A quality management system is a management system designed to provide assurance of quality. The system is documented in the quality manual, quality procedures and instructions and it is necessary that such a quality management system meets the requirements the ISO 9001 :2000 quality management system. The question arise how, how do you check that satisfactory quality management system is operating. In other words, how do you obtain assurance that quality management system is 1. Adequately defined, documented and understood 2. Is being followed and effectively implemented 3. Provide the correct degree of assurance to our product or services You can only check these points by carrying out an audit of the quality management system. Auditing is method of formally and systematically checking a quality management system to see if these three requirements are being met. It is therefore, one of the most important part of the quality management system, because it provide the proof that the quality management system is adequate and meeting the requirements of the standard. Consequently, it also exposes inadequacies in the quality management system. . Auditing is a means of gaining information in an independent and unbiased manner. Information about what we have achieved, or about the means of achievement. Auditing enables us to establish if our systems are being followed and if they are fully effective. This information enables us to proceed with confidence Systems. ISO 9000 : 2000 definitions: Audit Systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled Audit Criteria Set of polices, procedures or requirements used as a reference Auditor Person with the competence to conduct an audit
Quality System Audit
A systematic investigation of the intent, the implementation and the effectiveness of selected aspects of the quality system of an organization. In order to obtain information about how the work within various processes is actually performed it is possible to use process quality audits. Audits of this type are carried out by studying the actual conditions that exist at each work stage and work station. The various factors which influence the quality result of each process or operation are taken into account. Examples of factors include; - use of the right documentation, such as job descriptions and process instructions - use of the right materials - compliance with the above documentation By: G. R. P. K. Perera, Lecturer, CoT, Kandy.
- execution of prescribed follow-up and control activities
- conduction of equipment - checking and calibration of measuring devices and instruments - orderliness at the work station. TYPES OF AUDITS There are three types of audit. First party Second party Third party First party (internal Audit) Definition : An audit by the organization of its own systems and procedures. Objective : To assure maintenance, development and improvement of the quality system Second Party (External Audit) Definition : An audit by the organization on its suppliers and sub-contractors. Objective : - to determine suitability of suppliers - to appraise supplier/sub contractors performance - to ensure that suppliers have the capability to supply product - to meet purchasing requirements. Third party audit (External Audit) Definition : an audit by a body which is commercially and contractually independent of the organization, its suppliers and customers. In this context an audit by certification body on a quality system standard. Objective : to determine whether an organizations quality system has been documentation and implemented in accordance with a specified standard. ISO 19011 AND AUDITOR COMPETENCE The standard provides guidance on audit principles, the management of audit programmes, audit conduct and auditor competency requirements. It has been prepared in a general way so as to be applicable to different industries and organisations, is equally applicable to First, Second and Third Party auditing and is now used as the basis for audit approaches throughout the world and by a diverse range of organisations undertaking audits and assessments. There are of course variations in the particular approaches adopted, however it is generally acknowledged that ISO 19011 provides a good foundation for audit activities. It is important to note that ISO 19011 makes it quite clear that an auditor always has a client, and the sole purpose of undertaking an audit is to provide the 'client' with information. In other words audits are not undertaken to keep auditors employed or for the benefit of the auditors ! Structure of ISO 19001. ISO 190011 provides guidance on the management of audit programmes, audit conduct and auditor competency requirements. It has been prepared in a general way so as to be applicable to different industries and organisations and provides guidance that is intended to be flexible in the way that it is applied dependent upon the size, nature and complexity of the organisation to be audited as well as the objectives and scope of the audit to be conducted. The guidance is provided in By: G. R. P. K. Perera, Lecturer, CoT, Kandy.
the following clauses:
Clause 4 - Principles of auditing, Clause 5 - Guidance on managing audit programmes, Clause 6 - Guidance on audit conduct, Clause 7 - Guidance on competency requirements and auditor evaluation. Principles of auditing, Reliance on: a) Ethical conduct b) Fair presentation c) Due professional care d) Independence e) Evidence based approach Managing Audit Programmes. An audit programme comprises a series of audits undertaken over a specified period of time. Such a programme needs to be effectively managed. Audit activities Initiating the audit (audits normally initiated by a 'client' here by management or MR), Defining (or confirming) audit objectives, scope and criteria, Selecting the audit team, Conducting document review and planning and the Preparing for the on-site audit activities audit activities (stage 1 of Audit), Conducting the on-site audit activities, (stage 2 of an Audit), Preparing, approving and distributing the audit report, Completing the audit (normally considered complete once report issued), Conducting audit follow up (if requested to do so by the 'client'). THE AUDIT PROCESS It will be found that this approach is very similar to that detailed in ISO 19011 (guide to Quality Systems Auditing) and is believed to be a desirable approach to encourage. The general assessment process involves the following;
By: G. R. P. K. Perera, Lecturer, CoT, Kandy.
