The internal audit results and the audit report – the true story, according to the ISO 9001 and ISO 19011 Standard requirements
The internal audit chapter is included under chapter 8.2 – Monitoring and measurement. When performing an audit you are monitoring processes; You sample a process and validate that it is done according to prior requirements. Once you stumble upon nonconformity – a process that was performed not according to a requirement, you must mention it in the audit report. But this is not the end of your story. In this article we will review the ISO 9001:2008 requirements for conducting the internal audit with reference to the ISO 19011 Standard – Guidelines for auditing quality management systems. ISO 19011 provides guidance in order to achieve the ISO 9001 requirements for internal audit. Actually it is suitable for the environmental management system requirements for internal audits as well, but for now, we will focus on the ISO 9001 requirements only.
Internal Audit – top management responsibility
The ISO 9001 Standard requires that the top management would bear the responsible for the audit’s results. The management shall assure that any nonconformity revealed during the audit would be removed without any delays. The removal than would be verified and validated. Harsh requirements! Well, they have a point. The ISO 9001 Standard requires the management’s responsibility for implementing the Standard’s requirements. In fact, a whole chapter was dedicated to the matter (chapter 5 – management responsibility – very clear). One aspect of the required responsibility is to assure the minimum as possible of nonconformities. Nonconformities may be revealed during audits. The relation is clear. The management becomes responsible for the audit’s results. Actually the revised ISO 9001:2008 Specifically requires that the management would ensure corrective action to nonconformities revealed during audits. All of the above are nice and well written over and over again. We are sure that most of you heard it already throughout audits (internal and external). But the big question is how to maintain? Well, that’s why we are here for. We will explain it in plain English and suggest solutions. If you would have further questions you may send them to us via this page.
Internal Audit – the report
The audit’s main goal is to give a status report. The tactic of an audit (external or internal) is to evaluate the organization’s performances with reference to the requirements. In plain words, it is required from your organization to maintain several activities. The audit evaluates whether the activities are performed and how well they are performed.When you reveal nonconformities, those nonconformities should be applied to a controlled process. The goal is to verify that the nonconformities are removed. The main activity during the audit is sampling and documenting. The auditor samples processes and documents the results. But this activity is divided into several stages that take place during the audit. Let’s review them.
An opening meeting – In this meeting the management meets the auditor. The purpose is to gather information that can shed light on the audit’s report. This part is very important. In this meeting usually the auditor documents some general details and information about the organization:
- Which units are being audited,
- Which are the persons involved during the audit and what is their role
- How many employees working in the audited organization
- The main products of the organization
- Special events that occurred lately within the organization that might affect the product or the processes.
The next one is an informal advice!! Sometime the organization can’t compete with its requirements for various reasons that are or not depended on the organization’s ability to compete. It happens a lot. This is perfectly normal. But this is the time to explain why. If you know that some of the requirements are not fulfilled and there is a good reason – reveal it and explain exactly why, before the auditor sample the process and gets angry… An opening meeting is not mandatory within internal audits. But it is within external audits. In this meeting the auditor should publish his schedules for the audit. Actually, the schedules should be published a week or so before the audit, allowing the relevant parties to prepare themselves. But in the opening meeting the auditor should declare the schedules again. Just to be polite.
Conducting the internal audit
And now the audit begins! Uhhh… Stay calm! We are used to say: whatever happens, act as if it is normal! Another informal advice… Please erase the last comment from the protocol. The main activity during the audit should be sampling. The auditor must sample the processes in order to determine whether the process was performed according to the prior requirements… or not. Samples can occur as:
- Records of processes
- Documentations of any kind such as working instructions, quality plans or standard requirements
- Records of Knowledge and employees trainings
- Compliant product handling according to defined requirements
Any process that was sampled must be documented. The auditor must describe specifically what he had observed and document it. The documentation must indicate whether it is according to the requirements or not. The requirements can be such as:
- A working procedures requirement
- A quality plan
- Customers’ requirements
- A Standard requirements (not only ISO 9001 but any other applicable Standards)
- A legal or regulatory requirement.
The ISO 9001 Standard requires a procedure specifying how the internal audit should be performed within the organization – one of the Quality procedures required by the ISO 9001 Standard. This is not a recommendation but a requirement. You must document t method on a procedure he and maintain it – that means that it’s not enough to document the procedure, you must also prove that you follow what you had defined and actually perform it – perform a quality management activities for internal audits (chapter 8.2.2). It’s not easy being an auditor. It also not so easy to maintain all of the above without some help: Qualitymanualtemplates.com – The solution covers all the ISO 9001 Standard requirements, including the new revised ISO 9001:2008 Standard.
Continue Reading the second part of the article