PowerPoint Presentation
Iso 9001:2015
Internal auditor training 1
Verify conformityVerify effectivenessShow opportunity to
improveMeet regulatory requirements2Purpose of AuditingInternal
Audits - performed within an organization to measure its own
performance & determine conformance.
3Plan & Be PreparedQuality Administrator will send out Audit
schedule at the beginning of each year Audit Plan cover sheet at
the beginning of each audit quarter.
4Plan & Be PreparedTo access information needed for the
audit:Use shortcut - Manufacturing-Distribution Home (Share Point),
orAccess page at:
http://teamsites/supplychain/ManufacturingDistribution/SitePages/Home.aspx
Go to panel on left side of screen & choose department you are
auditing
5Familiarize* with list of documents for department being
audited.
Print & review individual forms (e.g., product control
plans, work instructions)
Actions:*Print as preference
6Locate previous audit report in same file under Internal
AuditPrint copy & review, especially any identified issues,
before audit
Actions Contd:
7Locate the Process Control Plan by selecting Engineering on
left side of panel under the control plan section.Choose the plans
pertaining to the department to be audited.For Production
Departments:
8
Locate, print, & use the correct Internal Audit Checklist
for the audit.
Choose Quality on the left side panel, under the forms section
of Quality.Production Departments Contd:
Provide advanced notice (e.g., email) to associates involved in
audit to schedule & identify required support. Provides time
for them to prepare for the audit.Confirms audit date is on their
schedule. Define safety equipment requirements before the audit. Be
respectful of associate time by completing efficient and effective
audit. 9Planning For The Audit
9
Use effective auditing strategies Complete walkthrough before
interview session.Confirm priority checklist items during
walkthrough. Follow the product process flow from input to
shipping. Identify any issues for discussion during interview
session. Ensure you have complete understanding of process &
controls by asking for clarification.10Conduct yourself in a
professional mannerUse independent & unbiased judgment during
audit. Ensure no personal or professional involvement
w/associates.Auditor Requirements:
10
11Completing the interview sessionState the purpose &
objective of the audit.Put associate at ease & treat
w/respect.Use checklist as your guide for questions.Take accurate,
precise & legible notes.Identify important points (e.g.,
strengths, weaknesses).Closing the interview sessionSummarize audit
findings & needed actions.Provide overview of audit findings to
associates. End with Thanks for their cooperation &
supportAuditor Requirements Contd:
11
12Practice Art of ListeningEliminate distractionsListen for
contentSuspend judgmentListening for themesSeek
clarificationRe-direct discussions as needed to stay
focusedOpen-ended vs Closed-ended QuestionsOpen-Ended
QuestionsClosed-Ended QuestionsHow do you record the test
results?Do you record the test results?What is the first thing you
do?Do you set up the machine first?What is the standard procedure
for responding to customer complaints?When a customer calls, do you
have to record the details?What do you do with the finished
product?Do you pack the finished product in the box?
Auditor Guidance:
Ask Open-Ended Questions
13Product Sampling:Complete random sampling due to limited
timeAuditor should select the sampleExamine the sample in
detailCover relevant periodLook @ controlVerify Records &
DocumentsProcedures and work instructions should be current &
consistent w/processesRecords should be maintained, accessible,
& sufficientAuditor Guidance Contd:
14Validate FindingsEnsure accuracy of information.Ask for
information in different way for collaboration. Ensure evidence
demonstrates activity performed as described.Ask several people the
same question, as needed.Observe the activity in question being
performed.Review evidence such as procedures, instructions &
records.
Auditor Guidance Contd:
15Document Audit FindingsPositive
findings/strengthsOpportunities for
improvement/observationNonconformities- major/minorAction items to
be completedAuditor Guidance Contd:
16Nonconformances Must be well-documented & have 3
partsRequirementFailureEvidenceMajor Nonconformance The absence or
total breakdown of a systemNumber of minor nonconformities against
one clause Minor Nonconformance Failure to meet one requirement of
the standard, or single lapse in following one item of a company
procedure
Auditor Guidance Contd:
17Objective EvidenceFactual evidence: Differences between
procedures, audit criteria, & formsDifferences between
procedures & working practicesLack of evidence:Supporting
implementationSupporting continuous implementationObservationsKeep
observing physical
evidenceProductsEquipmentInstrumentsConditionsOperationsAuditor
Guidance Contd:
18Optional ContentSummary of audit processIdentify
uncertaintiesIdentify obstacles could affect resultsConfirm audit
objective accomplishedRecommend improvementsAgree on follow up
actions Identify action owners & targeted closure datesNot
included in Audit ReportSubjective opinionsDeficiencies corrected
during auditSpecific names of associates associated with the
findingsAuditor Guidance Contd:
19ISO9001:2015
The Standard
204.0 Context of the Organization (Completely New Section)
Organizations - required to identify any internal & external
issues that may impact their quality management systems ability to
deliver its intended results known as Risk. A tool that helps with
identifying risk is called a SWOT Analysis . It identifies
strength, weaknesses, opportunities & threats of organization
& strategic planning.
