7/29/2019 ISO 9001 Lead Auditor Training AUDIT STRATEGIES.docx

http://slidepdf.com/reader/full/iso-9001-lead-auditor-training-audit-strategiesdocx 1/2

ISO 9001 Lead Auditor Training MODULE 5 Audit Activities

5.2 Conducting Document ReviewThe auditee’s documentation should be reviewed to determine the conformity of the system,as documented with the audit criteria. The documentation may include relevant

management system documents and records and previous audit reports. The review shouldtake into account the size, nature and complexity of the organization, and the objectivesand scope of the audit. In some situations, this review may be deferred until the on-site

activities commence, if this is not detrimental to the effectiveness of the conduct of the

audit. In other situations a preliminary site visit may be conducted to obtain an overview of available information (see coverage above on preliminary site visit). ISO 9000 Lead Auditor Training - If the documentation is found to be inadequate, the auditteam leader should inform the audit client, program manager and auditee. A decision should

be made as to whether the audit should be continued or suspended until documentation

concerns are resolved.See module 2 for details of how a documentation review should be done. Note: The Documentation Review is now done as Stage One of the Registration Audit. Thescope of the On-site stage one audit includes:

-Review conformity of the organization's QMS documentation to ISO 9001 requirements.- Review completion of full cycle of internal audits and management review processes Based on the evaluation of Stage One audit findings, the ISO 9001 Lead Auditor will thendetermine whether the organization is ready for the Stage Two Implementation Audit. 5.3 Preparing for the on-site audit activities 5.3.1 Audit StrategiesIn preparing the plan, the team leader in consultation with the audit team will decide the

strategy for the audit, and there are a number of options. Some auditors favor starting at

the point in a company where inquiries from clients are received. The auditors then followthe process through confirming an order, going through technical, procurement, inventory,production, test, shipping, and service, plus taking in specialized areas along the way. ISO 9000 Auditor Training - This approach may be termed a “process audit ”. The auditorsfollow a specific order or set of processes through the system and examine controls of each

process along the way. The process audit approach will require the auditor to look at thefollowing aspects of process management:

a) Controls over inputs, outputs and the value-added activities within a processb) Controls related to the utilization of resources in converting inputs to outputsc) Use of the PDCA methodology in applying the clauses of the ISO 9001:2000 standard to

each processd) Reviewing the controls related to the interaction, linkage and combination with otherprocesses, both on the input and output sides

e) Evidence of measurable objectives for each process and metrics to track performance tothem 

7/29/2019 ISO 9001 Lead Auditor Training AUDIT STRATEGIES.docx

http://slidepdf.com/reader/full/iso-9001-lead-auditor-training-audit-strategiesdocx 2/2

Reference should be made to clause 4.1 and 8.2.3 of the ISO standard for the process

approach.Also see sections 2.2 – 2.4 of Module 2 and section 3.4 of these Course Notes. Another strategy would be to do a product audit where the auditor would look for all the

controls required by clause 7.1 for fulfilling the requirements of a specific product, service,

project or contract or category of products (see section 3.4 of Module 3 of these CourseNotes). ISO 9000 Training - Yet another strategy is to consider all the activities in a particular

department without reference to overall workload. This would be termed “departmental” audit and may include a number of processes within a department. Internal audits in eachdepartment often take this approach. There are some ISO 9001 clauses that are applied across the board in all departments such

as 4.2.3 for document control and 6.2.2 for training. These can be audited by themselves orin combination with process, product, department, or contract strategies. Audits must always be planned. Audits that are not planned are likely to reflect worstpractices. Audits may be termed “random”, but without an objective or a plan, then perhaps “unprofessional” should be the preferred term. The plan, therefore, is likely to be a reflection of combined approach of both “up” and “down” and some “across” the organization. The auditors need to be sure that the plan

gives them enough time in each area for sharing of information within the team and toadvise the auditee organization of where they are likely to be at any given time. Keeping the organization informed will allow them to ensure they have a member of management available in each department to meet the auditors and also to ensure thatthere is a guide available for the auditors for going from one department to the next. Few

organizations allow external people to wander around their facilities unaccompanied. In anycase, third party auditors must always have a guide.