ISO 9001:2008 Internal Auditor Training - PowerPoint PPT Presentation

Loading...

PPT – ISO 9001:2008 Internal Auditor Training PowerPoint presentation | free to view - id: 400e26-MTBjO



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

ISO 9001:2008 Internal Auditor Training

Description:

ISO 9001:2008 Internal Auditor Training Presented by: Cathy Fisher Quality Improvement Strategies Sponsored by: ASQ Section 1122 and Trident Technical College – PowerPoint PPT presentation

Number of Views:5700
Avg rating:3.0/5.0
Slides: 88
Provided by: Cat1101
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: ISO 9001:2008 Internal Auditor Training


1
ISO 90012008Internal Auditor Training
  • Presented by
  • Cathy Fisher
  • Quality Improvement Strategies
  • Sponsored by
  • ASQ Section 1122 and Trident Technical College

2
Goals of this training
  • Discuss recent amendments to ISO 90012008
    requirements
  • Identify typical audit evidence related to ISO
    90012008 amendments
  • Consider ISO 190112008, the auditors bible
    from the internal auditor perspective
  • Review basic auditing process
  • Reminder on how to document audit
    non-conformances and how to address these

3
ISO 9001 Background
  • ISO 9001 was originally issued in 1987 based on
    principles of quality assurance
  • The 1994 issue of ISO 9001 gained recognition in
    the US, although the standard still mainly had a
    quality assurance focus
  • ISO 90012000 standard represented a significant
    change in thinking re defining an organizations
    QMS, promoting a quality management thinking

4
Total Quality Management Systems(have a balance
of quality management methods)
Acting Quality Improvement
Planning Quality Planning
Quality Management System
Doing Quality Assurance
Checking Quality Control
5
(No Transcript)
6
Process View
Products/Services output of producing Processes
Producing Processes to accomplish Plans
Planning Processes apply System to fulfill
customer requirements
Internal auditing focuses here!
System Processes Policies, Objectives
Practices (how an organization does
business)
7
Internal Auditing involves
  • Assessing your organizations plans and processes
    against actual practice
  • Identifying evidence to support performance and
    results of your organizations processes and
    plans
  • Recognizing which processes and plans would
    benefit from focused improvement actions

8
Why Internal Audits are Performed
  • To maintain system conformance with ISO
    90012008 the standard requires internal audits
    be performed per 8.2.2
  • To make sure customer contract requirements are
    being fulfilled
  • To validate our quality management system before
    customers or others come in to audit
  • To identify opportunities for improvement
  • To provide feedback to management on the
    performance of the quality system

9
Quality Audit
  • Per ISO 90002005 a systematic and independent
    and documented process for obtaining audit
    evidence and evaluating it objectively to
    determine the extent to which audit criteria are
    fulfilled.
  • Key points from the audit definition
  • Systematic planned
  • Independent unbiased
  • Documented defined, consistent
  • Audit evidence records, statements of fact or
    other information which are relevant to the audit
    criteria and verifiable
  • Objectively without bias, opinion or prejudice
  • Audit criteria set of policies, procedures or
    requirements used as a reference

10
What is our Audit Criteria?
  • Basis for conducting audits
  • Represents the requirements to be fulfilled to
    achieve Quality
  • Systems are about ensuring the delivery of
    products/services that meet requirements
  • Your organizations quality management system
    documentation
  • ISO 90012008 standard
  • Customer order requirements
  • Other?

11
ISO Revision Process
  • ISO standards are reviewed and updated as
    necessary approximately every 5 years
  • Updates are based on recommendations from users
    of the standard
  • Consensus re updates must be agreed by majority
    of participating countries
  • Updates can be revisions, amendments or simply
    renewal of the existing standard

12
ISO 90012008 Amendment
  • No requirement content changes
  • No change in intent of ISO 90012000 standard
  • Clarification of wording in certain requirements
    may encourage additional consideration of these
    requirements
  • Further compatibility of ISO 9001 with ISO 14001
    standards structure and requirements

13
ISO 90012008 Amendment Goals
  • No or minimum changes on user documents,
    including records
  • No or minimum changes to existing processes of
    the organization
  • No or minimal additional training required
  • No effects on current certifications
  • Provide clarity
  • Increase compatibility with ISO 14001
  • Maintain consistency with ISO 9000 family of
    standards
  • Improve translatability

