quality system planning

do day-to-day tasks

check the results

act to improve

compass image

ISO 9001 internal audit 8.2.2

Looking for help with Internal Audits?

Over the years we've been involved with countless Internal Audits. We've seen them done in many ways - both well, and, not so well! 

There are many off-the-shelf Internal Audit packages available and we've been involved with projects that used most of them.

Having used many different methods we know that the key to successful audits is to keep it simple. Do not over complicate things!

An internal audit procedure is specified. It must define:

>    criteria

Q: What do we audit against ?

A: Your procedures, ISO 9001:2008. Plus any industry specific regulations or contractual requirements.

Tip: Read the relevant documentation prior to the audit and make an audit checklist of the key aspects that you wish to audit. The checklist is merely an aide-memoir, don't be blinkered by it.

Ref ISO 9001:2008 requirements: For practice, see our quality objectives. Use the information provided (all of which can be substantiated) to reach an objective decision. Have we achieved our objectives ? Feel free to give us some feedback.

>    scope

Q: How far do we go ?

A: Far enough to ensure the sequence and interaction of processes.

DOWNLOAD our FREE guides - no need to register!

>    program frequency

Q: How often ?

A: Internal audit program frequency is not specified in ISO 9001:2008. Normal practice is to audit the whole QMS (but in bite-sized pieces) at least once per year or more often if considered appropriate.

Tip: Use the company process-map (See 4.1 ) as a basis for the audit programme - plan to audit related procedures (eg Enquiry & Quotation, Order Receipt, etc.) within a process (eg Sales) and ensure there is some overlap into the next process.

>    method

Q: How do we audit ?

A: Interviewing staff, observing activities and viewing relevant records.

>    report results

Report the audit results to management. You need to include in your procedure how any problems and improvements are followed up.

Q: What should be included in my report ?

A: Your report should be objective and provide a balanced view. Report good things (conformance), bad things (non-conformance) and observations on possible improvements.

Q: What is a non-conformance ?

A: ISO 9000 defines non-conformity as the failure to fulfil a requirement. So, if you can demonstrate that a requirement of ISO 9001, your procedures or other relevant document has not been met then you have a non-conformance.

The term "observation" is your opinion - so make sure you report it as such.

>    keep records see 4.2.4

Auditor training records are also required, see 6.2

Job Description:

1.    confirm compliance with ISO 9001, any other regulations, company procedures, etc.

2.    seek improvements (or simplifications) in processes.

> Tip: Don't forget to audit "top management".

There is considerable emphasis on top management (eg Directors) being seen to be on-board and playing the game. Top management is defined as the person(s) who direct an organisation at the highest level.

The principal message that management must get across is that the objective of this business is to keep the customer happy.

Specifically, management must communicate these ideas (5.1, 5.2, 5.3, 5.5.1, 5.5.2, 5.5.3) to the employees who should be aware of their own roles and responsibilities (6.2.2).

Notice that few of these clauses specify a procedure or a record top management are simply required to do it.

As a result, the Certification Body will want to question the Directors and the staff. This something that your own auditors must also do.

Check this link to the Audit Practice Group site. It has lots of useful data, for example: auditing a system with minimal documentation.

Also see ISO 19011.

DOWNLOAD our FREE guides - no need to register!

Looking for audit checklists and procedures?

Our quality manual template provides a great foundation for establishing, implementing and documenting your internal audit process. Includes audit checklist and procedures.

 

Use ISONavigator with ISO 9001 or ISO 9004.

While every effort is made to ensure the accuracy of the information provided, you are solely responsible for deciding its relevance and applicability given your unique situation. No liability is accepted if you choose to act upon this information.

ISO 9000:2005 principles and ISO 9001:2008 requirements are indicated in
black. Guidance and interpretation is in green