Preparation is key when it comes to avoiding non-conformances. So we’ve collated the top three questions auditors ask during ISO 9001 transition audits, as well as, some suggestions on how your quality management system could address each of these questions
1. How have you determined the external and internal issues that are relevant to your business and its strategic direction? (Understanding the organization and its context – clause 4.1)
Big businesses will typically have a strategic business plan. It is important to refer the auditor to the sections of your plan that cover the external forces, internal strengths and weaknesses.
On the other hand, small businesses should refer to their Vision and Mission statements to demonstrate where the business is heading – its strategic direction. Further, a SWOT analysis is a simple and effective tool used to identify the external and internal issues. “SWOT” stands for Strengths, Weakness, Opportunities, and Threats. With Strengths and Weakness being internal issues and Opportunities and Threats being external issues.
Useful tip: ISO 9001:2015 does not require any of this to be documented the term it uses is “determined”, however, we’ve found that many auditors want written evidence. Remember, we are here to help with SWOT analysis and all other ISO 9001 transition requirements – get in touch today
2. How have you determined the quality risks and opportunities that need to be addressed? (Actions to address risks and opportunities – clause 6.1)
Many big businesses already have a risk manager or risk department, and it is quite common for them to be fixated on the big picture risks to the business. Further, they may not be concerned with the opportunities for the business – where it could be growing. And because quality is about the customer, some of these risks and opportunities will need to be related to the customer. The quality management system should include all identified risks and opportunities, so any actions and quality objectives should be aligned.
For small businesses we recommend the use of a risk register. If your business has a safety system, you almost certainly will have one. If you don’t have one – create one (or leave it to ISOsafe). Your risk register should identify quality risks and opportunities, this involves looking at your business through the eyes of your customer – what you would not like if you were a customer (risk), and what would you like the business to be doing if you were a customer (opportunity). Once you have a list of customer risks and opportunities, identify how you can reduce the negative risks and build on the opportunities.
Useful tip: ISO 9001:2015 requires documented information as evidence of management reviews and these reviews should include the effectiveness of actions taken to address risks and opportunities
3. How have you determined the inputs required and outputs expected from your quality management system processes? (Quality management system and its processes – clause 4.4.1)
Any organization that is certified to ISO 9001:2008 should have the interaction of processes already described in their quality manual. ISO 9001:2015 requires more detail on process interaction, calling for the identification of all inputs and outputs relating to each process.
Large businesses, managing a number of different projects should have process maps in place. This could be an arduous task identifying the inputs and outputs of each of these individual processes. Warning: Auditors could have a field day here! Simplify and streamline your processes to make identifying inputs and outputs easier.
Small businesses will also need to draw up a process map. However, ISO 9001:2015 does not require a quality manual. This is a good thing. Many small business can meet the requirements without bulky, and impractical manuals.
Useful tip: There is a lot of talk about the process approach in this version of ISO 9001:2015 however, it was very clearly spelled out as a requirement in ISO 9001:2000 so it’s been around for at least 15 years. If your consultant, quality person or auditor doesn’t know this – get a new one!
Call QMS Australia on 1300 789 132 for more useful information today.