ISO 9001:2000 Refresher and Quality Audit training

Training Course Outline

Principles of Quality Management Interpreting the ISO 9001: 2000 requirements Audit programs Auditors requirements and roles Audit cycle : how to plan, conduct, and prepare audit report How to identify and write nonconformities

Participants will learn:

the four phases of audit how to make audits value added how to interpret the standard how to perform process audits how to gather objective evidence how to conduct successful audit interviews

Introduction
International Organization for Standardization is a worldwide federation of national standard bodies, with representatives from each of approximately 140 countries. The objective of ISO is to promote the development of standardization and related activities in the world with a view to

Purpose of ISO
ISO's purpose is to facilitate international trade by providing a single set of standards that people everywhere would recognize and respect

How does ISO work?

ISO's purpose is to facilitate international trade by providing a single set of standards that people everywhere would recognize and respect

Benefits of ISO

Improved customer satisfaction Increased profits Enhanced marketplace recognition Break down of internal organization boundaries Increased productivity as the correct data, equipment, tools and documentation are integrated into the total process Decreased operating cost due to fewer problems Improved employee understanding of how ISO efforts, QMS and business strategy are aligned for improvement

Misconceptions on ISO
1. Some think ISO is purely documentation 2. The ISO 9000 standards tell a company how to setup and run its business 3. If you buy products/services from an ISO certified company, this means you are getting a product or service of highest quality 4. Once certified, no further activity is necessary

Eight Principles of QMS

1. Customer Focus 2. Leadership 3. Involvement of People 4. Process Approach 5. System approach to management 6. Continual Improvement 7. Factual Approach to decision making 8. Mutually beneficial supplier relationship

ISO Promotes Process Approach

Q. What is process approach? A. Identifying and managing the linked activities that meets customer requirements to enhance customer satisfaction Processes are interconnected because the output from one process becomes the input for another process.

ISO Requirements
Section 1.0 Scope of QMS Section 2.0 Normative reference Section 3.0 Terms and definitions Section 4.0 Documentation requirements Section 5.0 Management responsibility Section 6.0 Resource management Section 7.0 Product realization Section 8.0 Measurement, analysis and improvement
Requirement of the standards

Interpreting ISO 9001 Requirements

Clause 4.0 QMS Requirements - implement, document and maintain a QMS - identify the processes needed for QMS and its interaction - determine the criteria and methods to control these processes - ensure availability of resources and information - measure, monitor, and analyze the processes - achieve planned results and continual improvements

Documentation Requirements - documented statements of quality policy and quality objectives - quality manual - documented procedures required by the international standard - documents needed by the organization to ensure effective planning, operation, control of its processes - records required by the international standard

Document Control

approved for adequacy prior to use to review, update and re-approve documents identify current revision status to ensure that relevant version are available legible, readily identifiable and retrievable external documents are identified and distribution of these are controlled prevent unintended use of obsolete documents and apply identification if retained

Documented Procedures Required by ISO 9001:200 Control of documents Clause 4.2.3 Control of records Clause 4.2.4 Internal audit Clause 8.2.2 Control of nonconforming product Clause 8.3 Corrective action Clause 8.5.2 Preventive action Clause 8.5.3

Documents Needed by the Organization Specifically referenced in ISO 9001:2000 Quality policy Clause 4.2.1a Quality objectives Clause 4.2.1a Quality Manual Clause 4.2.1b

Additional Documentation There are several requirements of ISO 9001:2000 where an organization could add value to its Quality Management System and demonstrate conformity by the preparation of other documents

Additional Documentation of ATI

Production procedures and Work instruction guidelines HR, IT and Purchasing procedures Customer complaint Measurement analysis Customer satisfaction Change request Quality assurance Process maps, organization chart

Records

All records have to be controlled in accordance with the requirements of Clause 4.2.4 Records are to be controlled as evidence to conformance to requirements and of effective operation of QMS Records need to be legible, properly stored and protected, readily identifiable and retrievable Organization are free to develop records that may be needed to demonstrate conformity of their processes, products, and QMS

Required Records Clause Records Required 5.6.1 Management reviews 6.2.2e Education, training, skills and experience 7.1d Evidence that the realization processes and resulting product fulfill requirements 7.2.2 Results of product requirements review and actions arising from the review 7.4.1 Results of supplier evaluation and actions arising from evaluation 7.5.2d To demonstrate process validity where output can not be measured 7.5.3 Unique identification of a product

. . . records

7.5.4 Customer property 7.6a Basis for calibration of measuring equipment 7.6 Validity of previous results when measuring is found not to conform to its requirements 7.6 Results of calibration of measuring equipment 8.2.2 Internal audits 8.2.4 Evidence of product conformity based from acceptance criteria 8.3 Nature of product nonconformity 8.5.2 Results of corrective action 8.5.3 Results of preventive action

Documents are the future they tell you what to do or how something is done Records are the history of what you have done. Records are the proof you need to show that you follow your quality management system.

