What Quality Management System Auditors Look For

What Quality Management System Auditors Look For   General Overview: Auditors seek to ensure that your business systems and processes are well-structured, have clear objectives, and include necessary controls to meet internal and external requirements. A common weak point is the communication between different processes or departments. For example, suppose the contract review process identifies…

What Quality Management System Auditors Look For

 

General Overview: Auditors seek to ensure that your business systems and processes are well-structured, have clear objectives, and include necessary controls to meet internal and external requirements. A common weak point is the communication between different processes or departments. For example, suppose the contract review process identifies a requirement for materials purchased from a specific vendor but fails to communicate this to the purchasing department. In that case, the customer’s requirement may not be met. We will discuss what quality management system auditors look for.

Document Control: Auditors expect that any document affecting customer service, quality, delivery, health and safety, environmental concerns, and legal or special requirements is controlled. This includes training records, procedures, forms, and work instructions. They will verify that you are following your documented procedures.

Control of Records: Auditors primarily interview personnel and review records. They check that records are retrievable, stored in planned locations, and remain legible for the required retention period.

Management Commitment and Responsibility: Auditors look for signs of management’s commitment to the Quality, Environmental, Health and Safety Management system. This includes reviewing records of management reviews, confirming adequate resource provision, and ensuring management communicates the importance of the system and compliance with customer and legal requirements. Auditors also check that management assesses risks and takes actions to mitigate unacceptable risks.

Human Resources: Auditors verify that personnel competency is evaluated, training is provided and recorded, and training effectiveness is assessed. They also review onboarding processes, emergency drills, safety meetings, and periodic training schedules.

Maintenance & Housekeeping: Auditors inspect the facility for good housekeeping, safe conditions, environmental impacts, and maintenance of facilities and equipment. They also check environmental conditions like temperature and humidity that can affect customers or legal requirements.

QMS Planning: This planning is a high-level risk assessment to determine any internal and external issues that may affect the Quality Management System or the organisation as a whole. A common method to fulfill this requirement is by performing a SWOT Analysis and then addressing the most important items through the organization’s Continual Improvement process.

Product/Service Planning: Auditors ensure that work affecting the product or service is planned under controlled conditions to meet internal, customer, and legal requirements.

Customer Communication: Auditors may review how effectively you communicate with customers, especially regarding order status, changes, and feedback. Clear and consistent communication can significantly impact customer satisfaction and trust.

Contract Review: Auditors review customer contracts or purchase orders to identify and communicate all requirements to relevant departments. They especially focus on any customer requirements that should be flowed down to the supply chain.

Design & Development: Auditors check that design and development efforts are planned, recorded, and verified to meet requirements. They look for records showing that the design fulfils functional and performance requirements.

Purchasing: Auditors review the purchasing process to ensure suppliers and vendors are approved and all necessary information is communicated to them. They verify that purchased products or services meet requirements and subcontractors/vendors comply with Quality, Environmental, Health and Safety requirements.

Supplier Management: Beyond approving suppliers, auditors may check how you monitor and evaluate supplier performance over time. This includes periodic reviews, audits, and performance metrics to ensure suppliers continue to meet your standards.

 
Production/Service Control: Auditors review production or service processes to ensure they are planned and controlled to meet requirements. This includes equipment calibration, product identification and traceability, protection of customer-owned property, and operational controls to prevent injury or environmental escapes.

Inspection/Quality Control: Auditors check for evidence that products or services are inspected to meet requirements before delivery to internal or external customers.

Release of Product and/or Service Provision Auditors scrutinise the release process of products and services to ensure that all specified requirements have been met before delivery to the customer. This involves verifying that all necessary inspections, tests, and approvals have been completed and documented. The release process should include a final review to confirm that the product or service conforms to internal, customer, and legal requirements. Additionally, auditors check that any nonconformities identified during production or service provision have been addressed and resolved. An effective release process helps customers receive products and services that meet their expectations and regulatory requirements, enhancing customer satisfaction and trust.

Nonconforming Product: Auditors ensure there is a process to identify and control nonconforming products to prevent delivery to customers without prior consent.

