Sample ISO 9001 Internal Auditing Procedure

1. PURPOSE
The purpose of this procedure is to define the steps that follows in planning, performing, reporting, recording, and following up on internal audits.
conducts internal audits to determine whether the quality management system:
- Conforms to planned arrangements, to the requirements of ISO 9001 and to the quality management system requirements established by (QMS Manual policies, procedures, work instructions, and forms)
- Is effectively implemented and maintained.

2. SCOPE
This procedure applies to all company personnel who are responsible for planning, development, use, and maintenance of the quality management system.

3. DEFINITIONS
None

4. REFERENCES
4.1 Quality Manual,
5. ASSOCIATED DOCUMENTS
5.1 Audit Check List,
5.2 ERC/ERO Procedure,
5.4 Audit Schedule,
5.3 Audit Notebook

6. PROCEDURE
NOTE 1: This procedure is typically initiated about four weeks prior to the execution of an internal audit as called for by ’s audit schedule. The audit schedule is established and maintained by The Quality Assurance Manager.
NOTE 2: Every element in the quality system is audited on a regular basis and at minimum of once per year. Activities are audited more frequently if there are significant changes taking place (i.e., many new hires/high turnover of personnel, modified procedures and work instructions, etc.) or if there is a history of problems in that area.
NOTE 3: Only qualified personnel may perform internal auditing activities. These qualified personnel are classified as internal auditors and have received the following training as a minimum: 1 day training on internal auditing techniques, 1 day training on the ISO 9001 Standard, this training may be performed by previously trained internal auditors.

6.1 AUDIT PLANNING, COORDINATION, AND PREPARATION
6.1.1 The Quality Assurance Manager defines the specific criteria, scope, methods, and objectives for the upcoming internal audit based on the status, maturity, and importance of specific elements in ’s quality system.
Audits shall be carried out to a defined scope and shall be as follows,
a) Planned: as per the internal audit plan
b) Unplanned: arising as a result of,
- Customer complaints
- Following the implementation of actions defined in a corrective action report
- Following the identification of additional or amended procedures for products
NOTE 4: In planning the particular audit, these activities include determining the extent and boundaries of the audit (locations, activities, processes); set of policies, procedures and/or requirements to be audited against; auditing methods; and audit objectives.
6.1.2 The Quality Assurance Manager selects the appropriate auditor to ensure objectivity and impartiality of the audit process.
6.1.3 The Quality Assurance Manager and the auditor review the proposed audit program to ensure that it is consistent with and effective for the defined audit criteria, scope, methods, and objectives.
6.1.4 Prior to the audit date, auditor reviews the appropriate quality system documentation, records of completed corrective and preventive actions, and past audit findings for the activities to be audited, and then develops a checklist covering the quality system elements and activities to be audited.

6.2 INTERNAL QUALITY AUDIT INVESTIGATION

6.2.1 The auditor will contact the personnel in the area being audited at the time indicated on the audit program, and briefly review the audit criteria, scope, methods and objectives with them.
NOTE 5: The checklists only serve as a guide to the auditors, and other areas may be investigated as deemed necessary by the auditors or as requested by the auditee.
6.2.2 When a nonconformance is identified, the auditor presents the nature of the nonconformity and the evidence to the personnel involved for verification, clarification, and addresses any questions or concerns that the personnel may have, as well as to give advice, when requested, regarding any problems which are uncovered.
6.2.3 If the nonconformance is confirmed, then go to step 6.2.5.
6.2.4 If the possible nonconformance requires further clarification the auditor will discuss the situation with the Quality Assurance Manager.
6.2.5 After the facts of the nonconformity are verified (or modified), the auditor either drafts nonconformance statement or documents the necessary information for writing one later.
NOTE 6: The nonconformance statement includes the nature of the nonconformity, the actual evidence obtained, and the nature of the requirement that is not being complied with (i.e., the appropriate ISO 9001 clause number, the appropriate quality system document section/page/paragraph, what the personnel says is the normal practice, contract requirements, statutory regulations, current standards, and any other relevant requirements).

