AUDITING TO ISO 9001:2015 Reshaping the role of

The Auditor

www.bywater.co.uk

Version 2 - Feb 2017

ISO 9001:2015 Headlines

The Introduction of Context will challenge auditors in terms of their knowledge and general business understanding

Greater emphasis on Leadership will challenge auditors with regards to their communication skills

More focus on Risk will challenge auditors to deliver insightful and effective audit results to Top Management

What is the aim of this presentation?

To appreciate how ISO 9001:2015 will reshape the role of the QMS Auditor.

What is unchanged in ISO 9001 auditing?

Process Approach!Verifying evidence!

CONTEXT & Auditor Knowledge

For an organisation to demonstrate understanding of its Context to an auditor, the auditor will need to acquire an understanding of the issues facing the organisation (4.1) and the key requirements of its relevant interested parties (4.2); the auditor will need to appreciate the purpose and strategic direction of an organisation and assess the suitability of the Quality Management System Scope (4.3).

Understanding Context

RESULT: more audit preparation, potentially longer audits

RISK & Auditor Insight

Risk-Based Thinking

• For an organisation to demonstrate effective risk-based thinking it will need to determine risks and opportunities (6.1), plan, implement and evaluate actions (6.1.2).

• Auditors will need to assess this in detail and be open-minded as to how this might be carried out. An auditor should look for evidence of effectiveness (e.g. prevention of error).

• Risk is mentioned throughout the standard.

RESULT: increased audit focus on risk, its effectiveness and skilful effective linking of clauses (e.g. 4, 6, 9)

LEADERSHIP & Auditor Communication

The Auditor & Top Management

• Leadership permeates the entire standard – sometimes explicitly where “Top Management” is stated (e.g. 5, 9.3), sometimes implicitly with choice of words (e.g. “strategic direction” in 4.1, provision of resources in 7.1) and sometimes in the linking of clauses (e.g. 4.1 <> 6.1).

• Auditors will need to appreciate the culture and strategy of the organisation and engage confidently with business leaders.

RESULT: more discussion with top management and with other staff to verify effectiveness of leadership

AUDITOR Approach & Skillset

ISO 9001:2015 Auditor Skills & Attributes

• Confidence to interview Top Management• Understanding of organisational Context• Ability to analyse Risk / evaluate actions• Open-minded as to the type of evidence• Linking clauses during audit activities• System/Process approach

RESULT: auditor self-assessment/skills development

To document or not to document

• There are less requirements for documents and records in ISO 9001:2015 (compared to ISO 9001:2008), although there are more requirements in total! Organisations are empowered to make decisions on how much documented information they require in order to work efficiently and effectively. The size of the organisation, the complexity of processes and the competence of staff may influence this.

• There are certain items that must be maintained as documented information (e.g. Scope, Policy, Objectives) and others that must be retained (e.g. internal audit and management review records).

RESULT: examine all requirements carefully before auditing

ENHANCING KNOWLEDGE

The new Standard may require the Auditor to enhance their knowledge base to develop their role. This could include:

• Formal re-training (e.g. IRCA Transition course)• Self-Assessment/peer assessment• Updates to software/templates/checklists• Application of risk-based auditing techniques• Increased understanding of process approach• Potentially reporting more ‘observations’ • More emphasis on effectiveness and

improvement

Knowledge base

The process of transitioning 3rd Party Certification:• Three year transition period• Following this transition period ISO 9001:2008 will cease to

be valid• ISO 9001:2015 Certification will be issued after an

additional surveillance visit or at planned recertification audit• Deadline for certification/recertification is SEPT 2018

NOTE: Auditors working for accredited assessment bodies must attend a formal Transition Course (IRCA approved 2-day courses highly recommended). Internal/supplier auditors must also ensure competence when auditing against new Standard.

Implications for certification

• Understand the changes to ISO 9001:2015 and their intent. • Undertake a gap analysis of your organisation's current

status and identify and plan actions to enable a smooth transition from ISO 9001:2008 to ISO 9001:2015.

• Identify the change in emphasis and approach to auditing based on the Annex SL structure.

• Meet IRCA upgrade requirements for registered auditors• Prepare for and undertake an audit based on ISO

9001:2015

Update your knowledge

Our ISO 9001:2015 Transition Auditor training enables you to:

View dates and locations for ISO 9001:2015 Transition training

Some questions to consider:

How will an auditor seek evidence of Leadership

effectiveness?

What is the overall purpose of Risk-based thinking?

When is Documented Information required?

Why is it critical for the auditor to understand the

Context of the organisation?

If you have any questions please contact the Training Team

Telephone: +44 (0)333 123 9001Email: contact@bywater.co.uk

Or visit our websitewww.bywater.co.uk

Contact us for more information