|
|||||||||||||
|
|||||||||||||
|
Title: ISO 9000 Quality System: Department by Department Implementation for the Certification Audit Author: Jack Kanholm Publisher: AQA Press Notes: Department by department, this book explains precisely what a company must do to implement the ISO 9000 quality system and pass the certification audit. Every requirement is addressed. There are hundreds of tips and examples of implementation solutions. |
|
|||
|
You can order this book from internal-auditor.com at: http://www.internal-auditor.com/books.htm |
||||
This Month's Feature ArticleAuditing DocumentationOne of the most common items that an internal auditor must audit is documentation. In many cases, this is performed poorly, with little, or no advanced planning. We often don't know what criteria we are auditing the documentation against, so we just look at the documentation, hoping that we see something glaring. Or we go the other way, and look for technical issues, such as spelling and typographical errors and ignore the document intent and the document body. Documentation Versus Information: When we audit documentation, most internal auditors seem to think only about something on paper, or on a computer screen. We tend to envision procedures, work instruction, prints and checklists. But what is ISO looking for? We need to control information, rather than control documentation. Part of understanding our processes is to understand what documents and documentation the process requires. A couple of things to remember here is that the detail of the information is based on several factors: (Taken from ISO 9001:2000 4.2.1 Note 2)
Highly skilled, experience or trained personnel will require less detailed information than those of lesser skills, less experience or untrained. There are two misconceptions about documentation.
Documents Versus Records: First of all, ISO 9001:2000 states that records are a special kind of document. So, records are one form of document. So, how do you tell the difference between the two? There are two major differences between documents and records. First documents tend to be inputs into the process. You use documents to do your job. Records, on the other hand are outputs of the job. They are generated as a result of your job. Also, documents tend to be change over time, where once a record is generated, it rarely changes. Just about the only time the data on a record will change is to correct errors. We will look at auditing records in a future issue. In many cases, some information will fall into both categories. A form is an example. It is a document required to do your job, and a record once it is filled in. The document side explains what data to place in which field. That information is subject to change. Auditing Criteria: When auditing documentation, the auditor is concerned about two things:
Compliance of Documentation In order for your documentation to be effective, it must first be compliant to requirements. The first part of determining this is to determine what the requirements are. We know that this is somewhat addressed in ISO 9001:2000, or ISO/TS 16949, but you need to know what other requirements apply. There may be some specific requirements issued by the customer, by a governmental agency, or even by the organization itself. In order to determine what the requirements are, first check the applicable standard (or whatever you are registered to). Next, ask if there are any additional requirements. Also, as you audit, ask why each document is required. This does a couple of things. It helps you determine if there are any additional requirements that have not been brought to your attention, and it also gives the organization a chance to question why the document exists. This is a continual improvement exercise. By the way, you do not have to do this every time you are presented a document. For example, if you have a procedure for purchasing, you might ask it the first time, but the next time you audit purchasing, you might ask if the procedure is necessary instead. Compliance to Documentation Once you have determined that your documentation meets requirements, you must now determine whether your documentation is being followed. There are three ways in which we typically determine if a document is being followed. First, might be able to observe behavior of the employees using the document. Are they following what the document says? An important note here is they do not have to be reading the document, as they go. In fact, unless the document is very complex and detailed, or it is new, reading the document might be an indication that they normally don't follow it. The second manner is to look at any record required by using the document. Not all documents will result in records generation. Finally, you can interview those who use the document to determine if they know and understand the document. They should be familiar with it. Another part of compliance to your documentation is to ensure the document being used is the correct version of the correct document. Be very careful here. I've seen many plants where there are several versions of a print all in use at one time. This complicates matters greatly, and the auditor must be on guard. Summary: Proper documentation is critical in a successful organization. Auditing documentation is fairly simple. As an auditor, you must become familiar with your company's documentation, and its documentation requirements. You must be able to determine if the documentation meets those requirements, and if the documentation is be properly followed and used. Look for instances where the documentation can be reduced, or even eliminated. This will help to make internal auditing effective and useful. As always...Good Auditing! |