ISO 9001:2015
214.1 Understanding Organization & its Context
External connections includes: Cultural, social, political,
legal, financial, economic, natural & competitive
environment
Internal connections includes: Corporate culture, organizational
structure, roles & accountabilities, policies, objectives &
strategies, resources, information flows and decision-making
processesISO 9001:2015
224.2 Understanding Needs & Expectations of Interested
Parties
Interested parties - any people or entities that believe they
affect, are affected, or could be affected by your
organizationExamples - are customers, suppliers, employees, owners,
community, law enforcement, emergency responders & news
media.Attention - should be focused on those interested parties
that can impact the organizations ability to consistently provide
conforming products and services.ISO 9001:2015
234.3 Determining the Scope of the Quality Management System
(Expanded) Organization - shall determine boundaries &
relevance of the QMS and what must be considered.
4.4 Quality Management System & its Processes (Similar, but
more thorough)Organizations shall determine:Inputs required &
outputs expectedMeasurements & related performance
indicatorsResponsibilities & authoritiesRisks &
Opportunities; plan & implement actionsISO 9001:2015
245.0 Leadership (Renamed from Management Responsibility)
Top management - must manage quality, not delegate it.
Removal - all references to role of management
representative.
Quality management system - should be included in routine
business operations.
ISO 9001:2015
255.1 Leadership & Commitment 5.1.1 General (Similar with
added requirements)Top management - shall demonstrate leadership
& commitment to QMS by:Ensuring policy & objectives are
compatible with strategic directionEnsuring the quality policy is
communicated, understood & appliedPromoting awareness of the
process approachSupporting other relevant management roles to
demonstrate their leadershipISO 9001:2015
265.1.1 General Continued Top management is also required to
ensure that:Customer requirements are determined & metRisks
& opportunities that can affect conformity are determined &
addressedMeeting customer & applicable statutory &
regulatory requirements maintainedFocus on enhancing customer
satisfaction is maintained5.1.2 Customer Focus (Equivalent
w/addition of risk & opportunities) Customer focus is the
awareness of who the customers are, their strategic importance, and
their needs and expectationsISO 9001:2015
5.2 Policy (Equivalent with minor additions) The quality policy
shall:be available as documented informationbe communicated within
the organizationbe available to interested parties, as
appropriate
5.3 Organizational Roles, Responsibilities & Authorities
(Equivalent) Top management - shall assign the responsibility &
authority27ISO 9001:2015
6.0 Planning (No equivalent)Risk-based thinking &
managementRequired elements of successful quality management system
planMeasurement-based means to continually evaluate & update
planImplementing plan based on fulfilling agreed upon customer
requirements, & supporting effort w/appropriate resources &
repeatable processesUpdating the plan based on measuring ongoing
effectiveness & any newly discovered risks or
opportunities28ISO 9001:2015
6.1 Actions to Address Risks & Opportunities (New) Will help
the organization:Achieve its intended resultsEnhance a
resultPrevent a result the organization doesnt want to
occurContinually improve29ISO 9001:2015
6.1 Actions to Address Risks & Opportunities - Continued
Actions are to be implemented to evaluate their
effectivenessOptions can include: Avoiding riskEliminating the risk
sourceChanging the likelihood or consequencesSharing the
riskRetaining risk by informed decision30ISO 9001:2015
6.2 Quality Objectives & Planning to achieve them
(Equivalent w/addition of achieving objectives)The organization
shall establish quality objectives at appropriate functions, levels
and processes that are measurable & monitored.The organization
shall determine what will be done, what resources will be required,
who will be responsible, when it will be completed & how the
results will be evaluated.31ISO 9001:2015
6.3 Planning of Changes (Equivalent with additional
requirements)Consider:The purpose & potential consequencesThe
integrity of Quality Management SystemThe availability of
resourcesResponsibilities and authorities32ISO 9001:2015
7.0 Support Processes7.1 Resources (Equivalent) For the purpose
of establishing, implementing, maintaining, & continual
improving of the Quality Management System, they are:People
needsInfrastructure, like buildings, utilities, equipment,
hardware, software, transport & communicationProcess
environment-the conditions of the workplaceMonitoring &
measuring resourcesOrganizational knowledge33ISO 9001:2015
7.2 Competence (Equivalent)Determine the necessary competence of
person doing work on the basis of appropriate education, training,
or experienceTake actions to acquire the necessary competence,
& evaluate the effectivenessRetain appropriate documented
information as evidence of competence34ISO 9001:2015
7.3 Awareness (Equivalent with minor additions)Persons doing the
work should be aware of:the quality policyrelevant quality
objectivestheir contributionimplications of not conforming 35ISO
9001:2015
36ISO 9001:20157.5 Documented Information (Renamed from
documents & records) Document: Living information that is used
for decision making or performing tasks. Subject to revision. Such
things as, procedures, policies, instructions, and blank
checklists. Records: Historical information about things that have
already happened. Not subject to change.
377.5 Documented Information .continuedEnsure the following are
present when creating & updating documented
information:Identification: titles, document numbers, or something
that represents identityFormat: must be appropriate to the purpose
and users, & the media must be accessible & understandable.