14
Nature of Amendments
  • Revised wording within requirements
  • Addition or revision of notes to clarify
    requirements
  • Where an organization was minimally addressing a
    requirement previously, the above amendments may
    necessitate consideration of enhancing related
    process definition within the organizations QMS

15
Detailed Review of Amendments
  • For each amendment, consider
  • How your organization currently addresses the
    requirement i.e. which processes in your QMS
    relate to the ISO 9001 requirement
  • What type of evidence is currently available to
    demonstrate conformance and effectiveness of
    those related processes
  • If adjustments are needed in how you would audit
    related processes

16
What is Audit (Objective) Evidence?
  • Evidence which exists
  • Not influenced by emotion or prejudice
  • Physical evidence, (document, record)
  • Observations, (things you see or hear)
  • Admissions, (statements of fact from responsible
    auditee of the process)
  • May be quantitative, (sample), or qualitative,
    (collaborate)
  • Can be verified by someone else
  • Collected as output of audit process

17
4 Audit Evaluators
  • Adequacy are the requirements of the quality
    system standard recognized and addressed/understoo
    d?
  • Conformance are we consistently following our
    system as defined?
  • Effectiveness are we meeting requirements/object
    ives and satisfying our customers by following
    our system?
  • Continual Improvement are we striving to
    increase the capability of achieving
    requirements/objectives of our systems towards
    enhancing customer satisfaction?
  • When auditing the activities of the quality
    management system, all four evaluators must be
    considered.

18
Conformance vs. Effectiveness
  • Are we doing it?
  • Is actual practice, (what is being done),
    consistent with QMS documentation?
  • Does QMS documentation clearly define
    expectations/requirements?
  • Is there a consistent understanding and execution
    of the QMS documentation?
  • Does it work?
  • By following the QMS documentation, are desired
    results achieved?
  • Is the customer, (and other), requirements
    fulfilled?
  • How is the activity or its results evaluated to
    determine the impact on satisfying customers?

19
Challenges of Auditing for Effectiveness
  • Purpose of process must be clearly understood,
    (objectives)
  • Desired outcome from process must be defined,
    (goals)
  • Process outcomes must be measured, (results)
  • Individual processes and their objectives should
    relate to overall QMS quality objectives,
    (quality objectives established at relevant
    functions/levels in organization)

20
Intro Sections of ISO 9001
  • 0.2 Process Approach
  • Text added to emphasize importance of processes
    being capable of achieving desired results
  • 1.1 Scope
  • Clarification that product includes
    intermediate product
  • Explanation re statutory, regulatory and legal
    requirements
  • Statutory requirements, (legislative actions),
    relate to your organization and its suppliers

21
Subtle Amendments
  • Customer requirements
  • Think beyond the customer who pays
  • Consider defining the layers of customers related
    to your organizations products/services
  • Conformity to product requirements
  • Measurement, where appropriate
  • Added in several places in the updated standard
  • Reflects focus on data collection and analysis
  • Supports ability to evaluate effectiveness of QMS
    processes

22
Clause 4
  • 4.1 General Requirements
  • Notes added re outsourcing
  • NOTE 1 potentially outsourced processes include
    management activities, provision of resources,
    product realization, measurement, analysis and
    improvement
  • NOTE 2 An outsourced process is a process
    that the organization needs for its QMS and which
    the organization chooses to have performed by an
    external party.
  • NOTE 3 Types of control applied to outsourced
    processes should consider
  • Potential impact of outsourced process on the
    organizations capability to provide product that
    conforms to requirements
  • Degree to which the control for the process is
    shared
  • Capability of achieving the necessary control
    through the application of 7.4
  • Relationship to clause 7.4 (Purchasing) type
    and extent of control to be applied
  • Outsourced processes are responsibility of
    organization and must be included in QMS
  • (purchased processes/services)
  • What QMS processes are outsourced?
  • How are these processes controlled? (internally
    and externally)

23
Clause 4 (cont.)
  • 4.2.1 Documentation
  • QMS documentation includes records
  • Documents of QMS may be combined
  • ISO 9001 requirements may be covered by more than
    one documented procedure
  • (flexibility in arrangement and presentation of
    required documented procedures)
  • What QMS documentation exists?
  • How is the QMS documentation organized and
    accessed?
  • (relates to QMS adequacy)

