ISO 9001:2008 Internal Auditor Training - PowerPoint PPT Presentation


PPT – ISO 9001:2008 Internal Auditor Training PowerPoint presentation | free to view - id: 400e26-MTBjO


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation

ISO 9001:2008 Internal Auditor Training


ISO 9001:2008 Internal Auditor Training Presented by: Cathy Fisher Quality Improvement Strategies Sponsored by: ASQ Section 1122 and Trident Technical College – PowerPoint PPT presentation

Number of Views:6049
Avg rating:3.0/5.0
Slides: 88
Provided by: Cat1101


Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: ISO 9001:2008 Internal Auditor Training

ISO 90012008Internal Auditor Training
  • Presented by
  • Cathy Fisher
  • Quality Improvement Strategies
  • Sponsored by
  • ASQ Section 1122 and Trident Technical College

Goals of this training
  • Discuss recent amendments to ISO 90012008
  • Identify typical audit evidence related to ISO
    90012008 amendments
  • Consider ISO 190112008, the auditors bible
    from the internal auditor perspective
  • Review basic auditing process
  • Reminder on how to document audit
    non-conformances and how to address these

ISO 9001 Background
  • ISO 9001 was originally issued in 1987 based on
    principles of quality assurance
  • The 1994 issue of ISO 9001 gained recognition in
    the US, although the standard still mainly had a
    quality assurance focus
  • ISO 90012000 standard represented a significant
    change in thinking re defining an organizations
    QMS, promoting a quality management thinking

Total Quality Management Systems(have a balance
of quality management methods)
Acting Quality Improvement
Planning Quality Planning
Quality Management System
Doing Quality Assurance
Checking Quality Control
(No Transcript)
Process View
Products/Services output of producing Processes
Producing Processes to accomplish Plans
Planning Processes apply System to fulfill
customer requirements
Internal auditing focuses here!
System Processes Policies, Objectives
Practices (how an organization does
Internal Auditing involves
  • Assessing your organizations plans and processes
    against actual practice
  • Identifying evidence to support performance and
    results of your organizations processes and
  • Recognizing which processes and plans would
    benefit from focused improvement actions

Why Internal Audits are Performed
  • To maintain system conformance with ISO
    90012008 the standard requires internal audits
    be performed per 8.2.2
  • To make sure customer contract requirements are
    being fulfilled
  • To validate our quality management system before
    customers or others come in to audit
  • To identify opportunities for improvement
  • To provide feedback to management on the
    performance of the quality system

Quality Audit
  • Per ISO 90002005 a systematic and independent
    and documented process for obtaining audit
    evidence and evaluating it objectively to
    determine the extent to which audit criteria are
  • Key points from the audit definition
  • Systematic planned
  • Independent unbiased
  • Documented defined, consistent
  • Audit evidence records, statements of fact or
    other information which are relevant to the audit
    criteria and verifiable
  • Objectively without bias, opinion or prejudice
  • Audit criteria set of policies, procedures or
    requirements used as a reference

What is our Audit Criteria?
  • Basis for conducting audits
  • Represents the requirements to be fulfilled to
    achieve Quality
  • Systems are about ensuring the delivery of
    products/services that meet requirements
  • Your organizations quality management system
  • ISO 90012008 standard
  • Customer order requirements
  • Other?

ISO Revision Process
  • ISO standards are reviewed and updated as
    necessary approximately every 5 years
  • Updates are based on recommendations from users
    of the standard
  • Consensus re updates must be agreed by majority
    of participating countries
  • Updates can be revisions, amendments or simply
    renewal of the existing standard

ISO 90012008 Amendment
  • No requirement content changes
  • No change in intent of ISO 90012000 standard
  • Clarification of wording in certain requirements
    may encourage additional consideration of these
  • Further compatibility of ISO 9001 with ISO 14001
    standards structure and requirements

ISO 90012008 Amendment Goals
  • No or minimum changes on user documents,
    including records
  • No or minimum changes to existing processes of
    the organization
  • No or minimal additional training required
  • No effects on current certifications
  • Provide clarity
  • Increase compatibility with ISO 14001
  • Maintain consistency with ISO 9000 family of
  • Improve translatability

