2008 CHECKLIST-Top Management

INTERNAL AUDIT CHECKLIST 2008 Pg. 1 of 15

ISO 9001 Requirements What to look for Comply Auditor notes and evidence

ESC-2 INTERNAL AUDIT CHECKLIST 2008 – Top Management

Use as appropriate; not all topics may apply equally to all program areas.AUDITORS SHOULD ADD PROGRAM-SPECIFIC QUESTIONS BASED ON THE PROCEDURES AND WORK DONE IN ASSIGNED

PROGRAM AREAS.

ISO 9001 Clause Ref-erence Requirements (Paraphrased

Brief)What to look for;

questions

(C) in compliance; (R) more research needed; (NC) nonconformity; (OI) Opportunity for Improvement

Evidence and Auditor Notes

4.2.3 Control of documents

4.2.3 Define (in a written procedure) the controls needed to approve documents prior to

issue, review, update and re-

approved documents, identify changes and current

revisions of documents, make relevant and current

documents available at points of use,

ensure that documents are legible and identifiable,

identify and control the distribution of documents of external origin, and

identify retained obsolete documents and prevent their

Check all relevant program-area/center-level procedures. Are they up-to-date? Are any changes correctly made (listed in revision history, correct revision version shown in footer)?

Are any program/department-generated forms maintained properly (with “revised date” footer) and correctly listed on the Index of Forms?

1



unintended use.

4.2.4 Control of Records

4.2.4 Establish and maintain records to provide evidence of conformity and effectiveness of the quality management system.

Check that required records listed in the Index of Records for a given program area or department are being properly kept in the location shown and that all other information listed in the Index of Records is correct.

4.2.4 Establish documented procedure for the identification, storage, protection, retrieval, retention time and disposition of records.

4.2.4 Ensure that records remain legible, readily identifiable and retrievable.

Are records listed for the program easily accessible? Are records readily retrievable (test by asking for retrieval of specific records)?

5.1 Management Commitment – top management shall provide evidence of its commitment to the development and implementation of the QMS and continually improving its effectiveness

a. Has the ISO 9001 QMS been beneficial, neutral, or a hindrance to the efficiency of ESC-2 operations?

b. If I were an outsider looking in, knowing nothing about this organization, what would I see from this group that would make me think that you are committed to improving this organization and the systems that drive it?

c. What improvements to the ISO QMS are you considering for the coming year?

2



d. Tell me about your management reviews. How often are they conducted? Can you show me a record of one review?

5.2 Customer Focus. Top management shall ensure that customer requirements are determined and met with aim of enhancing customer satisfaction.

Describe to me the processes that are in place that you manage that ensures that customer needs are met?

Would you say that process is effective?Can you show me data that indicates it is effective? (Can you prove it?)Have you considered how might this process be improved? If so, can you show me a record that indicates such a consideration? If not, why not?

5.3 Quality Policy

5.3 The quality policy shall be appropriate to the purpose

of the organization, include a commitment to

comply with requirements and continually improve the quality management system,

provide a framework for establishing the quality objectives,

be communicated and be understood throughout the organization, and

be reviewed for continuing suitability.

On a scale of 1-10, how would you rate the effectiveness of our QMS and why would you give it that rating?

What have you done/are you doing as a team to improve that rating?Can you show me records of those actions?

3



5.4 Planning

5.4.15.4.2

Quality ObjectivesQuality management system planning

Do you think that our Quality Objectives need “tweaking?”

If yes, can you show me a record of those issues being addressed in a management review?

If no, why not?

5.5 Responsibility, authority and communication

5.5.3 Establish communication processes and ensure that information and data regarding the effectiveness of the quality management system are effectively communicated.

As a team, what do you do to let the rest of us know about how ISO and our QMS have improved the service that we deliver to our customers?Can you think of ways or have you discussed ways that communication could be improved? If so, can you show me a record of that discussion? If not, why not?Since we implemented the QMS and ISO standardization, has a “non-management” person ever suggested a way that we could improve our organization? If so, how was it handled? Is there a record of any of those suggestions? Is there any evidence that anything was ever done to address the suggestion?Do you believe that employees understand and are comfortable with using the QMS tools to report problems and make suggestions for improvement? If not, what have

4



you done/are you doing to change that?

5.6.1 When was the last time the cabinet mad a change to the QMS? (One example is Procedure for Protection of Customer Property dated 4/11/08)

Tel me about any change that has been made in the last year to improve the QMS and our organization.

5.6.2 Show me a record of a management review.What inputs were used to this review?What outputs (actions) resulted from this review?Was follow-up required for any items? Can you show me when/where the follow-up occurred?I noticed that the Customer Property procedure was update in April of this year. Can you show me the management review records of when and why that was done?

