ISO 9001 Lead Auditor Training

Module 4 - Managing An ISO 9001 Audit Program

4.1 Authority for Audit Program
An ISO 9001 audit program may include of one or more audits, depending on the size, nature and complexity of the organization to be audited. These audits may have a variety of objectives and may also include joint (multiple auditing organizations) or combined (QMS and EMS) audits.

See Figure 4.1

ISO 9001 Lead Auditor Training - An audit program also includes all activities necessary for planning and organizing the types and number of audits, and for providing resources to conduct them effectively and efficiently within the specified time frames.

An organization may establish more than one audit program. The organization’s top management should grant the authority for managing the audit program. Those assigned the responsibility for managing the audit program should:
a) Establish, implement, monitor, review and improve the audit program
b) Identify the necessary resources and ensure they are provided.

If the organization to be audited operates both quality management and environmental management systems, combined audits may be included in the audit program. In such a case, special attention should be paid to the competence of the audit team.

ISO 9000 Auditor Training -Two or more organizations may cooperate, as part of their audit programs, to conduct a joint audit. In such a case, special attention should be paid to the division of responsibilities, the provision of any additional resources, the competence of the audit team and the appropriate procedures. Agreement on these considerations should be reached before the audit commences.

Examples of ISO 9001 audit programs include the following:
a) A series of internal audits covering an organization-wide quality management system for the current year.
b) Second-party management system audits of potential suppliers of critical products to be conducted within six months.
c) Registration and surveillance audits conducted by a registrar on a quality management system within an agreed time period. 
An audit program also includes appropriate planning, the provision of resources and the establishment of procedures to conduct the audits within the program.

4.2     Establishing the ISO 9001 Audit Program
4.2.1 Audit program objectives
ISO 9000 Training - Objectives should be established for an audit program to direct the planning and conduct of audits. These objectives should be based on consideration of:
a) Management priorities
b) Commercial intentions
c) Management system requirements
d) Statutory, regulatory and contractual requirements
e) Need for supplier evaluations
f) Customer requirements
g) Needs of other interested parties
h) And risks to the organization

4.2.1.1 Examples Of Audit Program Objectives:
a) To meet requirements for registration to a management system standard
b) To verify conformance to contractual requirements
c) To obtain and maintain confidence in the capability of a supplier
d) To contribute to the improvement of the management system

4.2.2  Extent Of An Audit Program
The extent of an audit program can vary and will be influenced by the size, nature and complexity of the organization to be audited, as well as, by the following:
a) The scope, objective and duration of each audit to be conducted
b) The frequency of audits to be conducted
c) The number, importance, similarity and locations of the activities to be audited
d) Standards, statutory, regulatory and contractual requirements and other audit criteria
e) The need for accreditation or registration
f) Conclusions of previous audits or results of a previous audit program review
g) Any language, cultural or social issues
h) The concerns of interested parties
i) Significant changes to an organization or its operations

4.2.2.1 Audit Frequency
The client determines the audit frequency for 3rd party audits. Factors that may cause the frequency to increase include:

• Significant change in management, organization, policy, techniques, or technology
• Requests by the customer or regulatory body
• Changes to the quality management system
• Results of recent audits
• Status and importance - internal audit results

4.2.2.2  Audit Frequency for Internal Audits
Clause 8.2.2 Internal audits are scheduled on the basis of the status and importance of the activity to be audited, as well as, previous audit results.

Status - Refers to the past history of weakness, problems, and customer complaints. Increase the audit frequency to improve control and confidence.

Importance - Refers to the criticality of the process or activity to the quality of the product or service (critical internal or external suppliers). Also reflects top management’s priorities.

Audits - refers to the results of previous internal and external audit results.  You must consider past audit findings and coverage in setting audit frequency.

> The complete quality management system must be audited at least once a year. Weak areas or activities must be audited more often. Top management determines the frequency of internal audits with the help of the Management Representative.
> Audit frequency is also determined by contractual or regulatory requirements, as well as, significant changes in ownership, policies, products, processes, technology, control systems, documentation, or the organization.

See Figure 4.2.2.3

ISO 9001 FAQ provides answers to commonly asked questions about the ISO 9000 family of quality management standards.