Golfile

Appendix B
Assessment Report for Stage 1
Organization name: __________________________ ______________________________________________________ ___________________________________ _______ City, State: ________________________ City ____________________________________________________ ____________________________________________ ________________ Organization contact: ____________________________________________________________ Lead auditor: ___________________________ ______________________________________________________ _______________________________________ ____________
CONTENTS (See Chapter 3 for more details.) 1. Organization Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
92
2. Audit Plan—Stage 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
93
3. Opening and Closing Meetings Checkl kliist—S —Sttage 1. . . . . . . . . . . . . . . . . . . . . . . . . .
94
4. Obtain Materials for Stage 1 Readiness Review. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
94
5. Processes Proc esses Sho Showing wing Sequence and Interactions, Including Key Indicators . . . . . . . . .
95
6. Conduct Documented Information Revie Review w and Confirm That Documented Pro Pr ocesses Addr dreess All Requir ireements of ISO 900 001 1:2015 . . . . . . . . . . . . . . . . . . . . . .
96
7. Conduct Performance Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
100
8. Eval alu uate In Inte tern rnal al Audi dits ts an and d Man anaagement Review Results . . . . . . . . . . . . . . . . . . . .
103
9. Identify Suspect Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
106
91
92
Appendix B
10. Con Confirm firm Cus Custom tomer er-Sp -Specifi ecificc Quali Quality ty Mana Manage gemen mentt Sy Syste stem m Req Require uireme ments nts . . . . . . . . .
106
11. Determine the Appropriate Scope. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
107
12. Determine the Audit Feasibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
107
13. Create an Audit Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
108
14. Prepare and Deliver the Stage 1 Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
110
15. Co Conduct Pr Pro ocess An Anal aly ysis an and d Pr Preepar aree Pr Pro oce cesss Works ksh hee eett . . . . . . . . . . . . . . . . . . . .
111
1. ORGANIZATION INFORMATION Organization name: ____________________________ ________________________________________________________ _________________________________ _____ Contact person: __________________________ ______________________________________________________ ______________________________________ __________ Department: ___________________________________________________________________ Telephone: ____________________________________________________________________ Fax: _________________________________________________________________________ E-mail: _______________________________________________________________________ Street: ________________________________________________________________________ City: _________________________________________________________________________ State or province: _______________________________________________________________ Zip or postal code: ______________________________________________________________ Standard: ISO 9001 90 01:201 :2015 5 Type of assessment: Stage 1 Assessment team: _______________________________________________________________ Person days: ___________________________________________________________________ Start date: _____________________________________________________________________ End date: ___________________________ _______________________________________________________ __________________________________________ ______________
92
Appendix B
10. Con Confirm firm Cus Custom tomer er-Sp -Specifi ecificc Quali Quality ty Mana Manage gemen mentt Sy Syste stem m Req Require uireme ments nts . . . . . . . . .
106
11. Determine the Appropriate Scope. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
107
12. Determine the Audit Feasibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
107
13. Create an Audit Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
108
14. Prepare and Deliver the Stage 1 Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
110
15. Co Conduct Pr Pro ocess An Anal aly ysis an and d Pr Preepar aree Pr Pro oce cesss Works ksh hee eett . . . . . . . . . . . . . . . . . . . .
111
1. ORGANIZATION INFORMATION Organization name: ____________________________ ________________________________________________________ _________________________________ _____ Contact person: __________________________ ______________________________________________________ ______________________________________ __________ Department: ___________________________________________________________________ Telephone: ____________________________________________________________________ Fax: _________________________________________________________________________ E-mail: _______________________________________________________________________ Street: ________________________________________________________________________ City: _________________________________________________________________________ State or province: _______________________________________________________________ Zip or postal code: ______________________________________________________________ Standard: ISO 9001 90 01:201 :2015 5 Type of assessment: Stage 1 Assessment team: _______________________________________________________________ Person days: ___________________________________________________________________ Start date: _____________________________________________________________________ End date: ___________________________ _______________________________________________________ __________________________________________ ______________
Assessment Report for Stage 1
93
2. AUDIT PLAN—STAGE 1 Date
Figure B.1
Time
Activity
30 minutes
Opening meeting
1 hour
Facility tour (optional)
Not required for internal audits
3 or more hours
Process approach and documented information review
Is the company process focused? Is there adequate documented information for the size and complexity of the business? Only performed typically in the first audit of a third-party audit. Subsequent audits will study documented information, but it will vary based on the audit.
2 hours
Performance analysis— customer performance information (scorecards), business KPIs, customer complaints, process performance
Data are used to prioritize the audit and to understand performance issues related to the organization and its processes.
2 or more hours
Management review, planning, and risks and opportunities, internal audits, and corrective action
Decision on whether to continue to stage 2 (feasibility of the audit) or postpone audit. Does the management system appear to be implemented and mature? Is the system mature enough to have “retained documented information” or records. In many instances, even though the auditee does not appear ready—for example, in an internal or second-party audit—the audit may need to proceed for continual improvement purposes. Due to cost considerations for travel, stage 1 and stage 2 audits may be held back to back. If stage 1 and stage 2 are held back to back, then some redundant stage 1 items may be skipped.
3 or more hours
Audit planning and audit notes
Prioritize the audit based on the performance data, and also make notes on process weaknesses identified and areas that need to be investigated.
30 minutes
Closing meeting
Closing meeting
Audit plan—stage 1.
Who
Comment for reader
Appendix B
94
3. OPENING AND CLOSING MEETINGS CHECKLIST—STAGE 1 Opening and Closing Meetings Checklist Opening (process focus)/closing meeting. meeting. (Prepare and deliver the stage 1 report.) The client will maintain the original meeting attendance list and the original for each audit locally. Opening meeting discussion
Closing meeting discussion

Introduce audit team and members

Review scope

Audit standard, rules, and reference manuals

Audit standard, rules, and reference manuals

Review scope and objective

Audit methodology

Confirm shift patterns and population

Audit recommendations

Confirm customer base (if applicable)