Nature of Amendments
  • Revised wording within requirements
  • Addition or revision of notes to clarify
  • Where an organization was minimally addressing a
    requirement previously, the above amendments may
    necessitate consideration of enhancing related
    process definition within the organizations QMS

Detailed Review of Amendments
  • For each amendment, consider
  • How your organization currently addresses the
    requirement i.e. which processes in your QMS
    relate to the ISO 9001 requirement
  • What type of evidence is currently available to
    demonstrate conformance and effectiveness of
    those related processes
  • If adjustments are needed in how you would audit
    related processes

What is Audit (Objective) Evidence?
  • Evidence which exists
  • Not influenced by emotion or prejudice
  • Physical evidence, (document, record)
  • Observations, (things you see or hear)
  • Admissions, (statements of fact from responsible
    auditee of the process)
  • May be quantitative, (sample), or qualitative,
  • Can be verified by someone else
  • Collected as output of audit process

4 Audit Evaluators
  • Adequacy are the requirements of the quality
    system standard recognized and addressed/understoo
  • Conformance are we consistently following our
    system as defined?
  • Effectiveness are we meeting requirements/object
    ives and satisfying our customers by following
    our system?
  • Continual Improvement are we striving to
    increase the capability of achieving
    requirements/objectives of our systems towards
    enhancing customer satisfaction?
  • When auditing the activities of the quality
    management system, all four evaluators must be

Conformance vs. Effectiveness
  • Are we doing it?
  • Is actual practice, (what is being done),
    consistent with QMS documentation?
  • Does QMS documentation clearly define
  • Is there a consistent understanding and execution
    of the QMS documentation?
  • Does it work?
  • By following the QMS documentation, are desired
    results achieved?
  • Is the customer, (and other), requirements
  • How is the activity or its results evaluated to
    determine the impact on satisfying customers?

Challenges of Auditing for Effectiveness
  • Purpose of process must be clearly understood,
  • Desired outcome from process must be defined,
  • Process outcomes must be measured, (results)
  • Individual processes and their objectives should
    relate to overall QMS quality objectives,
    (quality objectives established at relevant
    functions/levels in organization)

Intro Sections of ISO 9001
  • 0.2 Process Approach
  • Text added to emphasize importance of processes
    being capable of achieving desired results
  • 1.1 Scope
  • Clarification that product includes
    intermediate product
  • Explanation re statutory, regulatory and legal
  • Statutory requirements, (legislative actions),
    relate to your organization and its suppliers

Subtle Amendments
  • Customer requirements
  • Think beyond the customer who pays
  • Consider defining the layers of customers related
    to your organizations products/services
  • Conformity to product requirements
  • Measurement, where appropriate
  • Added in several places in the updated standard
  • Reflects focus on data collection and analysis
  • Supports ability to evaluate effectiveness of QMS

Clause 4
  • 4.1 General Requirements
  • Notes added re outsourcing
  • NOTE 1 potentially outsourced processes include
    management activities, provision of resources,
    product realization, measurement, analysis and
  • NOTE 2 An outsourced process is a process
    that the organization needs for its QMS and which
    the organization chooses to have performed by an
    external party.
  • NOTE 3 Types of control applied to outsourced
    processes should consider
  • Potential impact of outsourced process on the
    organizations capability to provide product that
    conforms to requirements
  • Degree to which the control for the process is
  • Capability of achieving the necessary control
    through the application of 7.4
  • Relationship to clause 7.4 (Purchasing) type
    and extent of control to be applied
  • Outsourced processes are responsibility of
    organization and must be included in QMS
  • (purchased processes/services)
  • What QMS processes are outsourced?
  • How are these processes controlled? (internally
    and externally)

Clause 4 (cont.)
  • 4.2.1 Documentation
  • QMS documentation includes records
  • Documents of QMS may be combined
  • ISO 9001 requirements may be covered by more than
    one documented procedure
  • (flexibility in arrangement and presentation of
    required documented procedures)
  • What QMS documentation exists?
  • How is the QMS documentation organized and
  • (relates to QMS adequacy)

