Remote Auditing

 

Audit, audit by exception

Q: I am a consultant and I have helped a dozen of companies receive certification to ISO 9001-2008: Quality management systems–Requirements. A recent client requested a specific registrar that is different than the one I have used before. That registrar states that per ANAB, the stage 1 audit must be conducted on site at the company being certified. My prior registrar claims that they do not know of this requirement. After a review of the documents and records sent to them, they conduct the stage 1 in a teleconference. Who is right?

A: No one can speak for ANAB and the requirements they have for certification bodies (CBs) for each standard except ANAB. For some standards, ANAB documents specifically state that stage 1 audits can be conducted on-site or remotely. However, in some cases, ANAB requires CBs to apply for accreditation to use Computer Assisted Auditing Techniques (CAAT).

I would recommend that a representative of the organization seeking certification formally ask for an explanation as to why remote auditing techniques cannot be used to conduct a stage 1 audit for conformity to ISO 9001:2008.

For more information about remote auditing techniques for internal and external audits you may want to consider reviewing material in the book eAuditing Fundamentals: Virtual Communication and Remote Auditing published by ASQ Quality Press.

J.P. Russell
ASQ Fellow, ASQ CQA
ASQ Quality Press Author
Member of the U.S. TAG to ISO/TC 176 on Quality Management and Quality Assurance
Quality WBT Center for Education/J.P. Russell and Associates
www.jp-russell.com

Related Content:

Browse the free, open access content below, or find more in the ASQ Knowledge Center.

Know and Follow ISO 19011’s Auditing Principles
Quality Progress

The auditing principles of ISO 19011 call for ethical conduct, fair presentation, professional care, independence, and an evidence based approach. The ethical conduct principle is realized throughout the standard because it is the cornerstone of auditing. Read more.

10 Auditing Rules
Quality Progress

Abstract:By following ten guidelines, auditors can significantly improve the effectiveness of audits. Read more.

The Future of Quality Management Research
Quality Management Journal

Members of the Quality Management Journal editorial board share their insights on the future of quality management research. Read More.

Explore the ASQ Knowledge Center for more case studies, articles, benchmarking reports, and more.

Browse articles from ASQ magazines and journals here.

Rescheduling an ISO 9001 Surveillance Audit

Schedule, calendar, timeline

Q: Our organization had its last external (third party) audit in December 2011 for ISO 9001:2008 — Quality management systems — Requirements. We planned to have our next audit the week of November 26, 2012, but the auditor has become ill and cannot come at that time.

Do we need to have our surveillance audit within one year of the last audit? I am considering rescheduling for the first quarter of 2013.

A: Thank you for contacting ASQ’s Ask the Experts.  With regard to your inquiry, surveillance audits are usually conducted by most registrars on an annual basis.  Your registrar has complete responsibility for ensuring the availability of their audit staff to conduct these audits as they are required.

In the event that no other auditors can be provided by your registrar, it would be their responsibility to ensure the audit is rescheduled to another mutually agreed upon date and, if necessary, extend your organization’s ISO 9001:2008 certification status as appropriate.

Your organization’s ability to maintain to an active QMS certification status should not be dependent upon the availability of the registrar’s auditor.  I recommend that you contact your registrar to confirm the next date for your surveillance audit.

I hope this helps.

Bill Aston
ASQ Senior Member
Managing Director of Aston Technical Consulting Services
Kingwood, TX
www.astontechconsult.com

Related Content:

ISO 9000 and Organizational Effectiveness: A Systematic Review, Quality Management Journal, open access

The authors conduct a systematic review of empirical studies of the ISO 9000 standard’s impact. Most of the reviewed studies focused on positive impacts. This review highlights the need for more critical and diversified approaches to examining ISO 9000. It also reveals some of the practical implications of ISO 9000 for managers. Read more.

