Those "New" Clauses - What the Heck to Ask?
George H. Hummel, COO & Certification Manager, Global Certification-USA, Dayton, OH, USA
Keywords: Auditing, New Requirements, ISO 8991:2015
Those new clauses what the heck to ask?
For many auditors, internal and external, auditing the new requirements in ISO 9001:2015 can be frustrating. This also includes terminology that hasn't been used in previous audits. Plus, there are no required documents and records to provide a comforting starting point. In addition, it is essential that the audit be with the top management of the organization. If an auditor hasn't spoken with these folks before, it can be a rather daunting experience.
So, just what the heck should an auditor be asking? Let s start at the beginning:
Start at the starting point of ISO 9001:2015, the context of the organization. Here, the auditor will ask, what can you tell me about the context of your organization? The word context may need to be explained. Ask, then, What are the external / internal issues that the organization must recognize?
With what do you need to contend that affect your strategy, objectives and ability to meet customer requirements?
Then comes the who question. Who are your interested parties and what are their requirements? This is a natural follow-up question. Once again, an explanation of interested parties might be needed. Usually, the auditor will receive answers such as, customers, owners, employees, suppliers. Here, an auditor might well explore the organization s website prior to the audit because the audit is exploratory here does top management adequately understand their stakeholders. This means preparation on the auditor s part, such as reviewing the website, understanding the industry and any regulatory requirements.
The next area for enquiry is to get to the base of ISO 9001:2015: risks and opportunities. With thirteen other clauses referring to risk and opportunity, one can see the main thread connecting throughout the standard. So, poor job here equals an ineffective quality management system! In addition, the auditor must focus on intended outcomes. How is effective performance achieved? How does improvement take place? How satisfied are your customers? These are the issues upon which risk and opportunity must focus and the plans to address them. So, ask: What risks and opportunities have you and what is your plan to address them?
In line with all of the above What are your quality objectives? The 2008 answer of a list does not suffice. In addition, the auditor must seek an action plan! Who has responsibility, what is the time-frame for achievement, what resources are provided? And, what has been communicated to employees? How are they aware of their impact on objectives? How do you ensure that they understand the action plans?
Here s a BIG one. How have you integrated your quality management system into your business processes? The authors of the 2015 edition have moved ISO 9001 into an integration with the organization s entire business. If the context of the organization touches all aspects of the business, so should ISO 9001:2015! So, How do use ISO 9001:2015 to run your company.
From one line in the 2008 edition now comes, How do you handle change? How do you know what changes are coming? How do you plan for them? What risks and opportunities do they offer? Have the changes that occurred been planned? How is un-intended change addressed? Changes that oy only affect the QMS, but all changes: planned, unplanned and unintended.
How do you learn from experience? This is managing organizational knowledge. Capturing what went right and what went wrong. How does the organization translate experience into knowledge?
This, then, is the starting point for a complete ISO 9001:2015 audit. It can be both challenging and fun.