webinar presented by the northern michigan section of...
TRANSCRIPT
Process Auditing Overview
Webinar Presented by the Northern Michigan Section of ASQ
Quick Refresh of Process Auditing Benefits Tools - Organizing for Process Audit Success Create Checklists to Capture Process Flow Internal Auditors – Become Knowledgeable of ISO 9001:2015 Group Audit Exercise – Using Several Requirements from ISO 9001:2015
Presentation Overview
In advance of this program, attendees should have received 4 checklists and 1 process matrix.
A copy of ISO 9001:2015 is not necessary.
If you did not receive, please email [email protected] to request the handouts.
Handouts
As a third party auditor, I continue to see internal auditors struggling with process-based auditing because more prep time is required to develop system effectiveness questions and to review appropriate process metrics.This overview will present a quick refresher of process-based auditing and some prep tools and ideas to promote successful audit planning.ISO 9001:2015 is so constructed that it would be difficult to audit section by section achieve any benefit for driving the quality system for improvement.As part of a learning objective, we will conduct a group exercise using two new concepts from the revised standard – Context of Organization and Risk Plan.
Introduction
Auditing section by section does not fulfill requirements of ISO 9001:2015 – 4.4.1 nor ISO 9001:2008 – 4.1
Sequence and interactions of processes will not be tested. Auditors can not evaluate goals for effectiveness by auditing
sections of standard.
Section by Section Audits Ineffective
Auditing natural business processes, and checking to see that management is documenting their goals and watching to verify they are met or exceeded provides value to an organization.
Employees know how their processes function - process auditing uses employee knowledge to document that the process is working or that action plans have been developed to improve the process.
Process Auditing Benefits
Begin by obtaining or developing a good flow chart of how the organization functions.
Create list of process names to be audited. Develop master set of checklists with processes to be audited. Begin audits by using master checklists - solicit feedback from internal
auditor group regarding checklist effectiveness following first audit. Example – did auditors review each listed element from the master checklist(s)? Was there enough time to cover all elements? Were these items documented? Checklist improvement ideas? Should checklists be split to create another separate audit?
Tools - Organize for Process Auditing
ISO IAC 7 §8
ApprovedSuppliers
Order Material
Sales OrderRec’d & Entered
Receive & Inspect Material
Design Eng.Product
Objectives
Manuf. Eng. Facilities
System Processes:Document ControlRecords Control
Competent Personnel
Test or Inspect
BuildOrder
GenerateWork Order
Ship orStock
NonconformingMaterial
Check Inventory
Pass?Scrap
ManagementReview
Internal Audit
Risk plan and Evaluation
CorrectiveAction
MetricsObjectives
Example Business Map
CUSTOMER
CUSTOMERr
It defines sequence and interactions of organization’s main processes.
Circled items identify key or core processes to be addressed: - Management and office processes - Design of the product and facilities engineering - Manufacturing and inspection of the product - Measurement and analysis of performance
Process Map Tool Does Two Things
Master checklist set is starting point and should be adjusted as program is tested.
Some elements of the process may change – if groupings or boxes on the process flow chart and checklist are too large to address in one audit, more process audits might be necessary.
Example - possible changes might be office processes which include customer processes, purchasing, and leadership. Second change could be the manufacturing process. This would allow adequate time for inspection, shipping/stocking and non-conforming material.
More Tools - Master Set of Checklists
Handouts: A – ISO 9001 - process audit checklist B – ISO 9001 - two page process audit checklist C – Blank turtle diagram D - F-3036 PEAR E - ISO 9001:2015 MatrixØ Inputs, activities, and outputs are clearly identified. Metrics(KPIs, Quality Objectives) identified, documented and space
provided for documenting action plans when goals are not met.
Review Checklist Tools for Similarity and Differences
Matrix in some form or another helps to complete audit schedule. Ensures that when all process audits are completed, all clauses of
standard have been included and checklists and records capture completeness of audit schedule.
Use the matrix document tool after all checklists have been created and adjusted.
Process Matrix - Tool
Context of the Organization and Strategic Direction 4.1 5.1.1b (use process audit checklist) 6.1 9.3.1
Risk Plan 4.4.1f 5.5.1d (use turtle diagram) 5.1.2.6 8.1 9.1.3e 9.3.2e
Exercises - Develop Process Flow and Process-Based Checklist for Several 2015 Requirements
4.1 Understanding the organizationDetermine the external and internal issues that are relevant to the strategic direction and its ability to achieve the intended results.4.2 Understanding the needs and expectations of interested parties a) Interested parties that are relevant to QMS b) Requirements of these interested partiesOrganization shall monitor & review information about these interested parties.4.3 Determining the scope of QMSMaintain documented information
Review - Context of Organization
4.4 QMS and its processes4.4.1 Definition of its processes their sequence and interactions4.4.2 To the extent necessary a) maintain documented information b) retain documented information5 Leadership5.5.1 Leadership and commitment5.5.1b) Ensure… Quality Policy, Quality Objectives are compatible with the context and strategic direction6.2 Quality Objective … maintain documented information
Context of Organization – Page 2
9.3 Management Review9.3.1 Top Management shall review the QMS to ensure alignment with strategic direction9.3.2 Management review shall:9.3.2 c) customer satisfaction & feedback from interested parties c) extent to which Quality Objectives have been met9.3.3 Management Review output…. retain as documented information
Context of Organization – Page 3
What are the inputs? What are the activities? What are the outputs? What metrics might there be?
Auditing Context of Organization
If auditor conducts an audit of Context of Organization early in the audit schedule, what information can be obtained that will be valuable during the remainder of the system audit?
Exercise Review
6.1 Develop & maintain effectiveness of organization’s risk planning Define risk - create list of departments where risk might be
evaluated? Definition of Risk (ISO 9000, 3.7.9) = effect of uncertainty
Notes to risk definition - risk could be both positive and negative – most times risk only associated with negative events!1) Quoting and contract review2)3)
Another Example of New Process - Risk Plan
Quoting & Contract Review - asking for more information when specifications have not been provided - risk mitigation. No quoting business - avoiding risk
Purchasing - supplier selection process– retaining risk by informed decision Manufacturing - error proofing – eliminating risk source. Use of FMEAs, or
FEAs – changing likelihood or consequences. Opportunities - new products, new practices, using new technologies and other desirable effects.
Data analysis, management review, corrective action – changing likelihood or consequences or retaining risk by informed decisions.
Risk Activities to Observe
Develop a flow chart using a turtle diagram: Inputs - what are the inputs that might be evaluated? What locations in a facility would auditors want to visit to question
process owners relating to risk and the retained information? Name some outputs of a good risk plan? What questions should be asked of top management regarding risk
and management review?
Exercise - Develop Audit Plan for Risk
9.3.2 e “the effectiveness of actions taken to address risk and opportunities”
Management Review - presented with information to make an informed decision about organization’s risk plan and effectiveness.
Retained documented information should be available to help in this decision process.
Exercise - Auditing Management Review
Questions?
Two to four hour training to focus on new components of ISO 9001:2015 including strategic direction, context of organization, risk plan, and documentation.
Review organization’s sequence/interaction map for firm’s processes. Exercises – to introduce auditors to process-based checklists. Conduct 2 to 4 hour process audit (teams of 2 or 3) using checklist. Conduct short debrief or end of audit training discussion seeking feedback
for audit system improvement.
Suggestions for Internal Auditor Training
Stronger focus on process auditing. Introducing the auditing of Context of the Organization, Risk Plan,
and Management Review. Re-evaluate adjusting audit checklists to capture key components of
ISO 9001:2015.
Summary
