Process Management Auditing for ISO 9001 :2008 Process Management Auditing for ISO 9001 : 008 Understanding ISO 9001 : 008 and Process-based Management Systems Creating a Process-based Management System for ISO 9001 : 008 and beyond Process Management Auditing for ISO 9001 :2008 Rob Peddle and Ian Rosam (The High Performance Organisation Group Ltd) Process Management Auditing for ISO 9001 :2008 P ro cess M anagement Au diting fo r I SO 0 : 20 T his seco nd editio n p u b lished in the U K in 20 by B SI C hiswick High Ro ad Lo ndo n W4 4AL © B ritish Standards I nstitu tio n 20 F irst editio n p u b lished b y B SI in 20 I S BN 78 76 f B SI re erence: B I P 20 A catalo gu e reco rd fo r this b o o k is availab le fro m the B ritish Lib rary C opyright subsists in all BSI publications Except as permitted under the C opyright, D esigns and Patents Act 88 no extract may be reproduced, stored in a retrieval system or transmitted in any form or by any means – electronic, photocopying, recording or otherwise – without prior written permission I f permission from BSI is granted, the terms may include royalty payments or a licensing agreement D etails and advice can be obtained from the Copyright Manager, British Standards Institution, 89 Chiswick High Road, London W4 4AL G reat care has b een taken to ensu re accu racy in the co mp ilatio n and p rep aratio n o f this p u b licatio n Ho wever, since it is intended as a gu ide and no t a de f nitive statement, the au tho rs and B SI canno t in any circu mstances accep t resp o nsib ility fo r the resu lts o f any actio n taken o n the b asis o in the p u b licatio n no r fo r statu to ry rights Typ eset b y M o no lith – www mo no lith u k co m f P rinted b y Ber o rts f f the in o rmatio n co ntained any erro rs o r o missio ns T his es no t a ffect yo u r v F o re wo rd: The au diting wo rld has change d – Are yo u re ady? The changes to ISO 0 : 20 0 no w co ntained in ISO 0 : 20 are relatively mino r in natu re, bu t they have rein fo rced p ro cess management as a strategic ap p ro ach to the management o f o rganizatio ns, bo th big and small Ho wever, maj o r events that hap p ened as the 20 versio n was b eing p u blished, examp le, the fnancial meltdo wn, have rein fo rced so me key messages ISO 0 They have highlighted the failure fo r fro m o f traditio nal co mp liance based auditing techniques to identi fy the risks being taken within management systems and individual p ro cesses These techniques were no t the o nly bu t they co ntribu ted signi which has been a bill fo r fcantly to the o verall o utco me, failures, the co nsequence o f $ , 0 , 0 , 0 , 0 o f aid p ump ed into the eco no my by the main G 20 go vernments during late 20 and 20 In terms o f co rrective actio n that is so me co st! O f co urse, j u st like third p arty registratio n o rganizatio ns, the large co mp anies that failed had emp lo yed co mp etent and kno wledgeable p eo p le to carry o u t the audits, to rep o rt fndings to the highest level, and who had the backing o f p eo p le that co unted They had senio r management, no n-execu tive and executive directo rs who were very exp erienced So what went wro ng? Why was it that altho ugh the au dits were being carried o u t, they didn’t highlight the risks that p eo p le were taking and get the message to tho se who needed to kno w to allo w them to so mething ab o ut it? In sho rt, the au dito rs were p rimarily fo cused o n co mp liance and altho ugh systems and p ro cesses co mp lied, it did no t make them e ffective It was their level o f e ffectiveness that failed It’s the level o f e ffectiveness that we see and exp erience and that p ro duces the o utco mes In the end, o rganizatio ns are resp o nsible fo r fro m what o rganizatio ns are ing their o utco mes and the e ffect they Process Management Auditing for ISO 9001 :2008 vi have o n the wo rld aro u nd them, and their au diting sho u ld help them manage the risks su rro u nding this So what es this mean fo r u s as au dito rs? F o r o ne thing, it means that we canno t j u st rely o n co mp liance and the checking o f reco rds M o re imp o rtantly, we have to u nderstand ho w p eo p le wo rk to gether to deliver