What should ISO external audit check?

This paper introduces how to prepare for external audit. For reference only. Please correct me if there is anything wrong. 1. Treat external audit correctly 1. 1 Every audit has a purpose. For example, accept third-party audit, pass certification, and obtain certificates; Accept the audit of the second party (customer), hoping to become their supplier, or for other purposes. The preparatory work must be carried out around this purpose. 1.2 is to establish and implement a system that meets the requirements. The premise of passing the certification and gaining customer recognition is to actually establish a quality management system that meets the standards, corresponding laws and regulations and customer requirements, and the organization should prove its ability to provide products and services that customers are satisfied with. Therefore, we should use objective evidence to prove that we have the ability to effectively implement this quality management system. 1.3 Actively demonstrate your abilities. No matter what the purpose of the audit is, welcoming the external audit is an opportunity to show your ability. We must treat it correctly, especially the nonconformities found in the audit. Unqualified is not a good thing, but it can become a good thing. Understand from the front. Because it does not conform to the objective existence, if it is not found and corrected this time, it will always bring greater losses in the future than now. 1.4 actively cooperate with auditors to do a good job in auditing. Successfully completing the audit is the common task of the auditor and the auditee. Audit is a systematic, independent and documented process of obtaining audit evidence and objectively evaluating it to determine the degree of compliance with audit criteria. The auditor hopes to obtain sufficient evidence from the site as soon as possible, so as to believe that the quality management system of the audited party conforms to the audit criteria and is effective; The auditee shall actively display all kinds of evidence in line with the audit criteria to prove that the system it has established meets the requirements of the criteria and is effective in implementation. 2. How to do this work well mainly depends on the following aspects: 2. 1 Clarify the purpose and scope of this audit. The management representative and the person in charge of welcoming the audit work must know and determine the following information as early as possible in advance: 2. 1. 1 audit purpose. Is this audit certification (2008 version certification audit), second-party audit, or other purposes? 2. 1.2 audit standard. Different auditing purposes should adopt different auditing standards. Generally, system documents and product documents such as quality management system standards, self-owned manuals and procedures, as well as contracts signed with customers and applicable laws and regulations are all audit criteria. However, different audit purposes have different emphases. For example, second-party audits focus on requirements related to their products. Third-party audit focuses on process and customer requirements. 2. 1.3 Audit scope. Determine the location, function and product scope of the audit (SGS will provide the audit plan at that time). 2. 1.4 Number and grouping of auditors. Usually one week in advance, you will receive a written notice from the auditor including the above aspects, so you can make full preparations. 3. Organize and implement 3. 1 company escort. The company shall provide an accompanying person for each auditor of the certification body (client). This person should be familiar with code, company organization, division of labor and business, and have certain communication and expression skills. Responsible for communication within the company and with relevant functional departments. Usually served by experienced internal auditors. 3.2 Designate auditees at all levels. According to the division of labor in the organizational structure of the Quality Manual, the units and departments related to this audit should designate an auditee in advance (usually assisted by the department manager, supervisor or main backbone). If necessary, designate another alternate. In case the receptionist can't receive or answer for any reason, the alternate will be at the top. The task of the auditee is to try to show the evidence that the competent department meets the audit criteria with objective evidence and prove that the system is effective. Mainly: 3.2. 1 On behalf of units and departments, select and prepare typical evidence materials in advance according to the audit plan, including documents, records, physical objects and on-site introduction, reception, etc. Take the initiative to provide it when accepting the audit as objective evidence to prove the compliance and effectiveness of your system. 3.2.2 Answer questions raised by auditors on the spot and provide objective evidence. Meet the requirements of auditors. 3.3 Training of accompanying personnel and auditees 3.3. 1 Inform the above personnel of the audit plan in advance and conduct simple training. Time does not exceed 1 hour. If you have any questions, please ask them in advance and make training records for the training. (Get the audit plan before training) 3.3.2 Let's unify the division of responsibilities. What are the elements of the system and who is responsible for providing evidence on behalf of the company? Who is in charge of which functional department. Check for yourself whether these objective evidences can fully prove the conformity and effectiveness of the system. 