24
ISO 9001 Requirements Requiring Documented
Procedures
  • 4.2.3 Control of Document
  • 4.2.4 Control of Records
  • 8.2.2 Internal Audit
  • 8.3 Control of Nonconforming Product
  • 8.5.2 Corrective Action
  • 8.5.3 Preventive Action

25
Clause 4 (cont.)
  • 4.2.3 Control of Documents
  • External documents relevant to QMS need to be
    controlled
  • Includes those documents of external origin
    determined by the organization to be necessary
    for the planning and operation of the QMS
  • What documents of external origin are needed for
    the QMS and its processes?
  • How are these documents controlled, accessed,
    distributed?
  • 4.2.4 Control of Records
  • (wording of requirement aligned with ISO 14001)

26
Clause 5
  • 5.5.2 Management Representative
  • Must be member of organizations own management
  • Cant outsource role of QMS Management Rep
  • Consider rotating role of Management Rep among
    management team members
  • Who is the Management Rep?
  • What is their role relative to the QMS?

27
Clause 6
  • 6.2.1 Human Resources
  • Competence requirements are relevant for any
    personnel who are involved in the operation of
    the QMS
  • personnel performing work affecting conformity
    to product requirements
  • NOTE Conformity to product requirements can be
    affected directly or indirectly by personnel
    performing any tasks within the QMS
  • Increases scope of application of defining
    competencies
  • (ensure that training for product is suitable in
    advance)
  • How are competency requirements identified?
  • Which QMS processes are related to work affecting
    conformity to product requirements?
  • 6.2.2 Competence, training and awareness
  • Training or other actions taken where applicable
    to achieve necessary competence
  • What training or other actions are taken to
    develop competence?
  • When would such actions not be necessary?

28
Clause 6 (cont.)
  • 6.3 Infrastructure
  • Information systems mentioned
  • How are information systems determined and
    maintained?
  • Which information systems impact QMS ability to
    achieve conformity to product requirements?
  • What other QMS processes relate to information
    systems?
  • 6.4 Work Environment
  • NOTE Includes conditions under which work is
    performed, (e.g. physical, environmental, other
    factors such as noise, temperature, humidity,
    lighting, weather, etc.)
  • (considerations of employees health)
  • How does the work environment impact ability to
    achieve conformity to product requirements?
  • Which aspects of the environment have the most
    significant impact?

29
Clause 7
  • 7.2.1 Customer-related processes
  • NOTE Post-delivery activities may include
  • Actions under warranty provision
  • Contractual obligations such as maintenance
    services
  • Supplementary services such as recycling, final
    disposal
  • What post-delivery activities are a planned part
    of your organizations business?
  • What post-delivery activities do customers expect
    of your organization?

30
Clause 7 (cont.)
  • 7.3.1 Design Development Planning
  • NOTE Review, verification and validation have
    distinct purposes
  • These activities may conducted and recorded
    separately or in any combination
  • What type of review, verification and validation
    activities are performed?
  • At what stage in the design/development process
    do these activities occur?
  • 7.3.3 Design Development Outputs
  • NOTE Information needed for production and
    service provision can include details for
    preservation of product
  • What product preservation requirements relate to
    your organizations products?

31
Design Development Actions
  • Review assessment of status identification of
    issues and actions to address such
  • Verification evaluation of outputs vs. inputs
    comparisons, calculations, etc.
  • Validation evaluation of product for intended
    use prototype testing, etc.

32
Clause 7 (cont.)
  • 7.5.3 Identification Traceability
  • Product status identified throughout product
    realization
  • How is product status identified?
  • How does product status change during processing?
  • 7.5.4 Customer Property
  • NOTE Personal data should also be considered as
    customer property
  • What kind of personal data of the customer does
    the organization maintain?
  • How is customer personal data maintained?

33
Clause 7 (cont.)
  • 7.5.5 Preservation of Product
  • the organization shall preserve the product
    during internal processing and delivery to the
    intended destination in order to maintain
    conformity to product requirements
  • What type of product preservation actions are
    necessary to maintain conformity to product
    requirements?
  • How are these actions controlled?

