1 Overview of Auditing and ISO /01/2013 4:24 PM s_quintp\bureau Veritas\41 Truth Analyst Presentation.ppt 1
2 TC176/IAF ISO 9001:2008 Auditing Practices Group Guidenance on Auditing ISO 9001: Interpretations t /I t D:\A My Drive\Corp uality\a Improvemen
3 System Approach of ISO 9000:2008 C U S T O M E R S R e q u I r e m e n t s Input Resource management Continual Improvement of the Quality Management System Management responsibility Product Measurement, analysis, improvement Product Output S a t I s f a c t I o n C U S T O M E R S
4 Effective use of ISO19011:2002 Guidelines for QMS and/or EMS auditing Microsoft Word The standard contains guidance on:- The principles of auditing Managing g an audit programme Audit activities Competence and evaluation of auditors
5 What is Nonconformity As per ISO Nonconformity means non-fulfilment of a requirement, against ISO 9001 clause or Auditee s QMS documents like Manual, Procedure/ Work Instruction Etc When a person, process or product fails to meet a requirement of the system is nonconforming in some way. Microsoft Word
6 What is Nonconformity Evidence Evidence is verifiable and comes from» process Name (core process or support process )» references» Serial numbers» Sample size» Time and location» Description of the possible consequences of the nonconformity» Auditee s Statements
7 Discussing a Nonconformity On finding evidence of nonconformity discuss the situation with the officer / manager responsible for the area and: 1. Agree the requirement 2. look for opposing evidence 3. Make notes and evaluate evidence 4. Reach a conclusion 5. Agree the conclusion 6. Never agree nonconformity with an operator.
8 ing a nonconformity Write the statement of nonconformity: There are three parts to a well-documented nonconformity: 1. the audit evidence to support auditor findings; 2. a record of the requirement against which the nonconformity is detected; 3. the statement of nonconformity. Adobe Acrobat
9 ing a nonconformity State clearly what the problem is. Phrases such as evidence of..., However... or 'no evidence of...' are usually good to use. Make sure to stick to the facts and don't imply py opinion / generalizations unless you have evidence that what you have seen really applies to everything. The statement of nonconformity drives the cause analysis, correction and corrective action by the organization, so it needs to be precise.
10 Major Or Minor Nonconformity Major nonconformity» Chronic/repetitive problem» System breakdown» Adversely affecting the environment or the customer (core process) Minor nonconformity :» Isolated implementation problems» Support process
11 Compliance Vs Conformance Nonconformity compliance NC» NC is due to non-fulfillment of ISO 9001 standard requirements, it will be called as compliance type of NC conformance NC : NC i i t d t d t f i ti it ill b» NC is against documented system of organization, it will be conformance kind of NC
12 Nonconformity Statement Example 1 Non Conformity Slip gauge # AP-G-007 had not been calibrated per frequency. Requirement ISO 9001: clause 7.6 a) states that measuring equipment shall be calibrated or verified, or both, at specified intervals, or prior to use, Objective Evidence In Gauge Room, Slip gauge g set serial number AP-G-007, used as a standard to calibrate other gauges, was due recalibration 2 months ago, on 25 June XXXX...,which did not happen
13 Nonconformity Statement Example 2 Non Conformity In spite of major organizational change, departmental procedures was not updated to current practice. Requirement ISO 9001:2000 Clause:4.2.3 expects to review and update as necessary and re-approve documents. Objective Evidence Controlled procedures QSP-XXX-01 dated XX.XX.XXXX is not updated against organizational major change
14 Nonconformity Statement Example 3
17 Identification of Processes Can the Auditee distinguish between processes and activities? Be able to adapt to the auditee s situation ti Determine if there is a problem with difference in terminology Determine if there is a real lack of implementation of the process approach Microsoft Word
18 Understanding the process approach The Auditor should realise several steps are needed Determine the processes and responsibilities needed to attain objectives Determine and provide adequate resources and information Establish and apply methods to monitor and analyse processes Establish and apply a process for continual improvement
19 Understanding the process approach The Auditor also needs to:- Be aware that application of the process approach will be different from organisation to organisation Understand the process approach to a level beyond the terminology of the standard Consider small & medium enterprises who may not need many processes Ensure that t misunderstandings di are identified d and resolved during the 1 st stage audit
20 Understanding the process approach The Auditee needs to consider:- Establishment of process objectives Process planning Availability of suitable records Redefinition of processes during the 1 st stage audit can identify activities incorrectly described as processes Microsoft Word
21 Determination of the where appropriate processes Terminology Definition of process Exclusions Microsoft Word
22 Auditing where appropriate requirements Determine the application of ISO 9001:2000 Ensure where appropriate requirements are appropriate Does the requirement add value? Does it increase the risk of not meeting customer requirements?
