Internal Audit – the ISO 9001 Standard requirements for internal audits and audit program
Internal Audit. “What a headache” – that’s surely what every employee think to himself when they receives the massage of an internal audit approaching. There is a reason why. They know that someone is coming to poke their deeds…
The internal audit chapter is included under chapter 8.2 – Monitoring and measurement. So it is clear that the purpose of the internal audit is to perform Monitoring and measurement within the organization. Internal audits, sometimes called first-party, are conducted by, or on behalf of the organization itself for internal purposes and can form the basis for an organization’s self-declaration of conformity. The organization is required to conduct the audits within scheduled time frames to ensure that the quality management system is:
- Maintained according to the ISO 9001 Standard requirements
- Maintained according to the organization’s requirements and audit’s criteria
What are the audit’s criteria? A Set of policies, procedures or requirements used as a reference. There you would find (almost) all the definitions. We believe that in the end of the day the internal audit is actually an internal inspection that the organization conducts upon itself. Within the organization structure, it is hard for the top management to view of what is going on down the organization. It’s not enough to step down to the production halls, the logistics centers or the service centers and view the employees or the goods on the shelves. It is necessary to sample processes and to examine whether they hold against pre defined criteria. Only high resolution sampling can provide with the real organization’s status. What are the criteria? The ISO 9001 standard requirements, working procedures, quality plans, quality objectives – the characteristics and components of your quality management system.
Since the internal audit topic is very serious and wide, we would not include it all in one article. In this article we will focus on the ISO 9001 Standard requirements for maintaining internal audit system with reference to the ISO 19011 Standard – a guide line Standard for auditing quality or environmental systems. The Standard was published in 2002 and besides outlining guideline for conducting audits, it refer to the auditor’s skills and activities as well. Unfortunately, the ISO 9001 Standard sets requirements but it does not guide us how to conduct an effective audit – one that would not only apply the requirements but would also assist the organization. We would deal with that in another article (we just can’t give you all the secrets in one article. Sorry. Company’s policy).
The ISO 9001 requirements for internal audit – the internal audit procedure
The ISO 9001 Standard requires that you maintain a documented procedure describing the method for conducting an internal audit process. This is not a recommendation but a requirement. The documented procedure must define:
- Who must conduct the audit – whom is the responsible for executing the internal audit process.
- What organizational units are under the scope – departments, specific processes, activities, sites, function, etc
- Describing the process itself – who meets with whom and where and what should everybody bring with them
- The supervision after the internal audit plan (don’t get excited, we will go into the details soon)
- Where the audit’s evidence are documented
It is possible to add as annex the audit’s plan and all sort of forms and documentation regarding to the process.You might want to review the next site which provides you with procedure templates for Internal audits: Qualitymanualtemplates.com – The solution covers all the ISO 9001:2008 Standard requirements for internal audit.
The ISO 9001 requirements for internal audit – The auditor
The auditor must be objective related to the organizational unit he is auditing. This is a hard thing to achieve, when the organization’s quality manager is the auditor. Then he is part of the organization. He will always conduct an audit to his colleagues (the ones he sits and eats lunch with, drinks coffee or smokes a cigarette). Besides that, the auditor must be skilled for conducting an audit and document the situation correctly. Remember, an audit is an emotional event where the employees are examined about the quality of their performances. The audit’s approach is highly important for the audit’s progressing. Beside his personal approach, the audit must have a minimum acquaintance with the field, in order to evaluate the processes and their quality beyond the working procedures (the documented criteria). That kind of knowledge can give him the ability and the consideration to evaluate the situation while he identifies any nonconformities or faults. Within the ISO 19011 Standard there is a specification for the auditor’s qualities required:
- Ethics – credibility, integrity and honesty.
- Open minded – willing to listen, learn and accept new ideas.
- Diplomatic – polite with high manners to his colleagues – after all he is working with people and he is the representative of the top management.
- Observer – owns the ability to recognize what he sees and understand without interrogating.
- Perspective – owns the ability to evaluate situations beyond appearance and with a wide systematic view of things – has the ability to understand the organizational consequences of his evidence.
- Versatile – owns the ability to mobilize from one situation to another without losing direction.
- Persistence – must be persistence with his objectives and to not stray away.
- Decisive – ready to make decisions.
- Independent – must have his own opinion of things and not be influenced by the environment.
We recommend an infinitive patience as well. During the audits people would try everything (but everything) to divert the auditor from the subject, from all sorts of reasons: they want to conceal their activities, they are afraid or just don’t like when other people look through their draws. The auditor must remain patient and always wait until his question is answered. Mostly the audit clients answer completely other answers. Sometime things get out of hand and go into arguments and disputes. The auditor must remain cool, patient – we are use to say “business as usual” – the audit must make it clear; the audit is not open for any debates but a merely decision made by the top management. The auditor has one objective – to present with the top management the real status of the organization. He must not be concerned about time schedules as well. This is merely a tool and not the objective.
Continue Reading about internal audits and audits program