Beruflich Dokumente
Kultur Dokumente
By Craig Cochran.
If youre preparing to start auditing to ISO 9001:2015, youve probably already asked yourself the timeless question:
What in the heck am I going to ask these people? Theres no worse feeling in the world than being in the middle of a
audit and realizing that youve run out of questions. Preparation and planning can remedy this, of course, but the fact
remains that ISO 9001:2015 includes a lot of new requirements that have never been part of most audits. To help prepa
you for auditing to ISO 9001:2015, Ive prepared a list of what I consider to be the seven most important audit questio
for ISO 9001:2015:
2. Who are your interested parties and what are their requirements?
The natural follow-up to context is interested parties, found in clause 4.2. Just like context, interested parties are a key
input to risk. The term interested parties has a bizarre, stalker-like ring to it, so smart auditors might want to replace
with stakeholders. Remember, effective auditors try to translate the arcane language of ISO 9001:2015 into
understandable terms that auditees can grasp. Typical interested parties include employees, customers, suppliers, busin
owners, debt holders, neighbors, and regulators.
As an auditor, youre making sure that a reasonable range of interested parties has been identified, along with their
corresponding requirements. The best way to audit this is an exploratory discussion. Ask questions about the interested
parties, and probe what theyre interested in. If youve done some preparation in advance of the audit, youll know wh
their examination of interested parties is adequate.
This brings up an important planning issue: Youll have to do a bit more preparation before an ISO 9001:2015 audit. W
So youll have a grasp of context and interested parties. How can you evaluate their responses if you dont know what
responses should be?
3. What risks and opportunities have been identified, and what are yo
doing about them?
Risks and opportunities could accurately be called the foundation of ISO 9001:2015. No fewer than 13 other clauses re
directly to risks and opportunities, making them the most connected section of the standard. If an organization does
poor job of identifying risks and opportunities, then the QMS cannot be effective, period.
Auditors should verify that risks and opportunities include issues that focus on desired outcomes, prevent problems, an
drive improvement. Once risks and opportunities are identified, actions must be planned to address them. ISO 9001:20
doesnt specifically mention prioritizing risks and opportunities, though it would be wise for organizations to do this. R
and opportunities are limitless, but resources are not.
5. How has the QMS been integrated into the organizations business
processes?
In other words, how are you using ISO 9001:2015 to help you run the company? This is asked directly of top managem
(see subclause 5.1.1c) and is a very revealing question. The point is that ISO 9001 is moving away from being a qualit
management system standard and becoming a strategic management system. Its not just about making sure products o
services meet requirements anymore. The standard is about managing every aspect of the business. Remember clauses
and 4.2 of ISO 9001:2015? They examine the key topics of context and interested parties. These concepts touch every
corner of the organization, and this is exactly how ISO 9001:2015 is intended to be used. Top management should be a
to describe how the QMS is used to run the company, not just pass an audit.
These are by no means the only questions youll want to ask. Theyre just the starting point. I didnt even mention
management review, corrective action, or improvementall of which are crucial to an effective QMS. The seven topic
discussed here are the biggest new requirements that auditors need to probe. I would be very interested in hearing from
on this subject. What audit questions do you see as critical in ISO 9001:2015? Please leave your comments below.