iso audit_ five not-so-easy questions

8/18/2019 ISO Audit_ Five Not-So-Easy Questions

1/5

qualitydigest.com

Miriam Boudreaux | 04/22/2013

Have you ever been through an audit to an ISO standard? If you

have, then you probably know about a set of questions that are

frequently asked during audits against various ISO standards. No

one can predict all of the questions that an auditor will ask, but you

can bet that that following five will be among them.

What is your quality (or environmental, safety,information security) policy?

This is a basic question and one that is very likely to take center

stage during the audit. The focus on this question subsides during

periodic audits, primarily because the organization’s management

system matures, and the same auditor often assesses one company

multiple times.

Intent behind the question

First: Ascertain whether the organization has done a good enough

Audit: Five Not-So-Easy Questions about:reader?url=http://www.qualitydigest.com/inside/quality-insider-a...

5 3/31/2016 5:42 PM


2/5

job communicating the policy to its employees, and that they have

internalized the organization’s perspective regarding quality.

Second: Ensure that employees understand the quality policy.

Third: Check that there is indeed a quality policy.

Possible responsesBest: Employees know where to find the quality policy and are able

to articulate in their own words what the policy means to them and

how it affects their work, as well as their appreciation and

understanding of quality.

Better: Employees know where to find the quality policy and can

read it without feeling nervous.

Good: Employees know where to find the quality policy.

What are your objectives?

This is a question that applies to everyone, not just managers. It is

expected that objectives are represented with data and charts, but

not absolutely required.


First: Ascertain whether the company has goals it wants to achieve

and that it measures and tracks process or product performance, as

a whole or individually by department or employee.

Second: Ensure that employees understand the quality objectives

and how their performance greatly affects the outcome of those

objectives.

Third: Check that there are indeed quality objectives.

Possible responses

Best: Employees know where to find the quality objectives, and

they understand exactly why they have been established and what

their purpose is. They know what the desired goal is and how to tell

whether it has been achieved. They know how to initiate corrective

action when the desired state is not achieved.

Better: Employees know where to find the quality objectives that

apply to their position or department, and can show if they are

doing well or not in working toward an objective.

Good: Employees know where to find the quality objectives.


5 3/31/2016 5:42 PM


3/5

Where do you get your procedures from?

Procedures or documents in general are an integral part of

ISO-compliant management systems; you need them to ensure

processes are in control. Therefore, questions regarding documents

are definitely going to appear throughout the audit.


First: Ascertain whether employees follow standard processes

frequently as part of their jobs, regardless of whether those

processes are documented in a formal, written procedure or not. If

there are written procedures or other documents, it is also

important to determine whether employees can easily find any

documents related to their jobs.Second: Ensure that the company has determined which

procedures are needed and documented those processes that are

integral to its core operations.

Third: Check whether the employee knows of the existence of any

documented procedures.

Possible responses

Best: Employees know where to find the procedures that apply to

their jobs, can obtain them quickly, can speak about them, and feel

invested in the procedure as well as the process.

Better: Employees know where to find the procedures that are

applicable to them.

Good: Employees know procedures exist.

What do you do if you find a nonconformance or a

potential improvement?

The whole concept of continual improvement is paramount to ISO

standards, and the auditor will try to assess it over and over. The

auditor will ask for at least the basic concepts of continual

improvement.

Intent behind the questionFirst: Ascertain whether employees understand the concepts of

nonconformance, continual improvement, and corrective and

preventive actions, and whether they understand the systems that


5 3/31/2016 5:42 PM


4/5

have been put in place to handle them.

Second: Determine if the company encourages use of continual

improvement tools and has communicated those to all employees.

Third: Check if there is a system in place for handling

nonconforming product or service, and corrective and preventive

actions.

Possible responses

Best: Employees know when to use a nonconformance report and

when to use a corrective action or preventive action. They actually

have issued some in the past, have been assigned nonconformance

reports to disposition, or have been tasked with conducting root

cause analyses for corrective or preventive actions.

Better: Employees know there are systems in place for handling

nonconformances and corrective or preventive actions, and can

point to them.

Good: Employees know there are improvement systems in place.

What are your responsibilities?

This is a broad question and can lead to many answers. Employees

may refer to procedures, job descriptions, objectives, etc.


First: Ascertain whether employees are aware of their

responsibilities and their roles in the overall success of the quality

(or environmental, safety, information security) management

system.

Second: Ensure that the organization has defined responsibilities

for all positions, and that each employee has a good understanding

of what his responsibilities are.

Third: Check that responsibilities have indeed been defined.

Possible responses

Best: Employees know what their responsibilities are and

understand their importance to the success of the management

system. They know where their responsibilities have been defined

and documented, and have agreed to them in writing.

Better: Employees are aware of their responsibilities and grasp


5 3/31/2016 5:42 PM


5/5

their importance to the success of the management system.

Good: Employees know the tasks for which they are responsible.


iso audit_ five not-so-easy questions

Documents