6 Resource Management

6.1 Provision of resources

6.1. a, b

Provide adequate resources to implement, maintain and improve the quality

What resources would you say are lacking in our organization that might make us more effective?

5



management system. Provide adequate resources to meet customer requirements and enhance customer satisfaction.

How do you determine which resources to provide and which ones to deny?

How do you determine if a given resource will contribute to meeting customer needs and enhancing customer satisfaction?

6.2 Human resources

6.2.16.2.2.a6.2.2.b6.2.2.c6.2.2.e

Ensure that personnel performing work affecting product quality have appropriate education, training, skills and experience; and maintain records of their qualifications. Determine the necessary

competence requirements for personnel,

provide training or take other actions to satisfy these needs, and

evaluate the effectiveness of the training provided (or other actions taken).

We have a procedure for required training. How do you think that is working?

As a member of top management, how are you involved in employee training decisions?

Do you have a role in evaluating the effectiveness of training provided to employees? If so, what is it?

If you have a role in evaluating effectiveness of training, I would like to see a record of your involvement (job performance evaluation)

Are there ways that we could improve our training procedure to make it work better?Have those things been discussed in a cabinet meeting?

6



Are you aware that we have a number of new employees who have been here longer than 6 months that have not completed the required training established by the QMS? Has this issue been addressed in a management review? Can you show me a record of that review? What actions has the cabinet taken to resolve this issue?

I understand that there is also an issue of employees attending training and that training not showing up in their training records for several months. Are you aware of that issue? Has the cabinet addressed it in a management review? Can you show me the records of that review and the outputs and follow-up that occurred?

6.2.2.d Ensure that personnel are aware of the relevance and importance of their work and how they contribute to the achievement of quality objectives.

7 Product Realization

7.1 Planning of product realization

7.1 Determine quality objectives and requirements for the product.

7.1 Establish production processes

7



and documentation, and provide adequate equipment, operators and other resources specific to the product.

7.2 Customer-related processes

7.2.1 Determine product requirements specified by the customer

(including delivery and post-delivery);

not stated by the customer, but necessary for specified or intended use;

statutory and regulatory requirements related to the product; and

any additional requirements determined by the company.

Tell me about our processes for determining customer needs.

Can you show me some minutes of some advisory committee meetings?

Do you have any other documentation related to determining customer needs? (surveys, etc)

7.2.2 Prior to the commitment to supply product, review requirements related to the product to ensure that requirements are defined, any discrepancies and

ambiguities are resolved, and company is able to meet the

requirements.Maintain review records.

Much of our QMS is related to delivering a quality product to our clients that meets the requirements and needs. How do you feel we are doing on that front?

Are there areas that we can improve? Be specific?

Have any of those areas been addressed in a management review?What outputs did that review result in?Have they been/will they be implemented?

7.2.3.a Determine and implement

8



7.2.3.b arrangements for communicating product

information, handling enquiries, orders and

change orders.

7.2.3.c Determine and implement effective arrangements for communicating with customers regarding customer feedback and customer complaints.

Tell me about customer complaints.How are they handled when they happen?Is that process/procedure documented anywhere?

7.3 Design and development

7.3.1 Plan design product design activities, to include the design stages; the review, verification and

validation activities appropriate to each stage; and

assignment of responsibilities and authorities.

Thinking about the region improvement plan and the process that is followed to create it, how do you think that is working?

Have changes been made to the process in the last year? If so, tell me about the changes.

How did those changes come about?

What areas of concern do you related to the regional improvement plan process? Do you foresee any major changes for the upcoming year?

7.3.2 Determine, document, review and approve design inputs, to include, as applicable, functional and performance

requirements, statutory and regulatory

requirements, and information from previous

9



similar designs.

7.3.4 Perform systematic design reviews to evaluate whether the design is on track toward meeting input requirements, and to identify any problems and propose necessary actions. Maintain records of the reviews and the resulting actions.

Again thinking about the Regional Improvement plan, what steps or processes are in place to make sure that what we say we are going to do will meet the needs of the customer WHILE the plan is being written and AFTER it has been completed?

7.3.5 Carry out design verification to ensure that design outputs have met the design input requirements. Maintain records of the verification results and any related actions.

From your perspective, is the header system an effective method for making sure that workshops meet the needs that they were intended to meet? If not, what needs to change? Has the cabinet addressed those issues? What has been done? Is it documented?

7.3.6 Prior to delivery or implementation of the product, perform design validation to ensure that the resulting product is capable of meeting the requirements for the specified application or intended use. Maintain records of the validation results and any related actions.

7.3.7 Review, verify, validate, as appropriate, and approve design changes before implementation. Evaluate the effect of the changes on constituent parts and on product already delivered. Maintain records of changes and of their reviews/evaluations

It seems that we have a lot of changes to workshop headers after they have been created. Do those changes ever affect clients? If so, how?