these o u tco mes, their b ehavio u r and the cu ltu re, as it is p eo p le who create risk no t p ap er and co mp u ters B u t ho w we au dit b ehavio u r and aren’t we already ing this? O ne o o f f the key fallacies with the au diting indu stry is the nu mb er o rganizatio ns and au dito rs that p ro mo te themselves and b elieve that they are already assessing e ffectiveness – their marketing material is fu ll o f it I n f reality this o ten o nly amo u nts to go o d co mp liance au diting rather than a real assessment o f e ffectiveness This is desp ite the b est intentio ns o f the au dito rs co ncerned and an indu stry trying to mo ve b eyo nd co mp liance I t is no t their fau lt failed I t is the au diting p ro cess that has b een and so far very few fo llo wed fo r so many years that has have really addressed this p ro b lem, b u t tried to b ase new metho ds o n what has limitatio ns – co mp liance au diting I t is against this b ackgro u nd that this b o o k has b een u p dated I t has b een written to help au dito rs ado p t so u nd au diting p ractices that wo rk and to help them au dit e ffectiveness as well as co mp liance Au diting b ehavio u rs and cu ltu re, which is u ltimately where we b elieve au diting will end u p , requ ires advanced au diting skills that are o u tside the sco p e o create the gro u ndwo rk fo r f this b o o k This b o o k will, ho wever, them, as the p rincip les co vered here are the b asis o these mo re advanced techniqu es I f yo u feel f yo u wo u ld like to kno w ho w to au dit b ehavio u rs then p lease email the au tho rs who can p ro vide case stu dies and examp les o f o rganizatio ns that are already ado p ting the ap p ro ach at: I an ro sam@the-hp o co m Ro b p eddle@the- hp o co m C ontents Introduction • We introduce the challenge that auditors face to develop the co mp etences requ ired to e ffectively au dit against the new I SO 0 : 20 S tandard and the ever increasing demands o b u siness fo r au diting activity to add mo re valu e We examine the o p p o rtu nities availab le f fo r the fo rward thinking au dito r Putting the p rocess ap p roach into context • A quick overview of the process approach to ensur that we have a co mmo n u nderstanding o f f the b asic termino lo gy b e o re develo p ing o u r au diting skills, kno wledge and co mp etences The requirements o f IS O 01 : 008 – An auditor’s p ersp ective • T he eight key principles of ISO 9001:2008 and the an, do, check, act metho lo gy are the basic techniqu es that fo u ndatio n o f the e ffective fo rm the audito r A clear u nderstanding o f these and ho w they can be ap p lied to a business will help the audito r stru cture their au diting ap p ro ach bo th at system and p ro cess level The system-p rocess-p rocedure relationship 17 • T he primary role of a process management auditor to discover to what extent the p ro cess is b eing managed and what e this has o n the achievement o f ffect f b u siness o b j ectives B e o re we can u ndertake any p ro cess management au dit we mu st f rst ap p reciate ho w a management system wo rks and the interactio ns that go o n b etween the o verall system, p ro cesses and p ro cedu res Pro ce s s M anage me nt Au diting fo r IS O 0 : 0 viii Auditing to o ls and te chnique s 21 • With the fundamentals that make a management system understo o d, we no w turn o ur attentio n to the detail o f ho w yo u sho uld actually co ndu ct an au dit starting with the to o ls and techniqu es that can be emp lo yed Planning and p re p aring a p ro ce s s audit 31 • Auditing is 80 per cent preparation and 20 per cent actual auditing, which so unds like a bit o f an o ld wives’ tale until yo u actually carry o ut an audit and then yo u realize j ust ho w true it is! C arrying o ut a p ro ces s audit – C o mp liance vs e ffe ctive ne s s 38 • S tarting with the managing director will help put the process and system into the co ntext o f the bu siness that yo u are au diting O nce this o ften daunting step is co mp leted it will feed the au diting o f the p ro cess’ o wners and teams in o rder to assess the e ffectiveness o f the management system in relatio n to the business o bj ectives f I de nti ying and