79

The following four-part audit report separates elements of ISO 9001:2008into the following categories: Planning, Implementation, Evaluation, andActions based on performance results. These four sections refer directly toShewart and Deming’s “PDCA” methodology for effective process manage -ment and are foundational to ISO 9001:2008.

Throughout this audit, sections 4.1 and 7.1 recur many times. Because 4.1is a global planning element, while 7.1 is directed to specific processes, both are in effect at any one time within the QMS. Both also require PDCAto be effective at their respective levels and for the system of processes towork most effectively. This audit structure takes advantage of both the localand the global perspectives simultaneously to create maximum value and relevance.

Development of this checklist involved placement of elements specificto this audit into their respective PDCA sections, in turn adding them to thegeneric 4.1 and 7.1 inquiry format provided. Therefore, all audits share acommon, process-driven format based on use of PDCA regardless of theprocess or objective under scrutiny.

Auditors are chosen so as not to audit their own work. The results ofall audits are brought to the attention of top management and findings areaddressed through the nonconformance process.

Appendix A

Process DrivenComprehensive Audit

P ACD

Part I: Plan

Audit Subject: [Enter the name of the process you’reauditing]

Date:

Section 1: Motivation and Risk(ISO 9001:2008 Sections: 5.1(c), 5.2, 5.4.2(a), 4.1(a), 4.1(d), 7.1(a))

Describe and provide evidence why [the process you’re auditing] isimportant. What is the risk if it’s not done properly? What would be lostor harmed?

What company quality objective(s) would be in jeopardy if [the processyou’re auditing] had a major failure?

Please give examples of why [the process you’re auditing] is important tothe organization and to its customers. Is there any evidence of theseexamples?

What resources are assigned to do [the process you’re auditing]?(computers, operating software, tools, machinery, and so on.)

Who is [the process] owner (the ultimate authority) and to whom doeshe/she report?

80 Appendix A

Process Driven Comprehensive Audit 81

Section 2: Process Plan (Plug in PDCA Plan questions here)(ISO 9001:2008 Sections 4.1(a), 4.1(b), 7.1(b)–7.1(d), 6.2.2(d))

Please describe how [this process] works in general terms.

How are the risks mentioned in the first question managed well throughwhat you just described to me?

What other parts of the operation benefit from the success of [theprocess you’re auditing]?

Can you demonstrate how the process and its performance areunderstood among the people who use it? Is any of this recorded inverification, validation, monitoring, and inspection records? (Getevidence wherever possible.)

82 Appendix A

Section 3: Key Players(ISO 9001:2008 Sections 6.2.2, 4.1(d))

Who is/are [the process you’re auditing] key players and to whom dothey report? (You’re actually asking for a list of names for the threefollow-up questions below.)

At a later time in the audit, when you fully understand the process,interview several of the above people.

What does each person do? (Do they have Job Descriptions? Get asmuch information as possible to use in the last question of this section.)

Ask them if they routinely experience any obstacles or reoccurringproblems. Record them here:

What records indicate that this person is competent to do the workdescribed to you above? (Review competence records in the HRdepartment. Note any big differences as observations or findings if thereare no records of competence such as evaluations, certificates, trainingrecords, and so on.)

Process Driven Comprehensive Audit 83

Section 4: Evaluation Method(ISO 9001:2008 Sections 8.1, 8.2.3, 4.1(c), 4.1(e), 7.1(c), 6.2.2(d))

What measurement(s) is/are routinely used to indicate [the processyou’re auditing] performance? (Get records!)

How do these measurements indicate if risks described earlier are wellmanaged? (Get records!)

How are these measurements related to the quality objectives of thecompany? (Get records!)

Are measurements performed at planned intervals and reported tomanagement? (Get records!)

Are measurements shared with the workers [in the department you’reauditing] for improvement? (Get records!)

84 Appendix A

Part II: Do

Section 1: Process Inputs(ISO 9001:2008 Sections 4.1(b), 4.1(d), 7.5.1(a)–7.5.1(f))

What is/are the output(s) of previous process(es) that are brought to [theprocess you’re auditing]? (What serves as input to this department orfunction that causes them to start working on it? Get evidence whereverpossible!)