ISO 9001 Requirements Requiring Documented
  • 4.2.3 Control of Document
  • 4.2.4 Control of Records
  • 8.2.2 Internal Audit
  • 8.3 Control of Nonconforming Product
  • 8.5.2 Corrective Action
  • 8.5.3 Preventive Action

Clause 4 (cont.)
  • 4.2.3 Control of Documents
  • External documents relevant to QMS need to be
  • Includes those documents of external origin
    determined by the organization to be necessary
    for the planning and operation of the QMS
  • What documents of external origin are needed for
    the QMS and its processes?
  • How are these documents controlled, accessed,
  • 4.2.4 Control of Records
  • (wording of requirement aligned with ISO 14001)

Clause 5
  • 5.5.2 Management Representative
  • Must be member of organizations own management
  • Cant outsource role of QMS Management Rep
  • Consider rotating role of Management Rep among
    management team members
  • Who is the Management Rep?
  • What is their role relative to the QMS?

Clause 6
  • 6.2.1 Human Resources
  • Competence requirements are relevant for any
    personnel who are involved in the operation of
    the QMS
  • personnel performing work affecting conformity
    to product requirements
  • NOTE Conformity to product requirements can be
    affected directly or indirectly by personnel
    performing any tasks within the QMS
  • Increases scope of application of defining
  • (ensure that training for product is suitable in
  • How are competency requirements identified?
  • Which QMS processes are related to work affecting
    conformity to product requirements?
  • 6.2.2 Competence, training and awareness
  • Training or other actions taken where applicable
    to achieve necessary competence
  • What training or other actions are taken to
    develop competence?
  • When would such actions not be necessary?

Clause 6 (cont.)
  • 6.3 Infrastructure
  • Information systems mentioned
  • How are information systems determined and
  • Which information systems impact QMS ability to
    achieve conformity to product requirements?
  • What other QMS processes relate to information
  • 6.4 Work Environment
  • NOTE Includes conditions under which work is
    performed, (e.g. physical, environmental, other
    factors such as noise, temperature, humidity,
    lighting, weather, etc.)
  • (considerations of employees health)
  • How does the work environment impact ability to
    achieve conformity to product requirements?
  • Which aspects of the environment have the most
    significant impact?

Clause 7
  • 7.2.1 Customer-related processes
  • NOTE Post-delivery activities may include
  • Actions under warranty provision
  • Contractual obligations such as maintenance
  • Supplementary services such as recycling, final
  • What post-delivery activities are a planned part
    of your organizations business?
  • What post-delivery activities do customers expect
    of your organization?

Clause 7 (cont.)
  • 7.3.1 Design Development Planning
  • NOTE Review, verification and validation have
    distinct purposes
  • These activities may conducted and recorded
    separately or in any combination
  • What type of review, verification and validation
    activities are performed?
  • At what stage in the design/development process
    do these activities occur?
  • 7.3.3 Design Development Outputs
  • NOTE Information needed for production and
    service provision can include details for
    preservation of product
  • What product preservation requirements relate to
    your organizations products?

Design Development Actions
  • Review assessment of status identification of
    issues and actions to address such
  • Verification evaluation of outputs vs. inputs
    comparisons, calculations, etc.
  • Validation evaluation of product for intended
    use prototype testing, etc.

Clause 7 (cont.)
  • 7.5.3 Identification Traceability
  • Product status identified throughout product
  • How is product status identified?
  • How does product status change during processing?
  • 7.5.4 Customer Property
  • NOTE Personal data should also be considered as
    customer property
  • What kind of personal data of the customer does
    the organization maintain?
  • How is customer personal data maintained?

Clause 7 (cont.)
  • 7.5.5 Preservation of Product
  • the organization shall preserve the product
    during internal processing and delivery to the
    intended destination in order to maintain
    conformity to product requirements
  • What type of product preservation actions are
    necessary to maintain conformity to product
  • How are these actions controlled?