Review & Approval: signatures, initials, email approval,
electronic signatures, meeting minutes or click-box approval is
acceptable ISO 9001:2015
38ISO 9001:20158.0 Operation8.1 Operational Planning &
Control (Equivalent)Determine requirementsEstablish the processes
& acceptance criteriaDetermine resources neededImplement
controlRetain documented informationPlan Output in a suitable
formPlan for expected & unexpected changesControl of
outsourcing
39ISO 9001:20158.2 Requirements for products and services
(Equivalent)Customer Communication should be effective at all
timesCustomer Requirements definedCustomer Requirements how to meet
them & reviewing them
40ISO 9001:20158.3 Design & Development of products &
services (Equivalent)The organization shall:Establish, Implement
& MaintainPlan by determining the stages &
controlsDetermine Inputs Document OutputsIdentify, review &
control (verify & validate) Changes
41ISO 9001:20158.4 Control of externally provided processes,
products & services (Equivalent)This is basically concerning
Purchasing which include:Raw MaterialsProducts that a supplier
provides directly to your customerProcesses provided by
subcontractors
8.5 Production & Service Provision
(providing)ControlAvailability of specificationsAvailability &
use of verification equipmentImplementation of monitoring &
measurementEffective infrastructure & environmentSelection of
competent peopleValidation of processes when outcomes cannot be
verifiedActions to remove human errorRelease, delivery &
post-delivery activitiesISO 9001:201542
43ISO 9001:20158.5 Production & Service
ProvisioncontinuedIdentification & Traceability- most common
types are labels, stickers, tickets, bar codes, tags, serial
numbers, travelers & work orders & location
identification
Must control the processes that produce your goods &
services
Property belonging to customers & external providers
Preservation-during handling, packaging & storage
448.5 Production & Service Provision.continuedPost-delivery
activities covering associated risks(potential problems), statutory
& regulatory requirements, application & lifecycle,
customer requirements & customer feedback
Control of changes includes, results of reviewing the changes,
who authorized the change and any necessary action from the review-
go back to the old way or establish the change as the new
benchmarkISO 9001:2015
45ISO 9001:20158.6 Release of Products & Services
(Equivalent) Before releasing something: test, inspect, review,
patrol, examine or assess.8.7 Control of nonconforming outputs
(Equivalent)Identification of nonconforming product or
serviceControlling nonconforming outputsNonconforming outputs
detected after delivery or useDealing with nonconforming
outputsRe-verifying after correctionRetained documented
informationConnection to corrective action
46ISO 9001:20159.0 Performance Evaluation9.1 Monitoring,
measurement, analysis and evaluation (Equivalent)What needs to be
monitored & measured?What method will be used?When will it be
performed?When will results be analyzed & evaluated?Evaluate
the performance & effectiveness of the QMSRetain documented
informationCustomer satisfactionAnalysis and evaluation of data
479.2 Internal AuditThe organization shall conduct internal
audits at planned intervals to provide information on whether the
quality management system:Conforms to the organizations own
requirements for its quality management systemThe requirements of
this international standard are effectively implemented and
maintained.ISO 9001:2015
489.2 Internal Audit.continuedThe organization shall:Plan,
establish, implement and maintain an audit program including
frequency, methods, responsibilities, planning requirements and
reporting, which shall take into consideration the importance of
the processes concerned, changes affecting the organization, and
the results of previous auditsDefine the audit criteria and scope
for each auditSelect auditors and conduct audits to ensure
objectivity and the impartiality of the audit processISO
9001:2015
499.2 Internal Audit.continuedEnsure that the results of the
audits are reported to relevant managementTake appropriate
correction and corrective actions without undue delayRetain
documented information as evidence of the implementation of the
audit program and the audit resultsISO 9001:2015
509.3 Management Review RequirementsExternal & internal
issues relevant to QMS & strategic direction
Information on the quality performance, including trends &
indicators for:Monitoring & measurement resultsIssues
concerning external providers and other relevant interested
partiesAdequacy of resourcesEffectiveness of actions taken to
address risk & opportunitiesISO 9001:2015
5110 ImprovementGeneralImplement actions to meet customer
requirements and enhance customer satisfaction, by:Improving
processes to prevent nonconformitiesImproving products and services
to meet known and predicted requirementsImproving quality manage
system resultsMay include breakthrough improvements, innovation,
transformation etc.
ISO 9001:2015
52
10 Improvement..continuedNonconformity and corrective actionWhen
a nonconformity occurs, the organization shall:React to the
nonconformity, and as appropriateTake action to control and correct
it andDeal with the consequencesEvaluate the need for action to
eliminate the causes of the nonconformity, in order that it does
not reoccur or occur elsewhere, by:Reviewing the
nonconformityDetermining the causes of the nonconformity
andDetermining if similar nonconformances exist, or could
potentially occur
ISO 9001:2015
5310 Improvement..continuedimplement any action neededreview the
effectiveness of any corrective action taken, andmake changes to
the quality management system, if necessaryConsider outputs of
analysis and evaluation, and outputs from management review, to
identify areas of underperformance or opportunities for
improvementSelect and utilize appropriate tools and methods for
investigation of the causes of underperformance and for supporting
continual improvementISO 9001:2015
