For something that is, in theory, relatively straightforward. The subject of what makes a good internal quality audit can certainly get some people all hot under the collar

ISO 9001 requires organisations to “implement & maintain” an internal audit program, and so, like it or not, organisations that need ISO 9001 registrations need to be able to demonstrate something that meets the definition

The requirements are actually quite clear, and boiled down to its elements, clause 8.2.2 requires that internal audits demonstrate the following attributes

• A plan or schedule for carrying them out that is up-to-date

• Specific scope and criteria for each audit

• A rationale behind the frequency of audits that is based on things like criticality, recent changes and level of problems
• Competent and independent internal auditors

• Documented and sufficiently descriptive findings

• A discipline of dealing with non-conformities in a timely way

• A periodic review of findings at top management level

But often many of these things are ignored. For what reason I would not like to speculate. For example a recent training client of mine had been allowed a three year period of grace from their certification body (a large BRITISH CB – there’s a clue) before they received a minor non-conformity for not conducting audits. Seriously, they hadn’t done any for THREE YEARS

That’s an extreme case, but more often we see things like;

• the rationale behind the frequency is not questioned

• the quality of the reports is poor and lacking in detail

• corrective actions are superficial and fail to deal with “root cause” and

• good practice is not be reported

There are also a couple of myths that need exploding. For example, all procedures must be audited at least once per year (which they don’t) and non-conformities must be graded “major” and “minor” or by some equivalent (which gain they do not)

The thing that continually baffles me, however, is that it usually takes about the same level of time and effort to do them well as it does to do them badly. It certainly is a strange one. Do them well and at the right time and there’s some really useful management information to be generated

Doru and Dragos in auditing mode a couple of years back

Tags: ISO 9001 audit, ISO 9001:2008

This entry was posted on Thursday, November 12th, 2009 at 10:23 am and is filed under Auditing, ISO 9000.
Print This Post - Return to top

Subscribe to Capable People with your preferred program using our
 RSS feed, or subscribe with your Email address below and never miss a post!