Internal Auditor Training -...

Internal Auditor Training ISO 9001-2008


Page 2

2002. This training material is reserved for use by Prism eSolutions, LLC and its customers. This material may not be copied, transmitted, or otherwise used without the explicit permission of Prism eSolutions, LLC. In order to obtain copies of this material or permission to use this material outside of the environment it was distributed to you in, please contact Prism eSolutions, LLC at 700 American Avenue, Suite 104, King of Prussia, PA 19406 or via the web at www.prismesolutions.com or via phone at (610) 491-6000. PN 230-200 revision 3.0

http://www.prismesolutions.com/


Page 3

TABLE OF CONTENTS

This page intentionally left blank.Section 1: Introduction to Internal Auditing .......... 4

Section 1: Introduction to Internal Auditing ........................................................... 5

Introduction Exercise ........................................................................................ 5

Student Evaluation Criteria ................................................................................ 6

Audit Exercise ................................................................................................. 19

Section 2: ISO Standard Requirements ................................................................ 33

Open Book Quiz - Sections 4, 5 & 6 ................................................................. 58

Open Book Quiz - Section 7 ............................................................................ 80

Open Book Quiz – Section 8 .......................................................................... 102

Procedures and Records Exercise ................................................................... 109

Clause Identification Exercise ........................................................................ 111

Section 3: Phases of Internal Auditing ............................................................... 113

Develop an Audit Matrix Exercise ................................................................... 119

Identification of Nonconformities Exercise ...................................................... 137

Section 4: Appendices ...................................................................................... 145

Ten Commandments of Internal Auditing ....................................................... 145

Sample Audit Checklist .................................................................................. 147


Page 4

This page intentionally left blank.


Page 5

Section 1: Introduction to Internal Auditing

Introduction Exercise

Name: Years with your organization: Description of job responsibilities: Class expectations: Key question you want answered: “Where would you rather be?”


Page 6

Student Evaluation Criteria

Contribution to course discussions

Attitude toward material

Clarity of written assignments

Verbal / presentation skills

Team participation

Student Evaluation Criteria

Contribution to course discussions Positive Indicators

+ Effectively able to conduct an audit interview + Willingness to ask questions + Willingness to contribute personal experience + Responding to questions + Listening

Negative Indicators

- Dominate discussions or group activities - Unable to effectively conduct an audit interview - Lack of involvement or interest - Not responding to questions - Distracting the class


Page 7

Attitude toward material

Positive Indicators

+ Probing questions + Positive attitude toward material

Negative indicators

- Cynical attitude - Inappropriate questions

Clarity of written assignments Positive Indicators

+ Clear, concise points + Understandable + Legible

Negative Indicators

- Unclear

Verbal / Presentation skills Positive Indicators

+ Clear voice + Correct language

Negative Indicators

- Unclear

Team participation Positive Indicators

+ Work as part of the team + Cooperate and contribute

Negative Indicators - Monopolizes the group - No participation in the group


Page 8

Course Purpose & Objectives

Purpose: To provide you with theory and practical experience to

become an effective quality management system auditor

Process: Class interaction, exercises, discussion, participant

presentations, student evaluation, and when all else fails, lecture

Objectives: Provide participants with a basic understanding of the

quality management system auditing requirements as well as the tools and techniques used in auditing

NOTES:


Page 9

Terminology and Definitions

Quality System The organizational structure, procedures,

processes, and resources needed to implement the quality management system (includes all departments, documents, & the entire standard)

Quality Policy The overall intentions and direction of an

organization with regard to quality as formally expressed by top management


Quality Management All activities of overall management used to determine the

quality policy, objectives, responsibilities, and processes of the QMS and to ensure adequate implementation and maintenance (includes internal auditors)

Quality Manual A formal and authorized document setting out the quality

policies, systems, procedures, and practices of an organization; a bridge between the standard and the QMS


Page 10

NOTES:


Page 11


Procedure or Process A specific way to perform an activity such that it

achieves uniformly acceptable results

Corrective Action Action taken to eliminate the causes of an existing

nonconformity, defect, or other undesirable situation in order to prevent recurrence

Certification The process by a duly authorized body of determining,

verifying, and attesting in writing to the qualifications of a QMS in accordance with applicable requirements

Quality Management System Documentation


Page 12

NOTES:


Page 13

ISO Hierarchy and Background

What is ISO?

The International Organization for Standardization

ISO is a “United Nations” – to create common sets of standards for trade and communication

ANSI – American National Standards Institute -represents the United States

ANAB – ANSI/ASQ National Accreditation Board – administers ISO in the United States

ISO Hierarchy and Background

ISO 9000 “Quality Management Systems –Fundamentals & Vocabulary”

ISO 9001 “Quality Management Systems –Requirements”

ISO 9004 “Quality Management Systems –Guideline for Performance Improvements”


Page 14

NOTES:


Page 15

ISO 9001 May Be Required

Regulatory Requirements Regulations, laws, or agreements

Industry standards (chemical, transportation, automotive, etc.)

Product requirements (high pressure containers, scales, implantable medical devices, etc.)

National or local regulations

Customer Requirements Organizations may decide ISO certification will benefit

them when purchasing from a certified supplierThe practice has proven successful in dealing with suppliers

Generally accepted practice within industry and country

Time or distance make supplier visits an expensive option

Quality Management System Definition

ISO 8402 defines Internal Quality Auditing as:

“…a systematic and independent examination to determine whether quality activities and related results comply with planned arrangements and whether these arrangements are implemented effectively and are suitable to achieve objectives.”


Page 16

NOTES:


Page 17

Types of Quality Audits

Quality Management System

Process

Product or Service

Compliance – registration and surveillance

1st party – internal

2nd party – internal or external

3rd party – external

Quality Management System Audit Goals

Verify documents address all requirements

Manual, Procedures, Instructions, Records

Verify activities are consistent with documents

Verify process effectiveness

Identify opportunities for improvement

Provide value-added feedback to auditees


Page 18

Audit Performance Relies on Objectivity

Gathering information Read (applicable documents)

Listen (ask questions)

Observe (watch activities)

Comparing information Objective evidence to known requirements

Drawing conclusions Does a “gap” exist?

Is there an “inconsistency”?

NOTES:


Page 19

Audit Exercise

While performing an audit of the Management Review process, the auditor observed that in the meeting minutes of the most recent Management Review Meeting the VP of Operations did not attend while an Operations Director did. The procedure, which the auditor had reviewed during preparation, stated that required attendees included the VP of Operations. Further, all previous minutes of Management Review reviewed indicated she was in attendance. The auditor asked the quality system Management Representative, the Process Leader, if he was aware of the required attendees. The Management Representative responded correctly and explained that the VP was absent because she had another meeting to attend. He also informed the auditor that he had made out a deviation form to allow a substitute and showed the auditor where the deviation form was filed. 1. Can you identify the three methods used by the auditor to gather information?

2. Are the activities observed consistent with the documents?

3. Is the Management Representative in compliance with the documented quality

management system?

4. Why did the auditor ask the Management Representative of his awareness of the

procedure?