Root cause and systemic corrective action response

Review audit plan

Confidentiality

Audit methodology

Appeal process

Possible Possib le audit recommendations

Confidentiality of audit

Guides

Health and safety

Facilities review

Appeal process

Time and date for closing meeting
Figure B.2
Opening and closing meetings checklist.
4. OBTAIN MATERIALS FOR STAGE 1 READINESS REVIEW • Ensure that all of the required require d materials have been assembled assembled and reviewed reviewed as required. • Missing information and documents must must be identified, and the organization must be apprised of them.
Required Materials �
Quality manual (if available) available)
�
Description of processes processes showing showing the sequence and interactions, including including the identification of any outsourced processes
�
Performance measures and trends for for the previous previous 12 months
�
Documented information as per clause clause reference reference checklist checklist
�
List of documentation documentation with decision decision level level and revision revision date and annual schedule (gather last 12 months)
�
Evidence Eviden ce of of internal audits
Assessment Report for Stage 1
�
List of internal auditors and competency record, including management reviews retained for last 12 months
�
The latest management review results
�
List of all major customers
�
Evidence of customer satisfaction and complaint summaries, including verification of customer reports, scorecards, and special status or equivalent
�
List of customer-specific requirements
95
5. PROCESSES SHOWING SEQUENCE AND INTERACTIONS, INCLUDING KEY INDICATORS Question: Has the organization provided a process description showing the sequence and interactions of processes? o Yes o No
Question: Are all the QMS processes documented? If not, how have they ensured processes are in control? Note: ISO 9001:2015 requires “documented information” to support the operation of processes, but this is not a requirement for documented procedures. o Yes o No
Question: Is process performance monitored for the processes sampled? o Yes o No
Study the process map. Ensure it is not clause and/or function focused and that it fully explains the organization, including the site and/or remote locations. Support processes could include business planning, new product development, purchasing, sales, and warehousing. If there is a common process between the support location and the site, answer the following questions: • Is process continuity maintained between the support location and the site? • Are there two process owners or one? • How is the process managed, measured, or improved? • Is the shared process equally applicable to both the support location and the site?
96
Appendix B
• Do the outputs of the support process input directly to the site process and vice versa? • If there are two processes—one for the support location and one for the site—are the inputs and outputs of each process clearly defined? Note: The auditor must obtain a copy of the process description that shows all the interactions and attach it to the stage 1 audit report. Study the links between processes and identify samples for the stage 2 audit. If the links are suspect, identify them in the Process Analysis Worksheet or in the Assessment Planning Table.
Classifications of Processes The process description must show the interaction and sequencing of the organization’s processes. The following is a partial list of possible processes. Customer-oriented processes (COPs)
Support-oriented processes (SOPs)
Management-oriented processes (MOPs)
Market analysis
Maintenance
Business planning
Bid/tender
Training
Management/business review
Order/request
Human resources
Internal auditing
Product/process verification/validation
Purchasing
Continual improvement
Manufacturing
Calibration
Analysis of data
Delivery
Laboratories
Customer satisfaction
Payment
Customer requirements gathering
Warranty service
Contract review
Post sale/customer feedback Note: ISO 9001:2015 does not classify processes as COPs, MOPs, or SOPs. Some sectors such as automotive and aerospace have elected for this classification.
Figure B.3
Classifications of processes.
6. CONDUCT DOCUMENTED INFORMATION REVIEW AND CONFIRM THAT DOCUMENTED PROCESSES ADDRESS ALL REQUIREMENTS OF ISO 9001:2015 Use the documentation and process cross-reference for ISO 9001:2015 (Figure B.4) to document whether all the requirements, that is, shalls, are addressed in the process documents. Then use the document and process cross-reference completed by the auditee to understand what processes satisfy which clauses of the standard. Complete the documentation and process cross-reference checklist. See Chapter 2 and the checklist for more guidance.
Assessment Report for Stage 1
97
Documentation and Process Cross-Reference for ISO 9001:2015
Clause
Clause heading
4
Context of the organization
4.1
Understanding the organization and its context
4.2
Understanding the needs and expectations of interested parties
4.3
Determining the scope of the quality management system
4.4
Quality management system and its processes
4.4.1
No Title
4.4.2
No Title
5
Leadership
5.1
Leadership and commitment
5.1.1
General
5.1.2
Customer focus
5.2
Policy
5.2.1
Establishing the quality policy
5.2.2
Communicating the quality policy
5.3
Organizational roles, responsibilities and authorities
6
Planning
6.1
Actions to address risks and opportunities
6.1.1
No Title
6.1.2
No Title
6.2
Quality objectives and planning to achieve them
6.2.1
No Title
6.2.2
No Title
6.3
Planning of changes
7
Support
7.1
Resources
7.1.1
General
7.1.2
People
7.1.3
Infrastructure
7.1.4
Environment for the operation of processes
7.1.5
Monitoring and measuring resources
7.1.5.1
General
7.1.5.2
Measurement traceability
7.1.6
Organizational knowledge
7.2
Competence
7.3
Awareness
7.4
Communication
7.5
Documented information
Figure B.4
Organization’s process number/description/ document reference1,2
Documentation and process cross-reference for ISO 9001:2015.
Process owner1
Stage 1 result3 (C-O-N/A)
98
Appendix B
Documentation and Process Cross-Reference for ISO 9001:2015
Clause
Clause heading
7.5.1
General
7.5.2
Creating and updating
7.5.3
Control of documented information
7.5.3.1
No title
7.5.3.2
No title
8
Operation
8.1
Operational planning and control
8.2
Requirements for products and services
8.2.1
Customer communication
8.2.2
Determining the requirements for products and services
8.2.3
Review of the requirements for products and services
8.2.3.1
No title
8.2.3.2
No title
8.2.4
Changes to requirements for products and services
8.3
Design and development of products and services
8.3.1
General
8.3.2
Design and development planning
8.3.3
Design and development inputs
8.3.4
Design and development controls
8.3.5
Design and development outputs
8.3.6
Design and development changes
8.4
Control of externally provided processes, products and services
8.4.1
General
8.4.2
Type and extent of control
8.4.3
Information for external providers
8.5
Production and service provision
8.5.1
Control of production and service provision
8.5.2
Identification and traceability
8.5.3
Property belonging to customers or external providers
8.5.4
Preservation
8.5.5
Post-delivery activities
8.5.6
Control of changes
8.6
Release of products and services
8.7
Control of nonconforming outputs
8.7.1
No title
