In our previous issue of Insight, we published Part 1 of How Ready Are You for Your Next Management System Audit?  Part 1 reinforced the need to start the audit preparation process well in advance, and focused on ensuring the requirements of the respective ISO Standards are completed prior to audit time, including the review of processes and procedures and input from workers and senior management. This article is the second in a series designed to provide some useful background information and tips to assist your organisation to prepare when audit time rolls around.

In Part 1 we covered two specific ISO Standard requirements that take some time to organise and complete – the Internal Audit and the Management Review. In seeking improvement for your organisation’s management system, both these activities typically give rise to actions aimed at addressing the identified issues or managing changes that have occurred since the previous audit or review. In many instances, these actions include the review and updating of an organisational policy, procedure, process or other document to ensure it remains relevant, applicable and suitable for its intended purpose.

This is the first information an Auditor will seek – does the organisation have a documented process for each requirement of the Standard? In order to determine this, the Auditor will look for evidence of:

  • Document existence – does a published (not draft) Policy, Procedure, process or other document exist within the organisation’s document management system?
  • Document content – does the document contain the necessary guidance required by the Standard? The old adage of keeping it simple should be embraced by organisations with their documentation.
  • Document currency – when was the last time the document was reviewed to ensure relevancy and applicability? Additionally, all documents need to have been approved and communicated to everyone involved in the process or activity. It is an absolute must that no one is using outdated documents.
  • Document accessibility – how do workers access the relevant documentation? Is this easy or difficult, laborious or straight forward? Additionally, is the key information that is necessary to guide workers easily located within the procedure, or hidden amongst a mass of words? Key information that is easily and quickly identifiable is more likely to be found and implemented by those who need it.

Lastly, it is important to understand that the ISO Standards contain key works like “shall”, “consider” and “effective”. These have specific definitions and in their simplest terms, shall means you must do; consider is defined as you must demonstrate that you have thought about and taken into account all relevant factors prior to making a decision; and effective means the extent to which planned objectives are realised, and desired results are achieved.

In summary for Part 2 of our audit preparation article series, it is essential that your organisation has an up-to-date policy, procedure, process, form(s) or register document that it can provide as evidence of addressing each requirement of the relevant Standard.

However, having the documented processes is just the starting point. To fully ensure conformance with each requirement of the Standard, workers and managers must know and follow the requirements of the organisation’s policies and procedures as they apply to their work activities and areas of accountability. And this is where we will kick things off for Part 3 of How Ready Are You for Your Next Management System Audit?

Please contact QRMC for more information.