What procedures are in place to minimize or manage changes and their impact on clients?

10



and any necessary actions.Do you think those procedures are effective and how might we improve them?

7.4 Purchasing

7.4.1 Control suppliers and the purchased product to ensure that the product conforms to specified purchase requirements.

Our business procedures manual has some very detailed guidelines for purchasing and for hiring outside consultants. Can you think of any problems that we have had in the last year related to those two items?

Are there things that we can do to improve those procedures or do you think they are working fine just as they are?

7.4.2 Purchasing information shall describe the product to be purchased. In purchasing specifications include where appropriate requirements for approval of

product, procedures, processes and equipment;

requirements for approval of personnel, and

quality management system requirements.

Ensure adequacy of purchasing specifications before they are forwarded to suppliers.

Any problems with the purchasing system that need to be looked at?

Have any changes been made in those procedures/processes in the last year?

7.4.3 Establish and implement activities for ensuring that purchased products meet specified purchase requirements.

11



7.5 Production and service provision

7.5.1 Ensure the use of suitable equipment.

7.5.4 Identify, verify, protect and safeguard customer property provided for use or incorporation into the product; and report to customers any event of loss, damage or unsuitability of their property.

Talk to me about the new “Procedures for Protection of Customer Property.” How is that working? I know it is pretty new, but do you think it is going to work, might need some changes?

To you knowledge, has any customer property been lost or damaged since the adoption of this procedure? Did it seem to help in that situation?

7.5.5 Protect and preserve the conformity of product during delivery to the intended destination.

8 Measurement, analysis and improvement

8.1 General

8.1 Plan and implement measurement, analysis and improvement processes to demonstrate conformity of

the product, to ensure conformity of the

QMS, and to continually improve the

effectiveness of the QMS.Determine applicable methods, including statistical techniques, required for the measurement, analysis and improvement processes.

We have a system for evaluating our product. Describe that system to me.What happens to those product evaluations after they are completed? Is the data every analyzed? Is the data ever used to make products better? Do we have records of that?

Are there ways that you can think of that we might improve our evaluation system?

12



8.2 Monitoring and measurement

8.2.1 Monitor information relating to customer satisfaction. Determine methods for obtaining and using this information.

8.2.38.2.4

Monitor and measure processes and product characteristics to verify their conformity with requirements.

8.2.4 Maintain records of process and product conformity and the person(s) authorizing release of product.Prevent the release of product until all planned production and verification activities have been completed.

8.3 Control of nonconforming product

8.3 Identify and control nonconforming product to prevent its unintended use or delivery.

Do you think that the nonconformity “system” is working as an effective tool to help us improve? How, how not, why not?

What are the barriers to this system working better?What changes need to be made? Have those changes been addressed at the cabinet level? If so, what has resulted from those

13



discussions?

8.3 Re-verify reworked or repaired products to demonstrate their conformity.

Review previous audit nonconformities of program, as well as the list of corrective actions org-wide to verify conformity, as applicable.

8.4 Analysis of data

8.4 Collect and analyze data on the performance of the quality management system, to include customer satisfaction, product conformity, characteristics and trends of

processes and products (including opportunities for preventive actions), and

suppliers.

8.5 Improvement and corrective/preventive action

8.5.1 Continually improve the effectiveness of the quality management system through the use of quality policy quality objectives, audit results, analysis of data, corrective and preventive

actions, and management reviews.

We have been living with and working under the QMS for a couple of years now. What kinds of changes have taken place in the QMS during that time?

What kind of changes do you think need to take place going forward?

8.5.2 The organization shall take action to eliminate the cause of nonconformities in order to prevent recurrence. Corrective actions shall be appropriate to

As a cabinet have you ever instituted a corrective action? If so, has the problem that led to the non-conformity ever recurred?

14



the effects of the nonconformities encountered. A documented procedure shall be established to define requirements for: reviewing nonconformities (and customer complaints), determining the causes of nonconformities, evaluating the need for action to ensure that nonconformities do not recur, determining and implementing action needed, records of the results of action taken, and reviewing corrective action taken.

8.5.3 Establish documented procedure for determining potential

nonconformities and causes, evaluating the need for

preventive action, determining and

implementing preventive actions,

recording the results of actions taken, and

reviewing preventive actions.

Talk to me about any potential “problem areas” that you feel may eventually lead to a deficiency in meeting customer requirements.

Have you as a team, discussed what can be done to prevent those things from occurring?

Have you documented those discussions?

Has a non-conformity report been completed related to that/those issues?

15

Date post:	24-Aug-2014
Category:	Documents
Upload:	ehabsaadhse
View:	115 times
Download:	1 times

2008 CHECKLIST-Top Management

Documents