||||
|
Advertisement:
|
||||
|
Question and Answers: Q – Now that a master list is no longer required, can we just throw ours away? A – A master list was really never required. The requirement was for a "master list or equivalent". Even though the term "master list" is no longer in the standard, it doesn't mean you can automatically eliminate it. If you can meet all the "shalls" of 4.2.3, without a master list, then feel free to remove it. Most organizations, however, will still (or want) need to keep the master list because it really helps in controlling documentation. |
||||
|
Process Inputs When analyzing your processes, one of the most important pieces is to examine the process inputs. We all are aware of inputs such as material (raw or component) and equipment, but what about other parts. A couple of methods we've seen use are:
Regardless of which you choose, both will give you new insight on just exactly impacts your processes. Process inputs are indeed more complex than most of us realize. Perhaps that is why ISO 9001:2000 requires us to look at them deeply. |
||||
|
Element Understanding: ISO 9001:2000 Clause 4.2.3 Control of Documents "A documented procedure shall be established to define the controls needed d) to ensure that relevant versions of applicable documents are available at points of use." This is another clear part of the standard that makes quite a bit of sense. It is what I call a "well duh" statement. The thinking is that if I need a particular document to do my job, then I have to have the correct version of that document where it is needed. Hidden in this "shall" is included "when needed". It does little good to have the document arrive late. And that would mean that the document was not available when needed,. In order to have a better QMS, think of it this way. switch the word "document" with the word "information". Now look at your system. does it make a difference? Should it make a difference? |
||||
|
Monthly Scenario Explained: October
2002’s question: You are auditing 7.2, Customer-related processes. In examining the Contract Review Worksheets, you notice a considerable amount of them had errors. Some of the errors include incorrect customer information. Some include incorrect technical specifications. The errors are noticeable because the incorrect data is lined out and the correct data is written in. When asked about this, the sales manager explained that is why these are called worksheets. When asked how the sales manager could be confident the new information was correct, or that all mistakes were identified, the response was that there has never been a problem with the order, so they must find and fix all of the mistakes. The
answer: The use of worksheets is common in business. It is also common for worksheets to have changes made to them. In many cases, the worksheets are filled in during the original phone call, or meeting and during the course of the sales process things are revealed, or changed which impact the product. When auditing worksheets, be careful. The most scary part of this is the sales manager's comment. Had the comment been the information was verified by the customer during the sales process, I would be satisfied. Just saying that there has never been a problem isn't strong enough. However, the issue needs to be pressed farther. More questioning is in order. If you cannot get any additional information, then an observation (opportunity for improvement) could be written, but not a nonconformance. That is unless there is a violation of the company's documentation (which is not apparent here). |
||||
|
The Back Page:
When all else fails Performing internal audits can be tough. In most organizations, the internal auditor knows everyone, and everyone knows the internal auditor. Sometimes it becomes hard to get the auditee to take the internal audit seriously. This is especially true in small companies that are first starting out. It also happens when a newly assigned internal auditor begins to audit. It probably cannot be prevented, but it can be minimized. It typically starts out with the auditees spending too much time joking and not enough time answering questions. They will tease the new auditor and possibly ridicule them. One of the most common comments will center around the auditor becoming a spy, or even a traitor. It can easily get out of hand and the audit becomes unproductive. So what can the internal auditor do? First, do not go along with the game. Firmly tell the auditee that time is short, and continue with the audit direction. Don't argue back, and don't play along. If you do, then the auditee gains control of the audit. Remind the auditee of the audit scope, and purpose. It should not take long for the auditee to get the point. If necessary, you might have to get management involved, but leave that for when all else fails. Dave ...Good auditing!
|
||||
|
Copyright notice: internal-auditor.com is
fully protected under US and International copyright laws. Copying, or
re-transmitting all, or any part of internal-auditor.com is expressly forbidden
without prior written consent from Ruth Ellen Carey Communications.
Because this site uses information from many different sources, it must be pointed out that any advice, tips, information, etc., provided should be regarded as opinion and not fact! What works well for one company may be a disaster for another. Also, what one registrar, or auditor may allow, another may not. As always, reflect on what you read, see if it fits into your own quality system, and if it conflicts with your auditor...you've got to make a decision
| ||||