Page 20

How to Implement an

Internal Audit Program

Understand internal audit requirements

Write internal audit procedure(s)

Select and train auditors

Prepare and publish a schedule

Conduct audits

Track results and take action

Report results to Management Review

NOTES:


Page 21

Audit Schedule Sample #1

QM

S G

ene

ral re

quir

em

ents

QM

S D

ocum

ent

requir

em

ents

Ma

na

ge

me

nt

co

mm

itm

ent

Custo

me

r fo

cus

Qua

lity p

olic

y

Pla

nnin

g

Re

spo

nsib

ility

, a

uth

ori

ty &

co

mm

unic

atio

n

Ma

na

ge

me

nt

revie

w

Pro

vis

ion o

f re

so

urc

es

Hum

an r

eso

urc

es

Infr

astr

uctu

re

Wo

rk e

nvir

onm

ent

Pla

nnin

g o

f pro

duct

rea

liza

tio

n

Custo

me

r-re

late

d p

roce

sse

s

De

sig

n &

De

ve

lopm

ent

Purc

ha

sin

g

Pro

ductio

n a

nd s

erv

ice

pro

vis

ion

Co

ntr

ol o

f m

onito

ring &

me

asuri

ng e

quip

me

nt

Me

asure

me

nt,

ana

lysis

& im

pro

ve

me

nt

-G

ene

ral

Mo

nito

ring &

me

asuri

ng

Co

ntr

ol o

f no

nco

nfo

rmin

g p

roduct

Ana

lysis

of D

ata

Impro

ve

me

nt

4.1 4.2 5.1 5.2 5.3 5.4 5.5 5.6 6.1 6.2 6.3 6.4 7.1 7.2 7.3 7.4 7.5 7.6 8.1 8.2 8.3 8.4 8.5

January X X X X

February X X X X

March X X X X

April X X X X

May X X X X

June X X X

NOTES:


Page 22

Audit Schedule Sample #2

Area JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC

SalesTeam

2

EngineeringTeam

3

PurchasingTeam

1

ProductionTeam

4

ServicingTeam

5

ShippingTeam

1

Material Control

Team 2

QualityTeam

3

Human Resources

Team 4

NOTES:


Page 23

Tracking Mechanism

Audit # Audit Date Responsible

Manager Response

Due Follow-up

Date Date Closed

2009-01 Jan. 5, 2009 J. Heely Feb. 12, 2009 April 1, 2009 April 7, 2009

2009-02 Feb. 17, 2009 M. Ropsen April 6, 2009 May, 1, 2009 May 5, 2009

2009-03 Mar. 11, 2009 P. Carrol May 1, 2009 July 1, 2009

2009-04 April 20, 2009 J. Hassing June 6, 2009

NOTES:


Page 24

Auditor Qualifications

Common sense

Understand ISO 9001

Understand your organization’s quality management system

Understand auditing tools and techniques

Possess communication skills

NOTES:


Page 25

Auditor Characteristics/ Aptitudes/ Attributes

The auditor must be able to work alone and in teams

The auditor must gather information, often from people who are nervous

The auditor will sometimes work in areas where they have little or no technical knowledge

The auditor will have to manage time well

Auditors should be:

Curious – inquisitive – observant

Independent – trained – good listeners

Unbiased – impartial – objective

Perceptive – focused – analytical

Thick skinned – non threatening – personable

Honest – professional – highest integrity



Page 26

Auditors should not be:

Argumentative

Rash (jumping to conclusions)

Opinionated

Rigid

Poor communicator

Lazy


NOTES:


Page 27

Roles and Responsibilities

Audit Administrator Coordinate/participate in internal audits

Maintain audit schedule and track results

Report findings to management review

Auditor Be independent of the process(es) to be audited

Prepare for assigned audits

Perform objective internal audits in accordance with training and procedures

Complete all required reports


Lead Auditor The lead auditor is ultimately responsible for all phases

of the auditAssist in selection of auditors

Prepare audit plan

Submit the audit report / share with auditee

Audit Team The audit team may include experts, trainees,

observers, etc. who are acceptable to the lead auditor


Page 28


Others that may be included in an audit Observer

Learner

Witness Verifies audit activities

Expert Specialized background

Guide Escorts auditors, does not answer for auditee

NOTES:


Page 29

Auditor Techniques and Skills

People skills Interviewing & listening

Politeness – please and thank you

Maintain eye contact at auditee eye level

Leadership skills You are a guest in their area

Manage interruptions

Special skills Talk to correct people

Be objective

NOTES:


Page 30

An Overview of ISO 9001

ISO 9001 is written from the perspective of the customer

Conformance to customer requirements and continual improvement are methods to ensure customer satisfaction

NOTES:


Page 31

What is a Quality Management System

NOTES:


Page 32

Triangle of Commitment

MANAGEMENT REVIEWSEvaluate performance in relation to

purpose (Quality Policy)

INTERNAL AUDITS

Monitor processes for compliance with requirements

CORRECTIVE & PREVENTIVE ACTIONS

Prevent problems or fix problems if prevention didn’t work

NOTES:


Page 33

Section 2: ISO Standard Requirements


Page 34

Classification of Elements

Primary Elements

Have clear, auditable requirements that must be met

Typically addressed by a level 2 document (but not always)

Reference Elements

Reinforce requirements that are more clearly and exactly specified in another Primary element

Typically addressed only in the quality manual

When addressed in a level 2 document, usually in the level 2 for the Primary element they reinforce

Only one Reference Element adds a requirement, 4.2.1, “documented statements”



Page 35

To facilitate understanding and application of the ISO-9001:2008 standard, elements are classified into two general types:

Reference (elements 4.1, 4.2.1, 5.1, 5.2, 5.4.2, 5.5.1, 5.5.3, 6.1, 8.1)

Primary (elements 4.2.2, 4.2.3, 4.2.4, 5.3, 5.4.1, 5.5.2, 5.6, 6.2, 6.3, 6.4, 7 (all), 8.2, 8.3, 8.4, 8.5)


NOTES:


Page 36

4.2.2 Quality Manual(Primary Element)

A Quality Manual shall be established and maintained that includes the following:

a) The scope of the QMS including details of and justification for any exclusions

b) Documented procedures or reference to them

c) A description of the sequence and interaction of the processes included in the QMS

NOTES:


Page 37

Guidelist

What do I look at? Who do I talk to? What do I look for? Where do I look for it?


Page 38

4.2.3 Control of Documents (Primary Element)

A documented procedure (#1) shall be established:a) To approve documents for adequacy prior to use

b) To review, update as necessary and re-approve documents

c) Identify the current revision status of documents

d) Documents remain legible, readily identifiable and retrievable

e) Relevant versions of documents are available at points of use

f) Documents of external origin are identified and distribution is controlled

g) To prevent the unintended use of obsolete documents and identified if they are retained for any purpose

Procedure Required

NOTES:


Page 39

Guidelist



Page 40

4.2.4 Control of Records(Primary Element)

A documented procedure (#2) shall be established for identification, storage, retrieval, protection, retention and disposition of records

Procedure Required

NOTES:


Page 41

Guidelist



Page 42

5.3 Quality Policy(Primary Element)

Appropriate to the purpose of the organization

Commitment to meeting requirements and to continual improvement

Provides a framework for establishing and reviewing quality objectives (i.e., the policy must be measurable)

Communicated and understood at appropriate levels in the organization

Is reviewed for continuing suitability

Documented statements of quality policy and quality objectives (ref. 4.2.1)

NOTES:


Page 43

Guidelist



Page 44

5.4.1 Quality Objectives(Primary Element)

Establish quality objectives at relevant functions and levels within the organization

Objectives must be measurable & consistent with quality policy & commitment to continual improvement

Documented statements of quality policy and quality objectives (ref. 4.2.1)

NOTES:


Page 45

Guidelist



Page 46

5.5.2 Management Representative(Primary Element)

Member of the management who has responsibility for:

a) Ensuring that processes of the QMS are established and maintained

b) Reporting on performance of QMS including needs for improvement

c) Promoting awareness of customer requirements throughout the organization

The Management Representative must be a member of the organization

NOTES:


