ISO 9001 Lead Auditor Training

Module 3   ISO 9001 Quality Management System Audits

3.3 Audit Stages
An audit requires three distinct evaluations of an organization's QMS against the ISO 9001 standard. These evaluations are required to be performed on-site at two different stages.

The first stage evaluates the organization's QMS intent and state of readiness. The ISO 9001 Lead Auditor needs information from them explaining how they conform to the Standard. This evidence may be produced in the form of a Quality Manual and related documentation that has to be evaluated by the auditor to see whether the system outlined in the document conforms to the Standard. The auditor will also determine if key review tasks have been completed by the organization, such as internal audits and management review of the QMS.

This is the first stage of audit - the evaluation of readiness and intent as expressed in the QMS documentation. The ISO 9001 Registrar will usually require the auditee to correct any stage 1 nonconformities and allow sufficient time for implementation (1-3 months) before conducting the Stage 2 Audit.

In the Stage 2 audit, The auditor then needs to determine the degree to which actual practice conforms to the QMS documentation, customer and any applicable regulatory requirements. Based on the evidence gathered, the ISO 9000 Lead Auditor will assess QMS effectiveness. All the audit findings are recorded and analyzed to assess the extent to which the planned QMS activities are realized and planned results achieved. A significant number of minor nonconformities, particularly if they are recorded against just one clause of the standard, will give an indication that the system is not effective. Likewise, the recording of a major nonconformity indicates a lack of adequate implementation or effectiveness.

Each stage must be allocated time, systematically carried out, and carefully analyzed.

3.4 Audit Types
Research of various quality management publications will yield much information about audits. At first glance, there appears to be an endless list of different types of audit.

Audits that are carried out to determine whether an organization conforms to a quality Standard may be termed Quality System Audits. This type of audit requires the auditor to use a fair degree of judgement to establish whether controls are adequate. Many second and third party audits are carried out as Quality System Audits, as are many audits for the purpose of consultancy.

ISO 9001 Auditor Training - Audits that are carried out against specifically defined practices, procedures, and instructions, and that are perhaps (but not necessarily) more limited in their scope, are termed conformity audits. Many internal audits and many contract related audits between two parties are carried out as conformity audits. Ongoing Surveillance audits (different from a surveillance inspection) refer to post-registration QMS audits. Registrars typically conduct a partial audit every 6 or 12 months to ensure ongoing system conformity. Therefore, they are also known as conformity audits.

Process and product audits are subsets of QMS conformity audits and therefore limited in scope.

An ISO 9001 process audit evaluates the controls and characteristics of a specific process, as well, as its relationship with other processes and may include using some or all of the following approaches:
• Individual processes in terms of:
o Input / Output / Value-added activity
o Plan / Do / Check / Act
• Relationship to other processes in terms of:
o Flow / Sequence / Linkage / Combination
o Interaction / Communication
• Customer contract for conformity to contractual requirements through the various processes used to fulfill the customers order
• Audit trails – following concerns or unresolved issues to processes or departments, that are be beyond the scope of a specific audit.

ISO 9000 Training - Process audits may include the following processes, as well, as related sub-processes – quality management system; management responsibility; resource management; product realization; measurement, monitoring and improvement.

A product audit is a process audit that focuses on the processes needed for product realization. Remember the definition of product includes service. A product audit would also apply to provision of a service, a project or a contract.

A QMS registration audit is conducted by a Registrar to evaluate a company’s quality system documentation, as well as, implementation, for the purpose of registering it as a registered company.

A pre-assessment audit usually refers to a quality management system audit (documentation and implementation) done a few months prior to a formal registration audit. It helps a company determine the degree of readiness and focus on weak areas.

For the purposes of this discussion, however, there are two basic types, further sub-divided according to different emphases and objectives. The two types are external audits and internal audits.

"Understanding ISO 9001" provides a detailed explanation of each ISO 9001 clause (requirements).

ISO 9001 FAQ provides answers to commonly asked questions about the ISO 9000 family of quality management standards.