The most common issue I see is internal audits are procedure or standard based and not process based. The audit schedule is a list of sections of the standard or procedures that are audited over a time period, usually a year. Even ISO 9001:2008 wanted process-based internal audits. Process was not well understood in the 2008 version even by most auditors. the 2015 edition tried to clear that up.
What is a process based internal audit? Hopefully you have identified your key processes. Most people can identify the various manufacturing processes. When doing an internal audit, look at this process and group all the related documents/documented information, the personnel and equipment, the inputs and the expected outputs, and how the process is measured to determine if it is improving. If this reminds you of a process turtle, pat yourself on the back, and dig up this useful tool. Develop your audit plan around this information and schedule the internal audits by process.
Before you ask how to handle non-production related activities, recognize whether it is identified or not, there is a management and leadership process that takes into account risk, planning, improvement and management review. There is a purchasing process and a sales/customer relations process.
If you use an outside consultant doing the internal audit once a year, make sure the report is organized by process.
Thanks, we just avoided a finding.
Sounds as though using MDSAP would cure most of these issues, especially since most of these issues arise in Medical Device Audits.
Thank you for this clarification. I think the confusion can be found in the lack of understanding with the term “process”. I think this term is used interchangeably with procedure or standard so it tends to lose its ISO meaning. If you would, allow me try to understand it from my perspective:
Everyone “knows” that a Quality Management System (QMS) is made up of work instructions, standards, and procedures. However, within that governing system of the QMS are smaller systems referred to in the ISO as processes. Each process is responsible for creating a product within any given company.
So a set-up Procedure, with it's step-by-step Work Instructions, Standard Test Methods, and Forms may only make up half, or in some cases, a small part of the process. Until the product is created, the process isn't complete. It is not complete because it may involve one or two more procedures (again with their correlating work instructions, STMs, and forms) before a final product is produced.
To understand this better, a ‘Standards’ Flow Chart may need to be created. Start with the end product and work your way back to its simplest component in the process such as a customer request.
In this flowchart I would associate all the internal standards with the creation of the contract along with its work instructions and forms to the contract process. I would then repeat this for the remaining processes for supplies, production, packaging, and shipping.
Would this be accurate, Sherri or have I gone to the Nth degree?
Sometimes I think that language gets in our way of understanding. Yes the language of ISO does indeed have the complexities around “procedures-based” meanings; however, the language of systems contains sub-sets of procedures, activities, and tasks. The two languages overlap and create confusion as they have not been operationally defined as a “joint system” with meanings assigned that are unambiguous. No one perspective can assume that their system of definition comprehensively defines the usage of these terms for all; thus, it is important to specify how meanings of these terms relate to each other and what they have in common. This is a useful discussion to have in the myASQ forum!