Should I be auditing the ISO standard or the QMS?

A question that we get asked a lot is “should I be auditing the ISO standard or my companies QMS, or both perhaps?”.

The easy answer is Both. Someone in your organisation (or an outsourced professional auditor) must audit both the ISO standard and the QMS. The tricky question is who should audit what and when?

ISO clause 8.2.2 states:

The organization shall conduct internal audits at planned intervals to determine whether the quality management system
a) conforms to the planned arrangements (see 7.1), to the requirements of this International Standard and to
the quality management system requirements established by the organization, and
b) is effectively implemented and maintained.

This means that someone in your organisation must

1) audit your own Quality Management System (QMS) against the requirements of the ISO 9001 standard (stage 1), and

2) internally audit (at planned intervals) your organisation to ensure you are doing what you say you are doing (stage 2).

This is known in the industry as 2 stage auditing. Stage 1 above is also known as a Document Review or an Adequacy Audit, and is normally done as a desktop exercise. The stage 2 audit is also known as a Conformity Audit, and takes place where the processes are performed – i.e. onsite in your office, shop-floor, warehouse etc.

Large organisations usually have different people who conduct the 2 stages. Typically the person(s) that conduct the stage 1 audit (Document Review) are known as Auditors / Lead Auditors, and they should be trained to be able to conduct both stage 1 and stage 2 audits. In this size of organisation the Internal Auditor is normally not expected to audit both stages, just stage 2 – for conformity against the requirements of your own QMS. If this is the case only the Auditor / Lead Auditor will need to know all of the requirements of the ISO standard, and the Internal Auditor will not. Having said that, no matter which role you are in, having an in-depth knowledge of the requirements of ISO 9001 and the framework of a QMS, will greatly benefit you and your organisation.

In smaller organisations the Internal Auditor often conducts both stages of the audit, therefore needs to have an in-depth knowledge of ISO 9001 and the structure of a QMS, without this you would not be able to audit the QMS for conformity to the requirements of ISO 9001.

Obviously every organisation is run in a different way, therefore the above might not always be true, but to summarise:

If you are conducting a stage 1 audit of your QMS against the requirements of ISO 9001 then you need to have a detailed knowledge of the ISO standard. If you are conducting a stage 2 audit of your processes against your QMS then you may not need know all of the clauses of the ISO standard.

How do I get this knowledge?

To get an in-depth knowledge of ISO 9001 and the structure of a QMS you could attend our 1 day public ISO 9001 Foundation training courses

To learn the tools and techniques of how to Internal Audit your QMS why not look at our 2 day public QMS Internal Auditor training courses

If you need to be able to Internally Audit your QMS, and audit your suppliers, then the course to look at is our 5 day public QMS Auditor / Lead Auditor training course

Should I be auditing the ISO standard or the QMS?

Related Posts

Merry Christmas from the Batalas Team

Wishing you a Merry Christmas!

Merry Christmas from everyone 2018