re p o rting f ndings – M o ving b e yo nd co mp liance 44 • What are the objectives of your audit report? A straightforward eno ugh qu estio n, but ho w many audito rs actu ally ask themselves this be fo re they write and p resent their rep o rt? As s e s s ing imp ro ve me nts 50 • The auditor’s role is not to identify w improvements should take place or what the organization should It is to provide in formation to management on areas o f risk or where opportunities for improvement exist with an explanation that outlines the potential impact on the organization if these are addressed What p e rs o nal attrib u te s audito rs ne ed? 53 • Auditing is a skill and like any other skill needs practice to hone it It invo lves an ability to evalu ate o r learn fro m the exp erience, sub sequently changing the auditing style o r ap p ro ach to add mo re valu e to the activity Process Management Auditing for ISO 9001 :2008 84 Cl au se Req u i rem en t Q u esti on to wh om E ffecti ven ess q u esti on C om pl i an ce q u esti on n o D esi gn an d M an agem en t H ow d o you pl an th e d esi gn f a n ew H ow d o you opti m i ze th e u se o f d evel opm en t an d /or d evel opm en t o resou rces you h ave avai l abl e pl an n i n g prod u ct or servi ce? to you ? Wh at resou rces d o you n eed ? H ow d o you pri ori ti ze d i fferen t proj ects? H ow d o you kn ow th at you r l i m i ted resou rces are bei n g u sed i n su ch a way as to m axi m i ze th e ben e ft to th e organ i zati on an d i ts cu stom ers? ff Sta H ow are n ew d esi gn s/ D o you th i n k th at th e d evel opm en ts carri ed ou t? organ i zati on kn ows wh i ch proj ects are m ore i m portan t th an oth ers? f H ow o ten d o you get ‘ torn’ between th e n eed s o f di fferen t proj ects an d d on’ t kn ow wh i ch to d o D esi gn an d Proj ect m an ager Wh at factors d o you H ow d o you kn ow th e d esi gn f ed d evel opm en t si d ered wh en d esi gn i n g/ i n pu ts h ave been i d en ti i n pu ts d evel opi n g a prod u ct or correctl y? servi ce? H ow o ten d o you Wh at l egal an d regu l atory testi n g a prod u ct or servi ce, th at req u i rem en ts are i m portan t? th e d esi gn i n pu ts h ave n ot been f i d en ti f rst? D esi gn an d factors wh en correctl y? ffort D esi gn /d evel opm en t Wh at team si d ered wh en d esi gn i n g/ th i n k takes pl ace on d esi gn an d d evel opi n g a prod u ct or d evel opm en t work? servi ce? D o you th i n k you are care u l Wh at l egal an d regu l atory en ou gh wh en you d esi gn or req u i rem en ts are i m portan t? d evel op prod u cts an d servi ces? Proj ect m an ager d o you f ed fnd, H ow m u ch wasted e d o you f Wh at d esi gn /d evel opm en t H ow m an y ch an ges are m ad e d evel opm en t ou tpu ts d o you h ave? to d esi gn /d evel opm en t ou tpu ts ou tpu ts D o th ey tai n th e req u i red be ore th ey are correct an d can prod u ct acceptan ce cri teri a? be u sed ? f H ow d o you kn ow th at th e d esi gn /d evel opm en t ou tpu ts are rel evan t an d appropri ate to th e n eed s o f th e rest o f th e bu si n ess? Appendix 85 C l au se Req u i rem en t Q u esti on to wh om E ffecti ven ess q u esti on C om pl i an ce q u esti on n o D esi gn / Wh at d esi gn /d evel opm en t C an you gi ve m e an exam pl e o d evel opm en t team ou tpu ts d o you h ave? wh en th e d esi gn /d evel opm en t D o th ey tai n th e req u i red ou tpu ts h ave n ot been prod u ct acceptan ce cri teri a? u n d erstan d abl e? f H ow rel evan t are th e d esi gn / d evel opm en t ou tpu ts to you r j ob? D o th ey provi d e you wi th th e f i n orm ati on you n eed ? f D esi gn an d Proj ect m an ager/ H ow o ten d o you h ol d d evel opm en t proj ect team revi ews? revi ew Wh at i s th e pu rpose o f H ow o ten are agreed d ead l i n es for f th ese acti on s m i ssed ? Wh y i s th i s? revi ews? H ow are d i sagreem en ts or Wh o atten d s th ese revi ews? cern s on th e way Wh at h appen s at th ese resol ved q u i ckl y an d to th e revi ews? ben e ft o f forward th e bu si n ess? C om pared wi th you r com peti tors h ow good are you at getti n g prod u cts to m arket? f f D esi gn an d Proj ect m an ager/ H ow d o you test prod u cts