ISO 9001 - 2000
ISO 9001 – 2000 is a significant change from previous versions of the
standard. Previously, ISO 9001 – 2000 requirements were document intensive. The
expression among quality auditors was ‘do as you say and say as you do.’ The
saying implied the existence of three or four levels of documentation, quality
policies, procedures, work instructions, and forms.
Now, ISO 9001 – 2000 requires documented procedures in only six specific areas that are considered the core of the Quality management System:
PROCESS
AUDITING
A process is an
activity consisting of three elements: 1. inputs, 2. the process, and 3.
outputs. A value added audit ensures that inputs are consistent and conform to
requirements, the process is in control and capable of meeting requirements, and
finally, the output satisfies internal and external customer requirements. A
process can be a machine or a service operation. An operation can process
information, paper, raw material, parts, or money. A process audit primarily
assesses the effectiveness of management, assurance, and controls to minimize
risk and add operational value. Process audit ensures that the process is
monitored and is properly adjusted if there is abnormal variation.
The major question is how to audit for ‘effectiveness?’ Most quality and ISO pundits think that an effectiveness audit will be some type of process audit. There is still much confusion and little standardization on how to conduct a process audit, however the following are commonsensical steps:
Identify business objectives
Flowchart critical processes
Identify critical process input and outputs
Evaluate process procedures, records, and documentation against ISO 9001 – 2000 or similar requirements
Evaluate process metrics against meeting business objectives
Analyze metrics to determine process stability and then improvement over time