ISO 9001 Audit: objectives, criteria, Checklist, and sample findings

To demonstrate a commitment to quality and build customer trust, good service is not enough. In conditions that demand credibility, it is important for companies to conduct audits such as ISO 9001 audits that are able to show that the Quality Management System (QMS) has met the standard.

ISO 9001 is an international standard that guarantees the quality of products or services according to the standard. Starting from compliance with policies to be able to exceed customer satisfaction.

By conducting an assessment based on ISO 9001, the company not only improves its image and credibility, but also is able to mitigate risks and make improvements.

What is ISO 9001 Audit?

ISO 9001 Audit is the process of evaluation and assessment of the organization to ensure that QM runs according to ISO 9001 standards. This assessment can target several things, such as business processes, procedures, work practices, and policies of an organization.

This Audit can be done by internal auditors and external. Auditors the person in charge of assessing the organization must have independence in order to achieve accurate results.

Audit results can be used as an evaluation of the organization, increase customer confidence, and create high quality standards.

ISO 9001 Audit objectives

Generally, ISO 9001 audits are required by almost all types of companies. Ranging from manufacturing, services, to non-profit organizations. Some of the reasons such audits are conducted are to achieve the following objectives.

• Evaluate the reliability and health of internal control systems
• Ensure compliance with rules, standards, and procedures 
• Minimize losses and maximize profits
• Ensure the information produced by the organization is valid and reliable information
• Ensure data provided to management is of integrity
• Looking for improvement opportunities for organizational sustainability

ISO 9001 Audit criteria

ISO 9001 audit criteria are a key element of the standard to establish a strong quality management framework. Audits that refer to ISO 9001 actually consist of 11 clauses. But the four clauses are not mandatory to be implemented. Therefore, it is recommended to organizations to use the following six clauses.

1. Clause 4: Organizational Context

• Focus: determine the organization's goals (internal and external), what the organization wants to achieve, key stakeholders, and customer needs.
• Objective: provide an understanding of strengths, risks and areas of improvement to develop an optimal quality management system.

2. Clause 5: Leadership

• Focus: identify the parties responsible for creating and managing the different areas of the quality management system.
• Purpose: support the successful implementation of the framework, its implementation and changes as the business grows.

3. Clause 6: Planning

• Focus: planning measures to document potential risks, their severity and likelihood, mitigation actions, and setting goals.
• Objectives: address emerging risks and opportunities, improve decision-making, and sustain SMM success. 

4. Clause 8: Operations

• Focus: assess what the organization is doing, such as planning and controlling operational processes, meeting customer requirements, product or service quality consistency, controlling external parties, and handling inappropriate products or services.
• Objective: ensure the quality of products or services is consistent, controlled, and in accordance with standards.

5. Clause 9: Performance Evaluation

• Focus: evaluate and measure performance metrics.
• Objectives: make informed decisions and improve data-driven quality management and customer satisfaction.

6. Clause 10: Rectification

• Focus: documenting potential areas for improvement, financing, and embedding preventive measures, creating a strong SMM.
• Objective: demonstrate excellence with customers, suppliers and stakeholders.

ISO 9001 Audit Checklist

Unlike other types of audits, ISO 9001 audits have a special checklist that must be carried out in the audit process. This Checklist can be tailored to the context and purpose of the organization's audit. 

1. Organization

• Have internal and external issues been identified?
• Have the needs of interested parties been determined?
• Is the scope of SMM clear?

2. Leadership

• Does top management demonstrate its commitment to quality?
• Is the quality policy communicated and understood?
• Have responsibilities and Powers been established?

3. Planning

• Have the risks and opportunities been analyzed and acted upon?
• Are quality objectives defined and measurable?
• Is there a plan to achieve the goal?

4. Support

• Are the resources (human resources and infrastructure) available adequate?
• Is personnel competence proven and maintained?
• Is internal communication effective?

5. Operations

• Is the operational process going according to plan?
• Is there a documented change control?
• Was the product improperly handled with proper procedures?

6. Performance Evaluation

• Is monitoring, measurement and evaluation carried out?
• Is the internal audit conducted on schedule?
• Is there a comprehensive management review?

7. Improvements

• Are nonconformities followed up with corrective action?
• Are there any ongoing improvement efforts planned?

ISO 9001 Audit process and stages

In general, the implementation of ISO 9001 audits is not much different from other types of audits. This Audit also goes through the planning, auditing, reporting and follow-up stages. 

1. Planning

The first stage is the planning stage which includes setting the schedule, the audit process, the scope of the audit, to the auditor who will carry out the audit process. The preparation of this plan can be done by reviewing the results of previous audits, so that audits that will be carried out can provide results that have never been achieved.

2. Audit Process

After the plans are prepared and approved by audit team and organizations to be audited, the auditor began the audit process. This process begins with collecting relevant evidence. Both from interviews, observations, and document reviews.

Then the auditor compares, reviews, evaluates, and assesses the organization'S SMM.

3. Reporting Of Audit Results

Next, the auditor prepares an audit report. The audit report is prepared in a clear format that includes findings, evidence, and recommendations.

4. Follow-up or improvement

The last stage is the follow-up process by the organization. At this stage, the organization makes improvements based on the recommendations given by the auditor.

Examples of ISO 9001 Audit findings

The following is an example of an ISO 9001 audit case study conducted at PT FNA, a software development services company. The scope of the audit includes the product development process, human resources, and customer service. In this audit, several findings were found as follows.

1. Minor incompatibility: SOP document not updated

• Condition: the operational standard document of the software development process was last updated in 2021, while the work process in the field has changed since 2023.
• Criteria: according to ISO 9001, documents must be kept up to date and in accordance with current work practices.
• Audit evidence: old SOP documents, interviews with the development team, and comparisons between SOP and daily work processes.
• Recommendation: regularly update sops and establish ways of controlling document changes.

2. Major Nonconformity: Internal Audit Is Not Independent

• Condition: the internal Audit is carried out by the staff in charge of auditing their own division.
• Internal audits should be conducted objectively and independently.
• Audit evidence: internal audit schedule and list of names of internal auditors.
• Recommendation: use auditors from other divisions or use auditors from outside the company.

3. Opportunities for improvement (OFI): handling of customer complaints not analyzed

• Condition: complaints from customers are only recorded, but there is no analysis of trends or causes.
• Criteria: the company must monitor and evaluate the level of customer satisfaction.
• Audit evidence: records of customer complaints, but no analysis reports.
• Recommendation: conduct periodic evaluations of customer complaints and analyze trends.

Closing

Seeing its significant role, ISO 9001 audit is not only a tool to improve the company's image, but also a mandatory requirement in the management of the system as a whole.

By conducting audits effectively, organizations can improve performance, build customer trust, and ensure compliance with ISO 9001 standards. This is the foundation for achieving success in the future.

In order to obtain accurate, reliable, and trustworthy audit results, companies need not only experienced auditors, but also tools that can support the planning, implementation, and reporting of audits systematically.

Audithink comes with best audit app as an innovative solution for the management of corporate audits of various fields. This application is equipped with automatic reporting features, so that the audit process becomes easier, faster, and integrated. For more information, consultation, and complete guidance, contact Audithink team.