34
Clause 7 (cont.)
  • 7.6 Control of Monitoring and Measuring
    Equipment, (re-titled)
  • measuring equipment shall be calibrated or
    verified, or both
  • What types of actions are taken to evaluate
    monitoring and measurement equipment?
  • NOTE Confirmation of the ability of computer
    software to satisfy the intended application
    would typically include its verification and
    configuration management to maintain its
    suitability for use.
  • What computer software would require such
    confirmation?
  • How will such confirmation be performed?

35
Clause 8
  • 8.2.1 Customer Satisfaction
  • NOTE added to explain methods for monitoring of
    customer perception input from sources such as
  • customer surveys,
  • customer data on delivered product quality,
  • user opinion surveys,
  • lost business analysis,
  • compliments,
  • dealer reports, etc.
  • What methods are being used for monitoring
    customer perception?
  • How is this data being analyzed and used?

36
Clause 8 (cont.)
  • 8.2.2 Internal Audit
  • Management responsible for the area being
    audited shall ensure that any necessary
    corrections and corrective actions are taken
    without undue delay to eliminate detected
    nonconformities and their causes.
  • How are audit nonconformities communicated?
  • What process is used in addressing audit
    nonconformities?
  • NOTE see ISO 19011 for guidance more later
    on this

37
Formula for documenting Nonconformances
  • Concern what was identified during audit
  • Requirement per your organizations QMS
    documentation, (and ISO 90012008)
  • Evidence supports non-fulfillment of
    requirement usually collected during audit when
    concern is initially identified
  • (Impact) to be determined by auditee during
    process of correction which includes
    determination of scope of nonconformity and
    containment

38
Correction vs. Corrective Action
  • Correction is action to eliminate nonconformity
  • Typically action is applied only at location
    where nonconformance was identified
  • However, consideration should be given to other
    potential areas where nonconformity could exist
  • Is not designed to prevent the nonconformance
    from re-appearing elsewhere
  • Corrective action is action to eliminate the
    cause of a detected nonconformity
  • Requires application of root cause analysis
    through data collection and analysis
  • By applying appropriate corrective action,
    recurrence of the nonconformance is typically
    prevented

39
Clause 8 (cont.)
  • 8.2.3 Monitoring Measurement of Processes
  • The organization shall apply suitable methods
    for monitoring and, where applicable, measurement
    of the QMS processes. These methods shall
    demonstrate the ability of the processes to
    achieve planned results. When planned results
    are not achieved, correction and corrective
    action shall be taken, as appropriate
  • NOTE when determining methods, it is advisable
    that the organization consider the type and
    extent of monitoring or measurement appropriate
    to each of its processes in relation to their
    impact on the conformity to product requirements
    and on the effectiveness of the QMS
  • What methods are used for monitoring/measuring
    QMS processes?
  • How are these results utilized by the
    organization?

40
Monitoring vs. Measurement
  • Observing
  • Gathering data or information through typically
    passive means
  • Outcomes may be non-numeric, qualitative
  • Process of assigning numbers to an outcome
  • Generally an active evaluation
  • Leads to numeric or quantitative outcomes

41
Clause 8 (cont.)
  • 8.2.4 Monitoring Measurement of Product
  • Maintain evidence of conformity with acceptance
    criteria
  • Records shall indicate the person(s) authorizing
    release of product for delivery to the customer.
  • What records are available to demonstrate release
    of product?
  • 8.3 Control of Nonconforming Product
  • Content of requirement re-arranged for
    clarification/emphasis
  • Requirement for documented procedure indicated at
    beginning of requirement
  • where applicable added in front of 4 ways
    listed for dealing with nonconforming product

42
Clause 8 (cont.)
  • 8.4 Analysis of Data, (not new)
  • Provides information on
  • customer satisfaction,
  • conformity to product requirements
  • characteristics and trends of processes product
  • suppliers
  • What data is analyzed by the organization?
  • How are results of the analysis utilized?

43
Clause 8 (cont.)
  • 8.5.2 Corrective Action 8.5.3 Preventive Action
  • Reviewing effectiveness of action added
  • How is effectiveness of actions taken evaluated?
  • How are these outcomes utilized in applying
    actions taken to other processes?

