The Quality Audit for ISO 9001:2000, A Practical Guide

David Wealleans is a chartered engineer and a practising lead auditor who also delivers a range of practical audit courses. He has been involved in quality auditing at all levels since 1981.

This book is a practical guide to quality audit for the new ISO‐9001 system, which is to be released this year. The book comprises fourteen chapters grouped into three parts. The first part consists of six chapters and puts the audit in context. The second part comprising seven chapters deals with the key aspects of running the audit. In the final chapter, David speculates about the future and the changes that could take place and their implications.

In Chapter 1 David introduces the concept of auditing and after a brief introduction to different types of auditing – financial, health and safety, and quality – briefly explain the process of auditing in general and quality audit in particular. He briefly describes the categorization of audits into internal, audits by customers, and audit by an independent, accredited third party. After describing some of the key terms used in quality auditing he deals with integrating auditing teams which examine concurrently the aspects of quality, the environment and health and safety. In Chapter 2 he clarifies the differences between the horizontal and vertical audits as per the ISO 9901:2000. Horizontal loop is defined as “everything satisfying the customer need from identification to completion” and the vertical loop is defined as “a functional or organizational approach incorporating policy, planning, resourcing, processing, and evaluation.” In this chapter David explains the purposes of different categories of audits and some of the things that can go wrong such as audits becoming superficial, partial, or causing disproportionate amount of work.

Chapter 3 is devoted to covering the key concepts of quality and quality management. After dealing with the concept of quality as an objective in its own right he explains the classic phrase “Prevention is better than inspection” and points out that auditing is a prevention technique. He briefly explains concepts of total quality management (TQM) and quality costs. Also discussed in brief are the ISO 9001 quality system and the tiered series of documents required from quality manual to instructional procedures. David points out that ISO 9901 and TQM are beginning to move closer from the different routes taken in the past to achieving the same goal of managing customer satisfaction.

Chapter 4 is the longest (44 pages) section of the first part, and is concerned with the ISO 9000 standards. The topics covered in this chapter include a brief history and development of quality standards, the ISO 9000 family and the purpose and intention of the ISO 9000 series. However, a greater proportion of the chapter is devoted to explaining the content of the new ISO 9001, apparently based on the contents of the second discussion draft ISO/CD2 9001:2000, March 1999. It is pointed out that the ISO 9000 family has been reduced in size and has only four principal members: ISO 9000, ISO 9001, ISO 9004 and ISO 10011 which describes how to carry out quality audits. The focus of the next two Chapters 5 and 6 are the topics of quality management system (QMS) certification, and selection, training and competence of auditors. It is pointed out that the lSO 9000 certification (now to be replaced by a single standard ISO 9001 standard) was intended to provide independent evidence that an organization has an adequate QMS in place. Some of the following common pitfalls associated with the certification process that could be encountered are briefly discussed: choosing an unaccredited certification body; not allowing enough time to make the system ready for certification; not giving the certification company enough notice of the certification date; cver‐documenting the system; and over‐complacency about ways that the standard may be interpreted. David points out that gaining the certificate involves a lot of work and that the certification assessor is fallible and can be challenged if his/her demands are considered unreasonable. In dealing with the selection, training, and competence of auditors (Chapter 6), David points out that all auditors whether internal or external need to possess a good degree of technical understanding, experience, and confidence. In addition he asserts that they should have suitable interpersonal skills and an interest in the auditing process. He explains the need for auditors to keep up to date with developments and enhancing their skills and knowledge. Also dealt with in this chapter are the needs for auditors to become qualified and a brief review of the organizations that operate professional qualification schemes for quality practitioners. Some of the organizations considered are the International Register of Certified Auditors, based in the U.K., the international Auditor and Training Certification Association, and the American Society for Quality.

In the second part (Chapters 7 to 13) dealing with running the audit, David deals with the topics of audit planning, preparation, conducting the audit, reporting and documentation, audit management and follow up, auditing techniques and, finally, the different types of audit: management, product, and process audits. In Chapter 7, David covers the need for planning and coordination of audit programs and points out that a key part of planning is to identify what exactly needs to be done in order to satisfy the audit objectives. Also covered are defining the internal audit, creating a schedule and taking account of circumstances, the need for revising the plan, identification of resources, selecting the audit teams, scoping and coordination of the audit and how to monitor the progress to ensure that it does not fall behind. In Chapter 8, the topics of why and when to prepare and how to gather data for the different types of audits, making use of the background data and the importance of allocating responsibilities when using teams for audits are covered in some depth. He also warns against the use of pre‐prepared checklists and suggests the use of a process diagram or similar mapping techniques. Chapter 9 (with 31 pages) is the longest chapter of the second part; the other chapters are 12 to 16 pages long. In this chapter eleven key steps of this phase of the audit commencing from the arrival of the auditors at the place of work and finishing with their departure are discussed. The need lot arrival on time at the site and the purpose of the opening meeting and the need for an agenda, etc., are dealt with first. Then the key factors for a successful opening meeting such as the decision on who should attend the opening meeting, who should talk and the pitfalls to avoid are covered. This is followed by important considerations for commencing the investigation: the need for a general discussion with interviewees, selecting examples of records, identifying and notifying problems, and recording what was looked at. David next discusses in detail the key aspects of the closing meeting which reflect the opening meeting.

In Chapter 10 David turns his focus to the reporting and documentation of the audit. He insists that everything that appears in the written report must already have been conveyed orally to the people concerned. Different formats of reports are discussed and examples of two blank forms – a corrective action request form and an observation form – are provided. Chapter 11 is concerned with a discussion on audit management and follow up. Some of the key points discussed include the need for planning each audit, tracking and verification of the action taken, non‐compliance arbitration, resource management, and management review. David advises that management reviews should look for improvements to audit effectiveness rather than look at individual audit results. Techniques of auditing are dealt with in Chapter 12. The topics briefly discussed include the need for audit techniques, time management, conduct of meetings, questioning and listening, non‐verbal communication, observation and analysis. The subject of Chapter 13 is the different type of audits: product and process. David has discussed in detail what is involved in a process audit and it is conducted and in a brief section less than a page long has described how a product audit varies from a process audit.

David concludes each chapter with a summary of the key points discussed. I hope in the next edition he will consider concluding a chapter with a brief lead into the topic that is covered in the following chapter and an introduction to a chapter which briefly covers what was covered in the previous chapter.

The text is well written, free of unnecessary jargon and easy to read. I also found the book informative. I am certain that it is a timely book as the revised ISO 9000 standard is to be issued this year.