Quality is something every organisation strives to achieve, and it is often very difficult to attain. Issues concerning efficiency and quality come up almost daily in business, and the goal of ISO 9001:2015 is to embed a quality management system within an organisation to add value to processes, products and services. Once an organisation has implemented the QMS, regular internal audits become essential to identifying opportunities for improvement and meeting the requirements of the standard. Internal auditors are extremely valuable as they are familiar with an organisation’s management system and can significantly improve the bottom line.
Moving from procedure-based to process-based auditing
ISO 9001:2015 states that the organisation must monitor, measure and evaluate processes to ensure these achieve the Quality Management System (QMS) outcomes. This requires process-based auditing and necessitates a shift in thinking. The writers of the standard hope that by strengthening the process-based requirements, aligning the clauses to the PDCA methodology and the addition of risk-based thinking, audits will take place through a series of discussions and analyses, and focus on evaluating risk, the QMS processes, and mitigation of risk to determine whether customers are consistently receiving their expected outputs or services.
All QMS auditors, internal and external, must demonstrate competence in the concepts, tools and methods for risk management and use this knowledge to investigate and evaluate conformity and effectiveness of processes and QMS outcomes. Training should focus on the significant changes to the standard and highlight key areas such as the process approach, customer focus, interested parties, outcomes, and the integration of clauses when auditing a process.
How does Risk ZA assist in achieving such an outcome?
Risk ZA offers a multitude of ISO related courses – one of which is the ISO 9001:2015 – Developing and Implementing a QMS (Registered Lead Auditor Pre-requisite). This course takes you through the following areas of the standard and a QMS.
The purpose & objectives of a QMS
This includes policies, processes and procedures required for the planning and implementation of a QMS, how to integrate internal processes to provide a process approach for executing operational activities, and covers documentation requirements.
The High-level Structure: Annex SL, and the 10 clauses:
- Normative references.
- Terms and definitions.
- Context of the organisation.
- Performance evaluation.
Identifying the context of the organisation
An auditor must understand what the organisation does and the influences this has on the business. Context of the organisation covers requirements that impact the business strategy and planning of the QMS, such as internal and external factors that impact the sustainability of the organisation. These may include technology, economics, social factors or values, capabilities and competence. These and other strategic factors need to be used to influence the structure, content and controls of the QMS.
Determining interested parties & their requirements
As part of the context of the organisation, ISO 9001:2015 places great emphasis on relevant interested parties, and their requirements, which are also used as input to the design of the QMS.
Customer expectations & satisfaction
Quality means meeting customer expectations and satisfying them. Conformance to customer requirements and achieving customer satisfaction are crucial concepts in managing performance.
The process approach
Managing and improving processes enhances the ability to meet customer requirements. A QMS is made up of processes that link, combine and interact with one another to deliver a product or service. Understanding these as a system allows the organisation to improve effectiveness and efficiency.
The Plan-Do-Check-Act methodology
Maintenance and continual improvement of processes is achieved by applying the PDCA methodology at all levels within an organisation. Actions to address risks and opportunities must be integrated into QMS processes using the PDCA cycle.
Risk-based thinking prevents or reduces undesired effects and promotes continual improvement. It includes identifying opportunities and considering those that can or should be acted on. Top management must implement and promote a culture of risk-based thinking when planning the QMS.
ISO 9001:2015 focuses on change management more so than earlier versions of the standard. All changes must go through a defined change management process.
What support mechanisms does an organisation need to meet its goals and objectives? Support includes competent resources, targeted internal and external communications, and documented information, to name a few.
Operational planning & control
This addresses the operational part of the management system requirements, and includes in-house and outsourced processes. An organisation needs to “…plan, implement and control processes…”, determine risks and opportunities associated with these processes, and how to react to non-conformities and incidents.
Internal auditing fits nicely into the “check” component of the PDCA cycle. It evaluates conformance of the QMS to planned arrangements to ensure that it will consistently meet customer requirements and that the management system conforms to the requirements of both the organisation and the standard.
This addresses the question of whether the management system is suitable, adequate and effective. Top management use this review to periodically revisit the performance of all elements that comprise the QMS. It is a strategic intervention that includes changes to the context of the organisation.
Opportunities for continual improvement must be identified, corrective actions for non-conformities taken, and an organisation needs to retain controlled documentation of all improvement activities on a continuing basis.