44
Disciplined Problem Solving Works in all 3 Cases
New target, Goal, spec
Improvement Action
Target, Goal, Spec
At target, goal, spec
Preventive Action
Corrective Action
Below target, Goal, spec
45
Disciplined Problem Solving Methodology applies to
  • CORRECTIVE ACTION actual gap condition exists
    where what is does not equal what should be
    correction, (containment/interim actions), as
    well as root cause investigation required
  • PREVENTIVE ACTION potential gap condition may
    exist but not yet experienced typically no
    correction required only potential root cause
    investigation
  • IMPROVEMENT ACTION generating the gap raising
    the desired performance level as well as the
    process performance causal factors must be
    investigated to understand what to change in
    order to achieve new level of performance

46
Implementation of ISO 90012008
  • Organizations existing QMS registration will be
    updated during regularly scheduled surveillance
    audits
  • No ISO 90012000 certifications will be issued
    after November, 2009
  • Current ISO 90012000 registrations only valid
    until November, 2010
  • ISO 90012000 and ISO 90012008 registrations are
    considered equivalent from November, 2008 through
    November, 2010

47
ISO 9001 4th edition Review Actions
  • Organizations should plan a review of their QMS
    based on updated ISO 9001
  • Obtain copy of ISO 90012008 standard, (from ASQ)
  • Review content of amendments as compared to your
    organizations current QMS
  • Determine what, if any, actions are necessary to
    align your organizations QMS with the intent of
    the amendments
  • Define implementation/action plan for update of
    your organizations QMS including auditing of
    your QMS
  • Prepare evidence to demonstrate the above actions
    to your registrar, (could mention in management
    review)
  • Contact your registrar to establish timetable for
    updating your QMS registration

48
Status of ISO 9001 Sector Applications
  • AS9100 updated in January, 2009 to align with
    ISO 90012008 contact your registrar for
    registration update details
  • ISO/TS 169492009 released June 15, 2009 very
    minor wording changes
  • TL9000 release 5.0 scheduled before 11/15/09

49
ISO 19011 Auditors Bible
  • Guidelines on quality and/or environmental
    management systems auditing
  • Joint effort (ISO/TC 176 and ISO/TC 207) to
    combine guidelines on quality and environmental
    management systems auditing
  • Replaces ISO 10011-1,2,3 and ISO 14010, 14011,
    14012

50
ISO 19011 General Overview
  • Intended users
  • Auditors
  • Organizations implementing quality and/or
    environmental management systems
  • Organizations involved in auditor certification
    or training
  • Organizations involved in certification/registrati
    on of management systems
  • Organizations involved in accreditation or
    standardization in the area of conformity
    assessment
  • Provides guidance on conducting internal or
    external quality and/or environmental management
    system audits and managing audit programs
  • To be adapted and applied based on the size,
    nature and complexity of the organization and the
    objectives and scope of audits conducted
  • Can be used for other types of audits attention
    to defining auditor competence

51
ISO 19011 Content
  • Clause 4 Principles of Auditing
  • Clause 5 Establishing Managing Audit Programs
    - audit program objectives, extent of audit
    program, how to maintain and improve audit
    program, how to identify audit program resources,
    audit program monitoring reviewing
  • Clause 6 Conducting Audits - Flowchart of audit
    process, feasibility of the audit, document
    review for internal audits, collecting
    information, interviews, recording individual
    audit findings of conformity, audit follow-up
  • Clause 7 Auditor Competence - On-going
    evaluation of auditor performance, knowledge
    skills, auditor work experience, auditing both
    QMS EMS

52
Phases of Auditing
Audit Planning Preparation
Corrective Action, Follow-up and improvement
Reporting audit results
Conducting Actual Audit
53
Auditor Competencies
  • Process approach to system auditing
  • Requirements of latest version of ISO 90012008
  • Concepts and terminology of latest version of ISO
    90012008
  • 8 Quality Management Principles
  • General understanding of performance improvement
    guidelines, ISO 90042000
  • Familiarity with latest draft of auditing
    guidance standard, ISO 19011

54
General Auditor Responsibilities
  • Dedicate time to preparing for audit assignments,
    including researching information re
    process/area to be audited and preparing an audit
    checklist
  • Communicate effectively with all levels and
    associates within your organization
  • Summarize audit information in an objective
    manner
  • Adapt to auditing situations

55
Auditors
  • Managements mirror for observing the business
  • Objective
  • Prepared
  • Professional
  • Ethical
  • Honest
  • Inquisitive