8.7.2
No title
9
Performance evaluation
Figure B.4
Continued.
Organization’s process number/description/ document reference1,2
Process owner1
Stage 1 result3 (C-O-N/A)
Assessment Report for Stage 1
99
Documentation and Process Cross-Reference for ISO 9001:2015
Clause
Clause heading
9.1.1
General
9.1.2
Customer satisfaction
9.1.3
Analysis and evaluation
9.2
Internal audit
9.2.1
No title
9.2.2
No title
9.3
Management review
9.3.1
General
9.3.2
Management review inputs
9.3.3
Management review outputs
10
Improvement
10.1
General
10.2
Nonconformity and corrective action
10.2.1
No title
10.2.2
No title
10.3
Continual improvement
Organization’s process number/description/ document reference1,2
Process owner1
Stage 1 result3 (C-O-N/A)
Note 1: Shaded areas in light gray are to be completed by the organization (auditee); areas in the darker gray are to be completed by the auditor. Note 2: Process numbers/descriptions/document references must be linked to the organization’s (auditee’s) process map. Note 3: C refers to “conformance,” O refers to “observations,” and N/A stands for “not applicable.” C is in conformance for all documented processes if all the “shalls” are addressed in the documentation. Also, the processes need to include “who,” “what,” and “when.”
Figure B.4
Continued.
Question: Do the processes documented address all the “shalls” of ISO 9001:2015? o Yes o No
If the answer is no, detail findings: _________________________________________________ ______________________________________________________________________________
Question: Were samples taken from the documentation and process cross-reference matrix? o Yes o No
If the answer is yes, list the samples: ________________________________________________ ______________________________________________________________________________
100
Appendix B
7. CONDUCT PERFORMANCE ANALYSIS ISO 9001:2015 has performance expectations of the QMS in multiple areas of the standard, including for leadership in clause 5.1.1 and in planning in clause 6.1 for “intended results,” and for QMS performance and effectiveness to be monitored, evaluated, and retained in clause 9.1, analyzed and evaluated in clause 9.1.3, reviewed in management review in clause 9.3, and improved in clauses 10.1 and 10.3. Study the customer satisfaction (perception), customer satisfaction supplemental (scorecards), customer complaints and problem solving, and overall performance (or KPIs) of the organization. Poorly performing indicators or metrics represent lack of “intended results” or customer dissatisfaction for the organization, both requirements of clause 6, Planning, and clause 5.1.2, Customer Focus. An ISO 9001 audit begins with the auditor analyzing overall customer satisfaction and organizational performance. Poorly performing indicators or lack of results are then linked by the auditor to poorly performing or suspect processes. They also could be indicators of poor risk analysis and/or implementation of actions in regard to risk and opportunities. These are documented in the Process Analysis Worksheet. The auditor also takes these results into consideration when auditing management review and/or process performance, and investigates how the organization responds when performance falls short. Having no problems in customer metrics or customer scorecards does not necessarily mean high satisfaction. Bottom line, satisfaction can only be gauged by getting the customer’s perception. This entails asking the customer some variant of the question, “Overall, how satisfied are you with us?” Question: Have all customers, customer scorecards, and organizational performance issues been identified? o Yes o No
Question: Is there an overall process for gathering data in regard to interested party and customer needs and expectations? Does the process show interactions with interested parties? How are these data used for planning, and has the organization set customer-focused objectives? o Yes o No
Update Figure B.5 Information from scorecard. Also, update Figure B.6, Assessment Planning Table.
Question: Is there a prioritized list of interested party expectations? o Yes o No
Assessment Report for Stage 1
101
Information from Customer Scorecard
Customer
Figure B.5
Customer quality performance
Customer/ assembly plant disruptions
Delivery schedule performance
Other
Information from customer scorecard.
Assessment Planning Table Customer and performance issues
Figure B.6
Related suspect processes
Assessment planning table.
Identify top five interested party expectations in the Risk Sampling Sheet (Figure B.7). Identify related issues as well. Question: Are the “intended results” or objectives set based on the context and interested party expectations gathered? o Yes o No
Complete the “objectives and/or intended results” column in the Risk Sampling Sheet. Question: Are there any open customer complaints? � Yes � No
102
Appendix B
Risk Sampling Sheet Related interested party expectations* and internal/external issues (4.1 and 4.2)
Objectives and/or intended results (6.1.1)
Related risk and opportunities (6.1.1)
Plan to address risk and opportunities (6.1.2)
Related processes (6.1.2)
Evidence of actions implemented and effectiveness tracked (9.3.2)
* Note: Which internal and external issues and expectations are key to the organization? Has the organization adequately handled these expectations and issues when they set the objectives or “intended results?”
Figure B.7
Risk sampling sheet.
Question: If yes, has a corrective action plan been implemented or proposed? (Note: Corrective action implemented or proposed should include root cause analysis followed by systemic corrective action.) o Yes o No
Review and analyze the 12 months of customer complaint history and document any trends, along with the related suspect processes, in the Assessment Planning Table (Figure B.6). Review the data for the following trends: • Repeat issues • Serious customer issues (for example, prism, yard hold, spills, or recalls) • Blip or trend in performance Review the organization’s Pareto analysis for trends in departments, product families, manufacturing processes, or design issues.
Assessment Report for Stage 1
103
8. EVALUATE INTERNAL AUDITS AND MANAGEMENT REVIEW RESULTS Internal Audits Internal audits are a good gauge of how well the organization understands itself. The auditor reviews the internal audit to ensure that the organization has conducted a complete system audit that includes all the organization’s processes and all the clauses of ISO 9001:2015. The organization is expected to have 12 months of audit history, especially after the initial audit registration. Audits should be scheduled based on status, importance, and the organization’s annual plan. Also, the audits must be based on customer complaints, internal/external performance data, and how the internal audit has considered the customer-specific quality management system requirements. Study the quality of the audit and the nonconformities issued. Does the internal audit include all the issues noticed in the organization thus far? Is the audit adequate? The nonconformities issued should have three parts: nonconformity, quote of the unmet requirement, and the objective evidence. What is the quality of the nonconformities; are they clear and concise? Check out the quality of the nonconformity closeouts. Is there objective evidence to show that the corrective action has been implemented? Also, is there evidence that the system corrective actions have been implemented? Is there evidence to show that the problem will not repeat?
