Featured Product
This Week in Quality Digest Live
Quality Insider Features
Eric Whitley
Seven tips for efficient maintenance
Rick Gould
As climate change reveals the vulnerabilities of infrastructure, ISO is providing the tools to assess risk and adapt to it
Alonso Diaz
The need for transparency in a changing regulatory landscape
Zhanna Lyubykh
Consequences and costs of abusive supervision
Dario Lirio
Modernization is critical to enhance patient experience and boost clinical trial productivity

More Features

Quality Insider News
Industrial Scan&Sand solution wins RBR50 Innovation Award
Reduces the time it takes to complete an XRF measurement
Hexagon’s calibration service meets advanced manufacturing needs in Canada
Attendees will learn how three top manufacturing companies use quality data to predict and prevent problems, improve efficiency, and reduce costs
Unique global product configuration event fosters an atmosphere of learning, not selling
Project annotations, images, videos, and more in a stereo microscope’s field of view
More than 40% of directors surveyed cite the ability of companies to execute as one of the biggest threats to improving ESG performance
How to quickly prototype 4x machine vision applications on one small embedded system

More News

Miriam Boudreaux

Quality Insider

ISO Audit: Five Not-So-Easy Questions

Be prepared to answer these queries from your auditor

Published: Monday, April 22, 2013 - 13:06


Have you ever been through an audit to an ISO standard? If you have, then you probably know about a set of questions that are frequently asked during audits against various ISO standards. No one can predict all of the questions that an auditor will ask, but you can bet that that following five will be among them.

What is your quality (or environmental, safety, information security) policy?

This is a basic question and one that is very likely to take center stage during the audit. The focus on this question subsides during periodic audits, primarily because the organization’s management system matures, and the same auditor often assesses one company multiple times.

Intent behind the question
First: Ascertain whether the organization has done a good enough job communicating the policy to its employees, and that they have internalized the organization’s perspective regarding quality.
Second: Ensure that employees understand the quality policy.
Third: Check that there is indeed a quality policy.

Possible responses
Best: Employees know where to find the quality policy and are able to articulate in their own words what the policy means to them and how it affects their work, as well as their appreciation and understanding of quality.
Better: Employees know where to find the quality policy and can read it without feeling nervous.
Good: Employees know where to find the quality policy.

What are your objectives?

This is a question that applies to everyone, not just managers. It is expected that objectives are represented with data and charts, but not absolutely required.

Intent behind the question
First: Ascertain whether the company has goals it wants to achieve and that it measures and tracks process or product performance, as a whole or individually by department or employee.
Second: Ensure that employees understand the quality objectives and how their performance greatly affects the outcome of those objectives.
Third: Check that there are indeed quality objectives.

Possible responses
Best: Employees know where to find the quality objectives, and they understand exactly why they have been established and what their purpose is. They know what the desired goal is and how to tell whether it has been achieved. They know how to initiate corrective action when the desired state is not achieved.
Better: Employees know where to find the quality objectives that apply to their position or department, and can show if they are doing well or not in working toward an  objective.
Good: Employees know where to find the quality objectives.

Where do you get your procedures from?

Procedures or documents in general are an integral part of ISO-compliant management systems; you need them to ensure processes are in control. Therefore, questions regarding documents are definitely going to appear throughout the audit.

Intent behind the question
First: Ascertain whether employees follow standard processes frequently as part of their jobs, regardless of whether those processes are documented in a formal, written procedure or not. If there are written procedures or other documents, it is also important to determine whether employees can easily find any documents related to their jobs.
Second: Ensure that the company has determined which procedures are needed and documented those processes that are integral to its core operations.
Third: Check whether the employee knows of the existence of any documented procedures.

Possible responses
Best: Employees know where to find the procedures that apply to their jobs, can obtain them quickly, can speak about them, and feel invested in the procedure as well as the process.
Better: Employees know where to find the procedures that are applicable to them.
Good: Employees know procedures exist.

What do you do if you find a nonconformance or a potential improvement?

The whole concept of continual improvement is paramount to ISO standards, and the auditor will try to assess it over and over. The auditor will ask for at least the basic concepts of continual improvement.

Intent behind the question
First: Ascertain whether employees understand the concepts of nonconformance, continual improvement, and corrective and preventive actions, and whether they understand the systems that have been put in place to handle them.
Second: Determine if the company encourages use of continual improvement tools and has communicated those to all employees.
Third: Check if there is a system in place for handling nonconforming product or service, and corrective and preventive actions.

Possible responses
Best: Employees know when to use a nonconformance report and when to use a corrective action or preventive action. They actually have issued some in the past, have been assigned nonconformance reports to disposition, or have been tasked with conducting root cause analyses for corrective or preventive actions.
Better: Employees know there are systems in place for handling nonconformances and corrective or preventive actions, and can point to them.
Good: Employees know there are improvement systems in place.

What are your responsibilities?

This is a broad question and can lead to many answers. Employees may refer to procedures, job descriptions, objectives, etc.

Intent behind the question
First: Ascertain whether employees are aware of their responsibilities and their roles in the overall success of the quality (or environmental, safety, information security) management system.
Second: Ensure that the organization has defined responsibilities for all positions, and that each employee has a good understanding of what his responsibilities are.
Third: Check that responsibilities have indeed been defined.

Possible responses
Best: Employees know what their responsibilities are and understand their importance to the success of the management system. They know where their responsibilities have been defined and documented, and have agreed to them in writing.
Better: Employees are aware of their responsibilities and grasp their importance to the success of the management system.
Good: Employees know the tasks for which they are responsible.


Discuss

About The Author

Miriam Boudreaux’s picture

Miriam Boudreaux

Miriam Boudreaux is the CEO and founder of Mireaux Management Solutions, a technology and consulting firm headquartered in Houston, Texas. Mireaux’s products and services encompass international standards ISO and API consulting, training, auditing, document control and implementation of Web QMS software platform. Mireaux’s 6,500 square foot headquarters, located in the northwest area of Houston, houses their main offices as well as their state-of-the art training center. Mireaux itself is certified to ISO 9001:2015 and ISO 27001:2013. To get in touch with Miriam Boudreaux, please contact her at info@mireauxms.com.

Comments

Deciding..

Hi,

This might not be totally into any Quality topics. But personally, it is quite important for me to decide a carrier in management.

I work as Software Developer for past 2 years.

It would be great help if you would let me know a Quality Engineering Management or Project Management course suit me.

I am totally transfixed as to which one to choose.

Thanks in advance 

Anya 

Deciding..

Hi,

This might not be totally into any Quality topics. But personally, it is quite important for me to decide a carrier in management.

I work as Software Developer for past 2 years.

It would be great help if you would let me know a Quality Engineering Management or Project Management course suit me.

I am totally transfixed as to which one to choose.

Thanks in advance 

Anya