Back to Zero to 9001
9. Auditing
The audit process is a mandatory requirement of ISO9001. Audits are required to monitor and report on the effectiveness of the implementation of the quality management system.
A documented procedure is required by the standard
We suggest you enroll in a professional development course before jumping into the role of Auditor.
An alternative is to use an external consultant to perform your internal audits for you.
a. Plan your Audit Programme
Internal Audits need to be scheduled at planned intervals to check that the quality system conforms to the IS0 9001 Standard and that the system is effectively implemented and maintained.
We recommend the organisation perform at least one complete Internal Audit prior to the actual Certification Audit. Findings raised at this audit should be documented. The organisation should make every effort to “close-out” these findings before the External Audit takes place.
The standard recommends that you plan audits to take into consideration the status and importance of the processes and work activities undertaken by your organisation.
Here are few tips to consider when scheduling your audits:
- prior to the initial Certification Audit you need to have audited all the processes identified in your management system at least once
- as new processes are introduced they may need auditing several times over quite a short period of time to verify workflows and finalise record keeping requirements
- you cannot audit processes that you manage / control yourself – what this means is that even in smaller organisations, it is advisable to have at least two internal auditors trained and available. If this is not possible you may need to consider using an external resource.
- Audit Checklists need to be prepared prior to the actual audit.
There are several options for the format of the audit checklist:
- a formal checklist can be prepared using a pre-formatted list of questions, or
- you can use a photocopy of the procedure being audited and mark this up with questions and points to verify.
The completed Audit Checklist needs to include the names of any personnel interviewed as well as details of documents and records reviewed. Cross reference any non-conforming findings to your Nonconformance Register.
b. Document Audit Findings
Findings raised at both Internal and External Audits need to be followed up and the corrective actions taken must be verified as effective.
Typical records to be maintained are:
- Audit Report
- Audit Findings
- Audit Checklists
- Audit Schedule
You can refer to standard ISO 19011 for guidance on auditing. It sets out requirements on training and experience for auditors, and requirements for how audits should planned, conducted and recorded.