Companies that operate in an ISO-certified environment have to stay ISO compliant to keep their certification; this is achieved through the audit process. ISO is the International Organization for Standardization, the organization that promotes and certifies quality standardization. ISO certification is required by some customers and is usually a necessity for companies engaged in manufacturing, especially to obtain government contracts. ISO certification involves developing a quality statement or policy and a quality manual supported by documented procedures or process maps, management accountability and internal auditing for conformance, non-conformance and suggestions for improvements (continuous improvement). Purchasing departments are normally audited for compliance to purchasing budgets, compliance in buying from approved or preferred vendors and vendor programs and conformance to inventory tolerances.
There are two kinds of ISO audits: internal and external. They are performed by different auditors. An internal audit is performed by people employed at the company, and an external audit is performed by someone from outside of the company, such as a customer, vendor or auditing firm. Whether internal or external, the objective of the ISO auditor is to verify ISO processes and procedures and that employees are knowledgeable about and trained on their positions.
ISO Audit Questions
ISO auditors will question employees from every department in the company and will always ask about the company’s quality policy. The audit will include questions about procedures, the company’s quality manual and conformance and non-compliance with the quality system. The objective of the audit is determining if employees know and understand the quality policy and system as it relates to their jobs and if they are following procedures. Auditors will work from a checklist, document the answers to their question and note their findings.
Purchasing Department ISO Audit Questions
When auditing the purchasing department, the ISO auditor will begin by asking employees if they know the quality policy, noting their responses. For ISO compliance, everyone who works in an ISO environment should have the quality policy memorized and be able to recite it either word for word or at least be able to explain it coherently. The auditor will next ask about the quality manual and the quality procedures for purchasing. Employees should know where the manual and the procedures are located and what the procedures area as they pertain to their jobs.
ISO Procedures Requirements
All company procedures must be documented in the quality manual and must be known, understood, and followed by employees. Any non-compliance situations must be handled and documented according to the procedures for non-compliance in the quality system. If the auditor finds employees or departments acting outside of the quality procedures in the quality manual, the company will not pass the ISO audit and their ISO certification may be in jeopardy.
ISO Audit Results
A company’s ISO certification is affected by audit results, and companies usually prepare their employees for the audits. There are three kinds of results from an ISO audit which comprise the final rating: opportunities for improvement, minor findings, and major findings. Opportunities for improvement should be reviewed and probably implemented, minor findings are sometimes numerous and require correction by the next audit, and major findings require corrections and re-audit for certification. The benefits of ISO certification include increased efficiency and revenue, improved customer satisfaction and vendor relationships and international recognition. It is well worth the cost and effort to achieve and maintain certification.