Questions to Ask In the Internal Audit of ISO 9001:2015

analysis blackboard board bubble
Photo by Pixabay on Pexels.com

Conducting an audit is a fun and learning experience.

It is also scary sometimes. Scary because…

  • There are myths people have about audit. And you can’t just bust those myths. For instance, no matter how many times you tell people that audit is not fault-finding, they still think it is fault-finding. There’s nothing we can do with that.
  • You have to deal with different scenarios, which can be unpredictable.
  • You have to deal with different types of people.

One of the ways to calm down the butterflies in your stomach during audit is to…

Prepare. Practice. Present.

Prepare in advance.

Practice doing the audit. Observe other auditors.

Present your best self in the audit. When you’re in the actual audit, get in the zone. Forget about your pre-audit inhibitions. If you’ll mess up, think of it as a learning experience. Then, conduct audit  again next time, but be better.

Here are some of the questions you can ask during your audit. Use these questions as your guide. Not as your crutches.

Remember that your audit has to flow like a conversation and not as an interrogation.

Good luck!

Clause 4 – Context of the Organization

4.1 Understanding the Organization and its Context

  1. What are the external and internal issues relevant to its purpose and strategic direction?
  2. How are the issues identified?
  3. How does these issues affect your organization’s ability to achieve the intended result of the QMS?
  4. How are these internal and external issues monitored and reviewed?

4.2 Understanding the Needs and Expectations of Interested Parties

  1. Who and what are the relevant interested parties are relevant to your Quality Management System?
  2. How are they identified?
  3. What are their requirements?
  4. How are the requirements identified?
  5. What are their potential impact to the quality management system?
  6. How are the impacts determined?
  7. How are the information about interested parties and their relevant requirements monitored?

4.3 Determining the Scope of the Quality Management System

  1. What are the boundaries and applicability of the Quality Management System in your organization?
  2. How are the requirements of relevant interested parties considered in the scope?
  3. How are the requirements of ISO 9001:2015 considered in your scope?
  4. What are the applicable requirements of the ISO 9001:2015 standard?
  5. What are the exclusions?
  6. How are the exclusions identified?
  7. How do you communicate the scope?
  8. How do you maintain its documentation?

4.4 Quality Management System and its Processes

  1. How do you establish your quality management system?
  2. How do you maintain it?
  3. How do you improve it?
  4. What processes are determined to constitute your QMS?
  5. What documents do you require to be documented to support your QMS?

Clause 5 – Leadership

5.1 Leadership and Commitment for the Quality Management System

  1. How is the quality policy and objectives established for the QMS?
  2. How are they compatible with the strategic direction and the organizational context?
  3. How is the quality policy communicated within the organization?
  4. How are the requirements of the QMS integrated into the business processes?
  5. How do you promote awareness of the process approach?
  6. How do you ensure that resources needed for the QMS are available?
  7. How do you communicate the importance of effective quality management?
  8. How do you communicate the importance of conforming to the QMS requirements?
  9. How do you ensure that the QMS achieves its intended results?
  10. How do you engage, direct and support people to contribute to the effectiveness of the QMS?
  11. How do you promote continual improvement?
  12. How do you support other relevant management roles to demonstrate leadership in their areas of responsibility?

5.1 Customer Focus

  1. How are risks and opportunities that can affect conformity of products and services determined?
  2. How is the ability to enhance customer satisfaction determined and addressed?
  3. How is the focus on consistently providing products and services that meet customer and applicable statutory and regulatory requirements maintained?
  4. How is customer satisfaction maintained?

5.2 Quality Policy

  1. How does top management establish, review and maintain a quality policy?
  2. How is it determined to be appropriate to the purpose and context of the organization?
  3. Does it provide a framework for setting and reviewing quality objectives?
  4. Does it contain a commitment to satisfy applicable requirements?
  5. Does it include a commitment to continual improvement of the QMS?
  6. Where is the quality policy available as documented information?
  7. How is it communicated?
  8. Show me how it is understood and applied within the organization.
  9. How have you made it available to relevant interested parties?