ISO Survey Reveals Increase in QMS Certifications, Journal for Quality and Participation, open access

According to the ISO Survey of Certifications, the numbers of ISO 9001:2008, ISO/TS 16949:2009, and ISO 13485:2003 certifications all increased in 2010. Over 1.1 million ISO 9001:2008 certifications had been awarded by the end of 2010, representing a four percent increase over 2009. Central and South America saw an 11 percent increase in ISO 9001 certifications, while 18 percent of certifications in Africa and West Asia were lost in 2010. The Far East represented the largest share of the increase in ISO/TS 16949 certifications, and Africa and West Africa saw the largest percentage increase in ISO 13485 certifications. ISO 13485 was also the only certification that saw growth in North America; North American certifications for the other two standards declined in 2010. Read more.

 

Scope of ISO 19011:2011

ISO documentation practices, requirements

Q: During a quick review of a recently revised standard, ISO 19011:2011– Guidelines for auditing management systems, we noticed that it is shorter than ANSI/ISO/ASQ 19011S:2008.

Also, we are wondering why there are no references to auditing the requirements in ANSI/ISO/ASQ Q9001-2008 Quality management systems.

Could someone please address our concerns?

A: With the expansion in scope of ISO 19011:2011 to cover all management system audits, the intent of the ISO 19011 standard is to provide guidance that is applicable to every management system discipline – not just quality management system audits.

One of the problems with the more general scope of ISO 19011:2011 is that it less helpful for addressing specific issues – such as internal audits of an organization’s quality monitoring and measuring processes.  This is why the ASC Z1-auditing subcommittee has initiated the process of developing supplemental guidance documents for internal audits and supply chain audits.  If there are specific issues or questions that you are interested in, you can ask that it be included in this supplemental guidance document (email standards@asq.org).

As to the difference in length –  with the U.S. adoption of ISO 19011:2011, the 2008 U.S. Supplement was made obsolete. What the Z1-auditing subcommittee is planning to do is to capture whatever guidance in that document is still important in the new supplemental guidance documents being drafted.

Thea Dunmire, JD, CIH, CSP
Chair, ASC Z1-Audit Subcommittee
ENLAR Compliance Services, Inc.
www.enlar.com/
Largo, FL

Related Content:

Read more open access content from ASQ about auditing:

Explore more using ASQ Knowledge Center search.

What’s the Difference Between ISO 9001 and ISO 19011?

Reporting, best practices, non-compliance reporting

Q: What is the difference between the ISO 9001:2008 and ISO 19011:2011 literature on your web site? Please provide a detailed explanation and their use.

A: I can see where the confusion might arise, as the numbers are very similar! But the contents are quite different.

ISO 9001 Quality management systems–Requirements is the mother of all quality management systems. It lays out the minimal requirements for an acceptable way of managing your business for quality. In the beginning, it was developed as a requirements document to lay on your suppliers. Then it became the foundation for registration (other countries might call this certification) of your own management approach to quality. About a decade ago, various business sectors – aerospace, automotive, medical devices, laboratories, etc., all used the ISO 9001 document as the base for their specific approaches. They didn’t take anything away, but added additional requirements. By far, the greatest use today is for registration/certification. This is somewhat sad, in that the standard itself is a beautiful way of managing the resources within the enterprise. Registration can get quite bureaucratic and not worth the expense.

ISO 19011:2011 Guidelines for the auditing management systems is the international auditing standard (my specialty). It was first developed as a means to get all the various registration agencies around the world to do their audits in a consistent manner. It also had support from the multinational companies that had factories – and thus registrations – all around the world and often with different cultures. Norms in Canada are not the same as China! Unfortunately, this registration emphasis in the standard made it somewhat hard for internal auditors and supplier auditors to use it. Plus, there is no requirement to use the standard, other than within the registration industry.

For these reasons, the U.S. wrote a supplement for the 2002 version of this standard, giving guidance on how to use the principles for internal audits and small organizations [note: development is underway to offer similar supplements for the ISO 19011:2011 version  — anticipated end of 2012/early 2013.]. ASQ is the only place to get this version, which  includes the supplement, along with the base document. As this auditing standard was revised, it picked up environmental auditing and safety auditing in the scope.

Dennis Arter
ASQ Fellow
The Audit Guy
Columbia Audit Resources
Kennewick, WA
http://auditguy.net