How to effectively audit ISO 9001 quality management systems

More than one million organisations in over 170 countries are compliant with ISO 9001, the international standard for quality management.

If you’re looking to become one of them or want to maintain quality compliance, regularly completing ISO internal audits is a key requirement.

Each audit reviews your quality systems against the standard guidelines, so any non-conformances and opportunities for improvement can be pinpointed. From there, you’re able to devise a suitable action plan for implementing changes.

From the initial stages through to making changes and reviewing progress, there’s plenty that companies can do to ensure they’re getting the most out of their ISO audit.

In this article, we’re sharing a few of our top tips for nailing your next ISO audit.

How to conduct an ISO 9001 quality management system audit

When completing your ISO 9001 quality management system audit, an auditor will typically use a process involving three main stages.

Before getting started though, your first priority needs to be setting an audit schedule that works for your company. Essentially you need to establish the frequency at which business areas will be audited. By setting clear timelines ahead of time you can ensure areas are audited at the frequency that makes sense according to their risk and importance to your business.

After this, you can move on to document control. This is when an auditor checks whether you have the documented evidence required to back up your compliance. The evidence must be confirmed, documented and checked by your auditor.

Finally, the main component of your ISO 9001 system audit is process review. At this stage, an auditor assesses your processes against related documentation and ISO standard guidelines. If there are any discrepancies between existing systems and ISO 9001 requirements or opportunities for improvement, this is when they will be identified. Following this, an action plan is devised to help you implement changes and ultimately reach certification in the months ahead.

Top tips for completing an ISO 9001 quality management system audit

At Integrated Compliance Solutions our consultants have been providing compliance solutions to SME’s across Australia since 2009. We know what it takes to develop lean, low-burden and ISO compliant management systems.

Here’s a closer look at some of our top tips for passing your next ISO 9001 quality management system audit with flying colours.

Preparation is key

In the weeks and months leading up to an ISO audit, companies benefit greatly from ensuring they are adequately prepared.

Preparation involves setting expectations for the audit, allocating any necessary resources for leading up to the audit, ensuring team members understand their role in implementing any final changes and making sure records and schedules are complete and as up-to-date as possible.

Another aspect is ensuring you give yourself enough time to prepare beforehand. While you’re working on getting ISO 9001 compliant, hurdles may come up. If this is the case, you’ll be glad that you haven’t left your ISO audit preparation to the last minute and aren’t stuck trying to get everything done in a mad rush.

In addition it’s a good idea for businesses to become familiar with the common challenges companies face when getting ISO certified, so they can avoid falling into the same traps. See our article that goes into six challenges in getting ISO certified and how to overcome them to find out more.

While preparing for an audit it can also be helpful to set aside time to review past errors or feedback from previous audits to avoid making the same mistakes again. If your company has undergone any significant changes since your last audit, this is also a great time to check that this is reflected in systems and documentation.

Taking adequate steps to prepare for your upcoming audit will ensure the process is as stress-free as possible, while also putting you in the best position to get ISO 9001 certified.

Understand the ISO 9001 standard requirements

What do you need to achieve to become ISO 9001 compliant?

Ensuring you have a comprehensive understanding of this is essential. Otherwise, improvements you make could be misdirected and you risk wasting resources and time on tasks that aren’t getting you any closer to your objectives.

There are ten ISO 9001 clauses you’ll need to get familiar with, which are:

1. Scope
2. Normative references
3. Terms and conditions
4. Context of the organisation
5. Leadership
6. Planning
7. Support
8. Operation
9. Performance evaluation
10. Improvement

An experienced consultant can help you ensure you’re across all relevant areas of the standard, and that you aren’t overlooking anything that could trip you up later when your audit is completed.

Look at processes, not ticking the boxes

If companies aim to get their ISO compliance out of the way as soon as possible, rushing staff through the process, they can easily shift their focus from building robust processes to “ticking the boxes” and doing the bare minimum.

Continual improvement and operational excellence are crucial when it comes to getting ISO 9001 certified, and cutting corners when reviewing systems can often just end up leading to companies having to revisit their processes after an audit that finds various gaps or areas where they are falling short.

Because of this, ensuring you complete a thorough review from the get-go can help you avoid wasting time and money down the line due to your audit finding otherwise preventable issues that must be addressed for compliance.

Instead of solely going through the clauses of the standard, focus on process audits that look at an entire process from inputs to outputs and everything in-between.

Focus on risk and opportunities to improve

Assessing and controlling existing and emerging risks, as well as seeking out new opportunities for improvement, is crucial for passing your audit and achieving ISO 9001 compliance. In terms of managing risks, companies need to:

1. Establish a risk management framework
2. Identify specific risks
3. Analyse the threats and vulnerabilities they have pinpointed
4. Evaluate risks and determine which threats to prioritise
5. Select risk treatment options such as mitigating the risk entirely, applying security controls or sharing the risk with a third party (for instance through insurance)

Formal training

ISO 9001 compliance relies on everyone at an organisation working cooperatively towards improving systems, regardless of whether they’re in a managerial position or are a frontline employee.

It comes as no surprise that leaving employees to figure it out themselves is counterproductive.

Formal training ensures that all team members know what needs to be done to get systems quality compliant all the way from the initial preparation stages to implementation and achieving continual improvement. It also gives management the opportunity to discuss why certification is important, expectations and goals, how employees stand to benefit from improved compliance and their role in the change.

When employees complete formal training, they can also be given the opportunity to ask any questions surrounding certification. Communication and transparency help employees raise any concerns, which could lead to new risks being brought to management’s attention. It also ensures staff are active participants in change rather than just being told to get it done.

Go beyond compliance

Rather than purely focusing on compliance, look at streamlining and continually improving documented systems and processes. This not only helps ensure your company is always looking for new ways to innovate and move forward in a way that’s productive and competitive but also keeps you on the ball year-round. This means that any potential issues or risks are proactively managed, as opposed to being reviewed periodically and only as needed because there is an audit coming up soon.

Going beyond compliance and setting up agile, flexible and robust quality systems positions your company well in an ever-changing business landscape. It can help avoid risks sneaking up on you, keeps constant improvement at the forefront and subsequently can help you establish a competitive edge.

How an external consultant can help with your ISO 9001 quality management system audit

When it comes to maintaining quality compliance, here are a few reasons to consider getting an external consultant in at least once a year:

• They can provide a fresh perspective from someone outside the company;
• With extensive experience in quality compliance, a consultant can mentor internal team members and provide expert guidance as needed;
• A consultant can use their expertise to provide suggestions for cost reduction, without compromising on quality system compliance;
• Having an external consultant available supports greater staffing flexibility, because employees don’t have to take on the time commitment involved in getting systems ISO 9001 compliance;
• A consultant from outside the company provides an unbiased appraisal of systems, which ensures all feedback is objective.

Get started with your ISO 9001 quality management system audit

Ready to start enjoying the benefits that come with effective, maintainable and compliant management systems? Get on track to doing just that by contacting our ISO consultants, who can complete a comprehensive, unbiased ISO audit of your processes.

In addition to ISO 9001 we have experience assisting organisations with achieving compliance to various standards including ISO 45001, ISO 14001 and ISO 27001. Speak with our team to find out more.