Back in September PSP welcomed our annual ISO 9001:2008 external audit.
An External Quality Audit is how your Quality Awarding Body examines the quality management system that has been put in place within your company, and is a key element to the ISO standard.
External audits are preformed typically at pre-defined intervals to ensure you are complying with the standard.
This was my first ever external audit, although I was slightly nervous, I believed I was prepared as possible, by sticking to the guidelines stated within ISO9001:2008 and by ensuring that our staff knew what to expect and what was required by the external auditor.
Our auditor arrived promptly and introduced himself to me, giving me an outline of his background and what he expected to happen throughout the day.
Audits are an essential management tool to be used for verifying objective evidence of processes, to assess how successfully processes have been implemented, for judging the effectiveness of achieving any defined target levels, to provide evidence concerning reduction and elimination of problem areas.
To ensure obvious items are not missed, I had prearranged an agenda with the auditor and those who would be involved through the duration of the day.
The agenda showed the following items:
- Welcome to PSP
- Fire Exits and site information
- Comfort Breaks, lunch arrangements
- Introduction by the CEO to PSP site and team
- Short presentation of our last year of QMS
- Handover to the external auditor
Within a short presentation of our last year of QMS, we highlighted that we had developed a new internal CRM called Vision. With the introduction of Vision it changed a lot of our processes and procedures, which led to an almost rewrite of all our procedures and work instructions, but the growth and understanding attained during the rewrite was invaluable. Vision ensures we collect far more evidence for our procedures and now we can easily run the right reports within our key departments.
The external auditor runs through a pre-defined structure, this allows the audit to ensure they cover each area required, the structure looks a little like this, even though the auditor may not cover each section in order:
- Audit Conclusion
- A conclusion to whether the company has established and maintained its management system in line with the standard and also highlights here the number of non-conformances raised by the auditor.
- Significant Organisational Changes (also include any changes to surveillance visit patterns e.g. if additional standards have been added) and any additional information.
- A summary of organisation changes (if any) will be given here.
- Audit Summary (Observations, Non-conformance, Opportunities for Improvement, Good Practice etc.)
- The external auditor gives an overall summary of the days findings.
- Management System Controls (i.e. Management Review, Internal Audits, Objectives, Complaints etc.)
The audit methods used were interviews, observation of activities, review of hard copy documentation, review of documentation retained electronically and a review of records. The conclusion is based upon the evidence obtained during the audit. The auditor(s) used standard sampling techniques to obtain this evidence and no guarantee can be given that a different conclusion may have been reached had different samples been taken.
- A summary of each of the headings that were audited and evidenced.
Evidence
Management Review
Quality Policy
Quality Objectives
Internal audits
NCRs and Corrective / Preventive Action
Customer Feedback
Control of Documents
Control of Records
- Significant Process Audit Trails followed (i.e. Sales, Purchasing, Design, Production, Training etc.)
The audit methods used were interviews, observation of activities, review of hard copy documentation, review of documentation retained electronically and a review of records. The conclusion is based upon the evidence obtained during the audit. The auditor(s) used standard sampling techniques to obtain this evidence and no guarantee can be given that a different conclusion may have been reached had different samples been taken.
- A summary of each of the headings that were audited and evidenced
Evidence
Enquiry, Quotes & Sales Order Processing
Design Development and Deployment
Customer Service and Helpdesk
Purchasing system
Training
- Follow Up of Previous Audit Results
- A summary of previously raised requests/ non-conformances
- Recertification Visits (complete only at a Recertification Visit) – NA
- A summary is given if any issues were raised that need further investigation
- Activities planned but not covered on this visit and require planning for the next visit
- Summary of any areas not covered within the allotted time, which will be required to be completed at the next audit
- Head Office/Locations/Branch Offices visited during this audit
- The auditor completes dates and places visited during the audit
- Client/Contract Sites/Temporary Sites visited during this audit (if applicable)
- The auditor completes dates and places visited during the audit
- Locations/Branch Offices
- Confirmation of locations/branch offices for which certificates are required and current and correctly identified
- Registration Marks
Use of Registration Mark (if used) is in accordance with the Rules of Registration
- Confirmation if the use of the awarding body registration mark is in accordance with the Rules of Registration.
AUDIT PLAN NEXT VISIT
- This section of the report describes what the auditor will be looking for at the next planned visit. This gives me a structure to work towards, to ensure all areas are covered.
Finally
Internal and external quality auditing should not only report non-conformances and corrective actions, but also highlight areas of good practice. For instance other departments may share information and amend their working practices as a result, also contributing to continual improvement.
I am pleased to say that we passed our annual audit with only one observation, which we had already internally begun the process of setting targets for all objectives and establish a system to measure and monitor these objectives to ensure that targets are achieved.