Page 47

Guidelist



Page 48

5.6.1 Management Review(Primary Element)

Records Required

Review of the QMS by top management at planned intervals to:a) Ensure QMS suitability, adequacy &

effectiveness

b) Evaluate the need for changes to the QMS including policy & objectives

c) Assess opportunities for improvement

d) Retain records

NOTES:


Page 49

Guidelist



Page 50

5.6.2 Review Input(Primary Element)

Input to management review shall include: a) Results of audits

b) Customer feedback

c) Process performance and product/service conformance

d) Status of preventive & corrective action

e) Follow up actions from earlier reviews

f) Changes affecting the QMS

g) Recommendations for improvement

NOTES:


Page 51

Guidelist



Page 52

5.6.3 Review Output(Primary Element)

Output from management review shall include actions related to:

a) Improvement of the effectiveness of the

QMS and its processes

b) Improvement of products/services related to

customer requirements

c) Resource needs

NOTES:


Page 53

Guidelist



Page 54

6.2.1 Human Resources (General)6.2.2 Competence, Training & Awareness

(Primary Elements)

Those who have responsibilities defined in the QMS shall be competent on the basis of appropriate education, training, skills and experience

Determine competency needs

Provide required training

Evaluate the effectiveness of the training provided

Ensure staff are aware of the relevance and importance of their activities and contribution to achieving objectives

Maintain appropriate records of education, training, qualifications and experience

Records Required

NOTES:


Page 55

Guidelist



Page 56

6.3 Infrastructure6.4 Work Environment

(Primary Elements)

The organization shall identify, provide and maintain the infrastructure it needs to achieve the conformity of product and/or service, for examplea) Workspace & associated facilities

b) Equipment (hardware & software)

c) Supporting services (transport, communications, information systems)

The organization shall identify and manage the work environment needed to achieve conformity of product and/or service

NOTES:


Page 57

NOTES:


Page 58

Open Book Quiz - Sections 4, 5 & 6

Statement: Answer:

1. Top management must meet periodically to review the adequacy of the QMS. Records of these meetings shall be maintained.

2. Where personnel perform work that affects conformity to requirements the

required competence of those personnel is determined.

3. Wherever the term “documented procedure” appears in the standard, this means a written procedure must be created and maintained.

4. Computers and information systems must be adequately maintained.

5. When processes are outsourced these processes are controlled by the

organization and the method of control is defined.

6. When documents that are created outside the organization are used in a way

that affects products, these documents need to be controlled.

7. The environment in which personnel perform their work shall be conducive to product conformity.

8. The quality policy and quality objectives must be written down someplace.

9. The management representative must be selected from the organization’s

management staff.

10. Objective evidence that the quality system is implemented and effective is maintained such that it is easily identified and retrieved.


Page 59

Guidelist



Page 60

7.1 Planning of Product Realization(Primary Element)

Determine quality objectives & requirements

Determine the processes & documents, and provide resources needed

Determine required verification, validation, monitoring, measuring, inspection & test activities for the product

Determine records needed for evidence of meeting product requirements Records

Required

NOTES:


Page 61

Guidelist



Page 62

7.2.1 Determination of Product Requirements(Primary Element)

Organization shall determine customer requirements including:

a) Specified customer’s requirement’s for product and/or service including availability, delivery & support

b) Requirements not specified by the customer but necessary for intended or specified use

c) Regulatory and legal requirements

d) Any additional requirements considered necessary by the organization

NOTES:


Page 63

Guidelist



Page 64

7.2.2 Review of Requirements of Product(Primary Element)

Review identified requirements and ensure before commitment to supply product and/or service that:a) Requirements are defined

b) Differences between tender & contract are resolved

c) Organization has ability to meet the requirements

Confirm verbal orders

Where the customer provides no documented requirements, requirements must be confirmed prior to acceptance of the order

Documentation to be amended in case of changes & personnel made aware

Records Required

NOTES:


Page 65

Guidelist



Page 66

7.2.3 Customer Communication(Primary Element)

Implement arrangements for communication with customers relating to:

a) Product and/or service information

b) Inquiry & order handling including amendments

c) Customer feedback including customer complaints

NOTES:


Page 67

Guidelist



Page 68

7.3 Design and Development(Primary Element)

7.3.1 Design & development planning

7.3.2 Design & development input

7.3.3 Design & development output

7.3.4 Design & development review

7.3.5 Design & development verification

7.3.6 Design & development validation

7.3.7 Control of changesRecords Required

NOTES:


Page 69

Guidelist



Page 70

7.4 Purchasing Information(Primary Element)

7.4.1 Purchasing Process Ensure purchased product conforms

Supplier selection, evaluation & re-evaluation

7.4.2 Purchasing information Describe the product purchased

Verify specified purchase requirements

7.4.3 Verification of purchased product Receiving/inspection activities

Records Required

NOTES:


Page 71

Guidelist



Page 72

7.5 Production and Service Provision(Primary Element)

7.5.1 Production & service provision control

Work instructions, equipment, measurement, etc.

7.5.2 Validation of processes

“Special Processes”

7.5.3 Identification & traceability

Throughout product realization

Monitoring & measuring status

Records Required

NOTES:


Page 73

Guidelist



Page 74

7.5 Production and Service Provision(Primary Element)

7.5.4 Customer property

Identify, verify, protect and safeguard

7.5.5 Preservation of product

Identification, handling, packaging, storage & protection

NOTES:


Page 75

Guidelist



Page 76

7.6 Control of Monitoring & Measuring Equipment (MME) (Primary Element)

Determine measurements to be made & MME required

Use MME consistent with measurement requirements

Measuring and monitoring software must be validated

Calibrate and adjust MME at specified intervals or prior to use, (traceability to international or national standards; where no such standard exists, record the basis)

Records Required

NOTES:


Page 77

Guidelist



Page 78

7.6 Control of Monitoring & Measuring

Equipment (MME) (Primary Element)

Adjusted or readjusted as necessary

Identified

Safeguard from adjustments that would invalidate the measurement result

Safeguard from damage

Assess the validity of previous measuring results when equipment is found to be out of calibration

NOTES:


Page 79

NOTES:


Page 80

Open Book Quiz - Section 7

Statement: Answer:

1. Suppliers of materials and services affecting product conformity must be

evaluated and re-evaluated adequately to ensure conformance with the

requirements specified on the purchase order.

2. Where product conformance cannot be verified by inspection, the relevant

processes must be validated.

3. If the customer doesn’t provide documented requirements the organization must confirm the requirements with the customer prior to accepting the

order.

4. Design outputs must be verified against the design input and approved prior to release.

5. Materials are stored and preserved in a manner that prevents deterioration

and assures conformity to requirements.

6. Where necessary, prior to accepting an order, the organization shall consider

the documents, records, processes, etc. necessary to deliver the product to

the customer.

7. Production personnel must have the information, work instructions, and

process and product measuring equipment required to perform their jobs.

8. Customer property may include intellectual property such as proprietary designs.

9. Where test equipment incorporates computer software, this software is

verified, as needed, prior to first use and re-verified as necessary.

10. The results of tests, such as product inspection, must be clearly identified

throughout the organization.

11. Before quoting a job, the organization reviews all requirements and ensures it has the ability to deliver the product. Records of this review are

maintained.

12. Where required to prevent mistakes, materials used to produce the product are clearly identified from the receiving dock to the shipping dock.


