Is your Quality, Health & Safety or Environmental Compliance system working for you? How much time are you wasting trying to chase people to get things done, trying to remember to follow up on tasks, getting your Audits up to date, controlling documentation, dealing with customer complaints and capturing your Health & Safety Risks or incidents?
Let MANGO help you with a simpler way that makes the system not only work for you but, gets everyone involved in the system simply so you never have to remember again.
I absolutely love MANGO. The software is easy to use and has taken hours off my workload.
~ Sarah G - Office Manager
Please complete all required fields!
When we talk to people about ISO9001 there are a few things that come up as the reasons not to do it, one is the need to document things, the other is around non-conformance and the final one is always the need for doing internal audits. Typically, I get told we fail enough external audits to know what we need to fix anyway! Or worse – we never fail and audit and never have any issues raised – that really does sound like a wasted opportunity and a poor audit!!The point of the internal audit is to give you a feedback loop on your processes and adherence to them that allows you to firstly find out where you are not compliant with the processes that you wrote and secondly to be able to highlight areas for improvement. Those areas may well be that you need to do some training to follow the process, but it could just as easily be that your process is too onerous, and you could scale it back to make things better. Internal Audits then need to be looked at as a treasure-trove of opportunities and you really want some non-conformance or feedback out of them otherwise, they genuinely are pointless. The International Standards Organisation (ISO) see them as so useful they have mandated them in clause 9.2 Internal Audit of ISO9001:2015, but don't be too worried, it's not about tripping you up its about helping to continuously improve your organisation.
Clause 9.2.1 of the standard is all about setting up the boundaries and expectations if you like of the audit process. The first thing to realise is that it says that the organisation SHALL conduct internal audits so there is no getting around it you must do it. It also says that they should be at planned intervals (we'll come back to the planned interval point) to provide enough information of a few things:
So that's it the boundaries and expectations have been set, you have to audit and the audits are about ensuring your organisation is complying to your quality management system processes & procedures and of course any relevant clauses in ISO9001:2015
Clause 9.2.2 is where the real help kicks in as it's going to tell you exactly what you need to do with your audits to ensure they are useful for your organisation.
The first part of this clause is all about the planning of the audit program (which you must also keep up to date), you need to decide a number of things about your audit program: frequency of audits, how you will audit, responsibilities around auditing, planning requirements and reporting.
In terms of frequency of audit, there is a real misunderstanding here. A great many people I talk to believe you must audit your entire QMS every year, that's just not the case, especially with ISO9001:2015 which remember takes a risk-based approach to everything. So, there may be things within your organisation that deemed low risk with respect to your QMS and meeting the needs of the customer so auditing them every 6 months or even every year isn't sensible so why would you do that? It adds no value, right? So, in that case how about every 2 years of this things? Where are there are other requirements that may be critical to your customer that you audit every 6 months no matter what, it's very similar in thinking to the frequency of calibration that we called about previously. This frequency is up to you, a word of caution however, setting everything to 2 yearly or 5 yearly isn't going to fly come audit time.
How will you audit, again it's up to you but it is important to try and follow good audit practices, if you haven't got a hold of ISO19011 – Guidelines for auditing Management Systems it would be useful to get that as well but essentially you can do it with interviews, you can work through a pre-formatted questionnaire what ever makes sense. When working through your questions though mix them up, follow the data and don't get hooked on every single question, keep front of mind you are trying to add value with this process not trip people up or interrogate them.
The next element to think about is the scope of the audit, for example if you set out to audit your supply chain well that's a pretty large beast so you may decide that this audit is about the purchase order process or the stores control process, that's what you audit, that part of it and the processes and procedures linked to it.
Selection of auditors, not this is an important one to think about. You want your auditors to work well with people and draw out information. They should certainly not have a vested interest in the area they are auditing so, for example, the Dept manager of 2IC can't audit their own department, it's probably also good that their wife, husband or sister doesn't do it either. It's also not a requirement that the internal auditors be formally qualified, it's great if they are but it's not a requirement.
Once you have your audit you need to report out on it, otherwise, what's the point. Remember the 1st customer of the audit is the department getting audited and so the output should be discussed with the department management and anyone else relevant to it before going out to a wider audience. It's also good practice to compare the audit to previous ones to show improvements over time as well.
If the audit is any good there will be things found in it that could be improved, you need to decide if these are major things and so have a non-conformance or improvement notice raised or if they are just suggestions for things that could be done but not a must. Anything that is a non-conformance or improvement notice needs to be raised and acted upon in a realistic timeframe for your organisation, that may be hours, days, weeks even months… it's unlikely however to be years!
Finally, you need to retain the documented information as evidence that the audit program has been created and carried out and of course the results of the audit. There are many ways you can do this if a simple calendar was drawn up to reflect the audit plan is OK for example. Holding a copy of all the audits in a single folder would also work, referencing any non-conformances or improvement notices is certainly required and ideally being able to show them closed out would be good. An integrated system like Mango does most of this work for you.
The requirement of clause 9.2 Internal Audit for ISO9001:2015 doesn't have to be feared, it's there to help ensure your system is working as intended and adding value to your business, it lets you uncover areas where you can both improve what you are doing and remove wasteful elements as well.
Planning and running with it is key to it as well as understanding that you don't have to audit everything every year, just want make sense and being able to back up that rational. Anyone can do the audit as long as they don't have a vested interest in the area they are auditing and of course you want to get value for money so you really do want to get some great suggestions and feedback on where you can improve on your processes form it.
If you need any support in developing or improving your ISO or Quality Systems we'd love to hear from you, just click here to make an appointment and find out how we can help you Make Things, Better
You can also call John on 0211649739 to set up a meeting