3.3.2 With regard to communication, the contents of Article 3.3.2 above in this document have been clearly defined when the system was established. It is only a temporary re-emphasis and reminder to achieve the purpose of communication. At the same time, let everyone know each other's communication methods and information, such as office location, landline and mobile phone number, so as to communicate effectively. 4. Ideological mobilization to meet the audit 4. 1 Let employees know what audit to accept in a certain time and in a certain way. (Notice of external audit) 4.2 Know how to receive 4.2. 1 Require every employee (at least employees who are on the job at the time of audit, including management and technical personnel) to clarify their work scope. Prepare the contents of the previous article 3.2. For example, you can answer the work you are responsible for and the documents you execute, and explain what your work has to do with the achievement of the company's quality objectives. Select typical evidence materials to prove that your work meets the standards, regulations and customer requirements and achieves the target requirements. Prepare the evidence provided in advance. What evidence can you provide when the auditor asks you to show it? For example, standards, company documents (quality manual, procedure documents, work instructions/drawings), form records, etc. 4.2.2 What problems are expected to be raised during the audit? How to answer. 4.3 Every employee should be able to answer some * * * questions, and every employee may be audited. Therefore, in addition to preparing the scope of work he is responsible for, he must also determine some * * * issues that need to be recognized. It should be determined according to the purpose of the audit, such as: 4.3. 1ISO900 1 standard, 5.5.2.c), "Improvement to ensure that the whole organization meets customer requirements". Employees should know what they are doing. What are the requirements of this job? What files are executed? 4.3.2 Article 6.2.2.d), "Ensure that employees realize the importance and interrelation of their work and how they can contribute to the realization of the company's quality objectives." Employees should know who is the recipient of their work. Who are the external and internal customers? What is the key in my work? Measure what goal? What kind of situation has it reached? How can I meet these requirements? If it is not done well, what consequences will it bring to customers. Employees and clerks in the quality control department should also understand some basic concepts of statistical technology in combination with their own work. For example, what is deterioration, the common and special causes of deterioration, and what is excessive interference and insufficient control. It is best to explain it with practical examples of previous work. 4.3.3 Let employees know that not all questions raised by auditors must be answered. Employees only need to answer some questions about the company's general quality management system, such as quality policy, the relationship between work and company goals, and issues within the scope of responsibilities. When being audited, everyone will work normally in this position. Welcome with a smile. Auditors should answer questions politely and realistically. But only answer what you have done or what you have been responsible for. Tell him other questions politely. This is not my responsibility. If you ask again, politely tell me to "ask my boss" or be assisted by an escort. 5. Welcome to the first meeting of 5. 1. On the first day of normal audit, the first meeting will be held in less than half an hour. Presided over by the auditor. The company's top managers, management representatives, receptionists (managers/supervisors) and escorts of all related functions should attend. The positions and names of the participants in the meeting shall be submitted to the other party in writing as evidence. 5.2 Audit according to the plan. Receptionist of each department (manager/supervisor). Evidence that needs to be provided by other departments shall be provided in time through communication with the accompanying personnel. 5.3 Find out the inconsistent facts. If the auditor thinks there is nonconformity, what is the objective fact of nonconformity? According to what audit criteria, it is said that it does not meet? It is convenient to take corrective measures. 5.4 Communicate how to close non-conformance report before the last meeting. It is necessary to discuss with the auditor the root cause of nonconformity, the plan of corrective measures, the planned completion date (no more than three months), and what objective evidence can be provided to close the nonconformity report after the implementation of corrective measures. 6. Organize internal auditors to take advantage of opportunities to learn from external auditors and improve themselves. 6. 1 Several specific questions 6. 1. 