May 2005 e-Newsletter

The aerospace (AS9100) and automotive (ISO/TS 16949) industry versions of ISO 9001:2000 add requirements beyond those in clause 8.2.2 for internal audit. You should examine these extra requirements to see if they might be good additions for your internal audit policies and procedures.

AS9100:2004 (Revision B)

The aerospace standard expands on ISO 9001:2000 with these additional internal audit requirements:

8.2.2 Internal Audit

Detailed tools and techniques must be developed, such as checksheets, process flowcharts, or any similar method to support auditing the quality management system requirements. The acceptability of the selected tools will be measured against the effectiveness of the internal audit process and the overall organization performance. Internal audits must also meet contract and/or regulatory requirements.

ISO/TS 16949:2002

The automotive standard expands on ISO 9001:2000 with these additional internal audit requirements:

8.2.2.1 Quality Management System Audit

The organization must audit its quality management system to verify compliance with this Technical Specification and any additional quality management system requirements.

8.2.2.2 Manufacturing Process Audit

The organization must audit each manufacturing process to determine its effectiveness.

8.2.2.3 Product Audit

The organization must audit products at appropriate stages of production and delivery to verify conformance to all specified requirements (such as product dimensions, functionality, packaging, and labeling) at a defined frequency.

IATF Guidance for ISO/TS 16949:2002 adds for 8.2.2.1, 8.2.2.2, and 8.2.2.3: There are many approaches to analyze quality management system, product quality, and process performance. Internal audit for the organization should be independent of those having direct responsibility for the work performed. Personnel should not audit their own work.

8.2.2.4 Internal Audit Plans

Internal audits must cover all quality management related processes, activities, and shifts, and be scheduled according to an annual plan. When internal or external nonconformities or customer complaints occur, the audit frequency must be appropriately increased.

Note: Specific checklists should be used for each audit.

IATF Guidance for ISO/TS 16949:2002 adds: Relevant input from the area to be audited, as well as, from other interested parties, should be considered in the development of the internal audit plan, including definition of the key customer-oriented processes. Additional planning input may include:

Adequacy and adequacy of performance measures
Analysis of quality cost data
Capability of processes and use of statistical techniques
Effective and efficient implementation of processes
Opportunities for continual improvement
Process and product performance results and expectation
Relationships with customers

8.2.2.5 Internal Auditor Qualification

The organization must have internal auditors who are qualified to audit the requirements of this Technical Specification (refers reader to 6.2.2.2).

IATF Guidance for ISO/TS 16949:2002 adds: The organization should define the minimum qualification requirements for personnel responsible for performance of internal audits, taking into account any customer-specific requirements.

ISO 14001:2004
Although not an industry scheme based on ISO 9001:2000, the environmental standard (ISO 14001:2004) is closely aligned with ISO 9001:2000. Section 4.5.5 of ISO 14001:2004 describes internal audit requirements that are expressed in a very similar manner to those in clause 8.2.2 of ISO 9001:2000. The key differences are:

ISO 9001 says the organization must conduct internal audits, but ISO 14001 says the organization must ensure internal audits are conducted. ISO 9001 says internal audits are conducted to determine if the system is effectively implemented and maintained. However, ISO 14001 says internal audits are conducted to determine if the system is properly implemented and maintained.

ISO 9001 says the audit program must be planned taking into consideration the status and importance of the processes and areas to be audited. ISO 14001 says to take into consideration the environmental importance of the operations concerned. ISO 9001 says internal auditors are selected to ensure objectivity and impartiality, and must not audit their own work. ISO 14001 doesn't mention not being able to audit your own work.

ISO 14001 doesn't mention that management must ensure actions are taken without undue delay to eliminate detected nonconformities and their causes. It relies on clause 4.5.3 on Nonconformities, Corrective Action, and Preventive Action to address this subject. ISO 14001 also doesn't address the need for follow-up activities to verify the actions taken and the reporting of verification results.

Clause 4.5.2 of ISO 14001:2004 identifies requirements for the evaluation of compliance. Although Annex B of ISO 14001:2004 relates 4.5.2 to clauses 8.2.3 and 8.2.4 of ISO 9001:2000, some organizations may use their internal audit program to address these requirements:

4.5.2.1 Consistent with its commitment to compliance, the organization must establish, implement, and maintain a procedure(s) for periodically evaluating compliance with applicable legal requirements.

4.5.2.2 The organization must evaluate compliance with other requirements to which it subscribes. The organization may wish to combine this evaluation with the evaluation of legal compliance referred to in 4.5.2.1 or to establish a separate procedure(s). The organization must keep records of the periodic evaluations.

Annex A of ISO 14001:2004 provides guidance on the use of the standard. Section A5.5 states that internal audits of an environmental management system can be performed by personnel from within the organization or by external persons selected by the organization, working on its behalf. In either case, the persons conducting the audit should be competent and in a position to do so impartially and objectively. In smaller organizations, auditor independence can be demonstrated by an auditor being free from responsibility for the activity being audited.

