May 21, 2011 SPSC ISO 9001:2008 AUDIT PRINCIPLES AND CONCEPTS Why Audits The third element of Dr Deming’s PDCA cycle of continual improvement is check. A check is required because of the recognised and accepted fact world over that generally activities either do not happen at all, or not in the way desired to achieve the objectives, and quality systems are no exceptions. It is human beings who perform various activities in an organisation. As the saying goes “To error is human”, so, error shall continued to take place. However, the statistical analysis of errors in organisations has established that approximate 80 - 85 % errors take place due to the system, another 15 - 19% are not intentional, and less than 1 % may be intentional.
May 21, 2011 SPSC ISO 9001:2008 Checks, verification, examination or audit of activities helps us to uncover the system deficiencies, and offer opportunities to take corrective actions. It also helps to reduce quality cost the cost of errors in an organisation. System audits are therefore, not for finding fault with individuals or organisations. It is also not a method to grade individuals or increments or promotion. The basic purpose of an audit is to collect objective evidence, analyse evidence, and compare it with the specified requirements ( audit criteria ) to highlight the deficiencies, so as to facilitate the auditee for initiating corrective action, thereby ensuring continual improvement in the system. Audits must be positive in approach and conduct, so that they are welcomed and not dreaded in the organisation. This requires both the auditor and the auditee education, which must be an integral part of the preparation for the audits in an organisation.
May 21, 2011 SPSC ISO 9001:2008 PRINCIPLES RELATED TO AUDITORS ETHICAL CONDUCT Ethical Conduct is foundation of professionalism, which flows from the trust, integrity, confidentiality, and discretion of the auditor FAIR PRESENTATION It is the obligation of the auditor to report truthfully and accurately the audit findings, audit conclusions and audit reports. He should also correctly report significant obstacles encountered during the audit; as well as, unresolved or diverging opinions between the audit team and auditee. DUE PROFESSIONAL CARE An auditor should use due professional care by the application of diligence and judgment while auditing. Auditors should exercise care in accordance with the importance of the task and confidence placed in them by the audit clients; having necessary competence is an important prerequisite.
May 21, 2011 SPSC ISO 9001:2008 PRINCIPLES RELATED TO AUDIT PROCESS INDEPENDENCE Independence is the basis for the impartiality and objectivity of the audit conclusions. Auditors must therefore be independent of the activity being audited, and be free from bias and conflict of interest. Auditors must maintain an objective state of mind throughout the audit process, to ensure that the findings and conclusions will be based only on evidence. EVIDENCE Evidence is the rational basis for reaching reliable and reproducible audit conclusions. Audit evidence must be verifiable. It must be based on the sample of information available. Samples should therefore be appropriately representative, since confidence that can be placed in the audit conclusions is closely related to the samples.
May 21, 2011 SPSC ISO 9001:2008 QUALITY AUDIT ISO 9000 : 2000 defines quality audit a “systematic, independent and documented process for obtaining audit evidence and evaluating its objectivity, to determine the extent to which audit criteria are fulfilled.” Let us understand various words used in the definition. By definition, quality audit is a systematic activity. An activity can be systematic only if it is performed in a formal way. Audit should therefore be planned and carried out in accordance with defined and documented procedures, using a check list and complete with formal reports and records. Quality audits must be carried out by people who are independent of the activity or process being audited so as to reduce the bias. Auditors therefore should not audit their own work, and as for as possible the area / department in which they are working.
May 21, 2011 SPSC ISO 9001:2008 ISO 9000 : 2000 defines audit evidence as “Records, statements of facts or other information which is relevant to the audit criteria and is verifiable.” An audit evidence can be objective and verifiable if : It exists in one form or the other; such as documented procedures, instructions, formats, drawings, specifications, price lists, material in a godown, equipment on the shop floor, or an individual performing an activity. It is based on an unbiased observation; it is not as a result of personal prejudice, and personally seen by the auditor. It is about the quality system, is not about individuals or technology. It is stated by the responsible person of the area or activity being audited ( Departmental head, section head, supervisor, foreman in charge or the operator himself ) It can be quantitative or qualitative.