Page 81

Guidelist



Page 82

8.2.1 Customer Satisfaction(Primary Element)

Organization shall monitor information on customer satisfaction and/or dissatisfaction as one of the measurements of performance of the QMS

The methods for obtaining and utilizing such information shall be determined

These methods may be both proactive and reactive

NOTES:


Page 83

Guidelist



Page 84

8.2.2 Internal Audit(Primary Element)

Conduct periodic internal audits to determine if the QMS conforms to the requirements of the standard & is effectively implemented and maintained

Plan the audit program considering:

Status & importance of the activity & results of previous audits

Independence of the personnel performing the audit

Impartiality and objectivity of the auditors

The documented procedure (#3) must cover:

Responsibilities & requirements for planning & conducting audits

Recording results

Reporting to management

Procedure Required

Records Required

NOTES:


Page 85

Guidelist



Page 86

8.2.2 Internal Audit(Primary Element)

Define audit scope, frequency & methodologies

Timely corrections and/or corrective actions by management

Follow up to verify & report implementation of

corrective actions

NOTES:


Page 87

Guidelist



Page 88

8.2.3 Monitoring and Measurement of Processes (Primary Element)

Apply suitable methods for measurement & monitoring of processes necessary to meet customers requirements

These shall confirm the continuing ability of each process to satisfy its intended purpose

When planned results are not achieved, take appropriate correction and/or corrective action without undue delay

NOTES:


Page 89

Guidelist



Page 90

8.2.4 Monitoring & Measurement of Product and/or Service (Primary Element)

Measure & monitor product/service characteristics to verify that the requirements of product are met, this shall be carried out at appropriate stages of the product/service realization

Evidence of conformance with the acceptance criteria to be documented. Records shall indicate the person(s) authorizing release of the product/service

Product/service release shall not occur until all specified

activities have been satisfactorily completed

Records Required

NOTES:


Page 91

Guidelist



Page 92

8.3 Control of Nonconforming Product(Primary Element)

Documented procedure (#4) for control of nonconforming product/ and/or service to prevent unintended use

Nonconforming product and/or service to be dispositioned

Re-verify after correction

If nonconformance detected after delivery take appropriate action

Where required by customer or regulatory body, concession for use must be obtained

Procedure Required

Records Required

NOTES:


Page 93

Guidelist



Page 94

8.4 Analysis of Data(Primary Element)

Collect & analyze data to determine suitability and effectiveness of the QMS and to identify where improvements can be made

Include data from measurement & monitoring & other relevant sources

Analyze data to provide information on:a) Customer satisfaction and/or dissatisfaction

b) Conformance to customer requirements

c) Characteristics of processes, products and/or services and their trends

d) Supplier performance

NOTES:


Page 95

Guidelist



Page 96

8.5.1 Continual Improvement(Primary Element)

The organization must plan and manage processes necessary for continual improvement of the QMS

Facilitate continual improvement using:

a) Quality policy

b) Objectives

c) Audit results

d) Analysis of data

e) Corrective actions

f) Preventive actions

g) Management review

NOTES:


Page 97

Guidelist



Page 98

8.5.2 Corrective Action(Primary Element)

Documented procedure (#5) for corrective action to eliminate the causes of nonconformance and prevent recurrence

Actions appropriate to the impact of the problems encountereda) Identification of nonconformances including customer complaints

b) Determine the cause of the nonconformity

c) Evaluate the need for actions to ensure nonconformities do not recur

d) Determining & implementing the corrective action needed

e) Recording the results of actions taken

f) Reviewing the effectiveness of corrective action taken

Procedure Required

Records Required

NOTES:


Page 99

Guidelist



Page 100

8.5.3 Preventive Action(Primary Element)

Documented procedure (#6) for preventive action to eliminate the causes of potential nonconformances to prevent occurrence

Preventive action taken shall be appropriate to the impact of the potential problems

a) Identification of potential nonconformances and their causes

b) Determining and ensuring the implementation of preventive action needed

c) Recording results of action taken

d) Review the effectiveness of preventive action taken

Procedure Required

Records Required

NOTES:


Page 101



Page 102

Open Book Quiz – Section 8

Statement: Answer:

1. Records of the product inspection process include the identity of the person

or persons responsible for releasing the product for shipment to the customer.

2. Internal auditors are impartial and objective and do not audit their own areas

of responsibility.

3. Where risks are identified that may cause the failure of a product or process,

appropriate action is taken to eliminate or minimize the risk.

4. When processes are not achieving the intended objectives suitable corrections or corrective actions are implemented to remedy the issue.

5. Product that does not conform to customer requirements, and is reworked,

must be reinspected to verify that customer requirements are met. Records of this reinspection must be maintained.

6. Nonconforming products and processes are utilized as sources for corrective

actions.

7. No product is shipped to the customer until all planned inspections and tests

are completed unless approved by appropriate management, and the

customer where warranted.

8. Nonconforming material and product must be clearly identified as

nonconforming to ensure it is not used by accident.

9. All deficiencies, identified by internal audit, are corrected either through the corrective action process or some other documented form of correction.

10. Supplier performance data is determined, collected and analyzed to evaluate

qualification.

11. Methods such as customer surveys and warranty information are used to

determine how the customer feels about the overall quality of the

organization.

12. All appropriate resources are utilized to identify opportunities for continually

improving both products and processes.

13. Records must be maintained that demonstrate that the product shipped to the customer meets all acceptance criteria.


Page 103

4.1 General Requirements(Reference Element)

Determine processes necessary for QMS (ref. 4.2.2)

Determine the sequences and interaction of processes (ref. 4.2.2)

Determine criteria & methods to ensure effective operation & control of these processes (ref. 8.2.3, 8.4)

Ensure availability of resources & information needed to effectively operate & monitor processes (ref. 6)

Measure, monitor, analyze processes (ref. 8.2.3, 8.4)

Act as necessary to achieve planned results and continual improvement (ref. 7.1, 8.5.1)

Control outsourced processes (ref. 7.4)

4.2.1 Documentation Requirements (General) (Reference Element)

Documented statements of quality policy and quality objectives (ref. 5.3, 5.4.1)

A quality manual (ref. 4.2.2)

Documented procedures and records required by the International Standard (ref. 4.2.2, “documented procedure”, “see 4.2.4”)

Documents and records needed to ensure effective planning, operation and control of processes (ref. 7.1, 7.5.1)


Page 104

NOTES:


Page 105

5.1 Management Commitment5.2 Customer Focus (Reference Elements)

Shall provide evidence of commitment to the development and improvement of the QMS by:

a) Communicating the importance of meeting customer and legal/regulatory requirements (ref. 7.2.1)

b) Establishing quality policy (ref. 5.3)

c) Ensuring that quality objectives are established (ref. 5.4.1)

d) Conducting management reviews (ref. 5.6)

e) Ensuring availability of resources (ref. 6)

Customer requirements are determined and met to the satisfaction of the customer (ref. 7.2, 8.2.1, 8.2.4)

5.4.2 Quality Management System Planning(Reference Element)

Top management shall ensure that the QMS is carried out in order to meet requirements as well as quality objectives (ref. 5.6.1)

Top management shall ensure that the integrity of the QMS is maintained when changes to the QMS are planned and implemented (ref. 5.6.2)


Page 106

NOTES:


Page 107

5.5.1 Responsibility and Authority5.5.3 Internal Communication

(Reference Elements)

Top management shall ensure that the responsibilities, authorities and their interrelation are defined and communicated throughout (ref. 4.2.2, 6.2.1)

The organization shall ensure communication between various levels and functions regarding the processes of the QMS and their effectiveness (ref. 4.2.2, 5.4.1)

6.1 Provision of Resources(Reference Element)

Determine & provide resources needed to:a) Implement and improve the processes of the

quality management system

b) Address customer satisfaction

(ref. 6.2, 6.3, 6.4)


Page 108

8.1 Measurement, Analysis &

Improvement (General) (Reference Element)

The organization shall plan and implement monitoring, measurement & analysis activities to assure conformance and achieve improvement (ref. 8.2.3, 8.4)

