Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

Risk-Management-in-ISO-9001.pdf

ukavathekar
ukavathekar

Rashid Hussain, a lead auditor and consultant, gave a presentation on risk-based thinking in ISO 9001:2015. He began by introducing himself and his qualifications. He then discussed key aspects of risk-based thinking including definitions of risk and risk-based thinking, relevant ISO standards like ISO 31000, clauses in ISO 9001 that require identifying and managing risk, reasons for taking a risk-based approach, and tools for risk identification and management. Finally, he explained how risk-based thinking can be applied to auditing and shared some best practices, such as conducting more frequent audits in higher risk areas.

1 of 22
Download to read offline
1 Guest Speaker Rashid Hussain Lead Auditor www.gcerti.ca www.gcerti.ca An Overview of Risk-based Thinking in ISO 9001:2015 G-Certi Inc.- July 3, 2020
2 Welcome to G-Certi Inc. Please keep social distance and stay safe. Thanks
Introduction of Guest Speaker – Rashid Hussain Education MSc. TQM, MBA, MBE, B.Com Designations • Certified Human Resources Leader (CHRL), HRPA • Certified Human Resources Professional (CHRP), HRPA • Certified Quality Auditor (CQA), ASQ Lead Auditor Certifications • QMS (ISO 9001 & IATF 16949) • EMS (ISO 14001) • OHS (ISO 45001 & OHSAS 18001) Experience • Leadership: President, CEO, Member of Leadership Committees • Management: Quality, Human Resources, Environment, Health & Safety • Consulting/Training/Internal Auditing: ISO 9001, IATF 16949, ISO 14001 & ISO 45001 • 3rd Party Auditing: ISO 9001, ISO 14001 & ISO 45001 Volunteer • Program Chair: ASQ Kitchener Section (2020) • Mentor: Guelph & District Human Resources Professional Association (GDHRPA) • Member: Mentorship Committee, GDHRPA Membership • Human Resources Professional Association of Canada (HRPA) • American Society of Quality (ASQ) 3
Learning Outcomes 4 What is Risk? What is Risk-based-Thinking? Is there any ISO standard for Risk Management? What is ISO 31000? Which clauses of QMS Standards require to identify and manage the risk? Why we need to identify and manage the risk? What are the tools and techniques to identify and manage the risk? Can we use Risk-based-Thinking in Auditing?
Basis of QMS Standards Risk-based-Thinking Process Approach Principles of Quality Management PDCA Cycle for Continual Improvement Effectiveness 5
What is Risk? Risk is defined as the effect of uncertainty on an expected result, where: An effect is a deviation from the expected – positive or negative. ISO 9000 Definition 6
What is Risk- based-Thinking? Risk-based Thinking requires organizations to identify, evaluate, control and manage risk at stages of QMS i.e. establishment, implementation, maintenance and improvement The concept of Risk-based-Thinking was always in ISO 9001 i.e. Preventive Actions but it was misused Current revision has more focus on risk management by promoting Risk-based-Thinking throughout the organization The main goal of Risk-based-Thinking for an organization is to achieve conformity and customer satisfaction Clause 5.1.1 (d) requires leadership to promote the use of process approach and Risk-based-Thinking throughout the organization 7
Is there any ISO Standard for Risk Management? There is no ISO standard for risk management but the Guidelines. 8
What is ISO 31000? ISO 31000 - Risk Management Guidelines First published in 2009 and revised in 2018 Provides principles, a framework and a process for managing risk Provides guidance for internal and external audit programs Can be used by any organization regardless of its size, activity or sector Cannot be used for certification purpose 9
Which clauses of QMS Standards require to identify and manage the risk? Which clauses of QMS Standards require to identify and manage the risk? CLAUSE # RISK MANAGEMENT REQUIREMENTS/EXPECTATIONS 4. Context of the Organization •Determine the risks which may affect its ability to achieve it’s intended results •Organization is required to determine its QMS processes and address its risks and opportunities (4.4.1 f) 5. Leadership •Promote awareness of risk-based thinking •Determine and address risks and opportunities that can affect product /service conformity 6. Planning Identify risks and opportunities related to QMS performance and take appropriate actions to address them 7. Resources Determine and provide resources to address risks and opportunities 8. Operations Plan, implement and control its processes to address the risks and opportunities 9. Performance Evaluation Monitor, measure, analyze and evaluate the effectiveness of actions taken to address risks & opportunities 10. Improvement Correct, prevent or reduce undesired effects to improve the QMS and update risks and opportunities 10
