Do you have the shadow of an ISO audit looming over you?
In today’s post, CG Business Consulting give you a snapshot of what to expect from an ISO 9001:2015 upgrade and/or certification audit. By giving you the inside track, we hope this will help take some of the #fearfactor out of the impending audit ‘doom’.
To date, CG Business Consulting has assisted hundreds of clients in obtaining their ISO certifications. Since 2015, we have been working closely with both our existing and new clients to help them secure an easy transition to the revised 9001 and 14001 standards. As the transition to the 2015 revisions deadline is due to kick into effect towards the end of 2018, we thought we’d share some insider tips.
Today’s blog post will outline common areas where corrective actions have been issued during an audit. Put simply, these are the main areas where auditors have struggled to find the assurances they need that the party being audited has fulfilled the new requirements under the 2015 revisions. In other words, organisations have not provided sufficiently clear evidences to prove otherwise.
Here are the top five highlighted areas:
Interested Parties
“Organisations attract, capture and retain the support of the relevant interested parties they depend upon for their success.”
Interested parties should not just be considered an integral part of the context of the organisation, it also is imperative that they should be clearly understood before defining the scope of your management system (see below). These can include anyone from stakeholders, shareholders, partners, and affiliates, to customers, bankers and regulators.
You could try making the information more meaningful by grouping interested parties based on their relationship with your organisation,
- Responsibility – Shareholders, etc.
- Financial – Bankers, etc.
- Dependency – Employees, etc.
- Representation – Trade Unions, etc.
- Authority – Regulators, etc.
Do you have clear, documented evidence that your organisation has determined the needs, expectations, and requirements of relevant interested parties, internal and external, and how are these be monitored?
Context of the Organisation
Clause 4 of ISO 9001:2015 and ISO 14001:2015 require an organisation to evaluate itself and its context. Simply put, you will need to consider both the internal and external issues that have the potential to impact upon your strategy, objectives and your management system.
- External can include social, political, legal, interested parties such as stakeholders, partners etc.
- Internal can include employees, processes, communications, company culture, technological, budgetary etc
The auditor will require evidence that you have analysed both the internal and external issues of your organisational context. Ensure you have defined the influences of both internal and external elements on your organisation, and how they reflect not just on the company, but on the management system.
Leadership
Clause 5 of ISO 9001:2015 and ISO 14001:2015 require that leadership or ‘top management’ both demonstrate active engagement and undertake key quality management system activities. No longer will it suffice for leadership to simply oversee these activities.
Top management must be actively involved in the operation of their management system and ensure quality becomes embedded in routine business operations.
Can you provide evidence of top management involvement in your management system?
Scope
Your management system must have a defined scope, one which specifies its boundaries and applicability.
The scope will be referenced on your ISO certificate as it identifies which parts of the organisation’s business are within or excluded from certification. When determining scope, you should give consideration to external and internal issues (as above), requirements of relevant interested parties (see above), and the products and services of your organisation.
Does your Documented Information detail the scope and boundaries of your management system?
Risk & Opportunity
The revised standard requires an organisation to determine the risks and opportunities to processes, products and services, as well as to the management system overall and to take the appropriate actions to address them.
Risk is defined as “the effect of uncertainty” on an expected result, both positive and negative.
Have you reviewed the risks and opportunities for all your processes and organisational context, and clearly documented them? (Top tip – excel format works best for this)
For more practical information on Risks and Opportunities read our KORE Case Study HERE.
Fail to prepare etc. If your organisation hasn’t provided the training required to both ensure competency in the revised standards and your management system, and to enable the drawing up of a documented road-map, then it will have a bumpy road to transition.
Before we go, we’d heartily recommend you read our MD’s blog on Transitioning to ISO 9001:2015, featuring her expert insights into the changes the revised standard will bring, as well a to-do list you need to check off. You can read is HERE.
Have you signed up for our QEHS EXPO yet? This ISO driven event will be held at Citywest Hotel on 31st January & will feature talks and panel discussions with leading experts in their respective disciplines. For more information and to book your free ticket CLICK HERE.
