The ISO 9001:2015 Audit Process
by Breda Kearney | October 2, 2020 | Blog , Internal Audits , ISO 19011:2018 , ISO 9001:2015 , Quality , |
Audits are an essential part of every quality management system (QMS) and are used to determine the extent to which the specified requirements, also known as the audit criteria, have been met by the organization. Examples of audit criteria include ISO 9001:2015 requirements, QMS policies and procedures, Applicable regulatory requirements, Customer Requirements, Written quality agreements.
There are three main types of audits:
The audit program outlines the schedule of audits to be conducted over a defined time period. For first and second party audits, this is typically 12-18 months. For third party audits, the audit program covers a 3-year time period (also known as the certification cycle). The person responsible for managing the audit program determines the audit frequency using a risk-based approach. For example, in the case of internal audits, the QMS processes that are considered to be of higher importance for meeting customer and regulatory requirements or that demonstrate poor or underperformance are audited at a higher frequency compared to lower risk or more stable processes. An example of poor or underperformance could be a process that receives a high number of major non-conformities in an audit or that consistently fails to achieve its planned results.
Each individual audit in the audit program is conducted by the QMS auditor using a systematic and defined process which can be summarised as follows:
Step 1: Audit Initiation – The QMS auditor will contact the auditee for the purposes of requesting information and documentation, identifying areas of concerns or high risk, discussing audit logistics and determining if there are any obstacles that would prevent the audit from proceeding.
Step 2: Audit Preparation – Using the information obtained from the auditee, the QMS auditor will develop the audit plan (audit agenda), assign tasks to the other audit team members and prepare templates and other work documents for use during the audit. When selecting the audit team, the lead auditor must ensure that the audit team members understand the requirements of ISO 9001:2015 and any other audit criteria – this is essential for ensuring that the audit team can generate reliable audit findings based on objective and verifiable evidence.
Step 3: Conducting the Audit – The audit starts with the opening meeting and ends with the closing meeting where the audit findings and conclusion are presented to the auditee.
Step 4: Audit Reporting – The lead auditor is responsible for generating the audit report. The audit report must provide a clear and concise record of the audit and includes all of the findings (positive and negative) and the audit conclusion. It is distributed to the auditee within an agreed timeframe.
Step 5: Completing the Audit – At this stage, the administrative tasks are completed. Tasks could include archiving of auditor notes, disposal or return of copies of documents or records which were used during the audit (this must be agreed with the auditee in advance of the audit), it may be necessary to conduct a technical review of the audit report by an independent party, documenting lessons learnt and so on
Step 6: Audit Follow-Up – This is the final and arguably the most important step in the audit process. The QMS auditor will verify that the corrections and/or corrective actions implemented by the auditee to address the reported non-conformities are completed and effective. Depending on the outcome of the audit, the audit program may also need to be amended.
If you would like to learn more and gain an internationally recognised qualification as either an Internal Auditor or Lead Auditor, I would recommend either of the below Blended Learning programs:
- CQI & IRCA Certified Blended ISO 9001:2015 Internal Auditor Training Course
- CQI & IRCA Certified Blended ISO 9001:2015 Lead Auditor Training Course
If you would like to discuss either course or have any questions, you can contact us at email@example.com or call 061-529100