5.2 Organizational Roles, Responsibility and Authorities

  1. How does top management ensure that responsibilities and authorities for relevant roles are assigned, communicated and understood within the organization?
  2. How does top management assign the responsibility and authority for ensuring that the QMS conforms to the International standard?
  3. How does top management assign the responsibility and authority for ensuring processes are delivering their intended outputs?
  4. How is the performance of the QMS, opportunities for improvement and the need for change or innovation reported to top management?
  5. How is customer focus promoted within the organization?
  6. How is the integrity of the QMS maintained when changes to the QMS are planned and implemented?

Clause 6 – Planning

6.1 Actions to Address Risks and Opportunities

  1. How are the internal and external issues and interested parties considered when planning for the QMS?
  2. How are risks and opportunities determined and addressed?
  3. How are actions planned to address risks and opportunities?
  4. How are actions integrated and implemented into the QMS processes?
  5. How do you evaluate the effectiveness of the actions?
  6. How are actions taken to address risks and opportunities determined as being appropriate to the potential impact on the conformity of products and services?

6.2 Product Design Skills

  1. How do you determine that personnel with product design responsibility are competent to achieve design requirements?
  2. How do you determine skills required in applicable tools and techniques?
  3. How do you identify applicable tools and techniques?
  4. Where are the quality objectives and are these at all relevant functions, levels and processes?
  5. Are they consistent with the quality policy?
  6. Are they measurable?
  7. Do they consider applicable requirements?
  8. Are they relevant to the conformity of products and services and do they enhance customer satisfaction?
  9. How are they monitored? How often?
  10. How are they communicated?
  11. How are they updated?
  12. Where is the documented information on the quality objectives?
  13. How does the organization determine what will be done, with what resources, when completed and how will results be evaluated for quality objectives?

6.3 Planning of Changes

  1. How do you plan for the changes to the QMS?
  2. How do you demonstrate the purpose and potential consequences of changes?
  3. How do you demonstrate the integrity of the QMS?
  4. How do you demonstrate availability of resources?
  5. How to you allocate responsibility and authority?
  6. Who authorizes the change?

Clause 7 – Support

7.1 Resources

  1. How do you determine the resources for the establishment, implementation, maintenance and continual improvement of the QMS?
  2. How are the capabilities and constraints on internal resources are considered?
  3. Show me how needs from external providers are considered.
  4. How do you identify the necessary personnel to handle the processes to consistently meet customer, applicable statutory and regulatory requirements for the QMS?
  5. How do you determine, provide and maintain the infrastructure for the operation of processes to achieve products and service conformity?
  6. How do you determine, provide and maintain the environment for the operation of processes to achieve products and service conformity?
  7. How are the resources determined for ensuring valid and reliable monitoring and measuring results, where used?
  8. How do you ensure that resources provided are suitable for the specific monitoring and measurement activities and are maintained to ensure continued fitness for purpose?
  9. What documented information do you have as evidence of fitness for purpose of monitoring and measurement resources?
  10. How measurement instruments are verified or calibrated?
  11. What measurement standards are used for the basis of your calibration or verification?
  12. How do you determine the calibration status of instruments?
  13. How are instruments safeguarded from adjustments, damage and deterioration?
  14. How do you determine the validity of previous measurements if you find an instrument to be defective during verification or calibration? What appropriate actions do you take?
  15. How do you determine necessary knowledge for the operation of processes?
  16. How do you determine necessary knowledge to achieve conformity of products and services?
  17. How do you maintain this knowledge?
  18. How do you make it available?
  19. Who have access to these documented information?
  20. How do you consider current knowledge and how do you acquire additional knowledge when addressing changing needs and trends?

7.2 Competence

  1. How do you determine the necessary competence of people doing work?
  2. How do you determine competence on the basis of appropriate education, training or experience?
  3. How do you take actions to acquire necessary competence?
  4. Show me the documented information as evidence of competence.

7.3 Awareness

  1. How are people made aware of the quality policy?
  2. How are people made aware of the relevant quality objectives?
  3. How are people made aware of their contribution to the effectiveness of the QMS?
  4. How are people informed of the benefits of improved performance?
  5. How are people informed of not conforming with the QMS requirements?

