How to Prepare for an ISO 9001 Audit
An ISO audit is an audit that is performed to see whether the audited firm meets the requirements for compliance with a specific international organisation standard such as ISO 9001. It basically entails measuring whether the firm is actually doing what it states as being done. During such an ISO audit, the company’s audit team, or an external audit team, verifies that management – thus the management system – is in full compliance with, for instance, ISO 9001.
The ISO audit team assesses whether the actions taken to meet the organisation’s quality objectives are relevant and suitable. The team furthermore checks to see whether any problems within the ISO management system are still present, or whether the issues have been sufficiently addressed. The ISO audit furthermore serves to identify areas where improvements can still be made to ensure compliance.
The International Organisation for Standards explains the ISO audit for ISO 9001 as a systematic examination with the aim to determine whether the quality activities of the firm and the results thereof comply with its quality objectives, policies, and procedures and the relevant standard, and whether the arrangements have been implemented effectively to ensure that the relevant objectives can be met. Unlike the internal audit, the ISO certification audit is performed by an independent body for the purpose of certifying that the above is true for the audited firm.
Types of ISO Audits
Three types of ISO audits can be performed. The first-party audit is better known as the internal audit and is normally conducted by the firm’s own trained audit team. It is, however, possible for a firm to have an external party, such as WWISE, perform the internal audit on behalf of them, where they do not have all the necessary resources and trained personnel to do it.
The second-party audit is often referred to as the supplier audit and is usually conducted by the firm’s lead auditors. This type of audit is performed on a supplier or on suppliers of products or services to the company. The aim is to determine whether the supplier is actually doing what they state. It is also possible to make use of an external firm, such as WWISE, to carry out the supplier audit on behalf of the organisation, if the organisation lacks the necessary resources to perform such audits.
The third-party audit is the ISO certification audit and must be carried out by the certification body. The certification audit is carried out with the aim to establish whether the audited company meets the requirements for certification of compliance with a particular ISO standard, such as ISO 9001. The certification audit must be done by an approved body.
Why Carry Out Audits?
The ISO states that firms that wish to comply with the requirements for a relevant standard must conduct internal audits at planned intervals to assess whether their management systems conform to the planned arrangements, and to determine whether the arrangements have been effectively implemented and maintained. Apart from the requirement, firms conduct internal ISO audits to prove that their systems are working correctly and that ongoing improvements are made to ensure compliance.
ISO Audit Checklist in Planning for Certification
The ISO 9001 standard requires that the firm conducts a process audit. An audit must be planned to be successful and as such, it is important to set up an ISO audit checklist in preparation for the internal audit. Though a template can be used, it is essential that it is adapted to be relevant to the specific firm. In order to create such a checklist, the firm must study the ISO 9001 standard and create a list of questions that must be asked when the auditor reviews the records and employees involved in the process. The whole idea is to gather proof that the process is meeting its own stated requirements.
The management review input must include the results of the internal audit, the feedback received, information about the product conformance, and the performance of the process. It must also include which corrective and preventative actions have been taken, and their sufficiency. In addition, it must state which follow-up actions have been taken after the previous reviews, and their sufficiency. Finally, it must include the recommendations for improvements. Should the company’s auditing process call for minutes of the management reviews to be kept, the internal audit checklist can stipulate it as a requirement that the auditor should review the meeting minutes.
Purpose of the ISO Audit Checklist
The audit team uses the ISO audit checklists when looking for adequate proof that the audited process meets the requirements. If the firm does not have process documentation for the particular process, the ISO 9001 standard requirements are used. The checklist serves as a measurement tool to determine the effectiveness of the audited process, to identify shortcomings, and to ensure that non-conformances are not related to the lack of process documentation. The main purpose of the checklist is to confirm that the records for the process give sufficient proof that the process requirements are met. The secondary function is that of identifying corrective action that must be taken to ensure meeting the process requirements.
The audit team thus validates the documentation. They confirm that employees are properly trained for their specific tasks and that the quality requirements are met. It is essential to understand that the audit team should not ask employees questions about the tasks of other employees. An employee can only answer what they know and what pertains to their role.
Preparation for the ISO Certification Audit
The company must conduct internal audits at the set intervals, implement corrective actions, and have management reviews. It is also important to conduct a GAP analysis to determine shortcomings. Only once the above has been done, should the company have the certification ISO audit conducted.
We perform internal and supplier audits, GAP analysis, training, and systems integration on behalf of clients in preparation for the ISO 9001 certification audits. We also create maintenance plans, which entail regular scheduled management reviews with the firm and, as such, help to ensure ongoing compliance and improvement of the client company’s processes with the requirements of ISO 9001.