with due dates (coordinate with auditee and manager -- less than 30 days)
    • Distribute final report to key auditees, manager, next level manager, and auditor(s)

  7. The Auditor verifies completion of corrective action when due date expires, or per audit schedule

  8. Report results and provide evidence (as appropriate) to Lead Auditor or ISO Management Rep

  9. The Management Review team evaluates audit results

    • Considers systemic issues
    • Monitors internal audit action items
    • Reviews overdue action items
Remember the ISO 19011 Guidelines

Under ISO 19011 principles, the audit output should result in an audit containing these distinctive characteristics:

  • Objective, systematic and independent audits which produce information that will assist management in improving operations

  • Authorized, planned and properly managed audits that have a clear purpose and employ defined techniques

  • Relevant, reliable, sufficient and consistence audit evidence and audit conclusions that are reproducible

  • Competent auditors free from biases and any conflict of interest

  • A relationship between all parties involved in the audit that ensures confidentiality of the results

  • Appropriate audit sampling to obtain required evidence of conformance

  • It is the responsibility of the auditor, client and auditee to control these stated features of an audit activity, which are their responsibilities to ensure the highest value possible.

Conclusions

Auditing can be value added if done with right objective. This process outline follows the guidelines suggested by ISO 19011. Keep a focus on continuous improvement and value added auditing, rather than finding fault. With right approach, Continuous Improvement will result and your team will reap the benefits of an effective auditing process.

Jim Robison is a contributing editor to the Harrington Group Edge. He is a RAB Registered Lead Auditor and RAB approved Auditor Transition course trainer. To learn more about this HGI-alliance partner please visit at www.qmx-iso.com

 

Website developed and maintained by The Training Registry