23 Auditing where appropriate requirements Need for experience to make a judgement on a technical issue Sector knowledge Competence Auditing skills Knowledge of the processes Objective evidence Microsoft Word
24 Demonstrating conformity to the standard Auditing processes versus auditing to the standard's d' clauses Audit checklists may not be sufficient What is adequate sampling? Microsoft Word
25 Linking an audit of a particular task, activity or process to the overall system Overall direction of the audit Interaction of processes Importance of processes Take samples Microsoft Word
26 Auditing continual improvement How much improvement is enough? What sort of information is relevant and where can we find it? Improvement of the process or improvement of the QMS? Microsoft Word
27 Auditing a QMS which has minimum documentation The necessity for any documentation should be evaluated in the light of: the observed need for consistency the role that any documentation could play in avoiding any significant, identified risks. Mi ft W d Microsoft Word
28 How to audit top management processes Identifying top management processes Conducting the audit Audit reporting Microsoft Word
29 The role and value of the audit checklist Need for checklists The use of audit checklists Advantages Disadvantages Conclusion Microsoft Word Microsoft Word
30 Scope of ISO 9001:2000, Scope of Quality Management System (QMS) and Defining Scope of Certification ISO 9001:2000 clause 1 Scope defines the scope of the standard,, not to be confused with QMS scope The scope of a QMS should be based on the: nature of products and realization processes result of risk assessment commercial considerations contractual, statutory and regulatory requirements ISO 9001:2000 clause 1.2 Application Scope of registration/certification Microsoft Word
31 How to add value Value-added quality management systems Value-added added auditing Maturity of QMS ming orming Conform Non Non-confo Zone 3 Zone 4 Zone 1 Zone 2 Low High Maturity of Quality culture
32 How to add value Some tips for Value-added auditing Audit planning Understand the auditee s expectations/corporate culture Any specific concerns to be addressed (output from previous audits)? Risk analysis of industry sector / specific to organization. Pre-evaluation of statutory/regulatory requirements Appropriate audit team selection to achieve audit objectives Adequate time allocation Audit technique Analysis and decision Report and follow-up Microsoft Word
33 Auditing 'competence' and 'effectiveness of actions taken' An organization will need to: Identify what competencies are required Identify which personnel already are competent Decide what additional competencies are required Decide how these are to be obtained Train, hire or reassign personnel review competence of personnel
34 Auditing 'competence' and 'effectiveness of actions taken' Auditor would seek evidence of: Identification of competencies required Assignment of competent personnel Evaluation of the effectiveness of actions taken Maintenance of competence Microsoft Word
35 Auditing customer feedback processes What are the requirements? What should be addressed when auditing customer feedback processes? Prior to the audit of the customer feedback process (preparation stage) During the process assessment Microsoft Word
36 Review of actions in response to a nonconformity Auditors not only write nonconformities but are also responsible for the review of the response to the nonconformity Correction Determination of cause Corrective action Objective evidence Microsoft Word
37 Auditing statutory and regulatory requirements An organization must identify and control the statutory and regulatory requirements applicable to its products (including services). Evidence should be obtained that these requirements are being satisfied Microsoft Word
38 Auditing quality policy and objectives Auditing quality policy Interview top management to verify that the organisation s overall quality objectives have been defined Evaluate commitment t and involvement Have management disseminated the policy throughout the organisation? Determine awareness among personnel at all levels
39 Auditing quality policy and objectives Auditing quality objectives Verify that the organization s overall quality objectives have been defined d Do they reflect the quality policy? Are they coherent, aligned and compatible with the overall business objectives, including customer expectations? Microsoft Word
40 Auditing the control of monitoring and measuring equipment It is important for the auditor to understand the differences between:- monitoring and measurement, and equipment and devices. The different sub-clauses of the standard refer to all of these in isolation and together so clause 7.6 should be read carefully. Microsoft Word
41 Copies of the guidance documents referred to in this presentation can be obtained from: Comments on the papers or presentations can be sent to the following address: Feedback from users will be used by the ISO 9001 Auditing Practices Group to determine whether additional guidance documents should be developed, or if these current ones should be revised.
42 Disclaimer These papers have not been subject to an endorsement process by the International Organization for Standardization (ISO), ISO Technical Committee 176, or the International Accreditation Forum (IAF). The information contained within them is available for educational and communication purposes. The ISO 9001 Auditing Practices Group does not take responsibility for any errors, omissions or other liabilities that may arise from the provision or subsequent use of such information.