Education, work experience, auditor training and audit experience.
Auditors should have: a) education that provides a good foundation for their intended field of auditing coupled with appropriate knowledge and skills, b) work experience in an environment that contributes to the development of their knowledge and skills, Audit team leaders should have: a) additional knowledge and skills in team / audit leadership to facilitate efficient and effective conduct of an audit, e.g. audit planning, communication, organising and directing, reaching conclusions, preventing and resolving conflict, audit reporting. PROCESS MANAGEMENT Monitoring and Improvement ISO 9001 : 2000 focuses very much on the need for an organization to adopt a process approach when designing, implementing and improving a quality management system, and verification that this has been undertaken in an effective manner will place heavy demands on an assessment team leader to construct a suitable assessment schedule and associated audit samples for the various team members. It will require the team leader tot develop a very good understanding of the organization, the various processes that are in operation and how they interact with each other. Process analysis will need to be performed in greater depth before the assessment schedule can be finalized. Process analysis , which should have been undertaken by auditors in the past will not be very necessary, and an essential tool within the auditors toolbox. This will need to be undertaken at two levels at the first level process analysis will involve looking at the organization at the macro level to understand the nature of the business the processes involved and the general sequence and interaction of these processes. At the micro level it will involve the examination of individual processes to clearly understand how the process functions, is managed and outputs measured against By: G. R. P. K. Perera, Lecturer, CoT, Kandy.
any performance standard.
Cross functional, process are processes that flow through the different company functional areas or departments, and auditors will need to consider to verify particular aspects of such processes. There will also be important outputs from processes and it will be necessary for auditors to clearly understand what these outputs should be and if they are satisfying the appropriate criteria. For a full assessment of an organization to verify conformity with ISO 9001 : 2000 it will be very necessary for significant identified processes as well as those specifically referred to in ISO 9001 to be carefully audited to ensure that there has been adequate and effective planning, control and monitoring of such processes. The assessment will need to focus on not only on the processes themselves but also the inputs and outputs from them to establish if specified requirements for each are being met. In particular there will be some key quality management system processes that will need to be fully verified. An assessment team leader will wish to verify 4.1 General Requirements in relation to the most important (or significant) processes undertaken by the company. There will also be feedback of performance from both the process and process output monitoring activities that will be used to continually improve the Process management activity. Here there is an important link into 8.4 Analysis of data which holds the key to an organizations improvement focus and activities relating to process improvement and subsequently leads in to 5.6.2 Management. Review where management need to work with the results of data analysis to determine the need for process and quality management system improvement. For Process Management an auditor would wish to see that there has been adequate process planning, and hence would wish to verify that the elements of 4.1 General Requirements have been applied PROCESSProcess Inputs Monitoring of the Process and Process outputs Management of the Process outputs
Process outputs
Together with the general planning requirement of 7.1 Planning of product
realization thus The auditor would then wish to verify that the planned actins are being implemented in an effective manner. In relation to the Process monitoring, again there are elements of 4.1 General Requirements that the auditor would wish to verify, that is. For the process output the auditor would need to verify 8.2.4 Monitoring and measurement of Product and finally the auditor may wish to verify that use is being made of data provided from the process monitoring and product (process output) monitoring activities as an input to the continual improvement process. Thus will require an auditor to establish if there is an adequate link between 8.2.3/8.2.4. (taking due account of customer satisfaction) and 8.4, conforming with the organizations quality policy and related objectives and subsequently 5.6. Thus for any of the organizations processes there are some general requirements that the team leader may wish individual auditors to verify. This may be undertaken on a general basis relating to the organizations Quality planning process, or specifically to some of the most significant product realization processes undertaken by the organization. The assessment team leader will need to decide which processes are to be the focus of audit attention and objective evidence of compliance. Have the criteria and methods required to ensure the effective operation and control of the process been determined? Have the necessary resources and information to support the operation of the process been determined? Are the actins necessary to a planned results and continued improvement of the process being implemented? Have the quality objectives and requirements for the product (process output) been determined? Are necessary documents and resources specific to the product By: G. R. P. K. Perera, Lecturer, CoT, Kandy.
(process output) available to support eh process?
Have the required verification, validation, monitoring, inspection and test activities specific to the product (process output) been determined? Have the quality records needed to provide evidence that the process and the product (process output)meet requirements been determined? Have the necessary resources and information to support eh monitoring of the process been determined? Have the process measurement, monitoring and analytical methods been determined? together with the more specific elements of 8.2.3 Monitoring and measurement of processes Is the organization applying suitable methods for monitoring and or measurement of the process? Do these methods demonstrate the ability of the process to achieve planned results? Where processes are found to be nonconforming, is corrective action taken to ensure conformity of product?