 |
 |
 |
|
|
|
By Solution
By Industry
Two types of auditing are required to become registered to the ISO 9001 standard: auditing by an external certification body (external audit) and audits by internal staff trained for this process (internal audits). The aim is a continual process of review and assessment, to verify that the system is working as it's supposed to, find out where it can improve, and to correct or prevent identified problems. It is considered important for internal auditors to audit outside their usual management line, so as to bring a degree of independence to their judgements.
Under the 1994 standard, the auditing process could be adequately addressed by performing "compliance auditing":
Tell me what you do (describe the business process)
Show me where it says that (reference the procedure manuals)
Prove that that is what happened (exhibit evidence in documented records)
How this led to preventive actions was not clear.
The 2000 standard uses the process approach. While auditors perform similar functions, they are expected to go beyond mere auditing for rote "compliance" by focusing on risk, status and importance. This means that they are expected to make more judgements on what is effective, rather than merely adhering to what is formally prescribed. The difference from the previous standard can be explained thus:
Under the 1994 version, the question was broadly "Are you doing what the manual says you should be doing?". Under the 2000 version, the question is more "Will this process help you achieve your stated objectives? Is it a good process, or is there a way to do it better?".
The ISO 19011 standard for auditing applies to ISO 9000.
This is only an overview/extract of the standard. Users should not rely on its accuracy, but should refer to the complete standard of the appropriate revision.