This includes determination of the need and use of applicable methodologies and statistical techniques (ref. 8.4)

NOTES:


Page 109

Procedures and Records Exercise

Quality System Element “documented procedure” “see 4.2.4”

4.1 QMS General requirements --- ---

4.2 QMS Document requirements 4.2.1, 4.2.2, 4.2.3, 4.2.4 4.2.1

5.1 Management commitment

5.2 Customer focus

5.3 Quality policy

5.4 Planning

5.5 Responsibility, authority & communication

5.6 Management review

6.1 Provision of resources

6.2 Human resources

6.3 Infrastructure

6.4 Work environment

7.1 Planning of product realization

7.2 Customer-related processes

7.3 Design and development

7.4 Purchasing

7.5 Production and service provision

7.6 Control of monitoring & measuring devices

8.1 Measurement, analysis & improvement - General

8.2 Monitoring & measuring

8.3 Control of nonconforming product

8.4 Analysis of data

8.5 Improvement


Page 110

NOTES:


Page 111

Clause Identification Exercise

Statement: Answer:

1. Product released for use prior to completion of all required inspections

will be approved by a relevant authority, including the customer where needed.

2. The quality system and its documentation structure are defined in a

quality manual that covers the requirements of the appropriate American National Standard.

3. The inspection process includes evidence that the inspections are taking

place. These records identify the authority of the employee releasing the product.

4. During the design of a new product, responsible personnel carry out documented meetings, at appropriate intervals, to review progress and

compliance with the design plan.

5. Appropriate methods are utilized to monitor and control system processes to ensure they are capable of meeting requirements.

6. Documents that have been superseded by a later revision are either

promptly removed from use or clearly identified as obsolete.

7. Management reviews relevant information to confirm that the preventive

action process is implemented and effective.

8. Before quoting a job or accepting an order, the organization ensures the customer’s requirements are known and that they can be achieved.

Records of this process are maintained.

9. Objective evidence that the quality system is implemented and effective is maintained such that it is protected from damage and retrievable

within a reasonable period of time.

10. Where the work performed affects quality, the organization ensures that the authority and responsibility of the personnel, who manage, perform

and verify that work is defined and understood.

11. Deficiencies, identified by internal audit, are brought to the attention of appropriate management, which initiates timely action to correct the

deficiencies.

12. Purchase orders for products that affect the quality of the product are

reviewed for adequacy by appropriate personnel prior to release to the

supplier.

13. At a frequency based on importance, the organization verifies that

quality system activities, and the results achieved, comply with the

objectives of the quality system plan.


Page 112

Clause Identification Exercise

Statement: Answer:

14. A reasonably senior representative of management is appointed who has the responsibility and authority to ensure the quality system is defined,

implemented and achieves objectives.

15. Material or product found to be nonconforming to specifications is clearly identified and controlled to prevent any accidental or unintended use.

16. The correct issue of documents, necessary for producing a quality

product, is available to the employees performing the work.

17. Computer software and comparative references used as inspection

devices are verified for suitability prior to first use and rechecked at appropriate intervals to ensure continued accuracy.

18. Materials and services affecting the quality of the product are obtained

only from suppliers that can meet the requirements specified on the purchase order.

19. Personnel performing quality related tasks are qualified based on

training, education or experience. Records of this qualification are maintained.

20. Top management defines its policy, objectives and commitment to

quality and ensures these are understood and implemented throughout the organization.

21. Materials and products throughout the organization’s operation are

suitably identified concerning the performance of required inspections and the results of those inspections.

22. Customer complaints are reviewed to determine whether or not corrective actions are required or justified.

23. Materials and products included in the scope of the quality system are

clearly identified throughout the organization’s operation from the receiving dock to the shipping dock.

24. Materials or products having shelf life or environmental considerations,

such as temperature or humidity, are stored and preserved in a manner that prevents deterioration.

25. Written work instructions are maintained and available in production

where the instructions are necessary to ensure the quality of the product.


Page 113

Section 3: Phases of Internal Auditing


Page 114

Four Phases of an Audit

Planning & Preparation

Conducting

Closing & Reporting

Follow-up

2

3

4

1

Audit Planning & Preparation

Determine: Auditing by area, function, element or process

Define scope of audit

Determine supporting documents needed

If working in a team, determine individual responsibilities

Determine agenda, time, and locations

Assemble other paperwork

12 3

4


Page 115

Audit Planning & Preparation

Notify area of audit Send notice to area, functional manager

Give adequate lead time

Schedule Opening Meeting

Tour of the facility or area as necessary

Closing meeting

12 3

4

NOTES:


Page 116

Audit Scope

Benefits of a well defined scope:

An efficient audit

Reduced time for all

Better coverage of the area to be audited

Determine and examine the supporting elements for the audit

Stay within the defined scope unless a lead is discovered

Then follow the lead outside of the scope to determine the effect on the system

Entire Quality Management System:

ManualProcedures

InstructionsForms

ISO Elements(5.3, 6.2, 7.1, etc.)

Organization Areas(Sales, Purchasing, etc.)

Preparation Hints

Review all documents The standard

Your organization’s documents

Review previous audits Results

People interviewed

Review corrective actions Closed

Open

12 3

4


Page 117

NOTES:


Page 118

How to Use a Checklist

The audit checklist is one of the most helpful tools and is used to: Prepare for the audit

Ensure audit coverage

Record notes, evidence, findings, and observations

Manage time

Report the audit

Use to prepare a guidelist

12 3

4

NOTES:


Page 119

Develop an Audit Matrix Exercise

QM

S G

enera

l re

quirem

ents

QM

S D

ocu

ment

requirem

ents

Managem

ent

com

mitm

ent

Cust

om

er

focu

s

Qualit

y p

olic

y

Pla

nnin

g

Resp

onsi

bili

ty, auth

ority

& c

om

munic

ation

Managem

ent

revie

w

Pro

vis

ion o

f re

sourc

es

Hum

an r

eso

urc

es

Infr

ast

ruct

ure

Work

environm

ent

Pla

nnin

g o

f pro

duct

realiz

ation

Cust

om

er-

rela

ted p

roce

sses

Desi

gn a

nd d

evelo

pm

ent

Purc

hasi

ng

Pro

duct

ion a

nd s

erv

ice p

rovis

ion

Contr

ol of

monitoring &

measu

ring e

quip

ment

Measu

rem

ent,

analy

sis

& im

pro

vem

ent

- G

enera

l

Monitoring &

measu

ring

Contr

ol of

nonco

nfo

rmin

g p

roduct

Analy

sis

of

data

Impro

vem

ent

Department 4.1

4.2

5.1

5.2

5.3

5.4

5.5

5.6

6.1

6.2

6.3

6.4

7.1

7.2

7.3

7.4

7.5

7.6

8.1

8.2

8.3

8.4

8.5


Page 120

Developing a Guidelist1

2 34

Begin with an audit checklista) A generic one of your organization

Advantages:a) Keeps objectives clear

b) Standardizes audits

c) Simplifies the audit process

Disadvantages:a) Time consuming preparation

b) Discourages initiative

Define three things:a) Who do I “talk to?”

b) What do I “look at?”

c) What do I “look for?”