1 Suggest that the company leaders should not put too much pressure on employees. Don't make some policies related to personal interests. For example, who eats it that does not meet the report, what will happen, what will happen, and even punishment. Practice has proved that whenever employees encounter such pressure, they often cover up nonconformities. As long as it does not conform to the objective existence, problems will occur in the future, and the result may cause great losses. It should be recognized that most of the reasons why employees can't do their jobs well are not individuals, but systems. Including quality accidents caused by the ability or negligence of the parties, the main reason is the system, not the individual. It is a personal reason, which can be traced back to the fact that the system did not put the right person in the right position, and it is still worth improving. 6. 1.2 Keep the daily state. This should not be regarded as a special arrangement. If you have established and effectively implemented the quality management system, no one needs to make any "emergency" preparations except accompanying personnel and meeting the requirements of the other party, such as: 6. 1.2. 1. Because, you are usually so clean and tidy; There is no need to put up any slogans, which means there is no special arrangement. Let customers and authenticators believe that this is the real situation of the system operation they want to see. 6. 1.2.2 No special files need to be written. More should not write false records, false documents. The leader arranged to do this, hinting at his subordinates, or he could do this to you and cover up his mistakes. If you do this, you will have a big accident sooner or later. Therefore, they often hurt themselves. 6. 1.3 What should I do if I find any nonconformities in the system shortly before greeting? There should be channels for the company's system. For example, in the standard 8.5.2 "Corrective Measures" procedure and 8.5.3 "Preventive Measures" procedure, employees should know how to ask questions or put forward reasonable suggestions for improvement. Or, the company can arrange some focused internal audits, issue non-conformance report for nonconformities, take corrective measures according to the standard requirements, make plans and implement them as planned. In the process of external audit, as long as the plan is implemented as scheduled, the external audit should not issue a non-conformance report. For nonconformities, subordinates are not assigned to take improper measures to deal with external audits, let alone advocate fraud. 6. 1.4 What should I do if I find myself unprepared? After showing an immature system to others, it is difficult to save a bad impression by spending ten times as much energy. If possible, request an extension of the review time. 6. 1.5 What should I do if I have different opinions on the nonconformity? First of all, we must identify objective facts. Consider whether further objective evidence can be provided to prove compliance. If everyone agrees on the objective facts, they disagree on whether they meet the auditing standards. Respect each other and don't argue too much. You can sign the auditor's nonconformity report first. Afterwards, we will put forward opinions or even complain to the certification body where the auditor is located, asking them to make a new judgment. 6.2 Don't miss the opportunity to learn. 6.2. 1 Independent third party (customer) audit. Usually, external auditors are more experienced than us, so we should take this opportunity to ask them for advice. Certification bodies generally don't tell you what you should do to meet the standard requirements. Doing so violates the principle of fairness in authentication. However, we can ask them how to correctly understand the standard requirements. Especially when non-conformities are found, the plan for taking corrective measures can be refined to facilitate the closure of non-conformance report. 6.2.2 Audit the second party (certification body). We should take this opportunity to understand the needs and expectations of customers in order to meet their requirements. 6.3 Try to pass the audit once. 6.3. 1 What does "pass the inspection once" mean? For example, the inspection found some problems. No matter how big or how many problems there are, auditors usually discuss them with the company and give them some time to take corrective measures. Generally speaking, the maximum time allowed is three months. Let the auditee close the unqualified items after improving the system. You can usually prove the effectiveness of corrective measures by mail or to a certification company, and then recommend the certificate. 6.3.2 If serious systemic problems are found in the inspection, the certification company may come again, not counting "once". This way, the company not only spends a lot of money, but also has a bad reputation. Will lose customers' trust in the quality of the company's products. If you continue, the order will be transferred to other companies. Without customers, the company can't survive. Therefore, whether the audit can be passed at one time is related to the vital interests of the company and employees. If you have made sufficient preparations, I believe that through this arrangement, there should be no problem in passing the customs. I wish you success! If you have any questions in the preparation process, please communicate with the ISO team.