System Audit System audits are conducted periodically (at minimum once a year) to provide top management a snapshot review of the quality management system. System audits should be conducted with the same formality as third-party audits and should use the same processes and time durations as an initial audit. System audits should cover all the process map processes and all the clauses in ISO 9001:2015. Note: System audits are not a series of short audits conducted monthly, but are a snapshot in time of the overall health and vitality of the QMS. The intent of these audits is to ascertain whether the overall system is “effective and efficient.” This is the formal audit, which needs to be conducted similarly to an external audit. In this audit, the auditors are ensuring that the organization is moving toward its goals and objectives and that customer satisfaction is showing happy customers.
Process Approach versus Clause or Elemental Approach The audit must follow the process approach of the organization (see Appendix A). The audit plan must contain processes from the organization’s process map. Processes aren’t chosen randomly but are prioritized based on risks to the customer (for example, customer satisfaction, customer complaints, and organizational performance).
104
Appendix B
Overall Performance The organization’s overall performance must be gauged by examining records of management review. Note: Sometimes, auditees only conduct a management review once a year to comply with ISO 9001, and then only do it to show the records to the auditor. This type of “compliance” for such an important requirement should be duly recognized as a major nonconformity. The management review must be conducted at suitable intervals to assess overall improvements and to note whether the organization is meeting business objectives and satisfying its customer needs and expectations. It is important for the auditor to note whether the management review is just a presentation of facts or a meeting that is improvement-oriented and evaluates the need for changes to the overall management system, quality policy, and objectives. At a minimum, the management review or business review must cover these topics: • Status of actions from previous management reviews • Changes to external and internal issues (business context) that affect the quality management system • Information on the performance and effectiveness of, and trends in: – Customer satisfaction and feedback from relevant interested parties – Quality objectives and whether they have been met – Process performance and product and service conformity – Nonconformities and corrective actions – Monitoring and measurement results (see clause 9.1.1; the organization needs to be explicit in what they monitor and measure, and the monitoring and measurement needs to evaluate the performance and effectiveness of the QMS) – Results of audits – Performance of external providers The auditor shouldn’t expect the organization to cover each topic during every business review. However, the topics must be covered according to top management requirements to move the organization forward. Also, it is important to evaluate the management review’s output to ensure that it includes decisions and actions for improving the quality management system, changes to the QMS, and resource needs. Overall performance should be gauged according to the “intended results” of the QMS (see clause 6.1.1a) and the quality objectives, and examining the business reviews that move the company forward on a weekly and monthly basis. Review the key indicators of the business, and note those that are performing poorly. Assess the overall quality of the business reviews. Is the company progressing toward its objectives? Also, do the objectives reflect customer/interested party needs, expectations, and key concerns?
Assessment Report for Stage 1
105
Measuring Key Indicators and Performance Trends Although it’s not a requirement, the ISO 9001:2015 auditor expectation is that the organization will measure trends on a chart that shows variables on the Y -axis and time, typically in months, on the X -axis. Omnex recommends the use of trend charts, Pareto charts, and summaries of actions taken to improve a key indicator. Question: Has a complete management review cycle been conducted that includes 12 months of records? The management meeting records should cover the minimum requirements of ISO 9001:2015; refer to clause 9.3. o Yes o No
Question: Is there output from the management review that’s action and improvement oriented? o Yes o No
Question: Does the organization track performance, effectiveness, and trends as required in the management review? Performance indicator examples include internal ppm, yield, inventory turns, and availability. o Yes o No
Question: Are corrective action plans established for indicators that don’t meet established goals? For those indicators not meeting the goals, document these indicators in the Assessment Planning Table (Figure B.6) along with the related suspect processes. o Yes o No
Question: Are the organizational objectives and goals consistent with the quality policy? o Yes o No
Question: Has a complete internal audit been conducted? (Review 12 months of internal audit history.) The internal audit should have been completed, covering all processes and clauses. o Yes o No
106
Appendix B
Question: Are all nonconformities resulting from the full system internal audit closed? Internal audit nonconformities shall be addressed through root cause analysis and systemic corrective action. o Yes o No
9. IDENTIFY SUSPECT PROCESSES Based on the analysis of customer and performance data, identify poorly performing processes that affect overall performance. Using the Assessment Planning Table (Figure B.6), analyze the QMS performance issues, processes, customer scorecards, management review performance data, and customer complaints. What are the key performance issues? Identify the suspect processes that affect performance. Use the process identified in the process map to identify the relationship between intended results and process performance. Prioritize the processes as they relate to product or process performance. Based on the analysis of the performance data, document processes that show weakness and require increased focus during the stage 2 audit. An audit plan should be organized according to processes from the organization’s process map, not by clauses in the standard. The audit plan should be prioritized according to “suspect” processes identified during customer focus and performance analysis. Next, the auditor should identify the sequence of processes to audit by referring to the audit trails discussed in Chapter 2. Study the process map and identify the planning, performance evaluation, and improvement (PEI), risk, new product development (NPD), and production and service provision (provision) audit trails.
10. CONFIRM CUSTOMER-SPECIFIC QUALITY MANAGEMENT SYSTEM REQUIREMENTS Each on-site audit (that is, initial, surveillance, and recertification) shall include an audit of the organization’s implementation of new customer-specific requirements since the last audit (see Figure B.6). Question: Has the organization adequately defined its customers and the supplementary QMS requirements? o Yes o No
