For something that is, in theory, relatively straightforward. The subject of what makes a good internal quality audit can certainly get some people all hot under the collar
ISO 9001 requires organisations to “implement & maintain” an internal audit program, and so, like it or not, organisations that need ISO 9001 registrations need to be able to demonstrate something that meets the definition
The requirements are actually quite clear, and boiled down to its elements, clause 8.2.2 requires that internal audits demonstrate the following attributes
- A plan or schedule for carrying them out that is up-to-date
- Specific scope and criteria for each audit
- A rationale behind the frequency of audits that is based on things like criticality, recent changes and level of problems
- Competent and independent internal auditors
- Documented and sufficiently descriptive findings
- A discipline of dealing with non-conformities in a timely way
- A periodic review of findings at top management level
But often many of these things are ignored. For what reason I would not like to speculate. For example a recent training client of mine had been allowed a three year period of grace from their certification body (a large BRITISH CB – there’s a clue) before they received a minor non-conformity for not conducting audits. Seriously, they hadn’t done any for THREE YEARS
That’s an extreme case, but more often we see things like;
- the rationale behind the frequency is not questioned
- the quality of the reports is poor and lacking in detail
- corrective actions are superficial and fail to deal with “root cause” and
- good practice is not be reported
There are also a couple of myths that need exploding. For example, all procedures must be audited at least once per year (which they don’t) and non-conformities must be graded “major” and “minor” or by some equivalent (which gain they do not)
The thing that continually baffles me, however, is that it usually takes about the same level of time and effort to do them well as it does to do them badly. It certainly is a strange one. Do them well and at the right time and there’s some really useful management information to be generated
Doru and Dragos in auditing mode a couple of years back
Pingback: Beginner's guide to ISO 9001 | Capable People Blog
Pingback: EFQM and ISO 9001 - a comparison of approaches | Capable People Blog