If you are part of a company which has ISO 9001 internal audits for your quality management system, you will be only too aware of the frustration these can sometimes cause. If you are one of the large number of companies that sees no value in the Internal Audit, it’s time to take a fresh approach. Follow these 6 easy steps and you'll be on your way to better ISO 9001 internal audits.
There are some basics that you have to have in place of course. You must have an Internal quality audit plan, you must have competent auditors, and you should have a management review process that is working.
In our experience, a good Internal Audit programme starts with the Management Review. If your management team are engaged with the quality system, you can have a good discussion to plan the audit activity. (Note though that the length of time you plan ahead is yours to decide, although you should have a good idea that over the course of a three year certification period, you will aim to look at all the processes in the scope of the system, and also check that you meet the requirements of the ISO management system).
If the management review team can have a good discussion about the areas they want to audit, they will be more enthused to see the outcomes of the internal audit. For example, if they see or perceive problems in a certain area, then an internal audit (which is an investigation) will help bring clarity to the situation. (Depending on the amount of material you get through, this could occur at the review meeting, or as a separate discussion which is signed off at the MR)
For each internal audit you agree to carry out, you can then decide the things you are going to look at. This will help inform who is going to audit, and how. For example, if the area being audited is very technical, then you should have someone who understands what’s going on during the audit. If they are not trained, have them accompany the auditor. The critical thing is that you gain useful and practical information to report back to the management team.
Big tip here; if you do this for each audit activity, and detail it on a table, you’ve just made a really useful audit programme.
Go and do the audit. Remember that good planning is important; find out what you can about the process or area beforehand, plan and list out what you want to check, discuss it with the auditees and then follow it through.
There are multiple findings from an internal audit. From the details of what you’ve seen, you need to be able to detail what’s going on according to the planned arrangements (e.g. process maps, procedures, or other requirements), and also what is not following those arrangements. In addition, there may be some observations that you see; things that you or the auditees think could improve, or things that don’t go well but no one has done anything about to correct.
Now this next suggestion may prove challenging to some; DO NOT DECIDE ON THE NON-CONFORMANCES AT THIS STAGE. After all, your management review team wanted this audit to take place, so take the findings back to them and discuss them. Let them decide whether or not the situations you found are non-conformances. (Note again; this might be at the management review meeting, or at a separate working session depending on what you have to get through - you don't want the Management Review meeting to get bogged down in detail)
At this stage, you are going to take the audit findings back to the management review team. Take a relevant person from the area or process you audited as well, and then you can discuss what you have found. This is a great way to short cut a lot of delays that many organisations find in closing out non-conformances because if the management decide it needs fixing, it will be fixed. They will help prioritise the activity.
Now go and repeat Step 1.
Related ArticlesTips on choosing an ISO 9001 Certification Body
Adam has been working on Quality and Environmental management systems for most of his career in small, medium and corporate organisations. A keen advocate of the ISO approach as a platform for improvement, Adam ensures that systems are practical and useful for Managers and Staff to use.
Following a number of years working on software development projects, Adam has diversified into Information Security and Business Continuity management. Keen to formalise his industry experience, he is currently undertaking a Diploma in Business Continuity Management at Buckingham University.
Adam has a PhD from Cranfield University and now supports the MSc Environmental Management programmes through the advisory panel and visiting lectures.
If you have any further questions or want to learn more about what we can do for your business, please contact us using the link or details below:CONTACT US
Tel: 01908 255 525