May 21, 2011 SPSC ISO 9001:2008 ISO 9000 : 2000 defines audit criteria as “Set of policies, procedures or requirements, used as a reference”. It is therefore obvious that if any audit is to be meaningful, it must be carried out against a defined criteria. The criteria can come from either of the following sources : MANAGEMENT : Policies defined in the quality manual, procedures and instructions ( Quality system ) CUSTOMER : Stated and implied need as committed through contracts, or product information given to the customer, before or a part of contract obligation. STATUTORY OR REGULATORY : Requirements as applicable to the product. QMS STANDARDS : Mandatory requirements of ISO 9001: 2000 Quality audits may be conducted for internal and or external purposes. They should not be confused with surveillance or inspection activities performed for the purposes of process control or product acceptance.
May 21, 2011 SPSC ISO 9001:2008 CATEGORIES OF QUALITY AUDIT There are three categories of audit System Audit Process Audit Product Audit QMS audit is defined as “A systematic investigation of the intent, the implementation and the effectiveness of selected aspects of the QMS of an organisation or part thereof (process)”; QM itself being defined as “Coordinated activities to direct and control an organisation with regard to the quality”. As evident from the definition, system audits are used to assess the degree of achievement of direction and control of an organisation to achieve its objectives with respect to quality. The assessment could be for a system process, function or area; or of the complete QMS at a time.
May 21, 2011 SPSC ISO 9001:2008 Depending upon the maturity of the system the purpose of the system audit could be to : Assess the adequacy of the QMS documentation to establish whether it includes all necessary components (processes) and the processes have the capability to not only achieved organisation quality policy and objectives, but also meet the mandatory requirement of QMS standard being implemented. Assess is the degree of implementation of the QMS, so established. Assess the effectiveness of the QMS, viz the level of achievement of policy and objectives. Identifying opportunities for improvement, to make the system more efficient and cost-effective. System audits are mandatory requirement of all QMS standards. ISO 10011 provides guidelines for auditing quality systems, and is in three parts. ISO 10011-1 : auditing ISO 10011-2 : qualification criteria for System auditors ISO 10011-3 : management of audit programme.
May 21, 2011 SPSC ISO 9001:2008 PROCESS AUDIT Process audit are carried out to assess the performance and capability of the system processes such as : Has the process being properly planned to achieve business objectives? Are the set objectives being achieved? Are the defined procedure / instructions being followed in letter and sprit? Is the process stable / under the statistical control? Do the opportunities exist ( if so, identify them ) to reduce process variations, eliminate waste to have various types ( men, material, machine, method ), thus making the process both effective and efficient ? Although not mandatory, process audits should be carried out by the organisations for their own benefit, as a part of internal audits. ISO 9001 : 2000 clause 8.2.3 requires the organisation to apply suitable methods for monitoring and where appropriate measurement of QMS processes to demonstrate the ability to the process to achieved Planned results.
May 21, 2011 SPSC ISO 9001:2008 PRODUCT AUDIT Product audit is like an inspection. The purpose is to establish the extent to the defined product specifications are being achieve. Internal auditors should identify deficiencies if any, and help establish relevant product objective for the organisation.
May 21, 2011 SPSC ISO 9001:2008 BENEFIT OF AUDITS INTERNAL AUDITS Meet the Specified requirement of ISO 9001 : 2000 clause 8.2.2. Are the powerful tool to a aid improvements of the QMS. Since the limit of quality is infinitely, there can be no process or activity that is perfect and cannot be improved upon regarding implementation, effectiveness or efficiency. Further, in a global village, where the organisations have to operate in a competitive and dynamic environment, organisations have no alternative but to continually improve their QMS for survival and growth. Provides control mechanism by the management, to assess the status of the QMS, from time to time.
May 21, 2011 SPSC ISO 9001:2008 SECOND PARTY AUDITS Satisfy implied need for evaluation and control of suppliers. Help to improve supplier’s QMS, and thus benefiting both the customer and the supplier. Help to increase in mutual understanding of the customer's requirement, and suppliers limitations, thus establishing a mutually beneficial relationship. Induce mutual understanding leading to ‘ Supply chain tuning’ resulting in just-in-time system or TQM etc.
May 21, 2011 SPSC ISO 9001:2008 THIRD-PARTY AUDITS Lessen need for second party audits, resulting in time and money saving to both the customers and the suppliers. Help to establish minimum standard met by organisations like ISO 9001, ISO 14001 or ISO / TS / 16949. Have worldwide recognition of the compliance to an international QMS standard, resulting in an increased market share and the competitiveness.