Clause 7 (cont.)
  • 7.6 Control of Monitoring and Measuring
    Equipment, (re-titled)
  • measuring equipment shall be calibrated or
    verified, or both
  • What types of actions are taken to evaluate
    monitoring and measurement equipment?
  • NOTE Confirmation of the ability of computer
    software to satisfy the intended application
    would typically include its verification and
    configuration management to maintain its
    suitability for use.
  • What computer software would require such
  • How will such confirmation be performed?

Clause 8
  • 8.2.1 Customer Satisfaction
  • NOTE added to explain methods for monitoring of
    customer perception input from sources such as
  • customer surveys,
  • customer data on delivered product quality,
  • user opinion surveys,
  • lost business analysis,
  • compliments,
  • dealer reports, etc.
  • What methods are being used for monitoring
    customer perception?
  • How is this data being analyzed and used?

Clause 8 (cont.)
  • 8.2.2 Internal Audit
  • Management responsible for the area being
    audited shall ensure that any necessary
    corrections and corrective actions are taken
    without undue delay to eliminate detected
    nonconformities and their causes.
  • How are audit nonconformities communicated?
  • What process is used in addressing audit
  • NOTE see ISO 19011 for guidance more later
    on this

Formula for documenting Nonconformances
  • Concern what was identified during audit
  • Requirement per your organizations QMS
    documentation, (and ISO 90012008)
  • Evidence supports non-fulfillment of
    requirement usually collected during audit when
    concern is initially identified
  • (Impact) to be determined by auditee during
    process of correction which includes
    determination of scope of nonconformity and

Correction vs. Corrective Action
  • Correction is action to eliminate nonconformity
  • Typically action is applied only at location
    where nonconformance was identified
  • However, consideration should be given to other
    potential areas where nonconformity could exist
  • Is not designed to prevent the nonconformance
    from re-appearing elsewhere
  • Corrective action is action to eliminate the
    cause of a detected nonconformity
  • Requires application of root cause analysis
    through data collection and analysis
  • By applying appropriate corrective action,
    recurrence of the nonconformance is typically

Clause 8 (cont.)
  • 8.2.3 Monitoring Measurement of Processes
  • The organization shall apply suitable methods
    for monitoring and, where applicable, measurement
    of the QMS processes. These methods shall
    demonstrate the ability of the processes to
    achieve planned results. When planned results
    are not achieved, correction and corrective
    action shall be taken, as appropriate
  • NOTE when determining methods, it is advisable
    that the organization consider the type and
    extent of monitoring or measurement appropriate
    to each of its processes in relation to their
    impact on the conformity to product requirements
    and on the effectiveness of the QMS
  • What methods are used for monitoring/measuring
    QMS processes?
  • How are these results utilized by the

Monitoring vs. Measurement
  • Observing
  • Gathering data or information through typically
    passive means
  • Outcomes may be non-numeric, qualitative
  • Process of assigning numbers to an outcome
  • Generally an active evaluation
  • Leads to numeric or quantitative outcomes

Clause 8 (cont.)
  • 8.2.4 Monitoring Measurement of Product
  • Maintain evidence of conformity with acceptance
  • Records shall indicate the person(s) authorizing
    release of product for delivery to the customer.
  • What records are available to demonstrate release
    of product?
  • 8.3 Control of Nonconforming Product
  • Content of requirement re-arranged for
  • Requirement for documented procedure indicated at
    beginning of requirement
  • where applicable added in front of 4 ways
    listed for dealing with nonconforming product

Clause 8 (cont.)
  • 8.4 Analysis of Data, (not new)
  • Provides information on
  • customer satisfaction,
  • conformity to product requirements
  • characteristics and trends of processes product
  • suppliers
  • What data is analyzed by the organization?
  • How are results of the analysis utilized?

Clause 8 (cont.)
  • 8.5.2 Corrective Action 8.5.3 Preventive Action
  • Reviewing effectiveness of action added
  • How is effectiveness of actions taken evaluated?
  • How are these outcomes utilized in applying
    actions taken to other processes?