56
Auditor Responsibilities
  • Conduct audits per audit schedule
  • Contact appropriate personnel in the area being
    audited to establish specific date/time and
    agenda for audit
  • Review information related to the area being
    audited
  • Prepare a checklist of questions to guide the
    audit process
  • Collect objective evidence to support audit
    findings
  • Report the results of the audit in a timely
    manner
  • Organize verification of corrective actions to
    audit nonconformances

57
Auditing for Continual Improvement
  • Consider the 8 Quality Management Principles
  • Recognize PDCA relationship re who to audit,
    (top to bottom)
  • PDCA also relates to audit indicators to be
    evaluated

58
8 Quality Management Principles (Management
philosophy of ISO 9000 series)
  • Provide framework towards improved performance of
    an organization
  • Were identified based on ISO 9000 series user
    feedback
  • Form the basis for ISO 9000 family QMS standards
  • Are the focus for new/additional quality system
    requirements in ISO 90012008
  • Customer focus
  • Leadership
  • Involvement of people
  • Process approach
  • System approach to management
  • Continual improvement
  • Factual approach to decision-making
  • Mutually beneficial supplier relationships

NOTE The knowledge and use of the eight quality
management principles should Be demonstrated and
cascaded through the organization by top
management. (ISO/TS)
59
8 Quality Management Principles
  • Customer focus organizations depend on their
    customers and therefore should understand current
    and future customer needs, meet customer
    requirements and strive to exceed customer
    expectations.
  • Leadership leaders establish unity of purpose
    and direction of the organization. They should
    create and maintain the internal environment in
    which people can become fully involved in
    achieving the organizations objectives.
  • Involvement of People people at all levels are
    the essence of an organization and their full
    involvement enables their abilities to be used
    for the organizations benefit.
  • Process Approach a desired result is achieved
    more efficiently when related resources and
    activities are managed as a process.
  • System Approach to Management identifying,
    understanding and managing a system of
    interrelated processes for a given objective
    improves the organizations effectiveness and
    efficiency.
  • Continual Improvement continual improvement
    should be a permanent objective of the
    organization.
  • Factual Approach to Decision-making effective
    decisions are based on the analysis of data and
    information.
  • Mutually Beneficial Supplier Relationships an
    organization and its suppliers are
    interdependent, and a mutually beneficial
    relationship enhances the ability of both to
    create value

60
Process-based System View(auditing an area or
entire organization)
Planning
Doing
Evaluating
Improving
61
4 Audit Evaluators
  • Adequacy are the requirements of the quality
    system standard recognized and addressed/understoo
    d?
  • Conformance are we consistently following our
    system as defined?
  • Effectiveness are we meeting requirements/object
    ives and satisfying our customers by following
    our system?
  • Continual Improvement are we striving to
    increase the capability of achieving
    requirements/objectives of our systems towards
    enhancing customer satisfaction?
  • When auditing the activities of the quality
    system, all four evaluators must be considered.

62
Adequacy
  • Evaluated prior to registration of quality system
    by 3rd party auditor through documentation review
  • Ongoing evaluation by 3rd party auditor during
    surveillance audits
  • Consideration given each time a document change
    is requested

63
Conformance vs. Effectiveness
  • Are we doing it?
  • Is actual practice, (what is being done),
    consistent with QMS documentation?
  • Does QMS documentation clearly define
    expectations/requirements?
  • Is there a consistent understanding and execution
    of the QMS documentation?
  • Does it work?
  • By following the QMS documentation, are desired
    results achieved?
  • Is the customer, (and other), requirements
    fulfilled?
  • How is the activity or its results evaluated to
    determine the impact on satisfying customers?

64
Challenges of Auditing for Effectiveness
  • Purpose of process must be clearly understood,
    (objectives)
  • Desired outcome from process must be defined,
    (goals)
  • Process outcomes must be measured, (results)
  • Individual processes and their objectives should
    relate to overall QMS quality objectives,
    (quality objectives established at relevant
    functions/levels in organization)

65
Continual Improvement
  • Has this process or product been prioritized for
    improvement?
  • Is the process or product currently stable and
    capable, (re conformance)?
  • Would increasing the target value further
    customer satisfaction?
  • What plans are in place to increase the ability
    of this process or product to satisfy customers?
  • Recurring activity to increase the ability to
    fulfill requirements
  • Optimization of characteristics and parameters of
    a product or process at a target value
  • Only applicable where conformance has been
    established