7.4 Communication

  1. How do you determine internal and external communications relevant to the QMS?
  2. What is the medium of communication?
  3. How are QMS-related information communicated?

7.5 Documented Information

  1. What documented information do you maintain and retain as required by this standard and as being necessary for the effectiveness of your QMS?
  1. How  are the documented information is reviewed and approved for suitability and adequacy?
  2. How do you make your documented information available and suitable for use?
  3. How do you protect your documented information?
  4. How do you address your documented information in terms of distribution, access, retrieval, use, storage and preservation, legibility, control of changes, retention and disposition?

Clause 8 – Operation

8.1 Operational Planning and Control

  1. How are processes needed to meet requirements for provision of products and services planned, implemented and controlled?
  2. How are requirements for products and services determined?
  3. How is criteria for processes and acceptance for products and services determined?
  4. How are resources determined?
  5. How is process control implemented?
  6. What are the documented information to show that the processes have been carried out as planned and can demonstrate conformity of products and services?
  7. How have you determined that the output from the planning process is suitable for your operations?
  8. How do you control planned changes?
  9. How do you review the consequences of unintended changes?
  10. What actions are taken to mitigate any adverse effects?
  11. How do you control outsourced processes?

8.2 Determination of Requirements for Products and Services: Customer Communication

  1. What are your processes for communicating with customers?
  2. How do you communicate information relating to products?
  3. How do you communicate information relating to services?
  4. How do you communicate information relating to inquiries?
  5. How do you communicate information relating to contracts?
  6. How do you communicate information relating to order handling?
  7. How do you communicate information relating to customer views, perceptions and complaints?
  8. How do you manage customer property?
  9. What are your specific requirements for contingency actions?
  10. What is your process to determine the requirements for products and services to be offered to potential customers?
  11. How do you establish, implement and maintain this process?
  12. How do you define product and service requirements?
  13. How do you ensure that you have the ability to meet the defined requirements?
  14. What are your customer requirements for delivery and post-delivery?
  15. What reviews do you conduct prior to the commitment to supply products and services to your customers?
  16. How do you resolve contract which differ from those previously defined?
  17. How do you confirm customer requirements where the customer does not provide a documented statement?
  18. How to you keep records of evidence that a review was conducted prior to change of requirements?

8.3 Design and Development of Products and Services

  1. How do you establish, implement and maintain a design and development process?
  2. What factors do you consider in determining the stages and control for design and development?
  3. How do you consider these factors?
  4. How interfaces are controlled between individuals and parties?
  5. How do you determine the requirements essential for the type of products and services being designed and developed?
  6. How do you determine that inputs are adequate, complete and unambiguous for design and development?
  7. How do you resolve conflicts among inputs?
  8. What controls are applied to the design and development process to ensure that results are achieved?
  9. How do you ensure that design and development output meet the input requirements for design and development?
  10. How do you ensure that they are adequate for the subsequent processes for the provision of products and services?
  11. How do you ensure the products to be produced, or services to be provided, are fit for intended purpose and their safe and proper use?
  12. How do you document the results from the design and development process?
  13. How do you review, control and identify changes made to the design inputs and outputs during design and development of products and services?
  14. How do you ensure that changes have no impact on conformity to requirements?
  15. Show me he documented information for design and development changes.

8.4 Control of Externally Provided Products and Services

  1. How do you ensure externally provided processes, products and services conform to specified requirements?
  2. How do you apply specified requirements for the control of externally provided products and services?
  3. How do you you establish and apply criteria for evaluation, selection, monitoring of performance and re-evaluation of external providers?
  4. How do you assess their ability to provide processes or products and services in accordance with specified requirements?
  5. What documented information do you have of the results of evaluations, monitoring of performance  of external providers?
  6. How do you determine the controls applied to the external provision of processes, products and services?
  7. What are the potential impact of the externally provided processes, products and services on the ability to consistently meet customer and applicable statutory and regulatory requirements?
  8. How effective are the controls applied by the external provider?
  9. What verification or other activities do you have to ensure externally provided processes, products and services do not affect your ability to consistently deliver conforming products and services to your customers?
  10. How do you define the controls intended to be applied to the external provider and to the resulting process output?
  11. How do you communicate to external providers regarding the requirements?
  12. How do you ensure the adequacy of specified requirements before communicating with external providers?