6.3 REPORTING AND FOLLOW-UP
6.3.1 Within 2 weeks of completing the internal audit program, the auditor prepares a brief internal audit report and submits it to The Quality Assurance Manager for review and approval.
NOTE 7: The audit report includes the audit’s criteria, scope, methods and objectives, the names and titles of the audit team members, a summary of general observations (i.e., general degree of compliance and any significant problems encountered), all statements of nonconformities, weaknesses, and/or opportunities for improvement, and verification results for follow-up activities performed during the audit.
6.3.2 The Quality Assurance Manager reviews and approves the internal audit report, and then distributes copies of the report to senior management and the personnel of the audited areas that were directly involved in the audit.
NOTE 8: Any additional comments or observations of the Quality Assurance Manager can be attached to the report, but the auditor’s observations be will not be deleted or modified by The Quality Assurance Manager.
6.3.3 The Quality Assurance Manager request a Engineering Change Request for any nonconformity listed in the Internal Audit Report and for any weaknesses and “opportunities for improvement” identified and documented.
6.3.4 The Quality Assurance Manager updates and maintains the long-range audit schedule based upon the documented results of the audit and the planned corrective and preventive actions.
6.3.5 The Quality Manager shall maintain an audit notebook detailing all internal and external audits carried out.
- Long-range audit schedule
- Internal audit program
- Completed checklists- signed and dated by each auditor
- Audit report

7. REVIEW PROCEDURE
Any suggested improvements or modifications to this procedure are to be passed on to the Quality Assurance Manager for discussion at the next Quality Review Committee meeting.

ISO 9001 Standards – Quality Policy and Objectives

A ISO 9001 Standards quality policy and its corresponding quality objectives are established to direct the organization towards two specific goals of a quality management system:

-Provision of products – goods and services – that meet customer and applicable legal requirements, and

- Enhancement of customer satisfaction

The quality policy and the objectives are also a means of controlling the quality management system’s processes. Simply, if you want to control a process, assign an objective to it (or more) and make sure it is aligned to the quality policy, then monitor and measure the process’ performance against the assigned objective. You need to provide adequate resources to the process to ensure that it is capable of achieving the objective. You continually improve the whole process by upgrading the objective, make corrective and preventive actions or introduce innovation to it. Corrective action addresses an undesirable situation’s cause in order to prevent its recurrence. Preventive action, by contrast, addresses the probable cause of a potentially undesirable situation. This is what the quality policy and objectives are supposed to do. They provide focus, direction and control.

The quality objectives need to be consistent with the quality policy and the commitment to continual improvement, and their achievement needs to be measurable. The achievement of quality objectives can have a positive impact on product quality, operational effectiveness and financial performance and thus on the satisfaction and confidence of interested parties. When an organization has established a quality policy and a set of operational objectives, this means the only thing left to do is to design or plan the necessary processes or tasks that can realize those objectives. Therefore, the processes determine if the objectives will be met in full, partially or not at all. This is where the ISO 9001 standard play a critical role in specifying the required processes and the operating criteria. This is what ISO 9001 is all about. It even specifies criteria for the policy and the objectives.

A quality policy needs to satisfy the following requirements:

• It is appropriate to the purpose of the organization,
• It includes a commitment to comply with requirements and continually improve the effectiveness of the quality management system,
• It provides a framework for establishing and reviewing quality objectives,
• It is communicated and understood within the organization, and
• It is reviewed for continuing suitability

Quality objectives must be established in order to enable the organization to comply with requirements and continually improve the effectiveness of the quality management system. Quality objectives must achieve four things:

• Enable the organization to meet customer requirements
• Enable the organization to enhance customer satisfaction
• Enable the organization to comply with all legal requirements applicable to the product
• Continually contribute to the effectiveness of the quality management system

Therefore, when you are in the meeting room with your management brainstorming on the appropriate objectives, have these four points in mind.