Clause 5.0 Management Responsibility - the quality policy shall be defined, documented, understood, implemented and maintained - develop, implement and improve QMS - formulate measurable quality objectives establish at relevant levels in the organization - responsibilities and authorities are defined and communicated within the organization - identify and meet customer requirements and enhance customer satisfaction - evidence that management is committed to QMS, customer/legal requirements, and continual improvement

Clause 6.0 Resource Management - identify and provide resource requirements - people must be competent to do the work based on education, training, skills and experience - identify and provide infrastructure needs and maintain this infrastructure - identify and manage needed work environment

Clause 7.0 Product Realization - plan and develop the realization processes - identify and review customer's requirements - develop and implement a process to control customer communication process - ensure that purchased products meet quality needs and requirements - control production and service provision - identify and track the products - protect property supplied by customers - preserve your products and components - identify, monitor, calibrate and protect measuring devices

Clause 8.0 Measurement, Analysis and Improvement

plan, implement monitoring, measurement, analysis and improvement processes define the method for monitoring customer perception as to whether customer requirements have been met identify and control nonconforming products determine, collect and analyze data conduct internal audits at planned intervals continually improve effectiveness

Internal Quality Audit

What is Quality Audit

Systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled
- Definition from ISO 9000:200

Internal Quality Audit is a powerful tool for any business to measure the effectiveness of the Quality Management System. It is also a good management tool that can be used to review the processes and identify any weaknesses, risks and areas of improvement

Principles of auditing
1) Ethical conduct 2) Fair presentation 3) Due professional care 4) Independence 5) Evidence-based approach

Basic Types of Audit

Internal First Party audit External Supplier Audit Second Party audit Independent Organization - Third Party (Registrar)

IQA Requirements:

Plan the audit program considering status and importance of processes and areas and previous audit results Determine audit criteria and scope Define audit frequency and methods per Quality Manual yearly or as needed Select impartial and objective auditors Conduct audit at planned intervals Assess for conformity and effectiveness Maintain documents related to internal audit Ensure timely and effective corrective action Verification of Corrective Action

Audit Objectives
1) To determine to what extent our QMS: Achieves its objectives Conforms to company requirements Complies with regulatory standards Meets customer's requirements 1) To improve the efficiency and effectiveness of our QMS 3) To verify if our QMS continues to meet requirements

When to do an Audit

The client may initiate an audit because:

A regulatory agency requires an audit A previous audit indicated that a follow-up audit is necessary An auditee has made an important changes in: Policies or procedures Technologies or techniques Management or organization

An auditee may carry out audits on a regular basis to improve quality system performance or to achieve business objectives

How to Add Value

Q. What do we mean by adding value? A. Adding value means to make something more useful
To make this IQA a value-added audit, the process should focus more on QMS capability and effectiveness rather than compliance

Some tips on how to add value

Audit planning

understand the auditee's expectations / corporate culture communicate concerns on previous audit result appropriate audit team selection to achieve audit objectives adequate time allocation

QM Responsibilities
to ensure that audit procedure is carried out and control the frequency and implementation of quality audits

Auditor's Role

Evaluate the QMS Carry out assigned audit tasks Comply with audit requirements Respect all confidentiality requirements Collect evidence about the QMS Document audit observations and conclusions Safeguard audit documents, records, and reports Find out if the quality policy is being applied See whether quality procedures are being followed Detect evidence that might invalidate audit results

Auditors are NOT

Inquisitor Fault finder Rock Thrower Avenging angels (biased for or against) Dishonest Overactive

Professional Conduct
Auditors must behave in a professional manner. Auditors must:

have integrity and be independent and objective have the authority they need to do a proper job be willing to listen to others be able to communicate effectively with personnel at all levels avoid compromising the audit by discussing audit details with auditee during the audit

Personal Attributes
An auditor should be:
1) ethical fair, sincere, honest and discreet 2) open-minded willing to consider alternative ideas or points of view 3) diplomatic tactful in dealing with people 4) observant actively aware of physical surroundings and activities 5) perceptive instinctively aware of and able to understand situations 6) versatile adjust easily to different situations 7) tenacious persistent, focused on achieving objectives

Four Phases of Audit

Phase 1 Audit Planning Phase 2 Audit Execution Phase 3 Audit Reporting Phase 4 Verification and Follow-up

Process Diagram

What (resources) equipment, tools, software Input what is received, when, from whom Method procedures, forms, instructions

What

Who

Who (resources) people, skills, experience

Input

Process

Output What

Output what is delivered, when, to whom Measures quality objectives, performance results

Method

Measures

No one plans to fail, but sometimes we fail to plan

Audit Step Card

1] 2] 3] 4] 5] 6] 7] 8] 9] Audit assignment Review documents and plan the audit Confirm audit plan Interview Dept Manager Review documented process floor audit Review an undocumented process Summarize results with Dept Manager Write CPARs and audit report Submit report / verification

Audit Planning
1. Prepare audit plan - define the objectives, scope and audit criteria 2. Determine the audit team 3. Notify the auditee and confirm schedule 4. Perform an initial document review procedures, records of CPAR, previous audit findings 5. Prepare necessary working documents for the audit audit notice, audit checklist