Disciplined Problem Solving Works in all 3 Cases
New target, Goal, spec
Improvement Action
Target, Goal, Spec
At target, goal, spec
Preventive Action
Corrective Action
Below target, Goal, spec
Disciplined Problem Solving Methodology applies to
  • CORRECTIVE ACTION actual gap condition exists
    where what is does not equal what should be
    correction, (containment/interim actions), as
    well as root cause investigation required
  • PREVENTIVE ACTION potential gap condition may
    exist but not yet experienced typically no
    correction required only potential root cause
  • IMPROVEMENT ACTION generating the gap raising
    the desired performance level as well as the
    process performance causal factors must be
    investigated to understand what to change in
    order to achieve new level of performance

Implementation of ISO 90012008
  • Organizations existing QMS registration will be
    updated during regularly scheduled surveillance
  • No ISO 90012000 certifications will be issued
    after November, 2009
  • Current ISO 90012000 registrations only valid
    until November, 2010
  • ISO 90012000 and ISO 90012008 registrations are
    considered equivalent from November, 2008 through
    November, 2010

ISO 9001 4th edition Review Actions
  • Organizations should plan a review of their QMS
    based on updated ISO 9001
  • Obtain copy of ISO 90012008 standard, (from ASQ)
  • Review content of amendments as compared to your
    organizations current QMS
  • Determine what, if any, actions are necessary to
    align your organizations QMS with the intent of
    the amendments
  • Define implementation/action plan for update of
    your organizations QMS including auditing of
    your QMS
  • Prepare evidence to demonstrate the above actions
    to your registrar, (could mention in management
  • Contact your registrar to establish timetable for
    updating your QMS registration

Status of ISO 9001 Sector Applications
  • AS9100 updated in January, 2009 to align with
    ISO 90012008 contact your registrar for
    registration update details
  • ISO/TS 169492009 released June 15, 2009 very
    minor wording changes
  • TL9000 release 5.0 scheduled before 11/15/09

ISO 19011 Auditors Bible
  • Guidelines on quality and/or environmental
    management systems auditing
  • Joint effort (ISO/TC 176 and ISO/TC 207) to
    combine guidelines on quality and environmental
    management systems auditing
  • Replaces ISO 10011-1,2,3 and ISO 14010, 14011,

ISO 19011 General Overview
  • Intended users
  • Auditors
  • Organizations implementing quality and/or
    environmental management systems
  • Organizations involved in auditor certification
    or training
  • Organizations involved in certification/registrati
    on of management systems
  • Organizations involved in accreditation or
    standardization in the area of conformity
  • Provides guidance on conducting internal or
    external quality and/or environmental management
    system audits and managing audit programs
  • To be adapted and applied based on the size,
    nature and complexity of the organization and the
    objectives and scope of audits conducted
  • Can be used for other types of audits attention
    to defining auditor competence

ISO 19011 Content
  • Clause 4 Principles of Auditing
  • Clause 5 Establishing Managing Audit Programs
    - audit program objectives, extent of audit
    program, how to maintain and improve audit
    program, how to identify audit program resources,
    audit program monitoring reviewing
  • Clause 6 Conducting Audits - Flowchart of audit
    process, feasibility of the audit, document
    review for internal audits, collecting
    information, interviews, recording individual
    audit findings of conformity, audit follow-up
  • Clause 7 Auditor Competence - On-going
    evaluation of auditor performance, knowledge
    skills, auditor work experience, auditing both

Phases of Auditing
Audit Planning Preparation
Corrective Action, Follow-up and improvement
Reporting audit results
Conducting Actual Audit
Auditor Competencies
  • Process approach to system auditing
  • Requirements of latest version of ISO 90012008
  • Concepts and terminology of latest version of ISO
  • 8 Quality Management Principles
  • General understanding of performance improvement
    guidelines, ISO 90042000
  • Familiarity with latest draft of auditing
    guidance standard, ISO 19011

General Auditor Responsibilities
  • Dedicate time to preparing for audit assignments,
    including researching information re
    process/area to be audited and preparing an audit
  • Communicate effectively with all levels and
    associates within your organization
  • Summarize audit information in an objective
  • Adapt to auditing situations