NOTES:


Page 121

Stages of Conducting the Audit

Stage 1 (Management)

Hold an opening meetingIntroduce audit team

Review audit objectives and scope

Review audit schedule

Confirm time and location of closing meeting

Tour if necessary

12 3

4

NOTES:


Page 122

Stages of Conducting the Audit

Stage 2 (Workforce) Introduce yourself

Explain purpose of the audit

Explain that an internal quality audit is an audit of:Systems

Processes

Methods

Not people

Gather informationRead

Listen

Observe

12 3

4

NOTES:


Page 123

How to Conduct Yourself

Be punctual

Be polite – please and thank you, ask permission

Be professional, yet friendly

Maintain eye contact at auditee eye level

Keep an open mind

Be flexible

Be persistent, yet pleasant

Put people at ease

Avoid arguments – move on to the next person

Establish non-threatening environment

12 3

4

8 Step Interviewing Method

1. Make the auditee comfortable

2. Explain the purpose of your visit

3. Ask auditee to summarize his/her responsibilities and typical activities

4. Record major steps and analyze what was said and/or not said

5. Review procedures and samples

6. Record observations, examples, samples, nonconformities, (don’t make a lot of copies)

7. Review your findings

8. Explain the next step(s)

12 3

4


Page 124

NOTES:


Page 125

Types of Questions1

2 34

Opinion – “How would you go about…?”

Investigative – “Are there any more…?”

Repetitive – “Tell me again…”

Hypothetical – “What if…?”

Leading – “You know how…?”

Informative – “And then what…?”

Imperative – “Please show me…?”

Don’t lose sight of the power of a DIRECT question.

Types of Questions

All questions can be phrased in a way that makes them “OPEN ENDED” or “CLOSED ENDED” questions Open ended questions begin a conversation

Closed ended questions can be answered with a simple yes or no

Both open and closed ended question have their uses

Who, what, when, where, how, why & show me

12 3

4


Page 126

Information Gathering Techniques

“Please explain what you are doing”

“What procedures and or work instructions do you have for this?”

“Please show me the procedures or work instructions for what you are doing?”

“How do you know this is the current procedure?”

“What happens when this procedure changes?”

“What training have you had?”

12 3

4

Information Gathering Techniques

“What happens when you are not here?”

“How do you know if the measuring device you’re using is calibrated?”

“Please show me the records you keep for this operation?”

“Please show me your job description?”

“What, in your own words, is the company quality policy?”

“How do you initiate corrective action?”

“Do you train others? Do you keep records of this training?”

12 3

4


Page 127

Sampling

Sample – definition: “A part of a population studied to gain information

about the whole”

Auditors sample: Procedures

People

Departments

Records

An audit sample needs to be representative

The audit sample is chosen by the auditor

12 3

4

NOTES:


Page 128



Page 129

Closing and Reporting - Work Papers

Auditors are required to retain records

Records can take the form of work papers

Work papers may include:Notes: used for interviews, visual confirmation and record of items reviewed.

Guidelist: used for recording specifics such as people talked to and items reviewed

Checklist: used for recording actual questions asked during the audit

Previous audit reports: used in follow-up activities

Objective evidence: recorded during the audit

12 3

4

Objective Evidence

Information which can be proved true, based on facts obtained through observation, measurement, test, or other means

Qualitative or quantitative information, records, or statements of fact, which is based on observation, measurement, or test and which can be verified

JUST THE FACTS!

12 3

4


Page 130

NOTES:


Page 131

Evaluation Process

1) EXISTENCE:

•Quality Manual•Procedures

•Work Instructions•Specifications 2) ADEQUACY:

•ISO 9001•Other Requirements 3) COMPLIANCE:

•Requirements implemented•Authority defined

•Documents followed•Records acceptable

4) EFFECTIVENESS:

•Achieving goals•Satisfying customers

1) Does a documented

quality management system exist?

2) Does the documented QMS

meet the requirements of

ISO 9001?

3) Are we doing what we say?

Does practice match the documentation?

4) Are the practices achieving

their goals?

Perception of Facts

Perceptions of the same facts may differ

Highlights the critical need to discuss audit findings with: Other auditors

Auditees

Audit management

Area management

Avoid: Misunderstanding of facts

Misinterpretation of facts

12 3

4


Page 132

NOTES:


Page 133

Nonconformity Rules1

2 34

What is a nonconformity? The non-fulfillment of specified requirements

Start with the requirement: Management System Procedure , Program,

Protocol, Schedule

Management System Work Instruction

Standard (ISO 9001, ISO 14001, AS9100, etc.)

Customer contract, or purchase order , bill of material, etc.

Nonconformity Rules

Just the facts, objective evidence, not opinion

Each nonconformity should be written independently

Each nonconformity forms a problem statement for corrective action

Use good, clear and concise English

Review with management of the area audited

12 3

4


Page 134

NOTES:


Page 135

Nonconformity Levels

Consider the seriousness when writing a non-conformity What is the impact on the management system?

What is the impact on product, service, or customer?

“Major” indicates a critical deficiency

“Minor” indicates an isolated weakness

“Observation” or “Opportunity” is not a nonconformity but is an issue the auditor wants to point out to management

12 3

4

Nonconformity Report

ISO 9001 requires that audit results be recordedand retained

Each nonconformity must be documented

The documentation must include the following information: Requirement (controlling ISO element ,organization

procedure, Customer requirement, etc.)

Nonconformity (deficiency)

Evidence (proof)

Auditor(s), area audited, auditee(s), date, etc.

Ensure connectivity to work papers

12 3

4


Page 136

Writing Nonconformities

Written nonconformities should: State the requirement

State the deviation or gap

Include evidence (proof)

Stand alone as a problem statement

Written nonconformities should not: Name names

Make unverifiable observations / opinions

12 3

4

NOTES:


Page 137

Identification of Nonconformities Exercise

1. During an audit of the Sales Department the auditor asks if employees are aware

of the quality policy. The Sales Manager says that all Sales employees are trained in the policy and can explain it in their own words. The auditor decides to test this by talking to a couple of Sales people. The people he interviews don’t appear to know anything about the policy. The Sales Manager says that’s not a problem because they are field Sales people who are contractor employees and not regular employees.

2. During the audit of Engineering the auditor notices that there are numerous

revisions of the same drawings in the drawing file. The Engineering Manager says that they sometimes need the obsolete drawings to respond to customer inquiries. The auditor asks how they avoid getting confused. He is told they put a little “x” on the lower right hand corner of the obsolete drawings. If the drawing has an “x”, it’s not the most current. If there’s no “x”, that’s the current drawing.

3. The Engineering Department controls the design process. They are responsible

for making certain that the design input is clear and understood and that the design output complies with the input. The auditor asks them to describe this process for verifying the design. They tell him that the way they do this is by having a senior engineer review the design data and, based on his experience, giving the OK to send the design to the customer for validation. There is no formal sign-off or record of this process.

4. Finished goods are packaged, labeled and stored in the company finished goods

warehouse. Each of the labels bears the warning that storage conditions should

not exceed a temperature of 80 F and humidity of 70%. When the auditor asks about the temperature and humidity of the finished goods warehouse he is told they are unknown. The Warehouse Supervisor says the restrictions apply only after the product is shipped.

5. Internal audits are performed on a regular basis and the deficiencies are brought

to the attention of the appropriate management personnel. The auditor selects an audit file and asks to see the corrective actions for the deficiencies. For several deficiencies there are no corrective actions. He is told that they don’t initiate corrective action on all deficiencies. The management of the responsible area evaluates the deficiencies and, based on whether or not they agree with the internal auditor, they initiate corrective action to address the deficiency.