Question: Does the organization have a process to gather and update customer-specific quality management system requirements?
Assessment Report for Stage 1
107
o Yes o No
Question: Has the organization integrated customer-specific quality management system requirements into the QMS processes? o Yes o No
11. DETERMINE THE APPROPRIATE SCOPE The scope is inherently linked to the process approach, and especially the site and the remote location functions. Customers and customer-specific quality management system requirements also affect the scope. Question: Does the scope adequately reflect the organization’s operation? When determining the scope, the requirements in ISO 9001:2015 clause 4.3 must be taken into account. o Yes o No
12. DETERMINE THE AUDIT FEASIBILITY In third-party audits, the audit feasibility of the organization to proceed to stage 2 is determined. If the organization isn’t ready to conduct the stage 2 site audit, the certification body and the organization can agree to stop the process. In the internal audit or a supplier audit, this is really not a choice. If the organization is not ready, the internal auditors can issue nonconformances that can be added to the final audit report (see Figure B.9) or closed out during the stage 2 audit. Stage 1 audit results shall be documented and communicated to the organization. The stage 1 audit is the most critical step of the audit, so auditors should be thorough and provide nonconformities as necessary for improvement. For guidance to internal auditors, the following situations typically may require postponement in a third-party situation, or a major nonconformity in an internal audit or supplier audit: • Customer scorecards show that the organization is under a special status category. Some of the customer-specific organizational approval statuses include limited approval, probation, suspension, or withdrawal. • The organization doesn’t have one year of internal audits, management reviews, or performance data.
Appendix B
108
• An internal system audit to ISO 9001:2015 (all processes, clauses, or aerospace process approach to audits) hasn’t been completed. • Management review shows no top management involvement, or the management review is incomplete. • The organization shows poor context, interested party expectations, or process focus. • Documentation shows many requirements not being addressed by the organization’s processes (documented or otherwise) If there are obvious major nonconformities with respect to the implementation of the management system, and/or performance or customer issues, the auditor notes them and issues major nonconformities, or identifies them in the audit checklist for the stage 2 audit.
13. CREATE AN AUDIT PLAN Creating a prioritized audit plan based on weaknesses in customer and organizational performance is a key to a good audit. Following the audit trails described in Chapter 2 is a good method for understanding linkages between processes and the ISO 9001 clauses, and for sample taking (see Figure B.8). Study the organization’s process map and identify the audit trails—PEI, new product development (NPD), and provision audit trails (see Chapter 2).
Stage 2 Audit Plan Objective: To verify conformance to ISO 9001:2015 Date
Time
Auditor
Location
Organization’s process #/description Opening meeting Facility tour Review of customer scorecard and associated corrective action
Figure B.8
Stage 2 audit plan.
Standard clauses
Assessment Report for Stage 1
• Audit the PEI processes and top management at the beginning of the audit. Identify objectives and their plans. • Start with customer expectations, customer satisfaction, and customer scorecards. Obtain top management’s thoughts and ideas on key issues from the customer’s viewpoint. • Identify which auditor is more proficient in each audit trail, and update the audit plan with the processes related to PEI, NPD, and provision audit trails. • Identify all suspect processes and ensure they are in the audit plan. • Complete Figure B.4, documentation and process cross-reference for ISO 9001:2015, and ensure that all clauses are being audited. • Identify OEM and other customer-specific quality management system requirements and make notations in the audit plan to ensure that the customer-specific requirements will be sampled. • Audit based on the defined processes of the organization and not the ISO 9001 clauses. • Begin with an audit of top management and cover the following: – Areas of risk to the customer, including customer complaints and customer dissatisfaction. – Interested party expectations and key expectations affecting the organization. – Internal and external issues key to the organization. – Internal audits. – Management review and actions. – Progress toward continual improvement as related to set objectives. – Effectiveness of corrective actions as related to customer issues. – Leave time in the audit for the top management interview (see Chapter 3). Finally, the auditor should keep in mind: • Analysis of actual or potential risk to the customer, product, and processes. • Demonstration of links between audit trails. • Auditing manufacturing activities on all shifts where they occur. • Optimizing audit time based on the organization’s layout. • Auditing support functions, with process links referenced planned on-site prior to the audit.
109
Appendix B
110
• Customer-specific quality management system requirements and all relevant processes, including new customers since the last audit. • Customer concerns and/or complaints, special status notification, and the organization’s response. • Internal audit and management review results and actions. • Progress made toward continual improvement. • Effectiveness of corrective actions and verification since the last audit. • QMS effectiveness with regard to achieving both customer and organizational objectives. • Distributing the audit plan to the organization and all audit team members.
14. PREPARE AND DELIVER THE STAGE 1 AUDIT REPORT Internal and supplier auditors can identify any major or minor nonconformities and report them in the internal audit (see Figure B.9).
Nonconformities identified during this stage 1 audit.
NC #
Figure B.9
Nonconformity description
Stage 1—nonconformities.
Assessment Report for Stage 1
111
15. CONDUCT PROCESS ANALYSIS AND PREPARE PROCESS ANALYSIS WORKSHEET The auditor should use the Process Analysis Worksheet (Figure B.10) for auditing all processes. The process analysis allows the auditor to evaluate inputs, outputs, resources, measurement, monitoring, and methods. The performance analysis and process analysis should assist the auditor in the stage 1 audit to develop process-related questions in the process worksheet.
112
Appendix B
Process Analysis Worksheet Company name:
Location:
Audit type:
Standard:
Auditor name:
Process:
Reponsibilities/Process owner (clause 4.4.1e)
Process linkages (Predecessor) Subsequent process (clause 4.4.1b)
Applicable clauses:
What?
Who?
(Materials/equipment)
(Competence/skills/training)
Inputs
Outputs
Related quality objective or QMS performance metric:
Related risk and opportunities analysis:  Yes Are the actions implemented?  Yes