  • Managements mirror for observing the business
  • Objective
  • Prepared
  • Professional
  • Ethical
  • Honest
  • Inquisitive

Auditor Responsibilities
  • Conduct audits per audit schedule
  • Contact appropriate personnel in the area being
    audited to establish specific date/time and
    agenda for audit
  • Review information related to the area being
  • Prepare a checklist of questions to guide the
    audit process
  • Collect objective evidence to support audit
  • Report the results of the audit in a timely
  • Organize verification of corrective actions to
    audit nonconformances

Auditing for Continual Improvement
  • Consider the 8 Quality Management Principles
  • Recognize PDCA relationship re who to audit,
    (top to bottom)
  • PDCA also relates to audit indicators to be

8 Quality Management Principles (Management
philosophy of ISO 9000 series)
  • Provide framework towards improved performance of
    an organization
  • Were identified based on ISO 9000 series user
  • Form the basis for ISO 9000 family QMS standards
  • Are the focus for new/additional quality system
    requirements in ISO 90012008
  • Customer focus
  • Leadership
  • Involvement of people
  • Process approach
  • System approach to management
  • Continual improvement
  • Factual approach to decision-making
  • Mutually beneficial supplier relationships

NOTE The knowledge and use of the eight quality
management principles should Be demonstrated and
cascaded through the organization by top
management. (ISO/TS)
8 Quality Management Principles
  • Customer focus organizations depend on their
    customers and therefore should understand current
    and future customer needs, meet customer
    requirements and strive to exceed customer
  • Leadership leaders establish unity of purpose
    and direction of the organization. They should
    create and maintain the internal environment in
    which people can become fully involved in
    achieving the organizations objectives.
  • Involvement of People people at all levels are
    the essence of an organization and their full
    involvement enables their abilities to be used
    for the organizations benefit.
  • Process Approach a desired result is achieved
    more efficiently when related resources and
    activities are managed as a process.
  • System Approach to Management identifying,
    understanding and managing a system of
    interrelated processes for a given objective
    improves the organizations effectiveness and
  • Continual Improvement continual improvement
    should be a permanent objective of the
  • Factual Approach to Decision-making effective
    decisions are based on the analysis of data and
  • Mutually Beneficial Supplier Relationships an
    organization and its suppliers are
    interdependent, and a mutually beneficial
    relationship enhances the ability of both to
    create value

Process-based System View(auditing an area or
entire organization)
4 Audit Evaluators
  • Adequacy are the requirements of the quality
    system standard recognized and addressed/understoo
  • Conformance are we consistently following our
    system as defined?
  • Effectiveness are we meeting requirements/object
    ives and satisfying our customers by following
    our system?
  • Continual Improvement are we striving to
    increase the capability of achieving
    requirements/objectives of our systems towards
    enhancing customer satisfaction?
  • When auditing the activities of the quality
    system, all four evaluators must be considered.

  • Evaluated prior to registration of quality system
    by 3rd party auditor through documentation review
  • Ongoing evaluation by 3rd party auditor during
    surveillance audits
  • Consideration given each time a document change
    is requested

Conformance vs. Effectiveness
  • Are we doing it?
  • Is actual practice, (what is being done),
    consistent with QMS documentation?
  • Does QMS documentation clearly define
  • Is there a consistent understanding and execution
    of the QMS documentation?
  • Does it work?
  • By following the QMS documentation, are desired
    results achieved?
  • Is the customer, (and other), requirements
  • How is the activity or its results evaluated to
    determine the impact on satisfying customers?

