Monitoring and measurement
The ISO Navigator™ database hyperlinks the ISO 9000:2005 principles and the ISO 9001:2008 requirements; and explains them in plain English with practical guidance.
If you're looking for more up-to-date guidance on ISO 9001:2015, ISO 14001:2015, and ISO 45001:2018, click here.
Our range of ISO 9001:2015 quality manuals and integrated manual templates cover the requirements of ISO 14001:2015 and ISO 45001:2018, and offer an easy way to implement and document your organization's quality management system or integrated management system.
ISO 9001:2008: Internal audit 8.2.2
The purpose of the ISO 9001 internal audit is to assess the effectiveness of the quality management system and the organization's overall performance. Your internal audits demonstrate compliance with your ‘planned arrangements’, e.g. QMS manual, procedures or process maps and that the planned arrangements are implemented and maintained.
You can now purchase a range of internal audit checklists as standalone templates or as bundles, with no procedures or forms; just the audit questions!
The auditor’s role is to gauge how well this system is functioning by gathering of objective evidence of conformance and performance. The auditee will often be a processes owner; they are the experts of that process and as such will provide an invaluable insight into the mechanics of the process.
The auditor will verify that processes are documented, implemented and understood. They will also seek confirmation that each process complies with the necessary requirements, that the process is effective and demonstrates continual improvement. Implement an internal audit programme:
- Implement the internal audit procedure
- Establish audit schedule
- Plan your audits
- Assign audit duties
- Review and amend the audit checklist
- Do auditing
- Prepare and submit audit report
- Obtain feedback from auditees
Looking for an ISO 9001 internal audit checklist? Our internal audit templates come with an internal audit checklist, covering the requirements of ISO 9001:2008. It provides a great foundation for establishing, implementing and documenting your internal audit process.
Internal Audit Planning
Planning the internal audit schedule, whilst taking into account process status and importance (and other attributes), is one of the most disregarded requirements of ISO 9001. There is a solution however, download and use the process 'status and importance tracker' to help determine which of your processes and procedures should be audited more frequently.
Simply define your processes and procedures, then enter a score (1 to 4) to rank each process attribute. The formulas convert the individual scores to an overall average, with conditional formatting to highlight those areas that require more regular audits. A greater numerical weighting is given is to customer complaints and external corrective actions.
The resulting scores are highlighted to indicate whether the process requires more frequent auditing; based on its ability to affect the customer and how well it is performing.
This is a great way to substantiate your audit schedule as it highlights the more critical elements. You should then schedule processes with high, red scores for additional audits, perhaps or three or even more times per year.
You should consider process status in terms of maturity and stability; a more established, proven process should be audited less frequently than a newly implemented or recently modified process and should receive a lower status score. Conversely; processes which are not performing to the planned arrangements, should be assigned a higher status score.
You should consider process importance as the degree of direct impact that process performance has on customer satisfaction; i.e. could the process provide the customer with non-conforming product? Support processes should be given a lower ranking than the manufacturing/service provision processes. In addition, the results of previous audits should be considered too. Processes that have been audited recently that have shown effectiveness and improvement should be audited less frequently.
Consider how a failure in quality attributes could affect your customers in terms of providing nonconforming product. In fact, why not ask your customers which attributes could affect them the most, as this method provides a great way to engage with them and to objectively justify the audit programme to top management.
Customer complaints are ranked very highly in terms of seriousness and will elicit a red warning on the total score heat map to highlight that process as requiring greater audit scrutiny.
The corrective actions should be included and must cover all those that were raised internally or externally. External corrective actions rank higher in terms of importance than internal corrective actions. External corrective actions might arise from customer audits, registrar audits or from other stakeholders.
Internal Audit Checklist
The ISO 9001 internal audit checklist is just one of the many tools which are available from the auditor’s toolbox that help ensure the audit addresses the necessary requirements. It stands as a reference point before, during and after the audit process and if developed for a specific audit, and used correctly will provide the following benefits:
- Ensures the audit is conducted systematically
- Promotes audit planning
- Ensures a consistent audit approach
- Actively supports the organization’s audit process
- Provides a repository for notes collected during the audit process
- Ensures uniformity in the performance of different auditors
- Provides reference to objective evidence
|Supplier Audit Checklist||21 page audit checklist covering 16 supplier aspects|
|Process Audit Checklist||Outline generic process audit checklist|
Selection of Internal Auditors
Implement programmes and procedures to cover internal auditor competence. Competence level may be measured by training, mentoring, participation in previous audits and experience in conducting audits.
Auditors may be external or internal personnel; however, they should be in a position to be impartial and objective. If internal personnel are selected to perform an audit, a mechanism needs to be established to ensure objectivity. For instance, a representative from another department may be selected to do the audit.
To properly conduct an QMS audit, an audit team should be established. Audits are demanding and require various forms of expertise. The size of the audit team will vary pending the size of the organization, size and type of operations and the scope of the audit.
Internal Audit Training
Formal internal audit training will provide your auditors with a broad understanding of the various organizational processes that comprise the quality management system and how it is implemented.
The aim of such training is to provide participants, who intend on performing internal audits, with the knowledge and skills needed to assess and report on the conformance and implementation of processes, and to contribute to the continual improvement of the quality management system. Internal auditor courses are normally two-days in duration and topics include:
- An introduction to management system standards
- The key requirements of ISO 9001
- Auditing guidelines based on ISO 19011
- QMS audit planning and preparation
- Conducting the audit
- Audit reporting and follow-up
|Internal Audit Presentation||21 slides promoting awareness of internal audits|
The process audit provides assurance that the process is being implemented as planned and provides information on the ability of the process to produce a quality output. Done properly, a process audit is much more than verification that procedures are being followed. Although preparation can take a day or two, actual audit time is about two hours per shift.
A process is a set of interrelated activities that transform inputs, such as materials, customer requirements and labour, via a series of activities into outputs, such as a finished product or service. Various stages of the process must meet various applicable clauses of the standard. There are six characteristics to look out for when auditing a process:
- Does the process have an owner?
- Is the process defined?
- Is the process documented?
- Are links between other processes established?
- Is the process and its links monitored?
- Are records maintained?
|Process Audit Diagram||What to look for when auditing a process and its linkages|
|Process Audit Checklist||Outline generic process audit checklist|
As part of the process approach, the process audits must be scheduled according to the processes defined by your quality management system. The audit schedule should not be based on the clauses of the standard, or your procedures but it should be based upon the importance and criticality of the process itself. The process approach to auditing should cover three vital stages:
- Preparing for the audit (desk review)
- Auditing the process and its linkages
- Preparing the summary and audit report
Effective process auditing requires the auditor to identify and record audit trails that will make a difference to the organization. The audit should begin with the process owner in order to understand how the process interacts with the other process inputs, outputs, suppliers and/or customers.
The auditor should be able to determine whether the outputs are complete and that process measurements demonstrate whether all of the outputs are consistently fit for purpose and are efficiently managed. Do the customers agree with the outputs and the measures? Audit of customer processes at planned intervals to:
- Determine whether the process conforms to planned arrangements
- Determine whether the process is properly implemented and maintained
- Provide information on process performance to top management
Looking for ISO 9001 mandatory procedure templates? Our quality manual template provides a great foundation for establishing, implementing and documenting the six mandatory procedures that are required by the standard.