 Not
Criteria (Measurement/assessment)
applicable
No Explain:
Is the organization meeting process performance indicators?
If no, are there planned changes?
How? (Methods/procedures/techniques)
 Yes  No
 Yes  No
Are the changes effective? That is, is the process showing improvement? Explain:
Objective evidence:
Objective evidence:
(What was sampled?)
Customer-specific requirements applicable:
Figure B.10
Process analysis worksheet.
Appendix C
Confidential Assessment Report for Stage 2
CONTENTS Organization Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
114
1. Conduct Audit of Remote Supporting Functions (Recommended). . . . . . . . . . . . . . .
117
2. Opening Meeting Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
119
3. Conduct Facility Tour (Optional) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
120
4. Study Customer and Organizational Performance . . . . . . . . . . . . . . . . . . . . . . . . . . .
120
5. Meet with Top Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
120
Organization name: City, State: Organization contact: Lead auditor: Audit objectives: Audit scope: Permitted exclusions: Nonconformity
Total number of nonconformities (issued during audit): Major
Figure C.1
Minor
Confidential assessment report for stage 2.
113
114
Appendix C
6. Audit Organizational Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
122
7. Verify That All Processes and Clauses Are Audited . . . . . . . . . . . . . . . . . . . . . . . . .
122
8. Write Up Nonconformities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
129
9. Closing Meeting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
131
10. Determine Audit Team Recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
132
11. Prepare the Draft Report. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
132
12. Conduct the Closing Meeting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
132
13. Audit Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
133
ORGANIZATION INFORMATION Organization name: _____________________________________________________________ Contact person: ________________________________________________________________ Department: ___________________________________________________________________ Telephone: ____________________________________________________________________ Fax: _________________________________________________________________________ E-mail: _______________________________________________________________________ Street: ________________________________________________________________________ City: _________________________________________________________________________ State or province: _______________________________________________________________ Zip or postal code: ______________________________________________________________ Standard: ISO 9001:2015 Type of assessment: Stage 2 Assessment team: _______________________________________________________________ Person days: ___________________________________________________________________ Start date: _____________________________________________________________________ End date: _____________________________________________________________________
Confidential Assessment Report for Stage 2
115
Assessment information: _________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________
ASSESSMENT REPORT ACCEPTANCE Signed for on behalf of auditor: Name: ________________________________________________________________________ Date: _________________________________________________________________________ Signed for on behalf of organization: Name: ________________________________________________________________________ Date: _________________________________________________________________________
AUDIT CONCLUSIONS Audit Summary: ________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ Key issues/concerns requiring top management attention: _______________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________
116
Appendix C
Opportunities for improvement/observations:
Previous audit nonconformity status: NCRs issued (during last audit):
NCRs closed:
NCRs open:
Changes to o rganization/facilities/quality management system/scope (since last visit) (as applicable) Ref. number
Figure C.2
Brief description
Opportunities for improvement.
Organization document reference
ISO 9001:2015 clause reference
Confidential Assessment Report for Stage 2
117
1. CONDUCT AUDIT OF REMOTE SUPPORTING FUNCTIONS (RECOMMENDED) Site* and/or Remote and/or Support Locations Please detail individually all sites, including remote locations that support this site (include location name, address, and processes performed that support the site). A support location may be remote to the site or embedded within one site and supporting numerous sites. Example 1. Site and corporate headquarters located at same location. Corporate headquarters includes human resources, sales, purchasing, and so on, which support other sites. Example 2. Site A includes a product design center, which supports numerous sites.
Omnex recommends that the site and the supporting functions are audited together in sequence, starting with the supporting functions.
Organization and/or Locations Information Approval Checklist • Identify processes that link between the support functions and the site. These processes should be evident in the process map. Are they? o Yes o No • Take samples for each of the processes that will be used to test the interface. Whether these are top management objectives, new products in sales and/or design, or customer satisfaction information provided to the sales office, carefully sample them and follow each process from the supporting function into the site. Does the process link? o Yes o No • Does the process documentation connect the site to the remote location? • How is the process managed? Is it working effectively? • Is it measured, monitored, and improved?
o Yes o No
o Yes o No
• If the process is not meeting “intended results,” is it changed? • Are the supporting functions and site working together? • Are they designed to succeed together?
o Yes o No
o Yes o No
o Yes o No
o Yes o No
• Is there risk and opportunity analysis and the actions related to processes?
*Site refers to the manufactur ing location .
o Yes o No
118
Appendix C
d 5 e 1 s 0 s 2 : e 1 s 0 s 0 a 9 y d O a S e r I l o A t P I Z / e d o c l a t s o P
n o i t a c o L t r o p p u S e t o m e R e t i S — s l i a t e D t f i h S e e y o l p m E
P I Z / e d o c l a t s o P
y t i C
t e e r t S
s r e m o t s u c / t e k r a M
e m a n n o i t a c o L
r e b m u N
. n o i t a c o l t r o p p u s / e t o m e r / e t i s — s l i a t e d t f i h s e e y o l p m E 3 . C e r u g i F
Confidential Assessment Report for Stage 2
2. OPENING MEETING CHECKLIST o
Introduce audit team and attendees
o
Pass out the attendance sheet
o
Explain the risk and process approach
o
Review objectives, scope, and criteria
o
Review supporting functions and interfacing processes
o
Summary of methods and procedures used for audit: o
Auditor takes notes of details for both conformities and nonconformities
o
Audit conclusion is based on samples taken
o
The audit will include a cross-section of the organization, from top management to maintenance workers and engineers
o
The audit is restricted to small groups of three or fewer people
o
The auditor notifies the auditee of nonconformities during the audit as well as during a daily review meeting
o
Questions should be directed toward the lead auditor
o
Conditions for when a major nonconformity affecting the customer is uncovered.
o
Establish auditee communication link
o
Reconfirm the following: o
Current customers and interested parties
o
Customer satisfaction and complaint status, including customer reports and scorecards
o
Any customer special status (bad supplier status)
o
Supporting functions and interfacing processes
o
Review prioritized audit plan
o
Confirm status of stage 1 issues, including documentation
o
Confirm time and date of closing meeting
o
Confirm relevant safety, emergency, and security procedures
119
120
Appendix C
3. CONDUCT FACILITY TOUR (OPTIONAL) • Modify the audit plan based on information collected during the opening meeting and facility tour. • Note on the Process Analysis Worksheets issues or areas to investigate.
4. STUDY CUSTOMER AND ORGANIZATIONAL PERFORMANCE • Note: This step is especially important if there is a large time period between the stage 1 and stage 2 audits. • Reexamine the customer scorecard. Has performance maintained the same level, or has performance deteriorated since the stage 1 audit? • Study the last business performance review. Has performance sustained at the same level? Did the organization act and follow up on the actions identified from the management review provided during the readiness review? • Has the organization been put on a special status notification? • Determine whether to adjust or reprioritize the audit plan based on the latest customer and performance issues.
5. MEET WITH TOP MANAGEMENT The meeting with top management includes a number of obligations from ISO 9001:2015 clause 5.0, Leadership, and clause 9.3, Management Review.
Auditor Requirements As discussed earlier, top management’s responsibilities are key to a successful quality management system (QMS) implementation. Moreover, ISO 9001:2015 has specific requirements for top management to fulfill. This audit of top management should take place within the context of the processes in the PEI audit trail. Interview top management to learn the following: • Alignment of the context, interested party expectations, quality policy, objectives, and compatibility with the strategic direction of the organization.
Confidential Assessment Report for Stage 2
121
