Expectations from ISO audits can largely depend on the type of organization you are a part of. ISO audits examine whether a company’s management systems are in compliance with the ISO standards and relevant requirements. They also identify the existing or potential errors within management systems and suggest ways to rectify them. Other than addressing problems, audits help in checking what actions have been taken to meet organizational goals and objectives as they look for ways through which improvement can be made within the system.
The various types of audits include certification audits, on-site or remote audits, internal audits, and surveillance audits.
What do ISO Auditors Look for?
Effective ISO auditors look to understand the overall goal of your management system and provide evidence that helps them assess an organization’s compliance with the ISO standards. ISO auditors assess and evaluate organizational performance, below are a few examples of where an auditor would assess processes and why. These examples specifically address ISO 9001:2015.
a. employee training: as covered under the competence training and awareness clause of ISO 9001, records of employee training are monitored by auditors. To ensure workforce capability, auditors may inspect employee work evaluations, training test scores, degrees and certifications, position descriptions, employee resumes, performance reviews and training agendas.
b. management resources: to implement a quality driven culture and continuous organizational improvement, auditors focus on expanding and clarifying requirements for management responsibility as part of the QMS.
c. document control: organizations are required to document the process of controlling the creation, maintenance and access of documents according to ISO 9001 quality management standards. The documents can either be present in the form of paper or an electronic file and must be available in formats that make sense for the organization i.e. in the form of spreadsheets, presentations, images, or video clips. They must be tagged, titled, or numbered for their easy identification and should be approved by individuals with authority every time they are updated.
d. Enterprise quality management software: choosing the correct e-QMS to comply with the ISO requirements is also essential and is considered a good practice although it is not strictly required by the standard.
e. Management review agenda: to meet the requirements of the standard,a detail-oriented agenda with updated, complete information to mitigate risks and record actions that help with quality management is expected.
f. CAPAs: auditors understand that quality driven organizations focus on continuously updating and improving their systems by taking preventive and corrective actions along the way. Auditors expect companies to invest in strong CAPAs that promote organizational agility and conformance for an effective QMS.
This list is not an exhaustive list of what you can expect during an audit, but simply a few examples of what you can experience during your audit and why the auditor will be looking into them. At an audit, you can expect your auditor to be looking for conformance to the standard. Therefore, you will want to be forthcoming with answers and ensure your explanations help the auditor to understand your processes. Interviews are a chance for your employees to show what they do and how they do it – showcasing your processes working effectively.
Audits are a chance for you to learn about what is working and what isn’t. This is an opportunity to learn where you can improve to be better and more efficient at what you do best.
To the novice quality manager, ISO jargon can be extremely overwhelming. What is an NCR? What do you mean by OFI? Are we certified or accredited? But before you go and pull out your hair, let’s take a moment to go over some of the most frequently used terms and their definitions with regards to ISO and Management System Certification.