H ow o ten d o you i d en ti y d evel opm en t proj ect team an d servi ces to ch eck th at you probl em s h ave d esi gn ed wh at you were an d servi ces a ter th ey are su pposed to d esi gn ? rel eased ? Wh at record s d o you keep? H ow d o you bal an ce th e n eed veri f cati on fou n d wi th prod u cts f an d ri sks to get th e prod u ct or servi ce l au n ch ed wi th m aki n g i t f per ect? D esi gn an d Proj ect m an ager/ H ow d o you test prod u cts H ow d o you kn ow th at d evel opm en t proj ect team an d servi ces to ch eck th at you cu stom er req u i rem en ts h ave h ave d esi gn ed som eth i n g th at been m et wh en you are m eets th e ori gi n al cu stom er or d esi gn i n g th e prod u cts an d m arket n eed s? servi ces? Proj ect m an ager/ H ow are ch an ges i n corporated H ow d o you kn ow th at proj ect team i n to d esi gn s/d evel opm en ts? th e ch an ges to d esi gn s or val i d ati on C on trol o f d esi gn an d d evel opm en t d evel opm en ts wi l l h ave th e ch an ges d esi red resu l ts? Process Management Auditing for ISO 9001 :2008 86 Cl au se Req u i rem en t Q u esti on to wh om E ffecti ven ess q u esti on C om pl i an ce q u esti on n o Pu rch asi n g Pu rch asi n g m an ager process Pu rch asi n g ff Sta f i n orm ati on Wh at i s th e pu rch asi n g H ow d o you kn ow th at th e process? su ppl i ers you u se ti n u e to H ow d oes th e process work? tri bu te to th e d el i very o Sh ow m e th e process worki n g bu si n ess obj ecti ves? f f Wh at pu rch asi n g i n orm ati on H ow d o you kn ow th at you d o you i n cl u d e on pu rch ase provi d e su ord ers? you r su ppl i ers, n ot too m u ch bu t Wh at q u al i ty m an agem en t n ot too l i ttl e? system req u i rem en ts d o you H ow d o you kn ow th at you r i n si st u pon ? su ppl i ers are m an agi n g th ei r ff ci en t bu si n ess i n an e e ffecti ve f i n orm ati on to ff ci en t an d m an n er? H ow d o you assess th i s? Veri o f f cati on M an agem en t pu rch ased prod u ct H ow d o you en su re th at H ow d o you red u ce th e ri sk o th e pu rch ased prod u cts an d bou gh t i n good s’ an d servi ce servi ces are wh at you ord ered ? fai l u res Wh at acti on s d o you take you r cu stom ers? f on wh at i s provi d ed to to ch eck th at th e good s you recei ve are OK? C on trol o f M an agem en t prod u cti on an d H ow d o you trol H ow d o you pl an th e way i n operati on al acti vi ti es to en su re wh i ch operati on al acti vi ti es are f servi ce provi si on si sten cy an d orm i ty o f f per orm ed to provi d e su ff ci en t th e servi ce or prod u ct? trol s? Wh at work i n stru cti on s, H ow d o you trol th e ri sks o trol pl an s or sch ed u l es d o operati on al acti vi ti es i n m eeti n g you u se to trol operati on al cu stom er req u i rem en ts? f processes? ff Sta f Wh at i n orm ati on d o you h ave H ow d o you kn ow th at wh at to h el p you d o you r j ob? you are d oi n g m eets you r H ave you been trai n ed to d o cu stom ers’ req u i rem en ts? you r j ob? Wh at are th e greatest ri sks to H ave you got th e ri gh t n ot ach i evi n g you r cu stom ers’ eq u i pm en t to d o you r j ob? req u i rem en ts an d h ow d o you trol th em ? H ow d o you kn ow you h ave m et you r cu stom ers’ req u i rem en ts? Appendix 87 C l au se Req u i rem en t Q u esti on to wh om E ffecti ven ess q u esti on C om pl i an ce q u esti on n o Val i d ati on o processes f M an agem en t for D em on strate th e val i d ati on H ow d o you trol an y m eth od s i n pl ace to trol processes you can n ot read i l y or prod u cti on an d processes you can n ot read i l y servi ce provi si on or econ om i cal l y veri y f f H ow o ten d o you reval i d ate f econ om i cal l y veri y? H ow d o you kn ow th e val i d ati on m eth od s you u se are e ffecti ve? th e process trol s? ff Sta H ow d o you test th e process? H ow d o you test th e process to en su re i t m eets cu stom er/ prod u ct req u i rem en ts? Wh at are th e cri teri a you u se to f m easu re process per orm an ce? I d en ti f cati on M an agem en t f D o you i d en ti y prod u cts? f an d traceabi l i ty H ow d o you i d en ti y prod u cts? H ow h ave you d eterm