Challenges of Auditing for Effectiveness
  • Purpose of process must be clearly understood,
  • Desired outcome from process must be defined,
  • Process outcomes must be measured, (results)
  • Individual processes and their objectives should
    relate to overall QMS quality objectives,
    (quality objectives established at relevant
    functions/levels in organization)

Continual Improvement
  • Has this process or product been prioritized for
  • Is the process or product currently stable and
    capable, (re conformance)?
  • Would increasing the target value further
    customer satisfaction?
  • What plans are in place to increase the ability
    of this process or product to satisfy customers?
  • Recurring activity to increase the ability to
    fulfill requirements
  • Optimization of characteristics and parameters of
    a product or process at a target value
  • Only applicable where conformance has been

Challenges of Auditing forContinual Improvement
  • Information re process performance before and
    after improvement is needed to demonstrate actual
  • Evaluation of impact of improvement, (positive
    and negative), should be made during improvement
  • Not all processes can be improved at once due to
    limited resources
  • Auditee management decides when/where improvement
    is appropriate

What is an audit nonconformance?
  • Identifies situation where quality management
    system, as documented, is not being followed
  • Reactive opportunity to improve the quality
    management system
  • Audit nonconformance report provides record of
    current condition to allow comparison after
    action is taken

Writing a Nonconformance
  • Purpose - to get effective corrective action!
  • Helps people understand the problem.
  • Acts as starting point for problem solving.

Formula for documenting Nonconformances
  • Concern what condition was identified during
    audit recognizes what is
  • Requirement per your organizations QMS
    documentation (and ISO 90012008) defines what
    should be
  • Evidence supports non-fulfillment of
    requirement usually collected during audit when
    concern is initially identified

Communicate Nonconformance
  • Audit nonconformances must be communicated in a
    timely manner to ensure that correction and
    corrective action can be taken to prevent further
    nonconformance and potentially affecting the
  • Verbally explain nonconformance to auditee during
  • Initiate audit nonconformance report during audit
    team wrap-up
  • Note audit nonconformances in appropriate section
    on audit report
  • Communicate nonconformance to manager of area
    during audit closing meeting have manager sign
    audit nonconformance report indicating they have
    received the audit nonconformance

Corrective Action Auditees Responsibility
  • Find problem
  • Fix problem
  • Identify root cause of problem
  • Implement solutions that control or eliminate
    root cause of problem
  • Implement system to evaluate effectiveness of
    corrective action
  • Respond with action plan in a timely manner
  • Should not be a defense of status quo
  • Should not only address specific deficiency
    without addressing underlying root cause

Corrective Action
  • Fix it, (correction)
  • Investigate why it happened, (root cause
  • Implement actions to prevent it from happening
    again, (corrective action)
  • Evaluate results and verify that actions taken do
    prevent nonconformance from happening again,
  • Actions taken to eliminate the causes of a
    detected nonconformance to prevent recurrence.
  • Manager of the area where nonconformance was
    identified is responsible for these actions

Who is involved in corrective action?
  • Effort normally led by supervisor or department
  • Any employee may be involved in identifying the
    cause of the problem as well as potential
  • Some solutions may lead to change in existing
  • The internal auditor may participate in the
    corrective action at the request of the
    department/area, but is not responsible for
    correcting or implementing corrective actions for
    the nonconforming condition
  • Involve other departments/areas who may
    experience the same problem

How to Plan Corrective Action
  • Investigate scope of nonconformance look beyond
    the evidence identified by the auditor
  • Determine cause(s) of nonconformance
  • Based on scope of nonconformance, implement
    correction and corrective action where appropriate

How do I know if the corrective action worked?
  • The problem does not occur again.
  • Your department/area determines how to verify the
    corrective action taken to evaluate if the
    problem has been fixed, (measures of
  • Your corrective action will also be independently
    evaluated by an auditor after projected
    completion date noted on the nonconformance

Corrective Action Review
  • Performed by Audit Coordinator and Internal
  • Evaluate corrective action plan/response based on
  • Determine if stated corrective action
    plan/response suitably addresses nonconformance
    do actions taken control or eliminate the root
  • If corrective action is acceptable, then verify
    via follow-up audit or next scheduled audit
  • If corrective action is not acceptable, then
    explain why to auditee and request new corrective

Verification of Corrective Action
  • Detailed objective evidence to confirm that
    corrective action taken to correct a
    nonconformance is implemented and effective
  • Based on auditees written corrective action,
  • Determine if stated corrective actions have been
  • Determine if corrective actions taken have
    effectively eliminated the cause of
  • Develop set of questions specific to corrective
    action using the corrective action report as the
    audit criteria
  • Look for evidence that problem has not repeated
    since solution was implemented