Customer Satisfaction: Auditors verify that methods exist to obtain and act on customer perception data to improve satisfaction. They check that customer complaints and feedback are recorded and addressed.

Monitoring and measuring Processes: Auditors look for methods to measure the performance of core processes, set targets, and take corrective actions when objectives are not met. These metrics are often called Key Performance Indicators (KPIS).

Internal Audits: Auditors verify that complete system audits are performed for all subscribed standards and that these audits are effective and conducted by qualified personnel.

Continual Improvement: Auditors review corrective and preventive actions and improvement projects to identify and address root causes to prevent recurrence. They check for actions taken to prevent issues and improve system effectiveness and efficiency.

Risk Management: Auditors often look for a formal risk management process. This includes identifying potential risks, assessing their impact, and implementing mitigation measures. Effective risk management demonstrates proactive planning and preparedness.

Ethical Practices: Auditors may assess your organisation’s commitment to ethical practices, including anti-bribery and anti-corruption policies and adherence to labour laws. Demonstrating ethical behaviour can enhance your organisation’s reputation and compliance.

Technology and Cybersecurity: With increasing reliance on technology, auditors may evaluate your cybersecurity measures. This includes data protection, access controls, and measures to prevent cyber threats. Ensuring the security of your information systems is crucial for maintaining trust and compliance.

Auditors look to see that you “Say what you do,” “Do what you say,” and that you can prove it. Records and interviews provide the objective evidence needed to verify conformity to internal, customer, and legal requirements.

Key Points for Auditors to Remember:

  1. Phone a Friend: Anytime a process owner pushes back against a nonconformance you are discussing with them, and you can’t come to an agreement, please call another experienced auditor, consultant, or another senior member of your organisation to discuss and get clarification on the finding.

    Certified Organisation: If the organisation you are auditing is already certified, especially if it has been for a number of years, be extra cautious about writing a nonconformance that its management does not agree with. Make sure there is an explicit requirement and that you have discussed the finding with the lead auditor or a senior team member.

  2. Documented Information: In many instances, organisations face the expectation of maintaining documented records even when their internal procedures or ISO or AS9100 standards do not explicitly require them. This can be a challenging situation. I’ve experienced scenarios where a standard’s requirement was being met, but the auditor still requested a record as objective evidence of compliance. For example, during a recent audit, an organisation demonstrated that its KPI Management process (addressing a failure to meet a target) aligned with the standard through practical demonstration and verbal explanation. However, the auditor insisted on seeing a documented corrective action as proof. We were able to have that finding overturned by Technical Review. It’s important to understand that while documentation can provide clear evidence, it is not always mandatory. As long as you can convincingly demonstrate that the requirement is being fulfilled, it does not necessarily need to be captured in a formal record. This flexibility can help organisations focus on actual compliance rather than unnecessary paperwork.

     

  3. Adherence to Standards and Requirements: When identifying nonconformances, you must base your findings on specific requirements outlined in the ISO or AS9100 standards, customer requirements, or the organisation’s documented requirements. Each nonconformance must be linked to a particular clause or requirement that has not been met. This ensures that your findings are objective, verifiable, and defensible.

     

  4. Avoiding Subjective Judgments: It is not appropriate to write nonconformances based on personal opinions or subjective judgments about how an organisation should operate. Your role is to assess compliance with established standards and requirements, not to impose your own views or best practices unless they are explicitly required by the standards or customer requirements.

     

  5. Clarity and Precision: Each nonconformance report must clearly state the requirement that has not been met. This includes citing the specific clause from the standard, customer requirement, or internal procedure that the organisation has failed to comply with. This approach ensures transparency and helps the organisation understand and address the issue effectively.

     

  6. Professionalism and Integrity: Your credibility as an auditor depends on your ability to conduct audits with experienced professionalism. By ensuring that all nonconformances are well-founded and clearly documented, you maintain your clients’ trust and respect.

 

 

Get Started

There has never been a better time to invest in ISO certification. Show your commitment to quality management, the environment or occupational health & safety performance with a UKAS certified ISO certification from Compliant.
Get in Touch

Free Download

Download our free “The ISO process and ongoing Support pdf”