Auditing the Management of Resources

Auditors should verify that the resources needed to implement, maintain, and improve the quality management system are adequately managed. This means that appropriate resources are to be identified, planned, made available, used, monitored, and changed as necessary by the organization.

It is recommended that the management of resources not be audited in isolation. Irrespective of the way the organization is structured and identifies its processes, auditors should be able to verify the adequacy and effective management of the resources to achieve planned results. It is important for auditors to verify whether the organization has evaluated past and present performance (e.g., using cost-benefit analysis and risk assessment) when deciding what resources are to be allocated.

Management of resources can be evaluated by interviews with top management and other responsible personnel to check that suitable processes are in place. This needs, however, to be supported by objective evidence collected throughout the audit.

Evidence can be obtained at different stages of the audit: reviewing inputs, process performance, and outputs. This has to be carried out when auditing all the processes and related system and process documentation, such as:

  • Management commitment and responsibilities;
  • Management review process;
  • Product realization processes, including the control of nonconforming products, corrective and preventive actions, and continual improvement.

Auditors should avoid making subjective judgements on the adequacy of the resources allocated by the organization and should limit their role to the evaluation of the effectiveness of the resource management process.

Auditors should verify that the human resources, infrastructure (e.g., energy, water, facilities and equipment maintenance, communications, and information technology), and the work environment (e.g., temperature, lighting, vibration, and noise) have been provided and maintained in a way consistent with the quality policy and objectives, as well as, contributing to conformity to product requirements.

If it is found that effective management of resources has not been taken into consideration by the organization, which may result in not satisfying product-related requirements, this should be treated as a nonconformity, the magnitude of which should be related to the associated risk.

Note: This article is based on the guidance provided by the ISO 9001:2000 Auditing Practices Group in the Auditing Kit at the ISO web site.