Page 138

NOTES:


Page 139

Nonconformity Statement

Department Audited:

Audit Date:

Auditor:

Auditee(s):

Requirement (indicate standard or document reference):

Nonconformity:

Evidence (Proof):

Major Minor Opportunity for Improvement

Date Corrective Action Response Required:

Auditor Signature:

Report Date:


Page 140


Department Audited:

Audit Date:

Auditor:

Auditee(s):


Nonconformity:

Evidence (Proof):



Auditor Signature:

Report Date:


Page 141


Department Audited:

Audit Date:

Auditor:

Auditee(s):


Nonconformity:

Evidence (Proof):



Auditor Signature:

Report Date:


Page 142


Department Audited:

Audit Date:

Auditor:

Auditee(s):


Nonconformity:

Evidence (Proof):



Auditor Signature:

Report Date:


Page 143


Department Audited:

Audit Date:

Auditor:

Auditee(s):


Nonconformity:

Evidence (Proof):



Auditor Signature:

Report Date:


Page 144

Closing Site Activities

Review worksheets, notes etc. for completeness

Hold an audit team meeting

Follow-up on all outstanding issues

Review nonconformities discovered with auditees

Conduct a closing meeting Facts only, be objective

Be brief and organized

Provide overall impression

Provide time for questions

Explain next steps

12 3

4

NOTES:


Page 145

Section 4: Appendices

Ten Commandments of Internal Auditing

1. Thou shalt prepare an audit matrix, cross-referencing functional areas (departments)

with the elements of the standard.

This matrix is used to ensure that you cover all required elements of the standard and all areas

of the company. When the registrar’s auditor asks “How do you know you’ve covered the entire standard and the whole company?” show him the matrix. The matrix enables you to

audit either by element or department (or both). This is a controlled document, make sure you keep it current and include a revision date.

2. Thou shalt prepare an audit schedule that describes the dates for all the audits in your

complete cycle.

This schedule is a great tool for administering the audit process. It should include both the

date scheduled and the date performed. It’s a good practice to be able to show the registrar’s auditor both the old schedule (for the last completed cycle) and the new schedule (for the next

proposed cycle). Schedules can always be revised so don’t be afraid if the new schedule is a little loose. This is a controlled document, make sure you keep it current and include a revision

date.

3. Thou shalt prepare a checklist for the audit.

The checklist is a very useful tool. Use it to make sure that you don’t forget to ask a question. Use it to record your notes, findings, observations, etc.

4. Thou shalt include the requirement, nonconforming condition and evidence for each

finding written during an audit.

The requirement should be stated in terms of the element of the standard or company document; be as specific as possible and don’t forget to include revision level where applicable.

The nonconforming condition should state, very simply, what is being done that does not

comply with the requirement. The evidence is the proof, such as purchase order number, lot number, document number, subcontractor, etc.

5. Thou shalt review the results of your audit with the auditee prior to issuing an audit

report.

There is no reason for not reviewing the results of the audit with the auditee prior to issuing a report. If the auditee is busy or not available, come back later. Ensure that the auditee

understands, and hopefully agrees with the findings. There should be nothing in an audit report that the auditee does not already know.

6. Thou shalt issue the audit report within two weeks of the audit.

The longer you take to prepare the audit report the more time it will take and the less accurate

it will be. Experienced auditors write the audit report immediately after the audit. Also, if you promptly issue the audit report your auditees will be more likely to promptly respond to your

corrective action due dates.


Page 146

7. Thou shalt issue unique numbers for the audit, audit findings and corrective actions.

There must be a very clear link between audits, findings and corrective actions. A common way

to accomplish this is to number the audits with a department, year and audit sequence number. For example: MFG001, where MFG is Manufacturing, 00 is the year 2000, and 1 is the first

audit. The finding number is often the audit number with a sequence number added. For example: MFG001-1, for the first finding in audit MFG001, MFG001-2, for the second, etc.

The audit finding number should be referenced on the corrective action for that finding.

8. Thou shalt require a corrective action for every finding discovered during the internal

audit process.

This does not mean that you need to have a separate corrective action for each and every

finding. One corrective action may address several findings, and that’s OK. However, every

finding must be clearly tied to a corrective action (see Commandment # 7 above).

9. Thou shalt give the auditee a due date for each corrective action and take documented

action when an auditee is past due for a required corrective action response.

The due date is the date that the auditee is required to respond with their root cause analysis,

corrective action and the implementation schedule for that corrective action. The corrective action need not be implemented by the due date. If an auditee fails to respond by the due

date make sure you take action, and document that action. If your records indicate that auditees routinely miss due dates, and you cannot prove that action has been taken, this can

be a finding.

10. Thou shalt retain all evidence of the internal audit process in a readily accessible and

well-defined audit file.

When it comes to internal audit files, it pays to be a packrat; but please be an organized

packrat. Retain the annotated checklist (the checklist used by you during the audit marked up

with all your notes), audit report, finding statement and any other documentation of the audit in the audit file. It also pays to standardize the contents of the audit files to the extent

practical.


Page 147

Sample Audit Checklist

The following Internal Audit Checklist may be retrieved in electronic form via Prism’s website at www.prismesolutions.com. The checklist is free for your internal use and you are welcome to modify it to suit your exact needs. Organization: Auditor:

Date:

M = Major Nonconformity N = Minor Nonconformity

O = Observation

C = Comment

M N

O

C

4 QUALITY MANAGEMENT SYSTEM

4.1 General requirements There is a quality management system established, documented, implemented and maintained. (4.1)

Processes affecting the QMS: Are identified Have sequence and interaction

determined Are measured to ensure effectiveness Are monitored, measured, analyzed Continually improved (4.1)

4.2 Documentation requirements The documented QMS includes: Quality policy and quality objectives A quality manual Required documented procedures Required quality records (4.2.1)

The quality manual includes: QMS scope Documented procedures or

reference to documented procedures Process interaction definition (4.2.2)

Quality document control is defined in a documented procedure and adequately addresses: Revision control Availability External documents Obsolete documents (4.2.3)

Quality record control is defined in a documented procedure and adequately addresses: Identification Maintenance Retrievability Disposal (4.2.4)

Auditor’s question(s):

5 MANAGEMENT RESPONSIBILITY 5.1 Management commitment Top management commitment is evident and communicated through the: Quality policy and quality objectives Management reviews Availability of resources (5.1)

http://www.prismesolutions.com/


Page 148

5.2 Customer focus Customer requirements are determined and fulfilled with the aim of enhancing customer satisfaction. (5.2)

5.3 Quality policy There is an appropriate quality policy in place that: Includes a commitment to comply with

requirements and continually improve Is communicated and understood Is reviewed for continuing suitability

(5.3)

5.4 Planning Appropriate quality objectives are established that are measurable and consistent with the quality policy. (5.4.1)

There is a QMS planning process consistent with the needs of this standard that includes integration of changes to the quality management system. (5.4.2)

5.5 Responsibility, authority and communication Responsibilities, authorities, and their interrelation are defined and communicated throughout the organization. (5.5.1)

There is a management representative who has the authority and responsibility to: Ensure processes are established and

implemented Report to top management on QMS

performance and need for improvement Ensure promotion of awareness of

customer requirements. (5.5.2)

Appropriate communication processes are established regarding QMS effectiveness (5.5.3)

5.6 Management review There is a periodic top management review of quality system suitability, adequacy and effectiveness supported by appropriate records. (5.6.1)

Management review input includes: Audit results Customer feedback Process performance and product

conformity Corrective and preventive actions Follow-up of previous management

review meetings Planned changes affecting the QMS Recommendations for improvement

(5.6.2)

Management review output includes: Improvement of QMS effectiveness and

its processes Improvement of product related to

customer requirements Resource needs (5.6.3)


Page 149


6 RESOURCE MANAGEMENT 6.1 Provision of resources Adequate resources are provided to implement and maintain the QMS, continually improve its effectiveness and enhance customer satisfaction. (6.1)

6.2 Human resources Personnel performing work-affecting quality are qualified on the basis of education, training, skills and experience supported by appropriate records. (6.2.1)