• Integration of the QMS with the business processes. In other words, there is only one set of processes running the organization. • Understanding and promotion of risk-based thinking and the process approach. • What the QMS intended results are and whether the organization is meeting them. • Understanding of customer expectations and customer satisfaction and steps taken to improve customer satisfaction. • Involvement in establishing, implementing, and maintaining the quality policy. • Understanding of customer and regulatory requirements and whether the organization is in compliance (consistently met ). How do they track the requirements? What is the process for understanding and meeting them? • Whether top management is taking ownership of the effectiveness of the management system. Whether they are taking an active role in working with subordinates ( engaging, directing and supporting ) and/or others in ensuring effectiveness. • Supporting other managers in performing their responsibilities, that is, demonstration of leadership. • Review of the quality management system at a periodic frequency to assess the “suitability, adequacy, effectiveness, and alignment ” with the organization’s overall “strategic direction.” • Role in assigning specific roles and responsibilities as required (see clause 5.3).
The points above directly relate to clause 5.0, Leadership, and clause 9.3, Management Review. Not understanding what the standard means and/or top management delegating responsibilities to others could very well result in a nonconformance for top management. Overall, do the interactions with top management show a good understanding of the QMS and its performance? Is top management “accountable” to the effectiveness of the QMS?
Management Responsibilities That Can Be Delegated Certain top management activities can be delegated, and some can’t. When the word “ensure” is used in ISO 9001:2015, as in clause 5.1, Leadership and Commitment, those items can be delegated. After the interview, how well did the top manager answer the relevant questions asked regarding the QMS and its performance, alignment of the QMS with strategic direction, process performance, customer satisfaction, and risk-based thinking? Is top management playing their part for the success of the QMS and supporting their subordinates to ensure overall success of the QMS? The auditor is asked to document his or her observations and record them.
122
Appendix C
6. AUDIT ORGANIZATIONAL PROCESSES • Demonstrate the use of the Process Analysis Worksheet and leadership, including the prioritized audit plan. • Use the stage 2 audit report, Process Analysis Worksheet, and ISO 9001:2015 conformance checklist (see Appendix D) as primary tools for auditing processes. • Use the audit plan and the organization’s defined processes, including sequence and interaction. Don’t be requirements oriented; be process oriented. • Be able to determine whether the organization is operating according to its process definition (that is, a process map and its sequence and interactions. See Chapter 3 and Appendix A). Do the processes reflect reality? • Audit processes to determine whether each one is capable of meeting the process indicators and is performing satisfactorily. • Make sure that the customer-specific quality management system requirements are identified, addressed, and maintained in the QMS. (Note: Customer-specific requirements should be integrated into the processes.) • Conduct interviews about the process with those who are involved in the process at its location. Avoid conference room audits. Always take samples or have the auditees show objective evidence when interviewing them to confirm their statements. The auditor should always choose the samples to avoid biased samples being given. • Document both conformity and nonconformity in the Process Analysis Worksheet. The information should be clear enough for an independent review by a third party, if necessary. • Use the Risk Sampling Sheet (Figure C.4) and Quality Objectives Sampling Sheet (Figure C.5) to assess context, interested party expectations, and risk. Note: These sheets were started in stage 1, and insights and evidence gathered in stage 1 can be utilized in stage 2. In Figure C.5, the same quality objectives as above are reviewed for their plan, how they are deployed within the organization, and whether the management review shows evidence that the objectives are being met.
7. VERIFY THAT ALL PROCESSES AND CLAUSES ARE AUDITED The auditor should follow the audit plan and ensure that the audit encompassed all processes and clauses. Complete the stage 2 Documentation and Process Cross-Reference (Figure C.6).
Confidential Assessment Report for Stage 2
123
Risk Sampling Sheet Related interested party expectations* and internal/external issues (4.1 and 4.2)
Objectives and/or intended results (6.1.1)
Related risk and opportunities (6.1.1)
Plan to address risk and opportunities (6.1.2)
Related processes (6.1.2)
Evidence of actions implemented and effectiveness tracked (9.3.2)
* Note: Which internal and external issues and expectations are key to the organization? Has t he organization adequately handled these expectations and issues when they set the objectives or “intended results”?
Figure C.4
Risk sampling sheet.
Quality Objectives Sampling Sheet
Quality objectives
Plan for meeting objectives (what will be done, resources, who is responsible, when it will be completed, how results will be evaluated) (6.2.1)
Deployed objectives (sample department and identify deployed objectives)
Objective evidence of objectives being met and actions completed (9.3.2)
* Quality objectives relate to the needs and expectations of interested parties and could result in objectives related to product quality, on-time delivery, or other expectations critical to an interested party, including customers. Note: Clause 6.2.1 requires quality objectives to be consistent with quality policy, be measurable, satisfy requirements, be relevant to products/services and customer satisfaction, and be monitored, communicated, and updated.
Figure C.5
Quality objectives sampling sheet.
124
Appendix C
Documentation and Process Cross-Reference for ISO 9001:2015
Clause
Clause heading
4
Context of the organization
4.1
Understanding the organization and its context
4.2
Understanding the needs and expectations of interested parties
4.3
Determining the scope of the quality management system
4.4
Quality management system and its processes
4.4.1
No Title
4.4.2
No Title
5
Leadership
5.1
Leadership and commitment
5.1.1
General
5.1.2
Customer focus
5.2
Policy
5.2.1
Establishing the quality policy
5.2.2
Communicating the quality policy
5.3
Organizational roles, responsibilities and authorities
6
Planning
6.1
Actions to address risks and oppor tunities
6.1.1
No Title
6.1.2
No Title
6.2
Quality objectives and planning to achieve them
6.2.1
No Title
6.2.2
No Title
6.3
Planning of changes
7
Support
7.1
Resources
7.1.1
General
7.1.2
People
7.1.3
Infrastructure
7.1.4
Environment for the operation of processes
7.1.5
Monitoring and measuring resources
7.1.5.1
General
7.1.5.2
Measurement traceability
7.1.6
Organizational knowledge
7.2
Competence
7.3
Awareness
7.4
Communication
7.5
Documented information
Figure C.6
Organization’s process number/description/ document reference1,2
Documentation and process cross-reference for ISO 9001:2015.
Process owner1
Stage 1 result3 (C-O-N/A)
Confidential Assessment Report for Stage 2
125
Documentation and Process Cross-Reference for ISO 9001:2015
Clause
Clause heading
7.5.1
General
7.5.2
Creating and updating
7.5.3
Control of documented information
7.5.3.1
No title
7.5.3.2
No title
8
Operation
8.1
Operational planning and control
8.2
Requirements for products and services
8.2.1
Customer communication
8.2.2
Determining the requirements for products and services
8.2.3
Review of the requirements for products and services
8.2.3.1
No title
8.2.3.2
No title
8.2.4
Changes to requirements for products and services
8.3
Design and development of products and services
8.3.1
General
8.3.2
Design and development planning
8.3.3
Design and development inputs
8.3.4
Design and development controls
8.3.5
Design and development outputs
8.3.6
Design and development changes
8.4
Control of externally provided processes, products and services
8.4.1
General
8.4.2
Type and extent of control
8.4.3
Information for external providers
8.5
Production and service provision
8.5.1
Control of production and service provision
8.5.2
Identification and traceability
8.5.3
Property belonging to customers or external providers
8.5.4
Preservation
8.5.5
Post-delivery activities
8.5.6
Control of changes
8.6
Release of products and services
8.7
Control of nonconforming outputs
8.7.1
No title
8.7.2
No title
9
Performance evaluation
Figure C.6
Continued.
Organization’s process number/description/ document reference1,2
Process owner1
Stage 1 result3 (C-O-N/A)
126
Appendix C
Documentation and Process Cross-Reference for ISO 9001:2015
Clause
Clause heading
9.1.1
General
9.1.2
Customer satisfaction
9.1.3
Analysis and evaluation
9.2
Internal audit
9.2.1
No title
9.2.2
No title
9.3
Management review
9.3.1
General
9.3.2
Management review inputs
9.3.3
Management review outputs
10
Improvement
10.1
General
10.2
Nonconformity and corrective action
10.2.1
No title
10.2.2
No title
10.3
Continual improvement
Organization’s process number/description/ document reference1,2
Process owner1
Stage 1 result3 (C-O-N/A)
Note 1: Shaded areas in light gray are to be completed by the organization (auditee); areas in the darker gray are to be completed by the auditor. Note 2: Process numbers/descriptions/document references must be linked to the organization’s (auditee’s) process map. Note 3: C refers to “conformance,” O refers to “observations,” and N/A stands for “not applicable.” C is in conformance for all documented processes if all the “shalls” are addressed in the documentation. Also, the processes need to include “who,” “what,” and “when.”
Figure C.6
Continued.
Confidential Assessment Report for Stage 2
Stage 2 Audit Plan Objective: To verify conformance to ISO 9001:2015 Date
Figure C.7
Time
Auditor
Stage 2 audit plan.
Location
Organization’s process # and/or description
Standard clauses
127
128
Appendix C
Process Analysis Worksheet Company name:
Location:
Audit type:
Standard:
Auditor name:
Process:
Reponsibilities/Process owner (clause 4.4.1e)
Process linkages (Predecessor) Subsequent process (clause 4.4.1b)
Applicable clauses:
What?
Who?
(Materials/equipment)
(Competence/skills/training)
Inputs
Outputs
Related quality objective or QMS performance metric:
Related risk and opportunities analysis:  Yes Are the actions implemented?  Yes