66
Challenges of Auditing forContinual Improvement
  • Information re process performance before and
    after improvement is needed to demonstrate actual
    improvement
  • Evaluation of impact of improvement, (positive
    and negative), should be made during improvement
    implementation
  • Not all processes can be improved at once due to
    limited resources
  • Auditee management decides when/where improvement
    is appropriate

67
What is an audit nonconformance?
  • Identifies situation where quality management
    system, as documented, is not being followed
  • Reactive opportunity to improve the quality
    management system
  • Audit nonconformance report provides record of
    current condition to allow comparison after
    action is taken

68
Writing a Nonconformance
  • Purpose - to get effective corrective action!
  • Helps people understand the problem.
  • Acts as starting point for problem solving.

69
Formula for documenting Nonconformances
  • Concern what condition was identified during
    audit recognizes what is
  • Requirement per your organizations QMS
    documentation (and ISO 90012008) defines what
    should be
  • Evidence supports non-fulfillment of
    requirement usually collected during audit when
    concern is initially identified

70
Communicate Nonconformance
  • Audit nonconformances must be communicated in a
    timely manner to ensure that correction and
    corrective action can be taken to prevent further
    nonconformance and potentially affecting the
    customer
  • Verbally explain nonconformance to auditee during
    audit
  • Initiate audit nonconformance report during audit
    team wrap-up
  • Note audit nonconformances in appropriate section
    on audit report
  • Communicate nonconformance to manager of area
    during audit closing meeting have manager sign
    audit nonconformance report indicating they have
    received the audit nonconformance

71
Corrective Action Auditees Responsibility
  • Find problem
  • Fix problem
  • Identify root cause of problem
  • Implement solutions that control or eliminate
    root cause of problem
  • Implement system to evaluate effectiveness of
    corrective action
  • Respond with action plan in a timely manner
  • Should not be a defense of status quo
  • Should not only address specific deficiency
    without addressing underlying root cause

72
Corrective Action
  • Fix it, (correction)
  • Investigate why it happened, (root cause
    analysis)
  • Implement actions to prevent it from happening
    again, (corrective action)
  • Evaluate results and verify that actions taken do
    prevent nonconformance from happening again,
    (effectiveness)
  • Actions taken to eliminate the causes of a
    detected nonconformance to prevent recurrence.
  • Manager of the area where nonconformance was
    identified is responsible for these actions

73
Who is involved in corrective action?
  • Effort normally led by supervisor or department
    manager
  • Any employee may be involved in identifying the
    cause of the problem as well as potential
    solutions
  • Some solutions may lead to change in existing
    system
  • The internal auditor may participate in the
    corrective action at the request of the
    department/area, but is not responsible for
    correcting or implementing corrective actions for
    the nonconforming condition
  • Involve other departments/areas who may
    experience the same problem

74
How to Plan Corrective Action
  • Investigate scope of nonconformance look beyond
    the evidence identified by the auditor
  • Determine cause(s) of nonconformance
  • Based on scope of nonconformance, implement
    correction and corrective action where appropriate

75
How do I know if the corrective action worked?
  • The problem does not occur again.
  • Your department/area determines how to verify the
    corrective action taken to evaluate if the
    problem has been fixed, (measures of
    effectiveness)
  • Your corrective action will also be independently
    evaluated by an auditor after projected
    completion date noted on the nonconformance
    report.

76
Corrective Action Review
  • Performed by Audit Coordinator and Internal
    Auditor
  • Evaluate corrective action plan/response based on
    nonconformance
  • Determine if stated corrective action
    plan/response suitably addresses nonconformance
    do actions taken control or eliminate the root
    cause?
  • If corrective action is acceptable, then verify
    via follow-up audit or next scheduled audit
  • If corrective action is not acceptable, then
    explain why to auditee and request new corrective
    action

77
Verification of Corrective Action
  • Detailed objective evidence to confirm that
    corrective action taken to correct a
    nonconformance is implemented and effective
  • Based on auditees written corrective action,
    (plan)
  • Determine if stated corrective actions have been
    taken
  • Determine if corrective actions taken have
    effectively eliminated the cause of
    nonconformance
  • Develop set of questions specific to corrective
    action using the corrective action report as the
    audit criteria
  • Look for evidence that problem has not repeated
    since solution was implemented

