Understanding the process approach
The latest in INform's series of ISO 9001 guidance papers from the Auditing Practices Group is concerned with identifying and understanding processes
Helping auditors interpret the process approach
If auditors do not understand or misunderstand the process approach, they should have a look at ISO 9000 ' Quality management systems - fundamentals and vocabulary' and at the ISO 9000 introduction and support package: guidance on the concept and use of the process approach for management systems (ISO/TC176/SC2/N544).
A certification body should ensure that all its auditors have received sufficient training regarding the requirements of ISO 9001, particularly those on the process approach. Thus, an auditor should realize that several steps are needed, including the following:
- determining the processes and responsibilities necessary to attain the quality objectives of the organization
- determining and providing the resources and information necessary
- establishing and applying methods to monitor and/or measure and analyze each process
- establishing and applying a process for continual improvement of the effectiveness of the QMS
The process approach concept must be so well understood by auditors that they are not limited by the terminology of the standard. However, auditees may use their own in-house terminology. Auditors must be aware that the application of the process approach may differ from organization to organization, depending on its size and the complexity of its activities. Special consideration should be given to small and medium-sized enterprises - auditors should not expect so many processes in their QMSs.
Helping auditees interpret the process approach
If an auditor is faced with a complete misunderstanding by an auditee, this situation should normally be identified at the first stage audit. The auditor should refer the auditee to recognized information sources, such as those indicated in the section above. The auditee should also pay sufficient consideration to:
- the establishment of process objectives
- process planning
- the availability of suitable records
Auditees frequently identify too many processes. Some or all of them are activities which do not fulfil the requirements of a process, in the sense that ISO 9001 uses the concept. In this situation, an auditor should (in the first stage audit) propose that the auditee performs a redefinition of its processes based on, for example, the criticality of the activities. This might be particularly relevant for SMEs.
Understanding processes fully is a complex issue for both auditors and auditees, but perhaps one of the most difficult aspects is identifying the process clearly in the first place.
Distinguishing between a process and an activity
If an auditee cannot distinguish between the concepts of a process and an activity, the auditor can briefly explain the differences by using the guidance (clause 2.4) and definition (3.4.1) in ISO 9000 as background information. The auditor must be able to adapt to the auditee's unique situation: it is the auditor's responsibility to understand the auditee's systems and approach.
During the audit, the auditor should determine whether there is a problem of differences in terminology only, or whether there is a lack of real implementation of the process approach by the auditee. There may be a need to issue a non-conformance report if the auditee is not fully implementing the requirements stated in ISO 9001, clause 4.1. If this is simply a terminology problem, there should be no need to issue an non-conformance report, if all the requirements of clause 4.1 are satisfied.
The auditee has the right to use its own terminology, provided the requirements of the standard are met. The auditor should mentally develop a cross-reference list to ensure consistency and better understanding.
Clear definitions
If the auditee does not understand that a process must have defined (but not necessarily measurable) objectives, inputs, outputs, activities and resources, the auditor should try reformulating the questions to the auditee, avoiding the use of quality management jargon eg: 'Can you explain your operations here?', 'What are the basic jobs carried out in your department?' and 'What information do you need to start your work?' This should help the auditor establish whether the processes (as per ISO 9001) are already defined, have clear inputs, outputs, objectives and so on.
Analyzing, monitoring and/or measuring, improving
If, after applying the audit techniques outlined above, there is an absence of any records or other proof to demonstrate that the processes are analyzed, and/or monitored, and/or measured and/or improved, there would appear to be non-conformity with part of ISO 9001 clause 4.1.
Defining each clause of ISO 9001 as a separate process
If the auditor considers this to be the right approach, he or she should refer to relevant ISO documents, (notably the ISO/TC 176/SC 2 document 'N544 ISO 9000 - Introduction and support package: guidance on the concept and use of the process approach') which clearly indicates the contrary.
Is the process approach a requirement of ISO 9001?
The description of the process approach in the introduction to ISO 9001 is purely informative and does not introduce a set of additional requirements by itself. Clause 4.1 specifies the steps necessary to implement a process approach with regard to QMS processes, the note to clause 4.1 providing examples of processes needed for the QMS. Audit methodologies must be orientated, accordingly, towards analyzing the processes of the organization.
This article is an edited version of 'Identifying processes' and 'Understanding processes' from the website of the ISO 9001 Auditing Practices Group, and is reproduced courtesy of ISO and the IAF. These papers were developed on current best practice and therefore have not been formally endorsed as IAF guidance or ISO TC176 interpretations. For further information about the Auditing Practices Group visit the APG website.
The ISO 9001 Auditing Practices Group is an informal group of QMS experts, auditors and practitioners drawn from the ISO Technical Committee 176 Quality Management and Quality Assurance (ISO/TC 176) and the IAF. It has developed a number of guidance papers and presentations that contain explanations about the auditing of QMSs. These reflect the process-based approach that is essential for auditing the requirements of ISO 9001.
 |
|
 |
 |
 |
|
 |
|
 |