How to audit iso 9001-2000

Well, clause 4. However, due to the broad scope of ISO , clause 4. The answer: by recognizing its linkages to the clauses in the remainder of the standard. Audit those other areas well and you are in effect auditing clause 4. See my comments below each of the of the requirements of clause 4. The organization shall establish, document, implement, and maintain a quality management system and continually improve its effectiveness in accordance with the requirements of this International Standard.

Clause 4. These activities are described in greater detail in the remainder of the standard. And, when you audit these other clauses, you are in essence auditing clause 4. To meet those requirements, you need to ensure that the activities described in 4. The organization shall a identify the processes needed for the quality management system and their application throughout the organization see 1.

Which clauses are to be identified? The NOTE for clause 4. The reference in 4. However, those exclusions are limited to the clause 7 requirements and must not affect your ability or responsibility to provide product that mets customer and legal requirements. How might the processes be identified? The key processes mentioned in the standard will be identified in the Quality Manual. Others may be addressed in documented plans, procedures, and work instructions. Some may be defined, but not documented.

For example, there is a requirement to determine the methods to obtain and use customer satisfaction data. These methods may not be documented, but evidence must be available to prove their existence and conformity to clause 8. The best way to evaluate prior practices is to examine the records from past operations.

The facts uncovered using these methods should be carefully recorded in your audit notes. Analyze this evidence to report the degree of conformity or nonconformity. Auditors cannot interview every person, observe every activity, look at every document, and evaluate every record. You should strive for representative samples that allow you to make informed judgments. Since audits are limited due to sampling, nonconformities may continue to exist in the system beyond those identified and reported.

You may have heard that ISO only specifically requires six procedures. Those required procedures by clause are:.

ISO clause 4. Therefore, organizations should only develop the level of documentation they need based on the process complexity, personnel competence, and organization size. This means some processes may be defined and not documented. Auditors accustomed to relying upon a written procedure to use as the audit criteria may feel lost without them. However, ISO has never required every task to be documented. There have always been cases where an organization could depend on the training, skills, and experience of the persons carrying out a defined process instead of having it written in a document.

With the requirement for fewer documented procedures, auditors will have to improve upon their interviewing techniques to understand and take notes on the defined process. Ask the manager of the area if any documents exist to guide the people in their assigned activities.

If not, ask the manager to explain the process. Auditors should always substantiate the evidence before making conformity judgements.

This is especially important with an undocumented process. Review how the process is planned, people are trained, practices are deployed, conditions are controlled, results are achieved, records are maintained, and the process is improved. Organizations with an existing internal audit program should review their results to ensure audit objectives are being met and to identify opportunities for improvement.

Use the update of your internal audit process as an opportunity to take corrective and preventive actions. Look at past audit reports and see if you are satisfied with current practices and auditor consistency. Have training sessions with your auditors to go over previously written nonconformity statements and identify what clause references would have been used for ISO Of course, internal auditors must prepare audit forms and reports as prescribed by their own audit procedure.

Remind them to audit for conformity not nonconformity and to share some positive comments in their reports to encourage improved compliance. The purpose of an internal audit program schedule is to plan the type and number of audits, as well as, to identify and provide the necessary resources to conduct them. The auditors need to understand how the new clause structure and requirements will affect their audit plans.

Instead of auditing by clause, the organization may decide to audit by functional area. An earlier tip described the need to look at requirements from multiple clauses to fully assess a particular activity. Organizing audits by clause may limit the evaluation to just a subset of the planning, doing, checking, and acting requirements for a process. Scheduling audits by functional area will promote an examination of all the applicable requirements clauses for the specific process scope. If audit results indicate problems with a particular clause across multiple areas, a supplemental audit can be scheduled.

Another method of auditing is to trace customer orders downstream or shipping notices upstream through the flow to assess department interfaces and process handoffs. Audits can also be scheduled for a specific contract or project to only assess the involved areas. Remember that ISO requires audits to be planned based on the status and importance of the areas being audited, as well as, the results of prior audits. Internal audits of critical areas or poorly performing ones must be scheduled more frequently.

If the scope of your system has changed based on permissible exclusions see clause 1. For information on permissible exclusions and outsourcing, refer to Guidance on Clause 1. We hope you find these tips useful in setting up or revising your internal audit program for ISO Although registrars cannot consult on possible audit practices, you can ask them for their interpretation of the ISO requirements.

Best wishes for efficient and effective internal auditing! All Rights Reserved. According to the ISO Fundamentals and Vocabulary standard, an audit is: A systematic, independent, and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled.

Using the tips below should help you achieve these audit objectives. Train your internal auditors on the new standard ISO defines an auditor as a person with the competence to conduct an audit. Revise your internal audit procedure Even if you already have an internal audit procedure, you may need to revise it to address the requirements stated in ISO clause 8. Although ISO required an internal audit procedure, the new standard spells out that the procedure must define responsibilities and requirements for: Planning audits Conducting audits Reporting results Maintaining records Prior audit results must now be considered when planning the audit program schedule , in addition to considering the status and importance of the areas to be audited.

Update your internal audit checklists Although checklists are not required by ISO , most organizations use them to ensure their internal audits address all the stated requirements. David advises that management reviews should look for improvements to audit effectiveness rather than look at individual audit results.

Techniques of auditing are dealt with in Chapter 12, while Chapter 13 considers the different type of audits: product and process.

The section that describes how a product audit varies from a process audit is less than a page long. David concludes each chapter with a summary of the key points discussed. I hope in the next edition he will consider concluding a chapter with a brief lead into the topic that is covered in the following chapter and an introduction to a chapter which briefly covers what was covered in the previous chapter.

The text is well written, free of unnecessary jargon and easy to read. I also found the book informative. I am certain that it is a timely book as the revised ISO standard is to be issued this year. Report bugs here. Please share your general feedback. You can join in the discussion by joining the community or logging in here.

You can also find out more about Emerald Engage. Visit emeraldpublishing. Answers to the most commonly asked questions here. Article view Figure view Cited 19 cite article.