Audit execution
1. Start the audit by having an opening meeting and explain objectives 2. Define the role of guide or observer (if there's any) 3. Interview people at their workplace 4. Put the person at ease 5. Explain your purpose 6. Ask about job and applicable documents 7. Use open-ended questions (5 Ws and H) 8. Verify responses 9. Remember to ask for proof 10. Observe activities and examine record

. . . audit execution 11. Take random, yet representative sample 12. Follow trails to other areas based on scope 13. Check the facts (use other sources) 14. Record the evidence (checklist notes) 15. Make tentative conclusions 16. Give opportunity to discuss other subjects 17. Avoid consulting on cause and solution 18. Thank for time and cooperation 19. Review progress periodically with audit team 20. Compare audit evidence to audit criteria 21. Generate findings and prepare conclusions 22. Conduct closing meeting and report results

Objective evidence

Data supporting the existence or verity of something Clause 3.8.1 of ISO 9000:2000 May be obtained through observation , measurement, test or other means Does not necessarily depend on documented procedures, records or other documents except where specifically required by ISO 9001:2000

Evidence identify source

If person name and title, dept and manager If document document name, revision number and revision date If record identify record, record date

Audit Reporting
1. Prepare the preliminary audit report (Auditor) 2. Prepare the final audit report (Lead Auditor) 3. The report includes:

the detailed audit plan review of the evidence that was collected list of nonconformities that were identified judgment about how well the QMS complies with all quality system requirements assessment of the QMS's ability to achieve quality objectives and apply the quality policy

. . . reporting 4. Approve audit report 5. Issue audit report and CPAR (if necessary) in agreed time frame

Verification and Follow-up

1. Agree with proposed corrective action 2. Conduct follow-up audit to ensure that action is taken on agreed time frame and to evaluate its effectiveness 3. Evaluate the effectiveness of action taken 4. Close out nonconformity based on action

Auditing Service Organization

Service is the result of at least one activity necessarily performed at the interface between the supplier and customer and is generally intangible. Provision for service may involve:

an activity performed on a customer-supplied tangible product (car for repair) an activity performed on a customer-supplied intangible product ( delivery of an intangible product creation of ambiance for the customer

Auditing Clause 4.0

Audit for:

definition of needed documents (internal and external sources) distribution of documents to those that need to know control of documents for current revision level with emphasis on control of customer-driven changes dissemination of changes throughout all affected documents

Auditing Clause 4.0

ISO requires that:

The organization has an updated and continually improved QMS Processes must be identified Sequences of operations are determined Ensure that processes are working properly Ensure that there is sufficient resources QMS is monitored and improved

Auditing Clause 5.0

5.1 Management commitment

5.2 Customer focus

management's commitment to the development and improvement of QMS is defined Quality policy and quality objectives are established and relevant Had conducted management review There is sufficient resources to achieve what was planned Management's commitment to determining, meeting and enhancing customer satisfaction is defined

Auditing Clause 6.0

How does the organization ensures that enough resources are being directed to improve the services that they offer? How does IT identifies the need to add the current infrastructure? When in place, how are they maintained? Are work areas properly controlled for lighting and climate conditions? Are work areas organized and provide safe working conditions?

Auditing Clause 7.0

7.1 Planning of product realization

There is a plan on how existing products/services will be produced or supplied Processes are monitored and measured Customer requirements are determined How are suppliers accredited and evaluated

7.2 Customer-related processes

7.4 Purchasing

7.5 Validation of processes for production and service provision

Auditing Clause 8.0

1. ISO requires how information is obtained to get customer perception? 2. Effectiveness of Internal audit 3. Effectiveness of the methods applied

Audit Questions:
1. What is the primary purpose of this process? 2. Who is the process owner? 3. What is its inputs and who supplies them? 4. How would you know if these inputs are good? 5. What are your responsibilities in this process? 6. What trainings and skills are needed? 7. How is the process monitored and controlled? 8. What are its outputs and who receives them? 9. Do these outputs meet requirements?

. . . questions: 10. What do you do if the outputs do not meet requirements 11. How do you measure the process performance? 12. What are the process quality objectives? 13. Ask for the records 14. How could this process be improved?

Terms and terminologies

Audit conclusion outcome of an audit, provided by the audit team after consideration of the audit objectives and all audit findings Audit criteria set of policies, procedures or requirements Audit evidence records, statements of fact or other information, which are relevant to the audit criteria Audit findings results of the evaluation of the collected audit evidence against audit criteria Audit plan description of the activities and arrangements for an audit Audit program set of one or more audits planned for a specific time frame and directed towards a specific purpose Audit scope extent and boundaries of an audit

Auditee organization being audited Auditor person having the competence to conduct an audit Competence demonstrated personal attributes and demonstrated ability to apply knowledge and skills

Conformity is all about meeting requirements Correction the action taken to eliminate a detected nonconformity Corrective action are steps that are taken to remove the causes of an existing nonconformity or other undesirable situation. It addresses actual problem

Procedure Audit
1. Start by selecting a procedure for audit 2. Define the scope of audit, assign an auditor and prepare a brief audit plan 3. Identify the inputs that are used by this process and the outputs that are generated