If ISO 9001:2015 is effectively applied, auditors will no longer use a clause-by-clause approach to auditing QMSs. Dr. Croft of TC 176 addresses this issue directly while answering a question about the difference in audit approach expected of ISO 9001:2015.
The following is a link to a video capturing the question-and-answer session raising this discussion:
At 2:14, Dr. Croft basically says, in answer to the question: no more clause-by-clause auditing. Specifically, he says (among other things): “We shouldn’t be auditing to clauses anyway, now—since the year 2000 . . .” and “ . . . we should be focused on process-based audits . . .” Of those who are still auditing clause-by-clause, he says: “ . . . THAT will no longer work, absolutely, for the 2015 version . . . ”
During audits, using checklists based on the clauses and requirements of ISO 9001 no more exudes a process approach to auditing than does using ISO 9001 clauses and requirements to establish a QMS. Both represent a “standard-based approach,” contrary to a process approach (as required of the standard).
A standard-based QMS is one whose structure and documentation depends upon the clauses of ISO 9001 (or similar management system standard), resulting in the common clause-by-clause (or 6-procedure-only) QMS structure. A standard-based approach to QMS auditing also depends on the clauses of a standard, resulting in clause-by-clause auditing. Organizational processes are lost among requirements using this approach. It’s bad for quality.
If CB auditors apply ISO 9001:2015 effectively, clause-by-clause auditing will cease to exist, while standard-based QMSs will no longer be registered. And good riddance, nobody ever liked them in the first place.
CLAUSES ARE ADDRESSED DURING AUDIT PREPARATION
Rather than verifying conformity to ISO 9001 requirements as part of (on-site) auditing activities, conformity to these requirements should be verified in PREPARATION for an audit—during document review. See ISO 19011, 6.3.1, “Performing document review in preparation for an audit.”
Document review should include verification of conformity to all of the standard’s requirements, ensuring QMS documentation is both complete and correct. (See ISO 19011, Annex B, clause B.2, “Conducting document review.”) An effective document review would include, of course, verification of conformity to requirements demanding a process approach to quality management.
Each standard-based QMS fails to demonstrate a process approach as required of ISO 9001:2008 (notably, 4.1). Yet this requirement is still commonly overlooked by consultants, organizations, and auditors alike (often in that sequence).
Standard-based QMSs fail to demonstrate conformity to ISO 9001 requirements and should NOT be registered. Yet because standard-based QMSs still commonly receive and maintain ISO 9001 registration, the requirement to apply a process approach will again be clarified in the 2015 standard.
PROCESS-BASED QMS, PROCESS BASED QMS AUDITS
Each standard-based QMS achieving ISO 9001 registration suggests that CB auditor training was ineffective or there is an integrity problem. CBs registering standard-based QMSs don’t understand the process approach well enough to find standard-based QMSs as being nonconforming, or they understand that standard-based systems are nonconforming, but auditors recommend them for registration anyway. And CBs grant it. This needs to stop.
Standard-based QMSs should fail document review, as they fail to demonstrate the risk-based thinking and process approach required of the standard. Only those demonstrating conformity to all ISO 9001 requirements, including the requirement to apply a process approach, should pass document review.
That way, auditing proper—on-site auditing activities (per ISO 19011, 6.4, “Conducting the audit activities”)—would never be conducted on standard-based QMSs. Audits would be conducted on process-based QMSs. So, there would be no clause-by-clause auditing, only process-based auditing.
COMPLYING IS EASIER AND BETTER
Ironically, actually complying with the standard would make more sense and require less effort on everyone’s part, in most cases, than is currently being expended to manage “QMSs” ignoring the process approach. Properly defined systems will not need to change to match every future revision of ISO 9001—they would simply need to comply with each future revision.
More important, process-based QMSs are effective; they are systems of processes outputting product. Effective QMS documentation describes this very system. Standard-based QMSs are not effective; they merely systems of documents that cannot output product. The standard will, does, and always has required a documented management system complying with requirements, not a system of documents pandering to the requirements. The difference should discriminate between those who receive registration and those who do not. Currently, it doesn’t. And yes, that’s a big problem.
TIME FOR AN ‘ABOUT FACE’
Understanding that ISO 9001:2015 may now be released in September (as opposed to the original forecast of November), there may be roughly six months before ISO 9001:2015 is released. Six months. This is a big ship that’s been going the wrong way for (arguably) 27 years now (most noticeably since 2000). Can it be turned around in six months?
We’ll be able to tell by whether or not standard-based QMSs receive ISO 9001:2015 registration. Each one attaining registration will provide evidence that management failed to grasp the process approach, so did whoever helped establish the system, and so did the CB who would find such a “QMS” to be conforming.
For more information, please see the following article, “Audit My Process, Please!”:
https://insights.cermacademy.com/2013/10/27-audit-my-process-please-t-dan-nelson/