i n ed to wh at exten t i d en ti traceabi l i ty o f f cati on an d th e prod u ct i s req u i red ? H ow d o you kn ow th e trol s for prod u ct i d en ti traceabi l i ty are e ff Sta Sh ow m e h ow prod u cts are i d en ti f ed C an you for C u stom er M an agem en t property fnd an d Wh at probl em s d oes poor i d en ti th i s xyz prod u ct f cati on ffecti ve? f cati on cau se you an d h ow d o you trol th i s? m e? D o you u se cu stom er property H ow d o you kn ow wh en i n th e process? cu stom er property i s u sed i n th e H ow are probl em s wi th process? cu stom er property reported H ow i s cu stom er property back to th e cu stom er? i d en ti f ed an d protected ? Wh en probl em s ari se wi th cu stom er property h ow d o you d eal wi th th em an d en su re th e probl em d oes n ot ari se agai n i n th e ff Sta fu tu re? Wh en d o you u se cu stom er H ow d o you report probl em s property? wi th cu stom er property? Sh ow m e h ow you protect Wh at h appen s wh en you report cu stom er property a probl em ? Process Management Auditing for ISO 9001 :2008 88 Cl au se Req u i rem en t Q u esti on to wh om E ffecti ven ess q u esti on C om pl i an ce q u esti on n o Preservati on o f M an agem en t prod u ct f Sh ow m e h ow th e prod u ct i s H ow i s orm i ty o protected th e prod u ct to speci f f ed req u i rem en ts m n tai n ed th rou gh ou t th e en ti re process? ff Sta Sh ow m e h ow th e prod u ct i s H ow d o you kn ow th at th e stored prod u ct i s ad eq u atel y protected Sh ow m e h ow th e prod u ct i s d u ri n g al l stages o i d en ti f th e process? f ed Sh ow m e h ow th e prod u ct i s h an d l ed C on trol o f M an agem en t H ave you i d en ti f ed al l H ow d o you d eterm i n e wh at m on i tori n g m on i tori n g an d m easu ri n g m on i tori n g an d m easu ri n g i s an d m easu ri n g eq u i pm en t? req u i red ? d evi ces H as th e eq u i pm en t been H ow d o you kn ow th e resu l ts o cal i brated to a recogn i zed th e m on i tori n g an d m easu ri n g stan d ard , e g N AM AS can be rel i ed u pon ? approved ? H ow i s m on i tori n g an d Sh ow m e th e record s for m easu ri n g eq u i pm en t ch ecked ? m on i tori n g an d m easu ri n g Wh at d o you d o wh en a pi ece eq u i pm en t o I s th e prod u ct recal l ed an d eq u i pm en t retested wh en a pi ece o f m on i tori n g or m easu ri n g fai l s cal i brati on ? f m on i tori n g or m easu ri n g eq u i pm en t ff Sta fai l s cal i brati on ? Wh at eq u i pm en t d o you u se to m on i tor an d m easu re prod u ct f or process per orm an ce to speci f ed req u i rem en ts? H ow d o you kn ow th e m on i tori n g or m easu ri n g eq u i pm en t you u se i s worki n g correctl y? f Ap p e ndix 89 Tab le A C l au se Req u i rem en t E xamp le qu es tio ns Q u esti on to wh om fo r C laus e o f IS O 9001 : 2008 E ffecti ven ess q u esti on C om pl i an ce q u esti on n o Customer M anagement satis faction Do you measure customer What you with the satis faction? in formation you get from H ow you measure measuring satis faction? customer satis faction? H ow you know the methods you use are e ffective in gathering the in formation you need? H ow you know that the questions you ask/in formation you seek is the right in formation? (Co m p a re f ro m 2 I nternal audit Senior management th is to th e a n s we rs ) Show me your aud it schedule/ H ow you know when to programme audit each process given the business risks your organization faces? M anagement Are the auditors independent? H ow you allocate auditors H ave you trained your auditors based on the purpose o f the to audit e ffectively? process and competence Can I see your audit reports? required? Are non-compliances H ow you train your auditors addressed in a ‘timely’ fashion? to und erstand other business management disciplines such as budget control, marketing, team working etc ? H ow you know the audit reports are providing you with the in formation you need to support the management o f the business? H ow does the auditing add value to the business? H ow have you addressed the business impact o f the noncompliance? Process Management Auditing for ISO 9001 :2008 90 Cl au se Req u i rem en t Q u esti on to wh om C om pl i an ce q u esti on E ffecti ven ess q u esti on n o 8.2.3 Monitoring and Senior management/ Show me your measures How you know these are the and measurement o f management Show me the trends in correct measures? 