Why we need to identify and manage the risk? All clauses of ISO 9001:2015 directly or indirectly requires to apply the Risk-based-Philosophy The key objective of QMS is conformance to applicable requirements and Customer Satisfaction and these objectives can’t be achieved if risk is not managed through the organization Requirements of QMS are like a chain and chain always break from the weakest link 11
What are the tools and techniques to identify and manage the risk? Process Turtle Diagram Ishikawa Diagram (Cause & Effect Diagram) SWOT / TOWS Analysis Failure Mode and Effects Analysis (FMEA) PESTLE Analysis Brainstorming Surveys/Interviews On-Site Investigations Using Professional Expertise Most Common Tools/Techniques 12
Context of the Organization (4.1) SWOT Analysis - Risk Management Tool INTERNAL STRENGTHS WEAKNESSES INTERNAL CONTEXT • Years of Experience • Business Knowledge • Financial Strength • Leveraged Technology • State of the art Facility • Patents • Strong Customer Relationships • Company Values/Culture • Time to Market • Employees don’t trust leadership • Lack of Diversification • Narrow Market • Marketing • Employee Turnover • Anticipated Retirements • Focus is Production not Quality • Employee Knowledge Consider issues related to: • Values • Culture • Knowledge • Performance of the organization Ref. 4.1, Note 3, ISO 9001:2015 EXTERNAL OPPORTUNITIES THREATS EXTERNAL CONTEXT • Available Capacity • New Markets • Automation • Employee Engagement • High demand for Product • Apprenticeship Programs • Prevention based Quality • Competition • Changes of Industry Regulations • Exchange Rate • Environment • Expiring patents Consider issues arising from: • Legal • Technological • Competitive • Cultural, Social and Economic Environments etc. Ref. 4.1, Note 2, ISO 9001:2015 13
4.4/8.5. Turtle Diagram – A Tool for Process Risk Management With What? (Material/Financial/Other Resources) Opportunities With Who? (Human Resources) • Infrastructure (Building/Machinery/Utilities/Hardware etc.) • Gauges (VC/Ink Scale/Lights) • Software (Cyrious Control/Adobe Creative Suite) • Work Order • Master Docket • Contingency Plans (Overtime, Safety Stock etc.) • Training • Effective Manpower Planning • Preventive Maintenance • Calibration of Gauges • Internal Auditing • Management Reviews • Effective Communication • Control of Documented Information • Production Manager • Production Supervisor • Press Operators • Screen Maker • Planner • Color Technician Inputs Printing Process Output • Raw Material (Vinyl /Polycarbonate/Polyester) • Ink • Screen • Film • Printed Product as per Customer Requirements How? (Methods/Control/Documented Information) Risks Monitoring/Measuring (KPIs/Process Results) • Documented Information (Procedures/Work Instructions) • Calibration of Gauges • Training of Employees • Infrastructure Failure • Lack of Training • Shortage of Manpower • Interruption of Raw Material Supply • Expired / Broken Gauges • Obsolete Documented Information • Unscheduled Downtime • Results of Scratch Test • # of Adjustments (Color Verifications Checks) • Color Registration (Alignment) • Audit Nonconformities • Effectiveness of Corrective Actions 14
Ishikawa Diagram – A Tool for Process Risk Management Man Machine Material Risk Specific Controls Risk Specific Controls Risk Specific Controls • Ineffective Training • Shortage of Manpower • Review of Training Effectiveness • Overtime • Multitasking • Cross Training • Effective Manpower Planning • Machine Breakdown • Expired / Broken Gauges • Production Interruption • Preventive/Predictive Maintenance • Effective Calibration Process • Safety Stock of Finished Goods • Material Shortage • Interruption of Raw Material Supply • Effective Material Planning • Safety Stock of Raw Material Printing Process Environment Method Monitoring/Measuring Risk Specific Controls Risk Specific Controls • Audit Results • Effectiveness of Corrective Actions • Scratch Test Results • # of Color Adjustments • Management Reviews • Effective Communication • Customer Complaints • Poor Working Conditions • Stress/Burn Out • Surveys • Work-Life Balance • Obsolete Documented Information (Procedures/WIs/Forms etc.) • Lack of Standardization • Control of Documented Information • Standardization 15