For work affecting quality the organization has: Determined necessary competence Provided training Evaluated training effectiveness Ensured QMS awareness (6.2.2)

6.3 Infrastructure Infrastructure is adequate to conform to product requirements. Infrastructure includes: Buildings, workspace, utilities Equipment, hardware, software Transport, communication (6.3)

6.4 Work environment The work environment is consistent with the needs to achieve conformity to product requirements. (6.4)


7 PRODUCT REALIZATION 7.1 Planning of product realization Product realization planning is performed, as appropriate, to determine: Quality objectives and product

requirements Product specific processes, documents

and resources Product specific verification, validation,

monitoring, inspection and test activities

Appropriate records needed to provide evidence. (7.1)

7.2 Customer-related processes The organization has determined: Customer specified requirements Requirements necessary for specified

use or known and intended use Statutory and regulatory requirements

(7.2.1)


Page 150

Contract review activities adequately ensure: Product requirements are defined Discrepancies resolved Capability to meet requirements This is performed prior to organization commitment. (7.2.2)

There are provisions to document and deploy contract changes throughout the organization? (7.2.2)

Records of contract review and the action arising from these activities are maintained. (7.2.2)

There are effective processes for communication with the customer in relation to product information, queries, amendments, feedback and complaints. (7.2.3)

7.3 Design and development planning There is a design and development plan, updated as appropriate, that includes: Design stages Design review, verification & validation Responsibilities & authorities (7.3.1)

The interfaces between different groups involved in design and development are managed to ensure effective communication and clear assignment of responsibility. (7.3.1)

Design inputs are determined and include: Functional & performance requirements Statutory & regulatory requirements Information from previous similar

designs (where applicable) Records of design inputs are maintained. Inputs are reviewed for adequacy. (7.3.2)

Design outputs are in a form that enables verification and are approved prior to design release. (7.3.3)

Design reviews are conducted at appropriate stages to evaluate project status and identify problems. Records of the results of design reviews and necessary actions are maintained. (7.3.4)

Design reviews include participants from concerned. (7.3.4)

Design verification is performed to ensure output satisfies input requirements. Records of the results of design verification and necessary actions are maintained. (7.3.5)

Design validation is performed in accordance with planned arrangements. Records of the results of design validation and necessary actions are maintained. (7.3.6)


Page 151

Design changes are reviewed, verified, validated (as appropriate), and approved before implementation. Records of design change results and actions are maintained. (7.3.7)


Page 152

7.4 Purchasing Suppliers are evaluated and selected based on their ability to meet product requirements. Acceptance criteria are established. Records of evaluation results and necessary actions are maintained. (7.4.1)

Purchasing information, as appropriate, describes requirements for: Approval of product, procedures,

processes and equipment Qualification of personnel Quality management system (7.4.2)

The organization ensures the adequacy of specified purchase requirements prior to communication to the supplier. (7.4.2)

Inspection and other activities are established and implemented to ensure purchased product meets specified requirements. (7.4.3)

Provisions for source inspection, by either the organization or the customer, are addressed. (7.4.3)

7.5 Production and service provision Production and service are carried out under controlled conditions including, as applicable: Product characteristics Work instructions Suitable equipment Measuring devices Release and delivery activities (7.5.1)

Special processes are validated to assure they achieve planned results. (7.5.2)

Validation of special processes includes, as applicable: Defined validation criteria Personnel and equipment Specific methods and procedures Record requirements Revalidation requirements (7.5.2)

Product is identified, as appropriate, through all production processes. (7.5.3)

Inspection and/or test status is suitably identified through all production processes. (7.5.3)

Traceability, where required, is adequately provided and supported by records. (7.5.3)

Customer property provided for use or incorporation into the product is identified, verified, protected and safeguarded. (7.5.4)

Customer property that is lost, damaged or otherwise unsuitable for use is reported to the customer with records maintained. (7.5.4)


Page 153

Product conformity is preserved through all production processes and delivery to the intended destination. (7.5.5)

7.6 Control of monitoring and measuring devices Monitoring and measuring devices provided to determine conformity to product requirements are adequate. (7.6)

Monitoring and measuring devices required to determine conformity to product requirements are identified. (7.6)

Where necessary to ensure accuracy, measuring devices are: Calibrated at specified intervals Identified concerning calibration status Safeguarded from improper adjustment Protected from damage and

deterioration Records of the results of calibration are maintained. (7.6)

Where devices are found not conforming to requirements, the validity of previous measurements is assessed. Records of these assessments are maintained. (7.6)

The capability of computer software, when used in conjunction with measuring devices, is confirmed as necessary. (7.6)


8 MEASUREMENT, ANALYSIS AND IMPROVEMENT 8.1 General

Appropriate methods have been determined to monitor, measure, analyze and improve processes to: Demonstrate conformity of product Ensure conformity of the QMS Continually improve QMS effectiveness

(8.1)

8.2 Monitoring and measurement Information relating to customer perception of organization quality is gathered and analyzed. (8.2.1)

Internal audits are conducted at planned intervals to determine whether the QMS: Conforms to planned arrangements Is implemented and effective (8.2.2)

Audits are planned based on status and importance of the activity as well as results of previous audits. (8.2.2)


Page 154

Audit criteria, scope, frequency and methods are defined. (8.2.2)

Auditors are independent of the area being audited. Auditors do not audit their own work. (8.2.2)

Responsibilities and requirements for planning and conducting audits, reporting results and maintaining records are defined in a documented procedure. (8.2.2)

Action is taken without delay to address nonconformities. Follow-up activities verify actions taken and the reporting of results. (8.2.2)

Suitable methods are applied for monitoring and, where applicable, measuring QMS processes. These methods demonstrate the ability of processes to achieve planned results. (8.2.3)

Where processes do not achieve planned results correction and corrective action, as appropriate, is taken. (8.2.3)

At appropriate stages, product characteristics are monitored and measured to verify product requirements are fulfilled. (8.2.4)

Records of conformity with acceptance criteria are maintained and indicate the person(s) authorizing release of the product. (8.2.4)

Product release and service delivery does not proceed until all planned arrangements have been completed unless approved by relevant authority. (8.2.4)

8.3 Control of nonconforming product Nonconforming product is identified and controlled to prevent unintended use. This process, including responsibilities and authorities, is defined in a documented procedure. (8.3)

Nonconforming product is handled in one or more of the following ways: Action taken to eliminate the

nonconformity Authorizing its use under concession by

a relevant authority Action to preclude its original use (8.3)

Records of nonconformities and any subsequent actions, including concession, are maintained. (8.3)

Nonconforming product that is corrected is re-verified to demonstrate conformity to requirements. (8.3)


Page 155

When nonconforming product is detected after delivery or use, action appropriate to the effects, or potential effects, is taken. (8.3)

8.4 Analysis of data

Appropriate data is determined, collected and analyzed to: Demonstrate the suitability and

effectiveness of the QMS Evaluate opportunities for continual

improvement (8.4)

Data analyzed includes: Customer satisfaction Product conformance Process and product characteristics and

trends Suppliers (8.4)

8.5 Improvement

The QMS is continually improved through the use of: Quality policy and objectives Audit results Analysis of data Corrective and preventive actions Management review (8.5.1)

A corrective action process, defined by documented procedure, is in effect and includes: Product nonconformities Customer complaints Root cause analysis Determining and implementing action

needed Verification of CA effectiveness Records of CA results (8.5.2)

A preventive action process, defined by documented procedure, is in effect and includes: Determining potential nonconformities Evaluating need for action Determining and implementing action

needed Verification of PA effectiveness Records of PA results (8.5.3)


Date post:	04-Jun-2018
Category:	Documents
Upload:	vuminh
View:	231 times
Download:	9 times