8.2.4 processes and performance What is the in formation telling product Show me the targets for each you? process How you know that the in formation is accurate? How the measures link to the business objectives? How you manage the process and identi fy cost and waste e ffciencies? Give me an example Staff Show me the results you What is this in formation telling achieve you? How can you infuence these results? 8.3 Control o f Show me the procedure How you know that non- non-con forming Management to control non-con forming forming products are not product product reaching the customer or being How you make sure non- used? forming products not What is the impact on the get used accidentally? business i f they are released Do you keep records o f non- accidentally? forming products? Why you need records? What you with them? Staff Show me the procedure How o ften you release to control non-con forming non-con forming products but products don’t record it for operational How you make sure non- reasons? forming products not What is a non-con forming get used accidentally? product? Do you keep records o f non- How you know that you forming products? handle all non-con forming products the same way? Th e n a Management c o m p a re th e a n s we rs f ro m m a n a ge m e n t an d s ta ff to m a ke j u dge m e n t How you handle product How you know that any recalls? product recall would be handled to protect both the customer and the image of the organization? Appendix 91 C l au se Req u i rem en t Q u esti on to wh om E ffecti ven ess q u esti on C om pl i an ce q u esti on n o An al ysi s o f d ata M an agem en t f f D o you an al yse per orm an ce? H ow d o you i d en ti y H ow d o you an al yse i m provem en ts th at m axi m i ze th e f per orm an ce? ben e f D oes th e i n orm ati on i n cl u d e f d ata on cu stom er sati s acti on ? f D oes th e i n orm ati on sh ow f ft to th e bu si n ess? H ow d o you m ake recom m en d ati on s for i m provem en t based on th e tren d s i n per orm an ce agai n st resu l ts ach i eved ? targets? H ow d o you m on i tor th e i m pact o f i m provem en ts on th e resu l ts ach i eved ? C on ti n u al Sen i or m an agem en t/ I s th ere a process i m provem en t m an agem en t i m provem en t? for ti n u al H ow d o you kn ow th at i m provem en ts m ad e are m an aged an d trol l ed ? H ow are appropri ate peopl e i n vol ved i n i m provem en t acti vi ty? H ow d o you kn ow th at an i m provem en t d oesn’ t h ave an ad verse i m pact on oth er acti vi ty? ff Sta Wh at i m provem en ts h ave H ave i m provem en ts m ad e taken pl ace? h el ped you d o you r j ob better/ H ave you been i n vol ved ? m ad e i t easi er? D oes th i s organ i zati on l earn from i ts m i stakes to m ake th i n gs better n ext ti m e? C u stom ers ffecti ve H as th i s organ i zati on H ow e d o you th i n k th e i m proved ? organ i zati on i s i n i m provi n g wh at i t d oes? C orrecti ve M an agem en t acti on H ave you got a proced u re th e areas o f th e Stan d ard ? D o you keep record s o ff Sta Preven ti ve acti on for correcti ve acti on th at covers M an agem en t H ow d o you kn ow everyon e d eal s wi th processi n g/prod u ct errors or m i stakes i n th e sam e f way to protect th e organ i zati on correcti ve acti on s? an d i ts cu stom ers? Wh at i s a correcti ve acti on ? H ow o ten d oes th i s take pl ace? Wh at d o you d o wi th a D o you th i n k you m ake too processi n g/prod u ct error or m an y m i stakes th at are real l y m i stake? u n n ecessary? H ave you got a proced u re for preven ti ve acti on th at covers th e areas o f th e Stan d ard ? D o you keep record s o preven ti ve acti on s? f f H ow d o you kn ow th e correct bu si n ess ri sks h ave been i d en ti f ed an d acti on s pu t i n pl ace to red u ce th ese ri sks? Process Management Auditing for ISO 9001:2008 92 E s tabl i s h b u s i n e s s o b j e cti ve s Au d i t pl an n i n g M an ag e m