4.1 Context of the Organization – Risk Management # Issue Internal/ External Risks Risk Rating (H/M/L) Actions Opportunities 1 Hiring & Retention of Drivers Internal • Restricted Growth • Late Deliveries L • To provide technological advanced and comfortable fleet for drivers • To provide ELD installed fleet for driver's safety and easy compliance • To provide job stability • To provide health care benefits • To give performance bonus • Effective Manpower Planning • Organizational Branding 2 Maintenance of Certifications Internal • Customer Dissatisfaction • Market Reputation • Low business volume • Loss of big customers • Losing market competitiveness L • Training of employees • Maintaining/retaining documented information as per requirement • Conducting internal audits and inspections • Consulting services from Safety Consultants • Competitive advantage • Attracting new customers and retaining existing ones 3 Weather External • Late Deliveries • Late Pickups • Unsafe Driving Conditions M • Effective Planning based on weather forecast • Increased Customer communication on delivery/pick-up status • Winter season driving training to all drivers • SOPs for winter driving • Safety on Road • Improved winter season performance to satisfy the customer 16
4.2 Interested Parties & their Expectations – Risk Management # Interested Parties Expectations Risks Risk Rating (H/M/L) Actions Opportunities 1. Customers • Services quality • On-time delivery • Response time to enquiries and complaints • Compliance with applicable regulations • Maintenance of required certifications • Late Deliveries • Penalties • Loss of business • Customer Dissatisfaction M • To implement Quality Management System based on the requirements of ISO 9001:2015 • Maintain compliance certifications • To train office employees and drivers on compliance requirements • To improve level of communication with customers • After-hours services • Repeated & dedicated business from existing customers • Referrals • New business from existing customers 2. Suppliers • Clear specification of products & services • On time payment • Products and Services not meeting requirements • Late Deliveries L • To provide clear specifications of products and services to all suppliers • To provide training to Owner Operators and develop other suppliers • To pay on time as per terms and conditions • Dedicated services 3. Regulators • Compliance with applicable requirements • Market Reputation • Fines/Penalties • Shut Down M • To hire services of experienced compliance consultants • To trained employees on applicable regulations • Good Market Reputation • Business Continuity 4. Employees 5. Leadership 17
Can we use Risk-based- Thinking in Auditing? There is no ISO standard for Management System Auditing There are Guidelines (ISO 19011) for Management System Auditing mainly used for 3rd Party Auditing but can be used for 1st & 2nd Party Auditing as well ISO 19011 requires ISO Registrars to use Risk-based- Thinking in 3rd party auditing We must use Risk-based-Thinking for conducting internal audits to demonstrate conformance 18
4.4./9.2 Turtle Diagram – A Tool for Process Risk Management With What? (Material/Financial/Other Resources) Opportunities With Who? (Human Resources) • Infrastructure (Hardware, Software, Office etc.) • Time • Resources for Audit (Financial/Materials/Others etc.) • Use of Risk-based-Thinking in Auditing • Effective Audit Planning • Effective Training • Maintaining adequate number of competent Auditors • Qualified Auditors • Lead Auditor • Auditee Inputs Internal Auditing Process Output • Audit Plan /Schedule • Audit Criteria (Req of QMS, ISO 9001 and Interested Parties) • Risks & Opportunities • Importance and Criticality of Processes • Changes affecting the Organization • Results from previous audits • Internal and external performance trends • Customer complaints • Audit Report • Summary of Audit Findings • Non-Conformity Report (if any) How? (Methods/Control/Documented Information) Risks Monitoring/Measuring (KPIs/Process Results) • Audit Planning • Documented Information (Policies/Procedures) • Audit Checklists • Audit Frequency • Audit Methods (Interviews, Observations and Review of Documented Information) • Poor Audit Planning (not based on Risk) • Ineffective Audit Training • Auditor’s Competence • Availability of Competent Auditors • Infrastructure Failure • Lack of Resources • Inadequate Frequency • Internal/External Audit Results • Timely completion of audits as per Schedule • Effectiveness of CA • # of IANCRs • Maintenance of ISO 9001 Certification 19
Risk-based- Thinking in Auditing Conducting more frequent audits in following circumstances may help to reduce the risk and ensure product/service conformity and customer satisfaction: • QMS is new in the organization • Process(s) is complex • New product/service is launched • Areas with more identified risks or nonconformities • Areas with major nonconformities • Areas where corrective actions were not effective • Processes which are critical for product/service conformity • Areas with more customer complaints and formal rejections Some Best Practices 20
