ISO Quality Audit? No Big Deal
Your ISO quality audit is coming up. We talk to an auditor to find out what to expect at your next inspection.
By Jean Thilmany
To ease any anxiety that quality managers at connector companies might feel when the auditor is due for a visit, Kevin Russelburg, an ISO 9001:2015 lead auditor, pulls back the curtain to give us a look at the quality world as it applies to connectors.
First and foremost, your auditor will look at how your connector company is complying with the mandated ISO standard update. It’s an interesting time in the quality world, as the Internal Organization for Standardization transitions from ISO 9001:2008 to ISO 9001:2015 standard. The former standard will become obsolete on September 14, 2018.
According to Perry Johnson Registrars, a registration and certification company, it’s important to know that if your organization doesn’t have a transition audit prior to that date, you’ll no longer be ISO certified after that date. And, if your certification lapses, your company will need to start over with an initial audit to become certified to ISO 9001:2015.
The company says that for most companies that are already certified to ISO 9001:2008, the impact of transitioning to the revised 2015 standard is minimal and manageable.
Perry Johnson Registrars also says, “It is important to bear in mind that the ISO is seeking greater inclusion for the ISO 9001 standard. They want to see it continue to grow into new sectors and to be even more user-friendly than it is now. Requiring a company to aggressively overhaul their current ISO 9001:2008 system is not consistent with this objective.”
For example, the 2008 standard required companies to have a quality management system document. That requirement has been eliminated with the 2015 standard. “You still have your system in place,” said Russelburg, “but it’s not a required document.”
To begin the audit process, the ISO registration company receives a copy of a company’s in-house procedures and its last ISO audit, or even last several audits, as well as any relevant documentation. It then assigns an auditor and a date for the audit.
Before the visit, the auditor will look through past audit reports for items of note, such as nonconformance reports. If a past audit lists a nonconformance report, the auditor will make sure that the company has corrected the issue.
An auditor’s nonconformance findings fall into three categories: observations, minor violations, and major violations. Observations are marked as areas that are currently in compliance, but could become a nonconformance issue in the future. They may also include questions that the auditor would like clarified.
“For instance, if there’s an observation that you’re executing a procedure, but it’s not exactly clear how you’re doing it, you’ll just need to make that clear,” said Russelburg.
Many of those observations are relatively straightforward for a company to clear, Russelburg said. Minor violations are also fairly easily corrected.
“They’re often something that just gets overlooked, even though they normally do it 70–80% of the time,” Russelburg says.
Auditors follow up to ensure that such issues have been corrected.
Major violations include instances of a company being out of compliance with quality procedures. In these cases, an auditor must revisit the company within 90 days to ensure that the company has corrected the violation, and there’s no clearing a major violation. It will always remain a part of the company’s ISO auditing records.
Before getting too anxious, keep in mind that ISO auditors are there to verify that your company’s quality management system complies with ISO standards and meets the quality objectives that your company has set out for itself.
“We’re looking to make sure that you’re actually doing what you say you’re doing, from a quality standpoint,” Russelburg said. “For instance, say you’ve worked with a plating supplier for 20 years. So, maybe you don’t actively check the supplier’s work within your own quality process and instead rely on the plating supplier’s process to be correct. If your company’s quality process doesn’t call for a quality review of plating, the ISO audit doesn’t extend to the plating company. But, if it does, the audit will check to ensure that you’re enacting the necessary verifications.”
Auditors “aren’t there to tell you how to do something,” he added.
Russelburg offers an illuminating look into an auditor’s day in the field:
“I’ll be at a plant sometimes, and I’ll think, ‘Why are you doing it like that?’ But we’re not there to ask that or to give advice,” he said. “We’re an objective third party, and we strictly evaluate your processes against what it says in your own manual, and also ensure that they meet the requirements of the standard.”
A company’s size — as determined by employee count — dictates the number of auditors sent to a plant and the number of days they spend at the plant.
The first audit day opens with a meeting between the auditors and all company management. Auditors will ask each relevant department’s supervisor to step them through their department’s quality processes.
“Then, to make sure the processes are happening like they should, we talk to two or three of the operators who are actually filling out the log sheets, doing the measurements, and running the equipment,” Russelburg said.
While speaking with people who work with quality systems on the plant floor every day can be illuminating, the auditor is not there to add stress or to intimidate operators, Russelburg said. The auditor is really there to isolate any inconsistencies within the quality process.
“It’s like grading papers; you don’t want anybody to be wrong, but you will find some wrong answers,” he said.
During the audit itself, auditors will look closely at particular parts of the process. “Management review of the quality process is a big thing we look at. Customer complaints are another big issue to look at. On-time deliveries, customer-service surveys, number of returns, those are all big things we look over and review,” he said.
Any inconsistencies uncovered usually amount to a form incorrectly filled out or a customer survey left undone. Those events are almost always due to oversights, such as when the employee responsible for the form is on leave and his or her manager hadn’t appointed anyone to the form-filling role.
“We’re always aware that things are happening dynamically within the company, but a plant’s supervisors need to be aware of that too,” he said. “Sometimes, I’ll ask why something hasn’t been completed on a paper and the supervisor will say, ‘I’ve appointed someone, but they just started the job two weeks ago and aren’t up to speed.’”
Such an inconsistency can result in an auditor including an observation within the audit results. These observations are normal and are part of a quality manager’s and an auditor’s life, Russelburg said.
As your ISO 9001:2015 audit nears, remember Russelburg’s credo: “Auditors aren’t there to add stress to anyone’s work life. They’re on your side. Both the quality manager and the auditor want a company to succeed. Quality product, and the healthy revenues and sales that result, are the natural outcome.”
Jean Thilmany is a Twin Cities-based writer who covers engineering, technology, and science topics.