The telecommunication (TL 9000) and medical device (ISO 13485) industry schemes have accepted the basic internal audit requirements of ISO 9001:2000 and do not include any additional audit requirements.

Go to the quick reference at our web site to see all the clauses and requirement summaries. Refer to the ISO/TS 16949:2002 standard for the specific requirements.

The following article appeared in Issue 6 of INform, the online magazine from the International Register of Certificated Auditors. For more information, go to (http://www.irca.org/inform/issue6/front_cover.htm).

For many auditors, the job has become one of ever greater demands. At one end of the scale there is the strain of increasing paperwork burdens. At the other there is a client who your company wants as a customer, but who you know does not meet the requirements of the standard. With high levels of stress and falling job satisfaction, what personal skills does an auditor need?

ISO 19011:2002 highlights a number of principles for auditors, like ethical conduct, fair presentation, due professional care, independence, and an evidence-based approach. The standard goes on to set out the personal attributes that will enable auditors to act in accordance with the principles of auditing and these are:

ethical
open minded
diplomatic
observant
perceptive
versatile
tenacious
decisive
self reliant

But as well as these skills, there are other qualities and attributes that a good auditor needs.

The ability to gather evidence

All auditors need to be able to gather audit evidence. In environmental auditing, much evidence can be gathered using the senses. It requires an inquisitive stance and the desire to find out what is actually happening. Auditors will also need to be able to engage in a wide range of topics and ask all manner of questions. It is important to stay focused and not to become side-tracked by areas that are not directly relevant to the audit.

Sorting evidence and decision making

Once audit evidence has been gathered it needs to be sorted into what is relevant and what is not. In assessing audit evidence, there also needs to be a decision-making process. This is usually against the criteria that the audit is being conducted against: the standard and the client’s documented management system. This process should be conducted in a detached way, but it may be at the end of a long day before giving feedback to the client.

Putting the picture together

Auditors need to be able to understand systems and how they work. This requires the ability to quickly formulate a picture of the client’s management system, the organization, and the key features within it. A good auditor should then be able to work out an understanding of the cause and effect linkages within the client’s management system. This is also the level where audit planning takes place. Putting the audit plan together requires an appreciation of the audit flow and what would constitute a logical sequence of events.

People skills

Auditors need to have exceptional people skills and the ability to deal with all types of people. For many auditees, the auditor may be feared and not particularly welcome. So, having the ability to put people at ease and understand life from the auditee’s perspective is an important quality. It is also important for auditors to show respect. It is, after all, the auditee who is paying for the auditor’s time.

Audit management

All audits have a certain dynamic which is unique to the organization being audited. The auditor needs to have the ability to manage the audit process against the audit program. This means ensuring that the pace of the audit is right for the program. The pace has to be set within the limits of what both the audit team and the client organization can sustain.

Vision and instinct

Many auditors have the ability to walk into an organization and within a short period of time have an instinctive knowledge of what the state of play is within that organization. When considering audit findings, a good auditor will be able to build a picture of what the situation is within an organization and then translate that into what it might mean for the organization in the future.

Adhering to the rules

All audits have rules; from the rules within the clauses of the management systems standard through to the organization’s own rules for conducting audits. A good auditor needs to understand those rules and make sure that they are adhered to. This often stems from a lack of understanding of the specific requirements of a particular clause.

Leadership

Leadership is obviously a quality needed by lead auditors. A good audit team leader is someone who is accomplished across many of the skills needed for auditing and who has the ability to demonstrate this to others.

Letting the client decide

When they reach a certain level of proficiency, some auditors like to think that they know best and start to advise the client accordingly. In fact, the auditor is simply presenting an accurate picture of the state of play. It is for the organization to determine what direction it will subsequently choose to take.

A personal development program

You can make some sort of assessment on the above qualities and work out your strengths and weaknesses. Some people might be good at adhering to a line, for example, but are not so good at working with people. Others may be good at finding audit evidence and not so good at building it into a picture.

Most auditors get feedback and this can be very useful to in terms of discovering where their strengths and weaknesses lie. Planning for change is the important first step. There is no right or wrong way, but the main thing is to have a plan to clarify what you want to accomplish.

James Smith of Sustainability Training Advice Review in the UK was the author of the above article and can be contacted at (james@sustainabilityconsultants.com).

To enroll in these public classes, you can click on the course title, go to Class Schedule at our web site, or call us at 800-404-7585.

The above public courses can be offered on-site at your facility. In addition, we offer these on-site courses:

-top-

Copyright © 2000 - 2007 Whittington & Associates, LLC. All Rights Reserved. 242 Highlands Drive, Woodstock, GA 30188 770-517-7944 or fax 770-517-7945	Site by Frogtown Media Web Design
Whittington & Associates provides training, consulting and auditing services for quality systems based on ISO 9001, ISO/TS16949, TL9000, AS9100, ISO 13485, as well as, ISO 27001, ISO 20000, ISO 22000, and ISO 14001.