I wish you to stay Safe. 21
22 Sorry, I couldn’t ask any question. No Worries! Email at info@gcerti.ca

More Related Content

Risk-Management-in-ISO-9001.pdf

  • 1. 1 Guest Speaker Rashid Hussain Lead Auditor www.gcerti.ca www.gcerti.ca An Overview of Risk-based Thinking in ISO 9001:2015 G-Certi Inc.- July 3, 2020
  • 2. 2 Welcome to G-Certi Inc. Please keep social distance and stay safe. Thanks
  • 3. Introduction of Guest Speaker – Rashid Hussain Education MSc. TQM, MBA, MBE, B.Com Designations • Certified Human Resources Leader (CHRL), HRPA • Certified Human Resources Professional (CHRP), HRPA • Certified Quality Auditor (CQA), ASQ Lead Auditor Certifications • QMS (ISO 9001 & IATF 16949) • EMS (ISO 14001) • OHS (ISO 45001 & OHSAS 18001) Experience • Leadership: President, CEO, Member of Leadership Committees • Management: Quality, Human Resources, Environment, Health & Safety • Consulting/Training/Internal Auditing: ISO 9001, IATF 16949, ISO 14001 & ISO 45001 • 3rd Party Auditing: ISO 9001, ISO 14001 & ISO 45001 Volunteer • Program Chair: ASQ Kitchener Section (2020) • Mentor: Guelph & District Human Resources Professional Association (GDHRPA) • Member: Mentorship Committee, GDHRPA Membership • Human Resources Professional Association of Canada (HRPA) • American Society of Quality (ASQ) 3
  • 4. Learning Outcomes 4 What is Risk? What is Risk-based-Thinking? Is there any ISO standard for Risk Management? What is ISO 31000? Which clauses of QMS Standards require to identify and manage the risk? Why we need to identify and manage the risk? What are the tools and techniques to identify and manage the risk? Can we use Risk-based-Thinking in Auditing?
  • 5. Basis of QMS Standards Risk-based-Thinking Process Approach Principles of Quality Management PDCA Cycle for Continual Improvement Effectiveness 5
  • 6. What is Risk? Risk is defined as the effect of uncertainty on an expected result, where: An effect is a deviation from the expected – positive or negative. ISO 9000 Definition 6
  • 7. What is Risk- based-Thinking? Risk-based Thinking requires organizations to identify, evaluate, control and manage risk at stages of QMS i.e. establishment, implementation, maintenance and improvement The concept of Risk-based-Thinking was always in ISO 9001 i.e. Preventive Actions but it was misused Current revision has more focus on risk management by promoting Risk-based-Thinking throughout the organization The main goal of Risk-based-Thinking for an organization is to achieve conformity and customer satisfaction Clause 5.1.1 (d) requires leadership to promote the use of process approach and Risk-based-Thinking throughout the organization 7
  • 8. Is there any ISO Standard for Risk Management? There is no ISO standard for risk management but the Guidelines. 8
  • 9. What is ISO 31000? ISO 31000 - Risk Management Guidelines First published in 2009 and revised in 2018 Provides principles, a framework and a process for managing risk Provides guidance for internal and external audit programs Can be used by any organization regardless of its size, activity or sector Cannot be used for certification purpose 9
  • 10. Which clauses of QMS Standards require to identify and manage the risk? Which clauses of QMS Standards require to identify and manage the risk? CLAUSE # RISK MANAGEMENT REQUIREMENTS/EXPECTATIONS 4. Context of the Organization •Determine the risks which may affect its ability to achieve it’s intended results •Organization is required to determine its QMS processes and address its risks and opportunities (4.4.1 f) 5. Leadership •Promote awareness of risk-based thinking •Determine and address risks and opportunities that can affect product /service conformity 6. Planning Identify risks and opportunities related to QMS performance and take appropriate actions to address them 7. Resources Determine and provide resources to address risks and opportunities 8. Operations Plan, implement and control its processes to address the risks and opportunities 9. Performance Evaluation Monitor, measure, analyze and evaluate the effectiveness of actions taken to address risks & opportunities 10. Improvement Correct, prevent or reduce undesired effects to improve the QMS and update risks and opportunities 10
  • 11. Why we need to identify and manage the risk? All clauses of ISO 9001:2015 directly or indirectly requires to apply the Risk-based-Philosophy The key objective of QMS is conformance to applicable requirements and Customer Satisfaction and these objectives can’t be achieved if risk is not managed through the organization Requirements of QMS are like a chain and chain always break from the weakest link 11
