I have no experience with ISO 9001 and my boss volunteered me as an internal auditor this morning in a meeting. I have a week to prepare. How do I go about this? Any advice helps. I’m currently going through the 8 fundamentals of ISO 9001 but I’m not sure how to physically go through this audit?
In: Other
Did you make your boss unhappy or something?
Anyway, the internal auditor should be very familiar with the processes of their organization. Some bosses think of internal auditors as an adversarial or confrontational role. They might believe that the auditor’s role is to find fault and expose problems. This type of thinking is old fashioned at best and destructive at worst. So, at least a conversation with the boss along with the leader of the ISO9001 effort in the organization at large might be useful.
Pretty much everything starts with the QMS for the department. (It shouldn’t be the role of the auditor to write one nor approve one.) The QMS should be completed and formally approved by the required authority within the department (and usually their manager and the QMS/QE leader) – so perhaps the Shipping dept manager and their manager along with the QMS leader in the organization. Without a QMS, there is nothing for an auditor to do.
internal auditor should
a) review the relevant QMS to ensure that it complies to the corporate QMS. If this is a large organization, each department/division will have a QMS in sort of a “tree” to tie to the corporate QMS.
b) review the QMS using the relevant ISO9001 standards as a basis for compliance. This is a check of completeness (eg stuff that ISO requires are included to the right detail)
c) review the associated documentation/procedures that are described in the QMS. The documents must exist and be kept in good order.
d) If the internal auditor’s role is also to assist the dept in ISO compliance, then it is also necessary to ensure that actual practices follow the documentation. ie “Do what you say you do”. Identify training and implementation gaps and update documentation as necessary. (This is not always part of the internal auditor’s role)
e) During the actual audit, the role of the auditor could be as “simple” as pointing out errors of procedure, errors of compliance, errors and incompleteness quality documents and records, etc. It is then the role of the department staff (not the IA) to address those points. A more complete audit will also involve certain “opinion” statements – like best practices, ineffective or inefficient processes (you can be very diligently following a poor process)
f) Internal auditors are supposed to be knowledgeable both of departmental processes, the QMS and the ISO standards themselves. This is a serious and significant role. It is also not unusual for the IA to develop best practices. It is definitely not a role for the most junior in a department. A bad IA can result in a disastrous 3rd party/independent compliance audit.
Latest Answers