How Verification Audits are Performed
  • Auditor reviews corrective action information
    prepared by auditee
  • Auditor prepares checklist of questions based on
    corrective action information, (fix it actions,
    how root cause was identified, actions taken to
    address cause, how results of actions were
    evaluated, etc.)
  • Auditor performs audit to identify evidence which
    supports that each step of corrective action has
    been completed and that implemented actions have
    eliminated/controlled the causes to prevent
    recurrence of the nonconformance
  • Auditor also reviews information collected
    demonstrating results of implemented actions and
    data reflecting whether the nonconformance has

What was done to Immediately Correct the
Nonconformance? (Correction)
  • Correction fixes the nonconforming condition
  • Correction should be applied to all
    nonconformances, not just those initially
  • Consideration should be given to how to correct
    other nonconformances which may occur while
    investigating cause and determining permanent
    corrective action
  • Rebuild
  • Rework
  • Re-process
  • Revise
  • Re-do

What Caused the Nonconformance?
  • Why did the nonconformance occur?
  • What happened that could have led to the
  • Which processes contributed to the
  • What factors of these processes may have
    contributed to the nonconformance?
  • What changes may have occurred in these factors
    and/or processes that led to the nonconformance?
  • Cause identified should directly explain why
    nonconformance occurred

What is being done to Eliminate or Control the
  • Eliminate cause by removing cause through product
    or process re-design
  • Control cause by installing a monitoring
    mechanism or institute monitoring by process
    owners to recognize when cause may be present so
    immediate action can be taken to prevent
  • Actions taken should directly relate to cause

Implement the Actions to Control and/or Eliminate
the Causes
  • Actions defined in corrective action plan
  • Indicate actual completion date so impact of
    implemented action can be assessed
  • If alternative actions are taken, the corrective
    action plan should be updated to reflect change
  • Evidence should be available to demonstrate that
    all specified actions have either been taken or
    an explanation given as to why these actions were
    not implemented

Are Changes to the QMS needed?
  • Evaluate the impact of actions taken on the QMS,
    (maintain integrity of QMS when changes occur)
  • Consider how policies/procedures/practices could
    be changed to prevent the nonconformance from
    happening again system level solution
  • Does existing QMS documentation need to be
    updated as a result of actions taken?
  • Does new QMS documentation need to be introduced?
  • Utilize QMS document control process
  • If changes to QMS are made, training for those
    involved in the impacted processes should be
    planned and provided

What are the Measured Results of the Actions
Taken? (Effectiveness)
  • Measure the results of implemented actions to
    determine if nonconformance and its causes have
    been eliminated
  • Monitor the effect that implemented actions have
    on processes
  • Monitor to see if the nonconformance or its
    related causes happen again
  • Also note any unexpected results of the
    implemented actions, (positive and negative)
  • The desired result is that the nonconformance and
    its associated causes do not repeat
  • Time and data collection may be required to
    complete this step in the corrective action

Results of Verification
  • Record results of verification audit formal
    audit report not required when only reporting
    results of verification audit
  • If results of verification audit demonstrate that
    corrective action is not complete or not
    effective, communicate this to manager of area
    and Management Representative the corrective
    action can not be closed until specified actions
    have been taken and data exists to demonstrate
    corrective action was effective in preventing
    recurrence of the nonconformance
  • These results also represent an audit of the
    effectiveness of the corrective action process
  • Verification audits should also be performed for
    preventive and improvement actions same process
    except no fix it actions would be required

Available References
  • ISO 9001 and ISO 19011 standards can be purchased
    from ASQ or ANSI
  • Memory Jogger 90012008 by Goal/QPC
  • The Insiders Guide to ISO 90012008 by Paton
  • Following references are available for download
    free of charge at
  • N836 Implementation Guidance for ISO 90012008
  • Other reference documents available

Thank you for attending ISO 90012008 Internal
Auditor Training
  • For additional information, please contact
  • Cathy Fisher
  • Quality Improvement Strategies
  • (704) 575-4496