78
How Verification Audits are Performed
  • Auditor reviews corrective action information
    prepared by auditee
  • Auditor prepares checklist of questions based on
    corrective action information, (fix it actions,
    how root cause was identified, actions taken to
    address cause, how results of actions were
    evaluated, etc.)
  • Auditor performs audit to identify evidence which
    supports that each step of corrective action has
    been completed and that implemented actions have
    eliminated/controlled the causes to prevent
    recurrence of the nonconformance
  • Auditor also reviews information collected
    demonstrating results of implemented actions and
    data reflecting whether the nonconformance has
    recurred

79
What was done to Immediately Correct the
Nonconformance? (Correction)
  • Correction fixes the nonconforming condition
  • Correction should be applied to all
    nonconformances, not just those initially
    identified
  • Consideration should be given to how to correct
    other nonconformances which may occur while
    investigating cause and determining permanent
    corrective action
  • Rebuild
  • Rework
  • Re-process
  • Revise
  • Re-do

80
What Caused the Nonconformance?
  • Why did the nonconformance occur?
  • What happened that could have led to the
    nonconformance?
  • Which processes contributed to the
    nonconformance?
  • What factors of these processes may have
    contributed to the nonconformance?
  • What changes may have occurred in these factors
    and/or processes that led to the nonconformance?
  • Cause identified should directly explain why
    nonconformance occurred

81
What is being done to Eliminate or Control the
Causes?
  • Eliminate cause by removing cause through product
    or process re-design
  • Control cause by installing a monitoring
    mechanism or institute monitoring by process
    owners to recognize when cause may be present so
    immediate action can be taken to prevent
    nonconformance
  • Actions taken should directly relate to cause
    identified

82
Implement the Actions to Control and/or Eliminate
the Causes
  • Actions defined in corrective action plan
  • Indicate actual completion date so impact of
    implemented action can be assessed
  • If alternative actions are taken, the corrective
    action plan should be updated to reflect change
  • Evidence should be available to demonstrate that
    all specified actions have either been taken or
    an explanation given as to why these actions were
    not implemented

83
Are Changes to the QMS needed?
  • Evaluate the impact of actions taken on the QMS,
    (maintain integrity of QMS when changes occur)
  • Consider how policies/procedures/practices could
    be changed to prevent the nonconformance from
    happening again system level solution
  • Does existing QMS documentation need to be
    updated as a result of actions taken?
  • Does new QMS documentation need to be introduced?
  • Utilize QMS document control process
  • If changes to QMS are made, training for those
    involved in the impacted processes should be
    planned and provided

84
What are the Measured Results of the Actions
Taken? (Effectiveness)
  • Measure the results of implemented actions to
    determine if nonconformance and its causes have
    been eliminated
  • Monitor the effect that implemented actions have
    on processes
  • Monitor to see if the nonconformance or its
    related causes happen again
  • Also note any unexpected results of the
    implemented actions, (positive and negative)
  • The desired result is that the nonconformance and
    its associated causes do not repeat
  • Time and data collection may be required to
    complete this step in the corrective action
    process

85
Results of Verification
  • Record results of verification audit formal
    audit report not required when only reporting
    results of verification audit
  • If results of verification audit demonstrate that
    corrective action is not complete or not
    effective, communicate this to manager of area
    and Management Representative the corrective
    action can not be closed until specified actions
    have been taken and data exists to demonstrate
    corrective action was effective in preventing
    recurrence of the nonconformance
  • These results also represent an audit of the
    effectiveness of the corrective action process
  • Verification audits should also be performed for
    preventive and improvement actions same process
    except no fix it actions would be required

86
Available References
  • ISO 9001 and ISO 19011 standards can be purchased
    from ASQ or ANSI
  • Memory Jogger 90012008 by Goal/QPC
  • The Insiders Guide to ISO 90012008 by Paton
    Press
  • Following references are available for download
    free of charge at www.iso.org
  • N836 Implementation Guidance for ISO 90012008
  • Other reference documents available

87
Thank you for attending ISO 90012008 Internal
Auditor Training
  • For additional information, please contact
  • Cathy Fisher
  • Quality Improvement Strategies
  • (704) 575-4496
  • cathyf2_at_earthlink.net
About PowerShow.com