Sunday, 30 December 2012

QUALITY POLICY AND QUALITY OBJECTIVES IN ISO 9001:2008

QUALITY POLICY AND QUALITY OBJECTIVES IN ISO 9001:2008


Conducting internal audit is a vital tool to assess organization’s quality management system. The organization gets information in a planned way by conducting internal audit from a variety of sources. The purpose of conducting internal audit is to find out the answers to following questions:
- Is quality management system of the organization conformed to the planning of product realization carried out in the organization?
- Is the quality management system of the organization conformed to the requirements of ISO 9001:2008 QMS Standard?
- Is the quality management system of the organization conformed to the quality management system requirements established by the organization?
- Is the quality management system of the organization effectively implemented and maintained?

An internal audit is a tool to monitor and determine the health of the quality management system of the organization. For an organization, a properly conducted audit is beneficial and we need to conduct value added internal audit that is useful to the organization, auditee department, management representative and top management.

Clause 8.2.2 of ISO 9001:2008 QMS Standard deals with internal audit requirements. As per requirements of ISO 9001:2008 QMS Standard, an organization needs to conduct internal audit at planned intervals. An audit process should include the following aspects:
- Planning of internal audit – such as planning of audit schedule, assignment of auditors, auditee area, and scope of audit, status and importance of processes, results of previous audits.
- Examining and reviewing the quality management system documentation of the organization,
- Examining and reviewing other relevant information of the organization, such as production reports, failure trends, customer complaints, customer survey reports etc.
- Examining and reviewing the quality management system procedures and processes by visiting the audit area spot, interviewing relevant personnel and looking to relevant processes.
- Reporting the internal audit results (including corrective action requests from auditors).
- Verifying corrective actions taken.

An organization should have a documented procedure for conducting internal audit that define and narrate the following aspects:
- Audit criteria
- Scope of the audit
- Frequency of audit
- Audit methods
- Responsibilities and requirements for planning and conducting internal audit
- Relevant audit records (including results of audit) to be established and maintained
- Reporting results of the audit.

Chandrakant Agrawal, Manager (Risk and Compliance team), points out the following to add the value of internal audit:
(i) One more item that would be added is usage of checklist as a tool to make sure all aspects are covered. Also focus on documentation and continuous improvement should be there.
(ii) The Corrective action log would be the most valuable source to support the focus on Quality from the team's perspective.
(iii) The team awareness on policies and procedures and the feel of Quality should also be part of the audit process.
(iv) Sharing of Best practices should also be output of audit so that all involved are benefited.


Does ISO 9001:2008 QMS Standard mention specific frequency of internal audit? How frequently does an organization need to perform internal audits? Is it fair to conduct internal audit once in two years?
ISO 9001:2008 QMS Standard does not mention specific frequency of internal audit. Requirements of ISO 9001:2008 QMS Standard say conducting internal audit at planned intervals. As such the Standard binds the organization to conduct internal audit at planned intervals. It is up to the organization to decide the frequency of internal audit.

How frequently does an organization need to perform internal audits? It is very relevant question. Internal audits need to be performed to cover all quality management system activities the organization undertake and all the ISO 9001:2008 Standard requirements. In deciding the frequency of internal audits, the organization should consider following factors:
- Complexity of procedures and processes
- Maturity level of the organization’s quality management system
- Nature of business activity
- Problematic aspects and areas as per history
- Organization approach for monitoring and improvement
- Frequency of management review

Jan A. de Ridder, Senior Consultant, QA en Lean professional, says, “Frequency depends on many things. In my opinion it is fair to audit Clause 5.5 every two years, unless there are changes in the organization. Clause 8.3 should be audited more or less continuously. When requirements are not met, frequency should increase. I used to audit the whole system and every area in a 3 year cycle. Some places were visited more often than others. One should wonder how audits can be performed effectively, but also efficiently. I used to discuss frequency with the responsible manager. Is he/she happy with the outcome and the number of audits? After all he is the internal customer of the auditor.”

Richard Sledgister, an Engineer, says, “The frequency of a company’s internal audits should accomplish the following goals: 1) assess standard conformance, 2) drive RCCA (Root Cause Corrective Action) and 3) drive continuous improvement. Audits should measure the overall effectiveness of a QMS (Quality Management System) in a company and or a specific facility within a company. Audits should also focus on specific areas in which the planned method (standard work) is not being executed properly, high warranty costs are being incurred, a high scrap rate exists, processes are not in statistical control and or other performance metrics are not being achieved. These are all signs of poor quality. The audit frequency should be adjusted to focus on areas needing continuous improvement as this is an efficient use of resources. The cost of poor quality will be reduced and profitability will be enhanced.”

Sandeep Sharma, a Quality engineer, says, “I think it must be finished just before the external audit, if we will get the NC's, there will be time to resolve all the issues.”


On considering above points, it is now clear that it will be unfair to conduct internal audit once in two years as the time gap between two internal audits will be too long.

What should be done after getting results of internal audit?
The organization gets information about the areas which need correction and/or improvement from the results of internal audit. The information from internal audit results becomes input for the management review.

Who should perform internal audits?
Internal QMS auditors should perform internal audits. ISO 9001:2008 QMS Standard has two relevant important requirements:
- Selection of auditors must ensure objectivity and impartiality of the audit process
- An auditor must not audit his/her own work.

Clause 6.2.1 of ISO 9001:2008 QMS Standard mentions the requirement of competent personnel performing work affecting conformity to product requirements on the basis of appropriate education, training, skills and experience. Accordingly, the personnel conducting internal audit must be competent to audit for which the organization should refer to the relevant guidelines as mentioned in ISO 19011 Standard and take appropriate steps to provide appropriate training to personnel selected as auditors for internal audit.

Suggested Reading: Chapter 12 – Value Added Audit, Implementing ISO 9001:2000 Quality Management System – A Reference Guide, Dr. Divya Singhal and K. R. Singhal (Published by PHI Learning Pvt. Ltd., New Delhi – 110001, India)

Courtesy Source References
- ISO 9001:2008 QMS Standard
- ISO 9004:2000
- ISO 9001 for small businesses – What to do (Joint publication from International Organization for Standardization and International Trade Centre UNCTAD / WTO)
- ISO 9001:2000 – A workbook for service organizations (Joint publication from International Organization for Standardization and International Trade Centre UNCTAD / WTO)
- ISO 9001 Fitness Checker – A practical, easy to use checklist designed to help SMEs assess their readiness for ISO 9001 certification
- Implementing ISO 9001:2000 Quality Management System – A Reference Guide, Dr. Divya Singhal and K. R. Singhal (Publication from PHI Learning Pvt. Ltd., New Delhi)
- Discussion at Linkedin.com Groups

No comments:

Post a Comment