This page is dedicated to helping you learn the art & science of internal auditing. It is by no means a comprehensive list but it gives you the basis of ISO 9001:2015 – Internal Audit Criteria with examples.
ISO 9001:2015 – Internal Audit Criteria with examples
In this first part, I will give some basic fundamentals of internal auditing.
The difference between objectivity and impartiality in this context.
Objectivity: Objectivity is sticking to the facts, being guided by the evidence and considering an event will be closer to the truth the more supporting evidence it has. This is important when gathering evidences during the audit.
Impartiality: impartiality is not taking sides, giving up making value judgments and treat as equivalent different versions of an event, believing the truth is in the middle.
The difference between being argumentative and being assertive, in the context of an audit.
Argumentative: going into an argument with clients – being disagreeable. This is an emotional reaction. Often aggressive.
Assertive: being respectful of the client who is disagreeing with you, while standing behind the point that you are making (which is backed-up by a specific clause from the standard). This is without emotion, just stating facts.
When doing an internal audit, two methods in which an organisation can monitor customer satisfaction:
- Customer surveys
- Market-share analysis
Clause 8.3.4 of ISO 9001:2015 requires design and development verification to be carried out. List two verification activities that may be used by the design function of an organization.
Note: 8.3.4 has 3 requirements:
- Review: planning on how things happen
- Verification: internally checking that product developed meets the desired output
- Validation: customer confirms that outputs meet customer requirements
How an auditor can verify that agreed corrective actions have been effectively implemented.
After noting a corrective action as documented information an auditor can:
- Check whether changes are made to the management systems and talk with the people involved to ensure that they know/implement the change
- Update risks and opportunities during planning, and ensure that the right actions are taken and implemented to mitigate risks and seize opportunities for effective risk based management as per ISO 9001:2015
- Go on site, to confirm that the changes has been implemented.
ISO 9001:2015 – Internal Audit Criteria examples: Leadership + Auditor
7 Quality Management Principles
ISO 9000:2015 identifies ‘evidence-based decision-making as one of the 7 Quality Management Principles that facilitate the achievement of Quality Objectives.
‘Evidence-based decision-making means that decisions are taken based facts on objective analysis of data and information, rather than hunches. This means that data is collected, and effectively analysed to come up with factual information regarding a situation – and subsequently evidence-based decision making can be done.
ISO 9001:2015 clauses that support ‘evidence-based decision making’
The following are examples of ISO 9001:2015 – Internal Audit Criteria for evidence-based decision making.
- 4.1 – internal & external issues
- 4.4.1 – QMS and its processes
- 6.2 – quality objectives
- 7.2 – competence
- 8.5.1 – control of production and service provision
- 9.1.2 – customer satisfaction
- 9.1.3 – analysis and evaluation
- 9.2 – Internal Audit
- 9.3 – Management Review Meeting
Evaluation of Leadership
ISO 9001:2015 requires Top Management to demonstrate leadership and commitment with respect to the QMS. Here are some methods for evaluating leadership in ISO 9001:2015 – Internal Audit Criteria with examples
To evaluate Top Management leadership and commitment, and internal auditor can:
- interview the top management, I would ensure that they are committed to the quality policy, in a way that the quality objectives are defined that support the quality policy. And that they quality objectives are compatible with the context and strategic direction of the organization. Moreover, I would confirm that the data relating to these objectives is being collected, effectively analysed, and discussed during management review meetings, and that appropriate decisions are taken by top management to reach the quality objectives.
To audit Top Management leadership and commitment, and internal auditor can look for:
- 5.2 – quality policy is available as documented information, communicated and understood throughout the organization, and available to relevant interested parties
- 5.3 – organizational roles and responsibilities are assigned, communicated and understood within the organization.
- 9.3.3 – the outputs from the management review meeting consider all items mentioned in 9.3.2 and that decisions and actions related to opportunities for improvement, changes to the QMS and any resources needed are discussed and actioned (with the allocation of the right budgets – time and money).
Demonstrating Leadership & Commitment
Top management shall demonstrate leadership and commitment with respect to the quality management system by:
- taking accountability for the effectiveness of the quality management system;
- ensuring that the quality policy and quality objectives are established for the quality management system and are compatible with the context and strategic direction of the organization;
- ensuring the integration of the quality management system requirements into the organization’s business processes;
- promoting the use of the process approach and risk-based thinking;
- ensuring that the resources needed for the quality management system are available;
- communicating the importance of effective quality management and of conforming to the quality management system requirements;
- ensuring that the quality management system achieves its intended results;
- engaging, directing and supporting persons to contribute to the effectiveness of the quality management system;
- promoting improvement;
- supporting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility.
Traits of an auditor
Diplomatic is when we convey the message that we’d like to communicate with the client in a respectful way, that would be understood by the client. For example when the auditee is disagreeing with the auditor that a particular evidence (or lack of) should be considered as a NC – a diplomatic auditor with cordially disagreed with the auditee and read the relevant clause in a way that is perceived as friendly, respectful and professional.
Not being diplomatic could have on an audit the following impacts:
- Severe the relationship with the client by arguing
- If one the other hand the auditor is agreeable, to avoid being assertive, the downside could be that we do not achieve the intended outcome of the audit which to ensure that the company is complying to the requirements set by the standard.
Conclusion: ISO 9001:2015 – Internal Audit Criteria with examples
We sincerely hope you have enjoyed this post about ISO 9001:2015 – Internal Audit Criteria with examples. We have shared this information with a deep commitment to help you grow your ISO 9001 Certification knowledge. The more companies get ISO 9001 Certified, the better the value-chain will be across the board.
If you are now interested in getting further help and you’d like to know the cost for ISO 9001 Certification, we’d love to help.
If you are seeing the help of an ISO 9001 Consultant in Malta or anywhere in the world, we can help. Alternatively, you might want to consider this ISO 9001 Software that will guide you towards ISO Certification at your own pace.