8.5 Production and Service Provision: Control of Production and Service Provision

  1. What controlled conditions do you have for production and service provision, including delivery and post-delivery activities?
  2. How do you identify process outputs to ensure conformity of products and services?
  3. How do you identify the status of process outputs?
  4. How do you control the unique identification of process outputs?
  5. What documented information do you retain?
  6. How do you manage external provider’s property while under your control?
  7. How do you identify, verify, protect and safeguard that property which is provided for use or incorporation into your products or services?
  8. How do your report to the external provider if their property is incorrectly used, lost, damaged or found to be unsuitable for use?
  9. How do you ensure preservation of process outputs during production and service provision to maintain conformity to product requirements?
  10. How do you meet requirements for post- delivery activities associated with products and services?
  11. What are the post- delivery activities required with products and services?
  12. How do you review and control unplanned changes to ensure continuing conformity with specified requirements?
  13. What evidence can you provide on the reviews of changes?

8.6 Release of Products and Services

  1. How do you implement planned arrangement to verify product and service requirements have been met?
  2. Show me what evidence you retain.
  3. How do you ensure that products are approved prior to release?
  4. Who approves the products?

8.7 Control of Non-Conforming Process Outputs, Products and Services

  1. How do you identify and control process outputs, products and services that do not conform to requirements and prevent their unintended use or delivery?
  2. What appropriate corrective actions are taken based on the nature of the nonconformity and its impact on the conformity of products and services?
  3. What do you do with those products detected as nonconformity after delivery?
  4. How you deal with nonconforming process outputs, products and services in terms of:
  5. How do you correct them?
  6. How are customers informed?
  7. Who authorizes its release as is?
  8. How do you verify corrective actions?
  9. What documented information do you keep following actions taken to address nonconformity?

Clause 9 – Performance Evaluation 

9.1 Monitoring, Measurement, Analysis and Evaluation

  1. How do you determine what needs to be monitored and measured?
  2. What methods do you use for monitoring, measurement, analysis and evaluation to ensure valid results?
  3. When do you perform monitoring and measuring?
  4. How are results analysed and evaluated?
  5. What documented information can you show that monitoring and measurement activities have been implemented?
  6. How do you evaluate the quality performance and the effectiveness of the QMS?
  7. How do you monitor customer perception?
  8. How do you obtain information relating to customer views and opinions of your products and services?
  9. What methods for obtaining and using this information do you have?
  10. How do you analyse and evaluate data and information arising from monitoring, measurement and other sources?
  11. What is the output of analysis and evaluation used for?
  12. Were the results of analysis and evaluation discussed in the management review?

9.2 Internal Audit

  1. How are internal audits conducted?
  2. What are the objective of your audit?
  3. What is the scope of your audit?
  4. How is the audit result documented?
  5. How are the corrections and corrective actions taken after the audit?
  6. Can you show me the audit programme and the audit results?

9.3 Management Review

  1. What is the frequency of your management review?
  2. What kinds of information are reviewed in management review?
  3. What decisions are made during the management review?
  4. How do you document the result of the audit?

Clause 10 – Improvement

10.1 General

  1. How do you determine and select opportunities for improvement?
  2. What necessary actions have you implemented so that you have met customer requirements and enhanced customer satisfaction?
  3. Show how you have improved processes to prevent nonconformity?
  4. What improvement do you have in the past months?

10.2 Nonconformity and Corrective Action

  1. How do you address nonconformity?
  2. How do you make corrective action?
  3. What is your method for corrective action?

10.3 Continual Improvement

  1. Show me some examples of outputs from management review that have helped improve a process.
  2. What applicable tools and methodologies are used to investigate any nonconformity?
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s