e n t s ys t e m d o cu m e n ts I S O 9001 : 2008 I S O 40 C arry o u t au d i t/ veri fy acti o n l e g al an d statu tory re q u i rem en ts Reco rd observati on s G e n e rate au d i t Acti o n t ake n repo rt Act i o n re q u i re d ? Ye s R es po n s i bi l i ty an d t i m e s cal e s ag ree d Cl ose au d i t Figure A.1 Example o f a typical internal audit process (fow diagram and procedure) BI P 201 Fi le n a m e: 2009-01 73 0_A1 eps Ap p e ndix 93 Tab le A E xamp le p ro cedure PU RPO SE AN D SC O PE 1 The purpose o f this procedure is to ensure the company’s operational activities are being carried out in accordance with the requirements o f the management system and to monitor compliance to external standards, including legal and statutory obligations Where omissions are highlighted this procedure ensures that appropriate timely action is taken in order to correct the situation AU D I T PLAN N I N G With re ference to the current business objectives, previous audit results, and the importance o f the processes to be audited, the management representative is responsible for generating an annual audit plan covering all relevant elements o f the management system AU D I TI N G 3.1 Audits are carried out by the assigned auditor using the following documents as the criteria to audit against: current management system documents, externally originated standards (e g I SO 9001 : 2008, I SO 4001 , etc ), legal and statutory req uirements, as appropriate 3.2 During the audit the emphasis is placed on the witnessing o f objective evidence to veri fy that the management system procedures meet the requirements o f any appropriate externally originated standard and/or legal and statutory requirements and that they are being e ffectively implemented 3.3 Any observations made during the course o f the audit are recorded by the auditor in the form o f notes or on the ‘audit checklist’ document RE PO RTI N G I f an opportunity to improve or a problem is identi f ed during the audit the auditor will endeavour to agree suitable action and timescales for its completion, with the most appropriate individual(s) At the end o f the audit the auditor completes an ‘audit report’ detailing their observations and any action that may be necessary, including responsibility and timescales for completion The completed audit report is circulated to all staff responsible for taking the action I t is their responsibility to carry out the appropriate action by the agreed completion date The management representative retains the original report VE RI F I CATI O N O F AC TI O N 5.1 The action is veri f ed by the management representative as part o f the ongoing audit plan for that activity or separately, as appropriate, to ensure that it has been completed e ffectively 5.2 When satis f ed that the action has been completed and is e ffective the management representative signs the audit report to close it Tab le A Process Managing contact centres New business Client service Client service operations Contact centre E xamp le au dit s che du le Jan Feb Mar fo r Apr an o rganiz atio n with three lo catio ns May Jun Jul Aug Sep Oct Nov Dec W+T W+T W+T W+T Managing contract assignments New business Client service and client service operations Contract recruitment T T T Managing tactical assignments T T Managing in formation systems W+T Managing land D services W C Managing and developing people W C Managing f nances T T Managing facilities W C T Marketing W C T NOTE This audit schedule example is taken from an organization operating over three sites in Warrington, Thame and Crawley, hence the W+T+C, which indicate the speci f c location to be audited 95 Re ferences International standards ISO 9001 : 2008 , Quality management systems – Requirements ISO 901 , Guidelines for quality and/or environmental management systems auditing ISO 4001 , Environmental management systems – Specifcation with guidance for use Other books in the process management series BIP 201 (2009) Systems, Understanding ISO 9001 :2008 and Process-based Management London, BSI (ISBN 978 80 6765 7) BIP 201 (2009) and beyond, Creating a Process-based Management System for ISO 9001 :2008 London, BSI (ISBN 978 80 6765 4)