  • 12. What are the tools and techniques to identify and manage the risk? Process Turtle Diagram Ishikawa Diagram (Cause & Effect Diagram) SWOT / TOWS Analysis Failure Mode and Effects Analysis (FMEA) PESTLE Analysis Brainstorming Surveys/Interviews On-Site Investigations Using Professional Expertise Most Common Tools/Techniques 12
  • 13. Context of the Organization (4.1) SWOT Analysis - Risk Management Tool INTERNAL STRENGTHS WEAKNESSES INTERNAL CONTEXT • Years of Experience • Business Knowledge • Financial Strength • Leveraged Technology • State of the art Facility • Patents • Strong Customer Relationships • Company Values/Culture • Time to Market • Employees don’t trust leadership • Lack of Diversification • Narrow Market • Marketing • Employee Turnover • Anticipated Retirements • Focus is Production not Quality • Employee Knowledge Consider issues related to: • Values • Culture • Knowledge • Performance of the organization Ref. 4.1, Note 3, ISO 9001:2015 EXTERNAL OPPORTUNITIES THREATS EXTERNAL CONTEXT • Available Capacity • New Markets • Automation • Employee Engagement • High demand for Product • Apprenticeship Programs • Prevention based Quality • Competition • Changes of Industry Regulations • Exchange Rate • Environment • Expiring patents Consider issues arising from: • Legal • Technological • Competitive • Cultural, Social and Economic Environments etc. Ref. 4.1, Note 2, ISO 9001:2015 13
  • 14. 4.4/8.5. Turtle Diagram – A Tool for Process Risk Management With What? (Material/Financial/Other Resources) Opportunities With Who? (Human Resources) • Infrastructure (Building/Machinery/Utilities/Hardware etc.) • Gauges (VC/Ink Scale/Lights) • Software (Cyrious Control/Adobe Creative Suite) • Work Order • Master Docket • Contingency Plans (Overtime, Safety Stock etc.) • Training • Effective Manpower Planning • Preventive Maintenance • Calibration of Gauges • Internal Auditing • Management Reviews • Effective Communication • Control of Documented Information • Production Manager • Production Supervisor • Press Operators • Screen Maker • Planner • Color Technician Inputs Printing Process Output • Raw Material (Vinyl /Polycarbonate/Polyester) • Ink • Screen • Film • Printed Product as per Customer Requirements How? (Methods/Control/Documented Information) Risks Monitoring/Measuring (KPIs/Process Results) • Documented Information (Procedures/Work Instructions) • Calibration of Gauges • Training of Employees • Infrastructure Failure • Lack of Training • Shortage of Manpower • Interruption of Raw Material Supply • Expired / Broken Gauges • Obsolete Documented Information • Unscheduled Downtime • Results of Scratch Test • # of Adjustments (Color Verifications Checks) • Color Registration (Alignment) • Audit Nonconformities • Effectiveness of Corrective Actions 14
  • 15. Ishikawa Diagram – A Tool for Process Risk Management Man Machine Material Risk Specific Controls Risk Specific Controls Risk Specific Controls • Ineffective Training • Shortage of Manpower • Review of Training Effectiveness • Overtime • Multitasking • Cross Training • Effective Manpower Planning • Machine Breakdown • Expired / Broken Gauges • Production Interruption • Preventive/Predictive Maintenance • Effective Calibration Process • Safety Stock of Finished Goods • Material Shortage • Interruption of Raw Material Supply • Effective Material Planning • Safety Stock of Raw Material Printing Process Environment Method Monitoring/Measuring Risk Specific Controls Risk Specific Controls • Audit Results • Effectiveness of Corrective Actions • Scratch Test Results • # of Color Adjustments • Management Reviews • Effective Communication • Customer Complaints • Poor Working Conditions • Stress/Burn Out • Surveys • Work-Life Balance • Obsolete Documented Information (Procedures/WIs/Forms etc.) • Lack of Standardization • Control of Documented Information • Standardization 15
