The intent of ISO 9001 is to encourage the adoption of the process approach to manage an organization. As a result, internal audits (of your management systems) need to adopt a similar approach.
An activity that uses resources to transform inputs to outputs can be considered a process. The output from one process may become the input to the next process. To function well, organizations must identify and manage numerous interacting processes.
The Process Approach involves the systematic identification and management of these process interactions within an organization.
For effective audits, you have to understand the process nature of the system and follow the appropriate audit trails
For example, auditing to the requirements for quality objectives requires considering clause 5.4.1, ‘Quality Objectives’, in addition to, related clauses that refer to quality objectives, such as 5.6.1 'Management Review 'and 8.5.1 'Continual Improvement'.
Therefore, to see if quality objectives have been planned, implemented, monitored, and improved, an audit will need to consider requirements from multiple clauses.
ISO 9001 requires your processes to be identified (4.1.a) and their sequence and interaction to be determined (4.1.b). Clause 4.2.2.c states that these process interactions must be described in your quality manual. Audit planning should identify process interactions and ensure these audit trails are followed for more effective evaluations of your quality management system.
Do not be afraid to challenge and probe or follow an audit trail to see where it leads you
Evaluate the effectiveness of the system
Every audit situation should be examined from three perspectives:
1. Intent: “Have you said what you do?”
Do the defined or documented processes adequately express your approach?
2. Implementation: “Have you done what you said?”
Do the observed and recorded practices show conformance with the stated intent?
3. Effectiveness: “Have you done it well?”
Do the results of the process indicate the desired outcomes have been achieved? ISO 9000 defines “effectiveness” as the extent to which planned activities are realized and planned results are achieved. In other words, to judge effectiveness you look not only at the conformance of a process, but also at its results compared to its objectives.
As well as meeting the conformity requirements of ISO 9001, much value can be added to an organization by making use of internal audits to gather other valuable information during the audit process. Much can be learned about the overall performance of an organization by simply communicating with people on other issues and ideas. Do not be afraid to challenge and probe or follow an audit trail to see where it leads you.
Develop your knowledge and showcase your skills with a BSI Auditor Qualification
The BSI Training Academy have developed a wide range of auditor qualifications so that you can validate your learning and put a mark of trust on your skills. Our qualifications cover key management systems including ISO 9001, ISO 14001, ISO 27001 and ISO 13485.