Preparing for Your ISO 9001 Certification Audit
Prior to your ISO 9001 certification audit, it would probably be a good idea to ensure that your management system and people are prepared and ready for the assessment. At this time, we will assume that you have fully implemented your management system and scheduled your stage one assessment.
If you have not already completed your initial internal audit and management review, get those scheduled and completed ASAP. The expectation is that these are completed prior to your stage one assessment.
Management System Readiness
If you recently completed your internal audit and feel confident that your management system was thoroughly reviewed during the audit process, then you should be in good shape for the ISO 9001 certification audit. If you still have any level of concern, it might be beneficial to complete some additional reviews to further assess your audit readiness. These are informal reviews and there is no requirement to document results or any action taken, unless formal corrective actions are taken. Just make sure that any issues are properly resolved following established change management and change control processes.
The stage one audit will generally be concerned with verifying that your management system has been effectively established. The auditor will want to gather and review evidence that demonstrates the management system has been fully implemented and is ready for the certification (stage 2) audit. That evidence is usually maintained documentation which supports and defines your processes. Review your established documents to ensure that they are complete, reviewed, approved, and they accurately describe the process. If you have elected to not document some of your processes, the auditor will need to interview personnel to determine how the management system processes are established and executed. Make sure that all personnel associated with these processes are well versed on the process steps and activities and that everyone is aligned on how these processes are executed.
The stage two audit will verify compliance to both your established processes and the ISO 9001 standard. Auditors will be requesting and reviewing various records and retained documentation providing evidence that processes are being followed. Prior to the audit and where needed, review process records to ensure that they exist, are correct and complete, and they are properly retained (format, location, etc.). There is nothing more frustrating than trying to find records when requested by the auditor and they can’t be found. This is the worst time to be turning files upside down to find management system documents.
Audit Readiness Training
In addition to verifying the management system is ready to go, you should also spend some time educating your personnel on proper protocol and behavior during the audit. Also consider which employees might be needed during the audit to answer questions and discuss process activities and results with the auditor. In most cases, this will be your assigned process owners.
In preparing for your ISO 9001 certification audit, discuss the following with all employees prior to the audit:
- The auditor will most likely be moving about the facility during the audit and anything in public view is subject to review including documentation, products, equipment, personnel, etc.
- Any printed hard copy documents should be of the current revision and appropriately identified. If you use an electronic document control system, the best practice during audits is to not have any paper copies of controlled documents present except where necessary for company operations. Employees often have a habit of printing a controlled document for reference and keeping the document on their desk or in an area where it is needed. Over time this document revises, but the printed copy isn’t updated leaving an obsolete document in use. If paper copies are needed for some processes, make sure that they are printed fresh on the day of the audit. If the auditor discusses the document control process with an employee, the best response is that the document is verified for correct revision or printed on a daily basis or when required.
- Ensure that no management system documents are being stored in personal files or desks.
- Ensure that employees do not have any personal equipment or measuring devices on site or in use that aren’t under proper company control.
- There is good chance that the auditor will move through the facility and talk to employees:
- If the auditor asks questions, the employee should answer the question concisely and offer no additional information.
- It is alright to not know the answer. If this is the case, options include finding the answer and getting back to the auditor, deferring to other employees or staff, or referencing documented procedures and other artifacts as needed. Guessing or making things up on the fly are not good options.
- Employees are expected to know the quality policy, but it does not need to be memorized verbatim. Employees should be able to paraphrase the policy in their own words while touching on the key elements of the policy. It is acceptable to reference the policy as posted on the wall or written in other locations.
- Employees should also be familiar with quality objectives, especially those aligned with the policy. They should be able to explain how their duties and function relate to and impact the objectives.
- Employees should understand how they and their jobs impact product and/or service quality.
- Employees should know where and how to access procedures and other documents which pertain to their jobs and responsibilities.
- Employees should know what to do when they encounter a nonconformance, receive customer feedback or complaints, and identify an opportunity for improvement.
- Employees should always be respectful of the auditor, even if they feel flustered or frustrated. In worst case scenarios, employees should defer back to the main auditor escort or responsible management staff.
- If the employee sees an issue that could be a possible nonconformance which is not observed by the auditor, it should be reported to company management after the auditor has left the area. Employees should not make the auditor aware of the issue unless there is an immediate safety issue.
- Remind employees that the auditor is assessing processes and documentation, not people. They shouldn’t take anything said by the auditor personally.
- No matter what the situation, questions should be answered honestly. It is much easier to address a small finding than to re-establish trust and rapport with the auditor. Auditors who feel they are being lied to or deceived will dig even deeper into the management system to verify compliance.
Feel free to discuss any other behavior expectations and practices with employees as needed to ensure employees are ready and comfortable with the audit process. Make sure that all persons involved are aware of the agenda for the audit and their potential role in the activities. Consider executing mock audits using internal staff (internal auditors??) and randomly interviewing personnel to verify that potential auditor questions are addressed properly. Remember to not criticize or judge incorrect actions or answers. Just use this as a learning and teaching opportunity.
Also, don’t forget to address any logistical issues prior to the audit. Secure a conference room for the day where the auditor can work and interview various staff when needed. If you use an electronic ISO 9001 software solution, consider the best ways to share documents with the auditor. If you have a projector or monitor in the conference room, documents can be displayed, reviewed, and discussed as a group. Of course, some auditors will want printed hard copies to review, so ensure documents can be easily printed. One key document to have ready is a list of all current ISO 9001 management system documents (procedures, forms, work instructions, etc.) which includes at a minimum, the document name, number, and current revision level.
The auditor should provide you with an agenda for the day, defining the elements of the management system to be covered and the estimated times for each. If you don’t receive an agenda, request one so you know what to expect during the audit. This will also allow you to ensure that appropriate personnel are available when needed. For example, if the agenda states that Purchasing Controls will be reviewed on Tuesday from 1:30 – 2:30, then you can let the Purchasing Manager know to be available and ready at that time. If you have conflicts with the schedule or availability of personnel, you can address these issues with the auditor during the opening meeting. Please note that it is mandatory that the chief executive or highest-ranking company officer for the site or facility be present during the opening and closing meetings and available for discussion during the actual audit.
Most auditors will also expect a simple working lunch so plan accordingly. Perhaps some sandwiches from a local deli. Never offer to take the auditor out for a meal, either for lunch or dinner during the audit. Never attempt to sway or influence an auditor’s position or disposition with any type of favor or bribe, whether real or perceived.
Audit days can be very intimidating and stressful, and adequately preparing for your ISO 9001 certification audit can significantly reduce that anxiety. Investing time and effort ahead of time to verify that the management system is ready and employees know what to expect and how to behave, will help to minimize the stress. Double check maintained and retain documents to ensure they are compliant. Walk through the facility and verify that all areas are clean, organized, and don’t contain inappropriate documents or equipment. Finally, make sure all logistics have been planned and arranged.