 Not
Criteria (Measurement/assessment)
applicable
No Explain:
Is the organization meeting process performance indicators?
If no, are there planned changes?
How? (Methods/procedures/techniques)
 Yes  No
 Yes  No
Are the changes effective? That is, is the process showing improvement? Explain:
Objective evidence:
Objective evidence:
(What was sampled?)
Customer-specific requirements applicable:
Figure C.8
Process analysis worksheet.
Confidential Assessment Report for Stage 2
129
8. WRITE UP NONCONFORMITIES Please respond by using your own corrective action method (for example, 7D, 8D, or five whys) in the same way that your organization would respond to a customer issue. Include the root cause analysis and systemic corrective action; failure to include these will result in your responses being rejected by the lead auditor.
Writing Nonconformities • A written nonconformity must contain a statement of nonconformity with the system, the unmet standard requirement, and objective evidence. Note: One nonconformity can be written to cover more than one “shall.” • Categorize nonconformities as major or minor. • Nonconformities should be cross-referenced to the organization’s quality management system (QMS) and/or relevant clause of ISO 9001:2015. • Identify opportunities for recommendations without offering solutions. • Use a format that includes root cause, corrective action, and systemic action.
Opportunity for Improvement Opportunities for improvement (OFI) don’t require a formal response but may be revisited at future assessments.
Appendix C
130
F17-3
Corrective Action Request Part A
Revision B
Audit information
Department
Audit number
Activity audited
CAR number
Auditor
Date issued
Auditee
Reference
Part B
Nonconformity
Nonconformity:
Requirement:
Objective evidence:
Auditor
Date
Part C
Department representative
Date
Corrective/preventive action
Immediate action:
Preventive action:
Root cause:
Corrective action:
Auditor
Date
Part D
Department representative
Date
Department representative
Date
Verification of corrective action
Follow-up details:
Auditor
Figure C.9
Date
Corrective action request.
Confidential Assessment Report for Stage 2
Nonconformity number
Location and process
Clause
Status (that is, major or minor)
Nonconformity
Note: Each nonconformity must include the standard requirement, objective evidence, and nonconformity.
Figure C.10
Nonconformity chart.
9. CLOSING MEETING The auditor is responsible for three things during step 9, the closing meeting: • Determine audit team recommendations • Prepare draft report • Conduct closing meeting
131
132
Appendix C
10. DETERMINE AUDIT TEAM RECOMMENDATIONS Once all of the nonconformities are written, step 10 focuses on the audit team’s recommendations. There are four outcomes: • Minor and major nonconformities are so numerous that another readiness review and stage 2 on-site audit are required. • Minor nonconformities that can be closed via written documentation. • Minor nonconformities that require on-site closeout. • Major nonconformities that require on-site closeout.
11. PREPARE THE DRAFT REPORT • Prepare draft reports describing all nonconformities. Also, identify and include the audit team summary, at a minimum. • Identify nonconformities and opportunities for improvement. No other categories are allowed.
12. CONDUCT THE CLOSING MEETING A typical closing meeting agenda includes the following: • Statement of thanks • Attendance list • Scope, objectives, and criteria • Significance of audit samples • Audit standard, rules, and reference manuals • Audit summary • Nonconformity statements, root cause, and systemic corrective action responses • Opportunities for improvement • Clarification of nonconformity statements and summary • Statement of confidentiality • Follow-up • Close
Confidential Assessment Report for Stage 2
133
13. AUDIT REPORT A statement and summary are required in the audit report. 1. Alignment of context, interested party expectations, objectives, processes, risk-based actions (clause 6.2.2), and quality objective actions (clause 6.2.2). Is there alignment? (Yes or No) _______________________________________________________________
________________________________________________________________________
________________________________________________________________________ Is the action implemented effective on risk and opportunity analysis? (Yes or No) ________________________________________________________________________
________________________________________________________________________ 2. Is top management showing Leadership and “accountability” for “intended results”? (Yes or No) ______________________________________________________________
________________________________________________________________________
________________________________________________________________________ 3. Is the management system effective in achieving intended results and customer satisfaction? (Yes or No) ____________________________________________________
________________________________________________________________________
________________________________________________________________________ 4. Management review results and actions: ________________________________________
________________________________________________________________________
________________________________________________________________________ 5. Is there progress toward continual improvement? (Yes or No) _______________________
________________________________________________________________________
________________________________________________________________________ 6. Are internal audit results and corrective actions completed for a full system audit? (Yes or No) ______________________________________________________________
________________________________________________________________________
________________________________________________________________________