  • 16. 4.1 Context of the Organization – Risk Management # Issue Internal/ External Risks Risk Rating (H/M/L) Actions Opportunities 1 Hiring & Retention of Drivers Internal • Restricted Growth • Late Deliveries L • To provide technological advanced and comfortable fleet for drivers • To provide ELD installed fleet for driver's safety and easy compliance • To provide job stability • To provide health care benefits • To give performance bonus • Effective Manpower Planning • Organizational Branding 2 Maintenance of Certifications Internal • Customer Dissatisfaction • Market Reputation • Low business volume • Loss of big customers • Losing market competitiveness L • Training of employees • Maintaining/retaining documented information as per requirement • Conducting internal audits and inspections • Consulting services from Safety Consultants • Competitive advantage • Attracting new customers and retaining existing ones 3 Weather External • Late Deliveries • Late Pickups • Unsafe Driving Conditions M • Effective Planning based on weather forecast • Increased Customer communication on delivery/pick-up status • Winter season driving training to all drivers • SOPs for winter driving • Safety on Road • Improved winter season performance to satisfy the customer 16
  • 17. 4.2 Interested Parties & their Expectations – Risk Management # Interested Parties Expectations Risks Risk Rating (H/M/L) Actions Opportunities 1. Customers • Services quality • On-time delivery • Response time to enquiries and complaints • Compliance with applicable regulations • Maintenance of required certifications • Late Deliveries • Penalties • Loss of business • Customer Dissatisfaction M • To implement Quality Management System based on the requirements of ISO 9001:2015 • Maintain compliance certifications • To train office employees and drivers on compliance requirements • To improve level of communication with customers • After-hours services • Repeated & dedicated business from existing customers • Referrals • New business from existing customers 2. Suppliers • Clear specification of products & services • On time payment • Products and Services not meeting requirements • Late Deliveries L • To provide clear specifications of products and services to all suppliers • To provide training to Owner Operators and develop other suppliers • To pay on time as per terms and conditions • Dedicated services 3. Regulators • Compliance with applicable requirements • Market Reputation • Fines/Penalties • Shut Down M • To hire services of experienced compliance consultants • To trained employees on applicable regulations • Good Market Reputation • Business Continuity 4. Employees 5. Leadership 17
  • 18. Can we use Risk-based- Thinking in Auditing? There is no ISO standard for Management System Auditing There are Guidelines (ISO 19011) for Management System Auditing mainly used for 3rd Party Auditing but can be used for 1st & 2nd Party Auditing as well ISO 19011 requires ISO Registrars to use Risk-based- Thinking in 3rd party auditing We must use Risk-based-Thinking for conducting internal audits to demonstrate conformance 18
  • 19. 4.4./9.2 Turtle Diagram – A Tool for Process Risk Management With What? (Material/Financial/Other Resources) Opportunities With Who? (Human Resources) • Infrastructure (Hardware, Software, Office etc.) • Time • Resources for Audit (Financial/Materials/Others etc.) • Use of Risk-based-Thinking in Auditing • Effective Audit Planning • Effective Training • Maintaining adequate number of competent Auditors • Qualified Auditors • Lead Auditor • Auditee Inputs Internal Auditing Process Output • Audit Plan /Schedule • Audit Criteria (Req of QMS, ISO 9001 and Interested Parties) • Risks & Opportunities • Importance and Criticality of Processes • Changes affecting the Organization • Results from previous audits • Internal and external performance trends • Customer complaints • Audit Report • Summary of Audit Findings • Non-Conformity Report (if any) How? (Methods/Control/Documented Information) Risks Monitoring/Measuring (KPIs/Process Results) • Audit Planning • Documented Information (Policies/Procedures) • Audit Checklists • Audit Frequency • Audit Methods (Interviews, Observations and Review of Documented Information) • Poor Audit Planning (not based on Risk) • Ineffective Audit Training • Auditor’s Competence • Availability of Competent Auditors • Infrastructure Failure • Lack of Resources • Inadequate Frequency • Internal/External Audit Results • Timely completion of audits as per Schedule • Effectiveness of CA • # of IANCRs • Maintenance of ISO 9001 Certification 19
  • 20. Risk-based- Thinking in Auditing Conducting more frequent audits in following circumstances may help to reduce the risk and ensure product/service conformity and customer satisfaction: • QMS is new in the organization • Process(s) is complex • New product/service is launched • Areas with more identified risks or nonconformities • Areas with major nonconformities • Areas where corrective actions were not effective • Processes which are critical for product/service conformity • Areas with more customer complaints and formal rejections Some Best Practices 20
  • 21. I wish you to stay Safe. 21
  • 22. 22 Sorry, I couldn’t ask any question. No Worries! Email at info@gcerti.ca