Part of an ongoing series: Practical advice on ISO 9001:2015 Clause 9.2
The advice here applies to all Management System Standards (MSS) and not just to implementing ISO 9001:2015.
For whatever MSS you need to conduct internal audits, you have two basic approaches to choose from:
Option 1: do the minimum necessary to satisfy the Certification Body (CB) [or Accreditation Board (AB)] Auditors
or
Option 2: take the best advantage of the opportunity the mandatory requirement offers.
You may well ask: Is it really worth my while putting time and effort into internal auditing, especially when I am going to meet resistance at every turn?
Here we’re going to consider both options and then you can decide which is best for your organization.
Option 1: Do the minimum to satisfy Clause 9.2 requirements
Action | The benefit to the Organization |
|
Satisfies a requirement of Clause 9.2 |
|
Satisfies a requirement of Clause 9.2 |
|
Satisfies a requirement of Clause 9.2 |
With Option 1 you’ll have done a good job. But at what cost in terms of lost opportunity?
Option 2: Take full advantage of the opportunity Clause 9.2 presents
Action | The benefit to the Organization |
(As with Option 1) | Satisfies a requirement of Clause 9.2 |
|
The internal audit becomes part of monitoring the system to check progress towards achieving the Management System Objectives and KPIs chosen and prompting timely action to ensure that they are going to be successfully met. |
|
Audit activity provides an ongoing reminder to colleagues of the importance of the Management System and its contribution to its success. Reinforces any awareness training or similar provided. |
|
Processes will be audited at suitable frequency with important/critical/failure-prone ones being audited most frequently. Early detection of failing processes will save time, money and reinforce customer and other stakeholders’ satisfaction. |
|
Common sources of noncompliance with both CB and regulatory are addressed, and the possibility of a major non-compliance is significantly reduced (self-preservation, perhaps?) |
|
Auditors find it easier and more natural to follow workflows, material flows and information flows with this approach. Consequently, a more thorough audit is conducted, and significant, disjointed steps in processes, procedures and methods are less likely to be missed. |
|
With a variety of evidence collection methods in use, the dependability of compliance and noncompliance findings is enhanced, as is management’s confidence in the Management System. |
|
Large numbers of incremental improvements and corrections to processes and procedures will result, as well as the occasional major improvement opportunity. Remember innovative thinking is to be found at all levels and functions within the organization and often from those working with the issues day-in, day-out. |
|
Individual audit reports will consequently be balanced in their reporting of the state of compliance and will help ensure that internal audits are not perceived as ‘witch-hunts’. Instances of good compliance in one area may be an improvement opportunity for another. |
|
An ISO 9001 Audit Report presented at Management Review meetings that highlight the positives will confirm to management the usefulness of the Management System, and make it easier for you to secure additional resources for your Management System improvement projects. |
Conclusion
In our opinion Option 1 is 'what not to do' and Option 2 is 'what to do' and, if you are the Audit Programme Manager for your organization, we strongly recommend it to you as part of your ISO 9001 implementation and maintenance. Yes, it is a lot more work but the results will significantly benefit your organization (and mostly on the ‘bottom line’). It won’t do your career prospects any harm either.
Related Articles
- How to Become an ISO Certified Internal Auditor: 11 FAQs Answered
- 5 Steps in Preparing for ISO 9001 Certification
- Free ISO 9001 Implementation Handbook (100+ pages)
- [Update] Seventeen official ISO 9001 Guidance Documents
deGRANDSON Global is an ISO Certified Educational Organization
We have chosen ISO 21001 certification because, unlike IRCA and Exemplar badges (which in our opinion are commercially compromised), it is based on independent third-party assessment. It is a ‘university grade’ standard in use globally by schools, colleges, and universities to demonstrate their competence.