At a later time in the audit, go to the department(s) or function(s) whoseoutput became input to this department as discovered above. Ask thisdepartment if what they send is well received, or is improvement/revisiondesired?

Is this input (or material) analyzed upon arrival to [the process you’reauditing]? Are there records of this activity? (Get copies or write downnames, dates, PO #’s, and so on, as objective proof.)

What controls are applied to [the process you’re auditing]? (You’relooking for work instructions, prints, budgets, and so on. Remember toget evidence!)

Are inputs received properly and well managed? (Are there problemsgetting the things you need to do your job?)

Section 2: Work Plan(ISO 9001:2008 Sections 7.1(b), 7.5.1(a)–7.5.1(c), 8.5.1)

[In the process you’re auditing] What tools do you typically use and howare they working?

(If there are measurement tools) How and when do you use these tools?How did you know what to measure?*

Are there work instructions? (Get evidence, if possible.)

What improvements are anticipated if everything operates just asdescribed?

Process Driven Comprehensive Audit 85

*If these tools are used to measure products to determine whether they meet require -ments, add all section 7.6 P, D, C, and A elements.

Section 3: Process Outputs(ISO 9001:2008 Sections 4.1(b), 7.5.2)

Is the output, or what you actually deliver, tested before [the processyou’re auditing] is completed?

Who or what receives [the process output] after you’re done? (Ask theirinput.)

At a later time in the audit, go to the recipient(s) and ask: Is the output of[the process you’re auditing] well received, or is improvement/revisiondesired?

86 Appendix A

Part III: Check

Performance(ISO 9001:2008 Sections 4.1(e), 8.4, 8.2.1)

How is performance of [the process you’re auditing] analyzed from theperspective of both internal and external customer satisfaction?(Remember to get evidence for each question whenever possible!)

How does the performance data of [the process you’re auditing] indicatethat the risks mentioned in the first question are effectively controlled?Explain how it does.

Do the data occasionally indicate a potential opportunity for telling others about your success or problems elsewhere in the system? Hasthis been done?

Are inspections and reviews proceeding as planned? Are you using theoriginally chosen performance criteria, or has the situation required adifferent approach?

How is the performance analysis you’ve shown to me presented to topmanagement in a timely manner and are records available of theirreview/evaluation?

Process Driven Comprehensive Audit 87

Part IV: Act

Improvement Plan(ISO 9001:2008 Sections 4.1(f), 5.4.2(b), 7.1(d), 7.2.3, 8.5.1)

What evidence is available of action(s) for improvement or revision of theoriginal plan?

Based on performance analysis, what resources were redistributed tobetter manage risk or to achieve the desired outcome?

What has been the customer’s reaction to these revisions?

Did top management review any of these revisions before they wereimplemented? Did they consider (discuss or ask about) operationalissues in relation to other processes in the system? Are there records ofthe decision to revise the process?

88 Appendix A

Part V: Supporting Audit Processes

Corrective and Preventive Action Influence(ISO 9001:2008 Sections 8.5.2, 8.5.3)

List and briefly describe any prior nonconformance and/or correctiveactions to determine effectiveness during the audit (within the auditedprocess).

List and describe any preventive actions to investigate during the audit.

Prior Audit(s) Influence(ISO 9001:2008 Sections 5.6, 8.2.2)

How did prior audits or Management Review contribute to this audit?

Written Processes Supporting the Audit Itself:

Process Driven Comprehensive Audit 89

Part VI: Audit Summary

Audit of: ______________________________________________

Closing Comments, Insights and Suggestions, Findings, andRecommendations:

General:

Observations:

Findings:

Audit Team Signatures:

_________________ _________________ __________________

_________________ _________________ __________________

_________________ _________________ __________________

Opening Meeting Date: _________________

Closing Meeting Date: _________________

Attendees Sign-in Sheet(s) Attached

90 Appendix A