ISO 9001:2000 requires that management periodically review changes to both the policy and objectives. An organization’s objectives must be measurable and its processes designed to meet those objectives. An organization’s overall business goals, quality objectives and quality policy are all interrelated and must work together to achieve business improvement. To do this, it’s necessary to understand which processes are key to achieving business goals and align those processes with the quality objectives. It means aligning business goals, quality objectives and process measures to create real improvement. And it means using process mapping. Process mapping involves more than just flow charting. Among other things, it can manage and improve processes by illustrating process measures as well as process flows and interactions. One process-mapping method begins by involving the people who work in the process. Another entails mapping the process as is, taking action to improve it and then preparing a final map of the improved process.

Process owners are directly responsible for the attainment of the objectives. They must be given adequate resources, including competent human resources. They need to review the objectives periodically to ensure the key performance indicators are heading towards their objectives on schedule. If not, they need to initiate corrective actions and if the risks of non-achievement are visible, take preventive actions to control them and steer the KPI’s back on course.

Examples of quality objectives:

• Production rejects <>
• Machine breakdown <>
• Returned products = 0/mth
• Purchasing >95% on-time delivery
• Inventory damage = 0/mth

Conclusion: ISO 9001 requires that the quality management system achieves its objectives in order to realize the quality policy.

How To Get ISO 9001 Certified

The ISO 9001 accreditation is part of the International Organization for Standardization 9000 standards. They are awarded to businesses for quality. The ISO 9001 is recognized worldwide as an award for a company’s internal quality management or actions that the company takes to ensure the product or service they provide is of the highest quality. Customer satisfaction is a major factor in whether a company will be awarded an ISO 9001 accreditation. The International Organization for Standardization in Geneva, Switzerland publishes thousands of international standards to help companies throughout the world more efficiently do business with one another. The 27 page ISO 9001 standard is focused on defining minimum business practices for the production and delivery of a company’s products and services through the implementation of a formal “quality management system”, or QMS. An ISO QMS is made up of certain processes, documentation and other formal practices that control internal company operations to ensure customer requirements are consistently met. To pass an audit, an organization must follow these guidelines: Develop a Quality Management System (QMS) manual. Develop the procedures required by the ISO 9001 Standard. Determine the additional processes and procedures that are needed by the organization to perform work and satisfy the requirements in the ISO Standard. Operate in accordance with the organization’s documented QMS. Provide evidence that the organization is operating according to the QMS. The achievement of an ISO 9001 certification is a milestone in demonstrating to your customers that you have implemented a reliable system of producing and delivering your products and services. The focus of this “system” is twofold: providing consistent products and services; and continual improvement in your processes leading to better results. The ISO 9001 certification is granted by a third-party auditing firm called a Registrar who specializes in quality system auditing. There are a wide variety of Registrars located in every ISO participating country. Some firms have offices internationally; others have a more regional focus. The selection of your Registrar is one of the more important decisions you will make to ensure the best alignment with your type of business, your location(s) and overall cost of maintaining the certification. The initial certification audit is conducted in two parts. The Stage 1 audit is a general review of your QMS documentation to ensure you have addressed all of the requirements of the ISO 9001 standard. Depending upon the size of your business, this can be conducted in a one to two day visit to your facility or virtually via phone. Any discrepancies noted during the Stage 1 audit will be documented in a formal report and must be corrected before the Stage 2 audit. The main part of the ISO audit is the Stage 2 audit which is always conducted onsite at your location(s) and will be focused on the implementation and effectiveness of your QMS. During this audit which can take 1 day (for very small companies) to several days, the auditor(s) will tour your company, speak to managers and employees, and review documentation and records (along with any Stage 1 discrepancies) to ensure that your system is fully implemented. If nonconformances are found, they will be documented in a formal report for correction. Following the Stage 2 audit, you are generally given thirty (30) days to submit corrective action plans for all audit nonconformances. Once corrective actions are received, your certification is complete and your certificate is issued. In order to maintain the certification, you will participate in an annual surveillance audit from your Registrar where they confirm that you are maintaining your QMS. Every third year, a more comprehensive re-certification audit is conducted, similar to the initial certification audit.

Read more at http://www.iso9001store.com