Skip to content
Your Bookmarks
    No saved pages. Click the bookmark icon next to any article title to add it here.
    EMS handbook

    9.1 Internal systems audits: ISO 19011

    While Layered Process Audits (LPA) check if the operator is following the written rules today, the Internal Systems Audit asks if the rules themselves are compliant, effective, and actively utilized. This is a comprehensive health check of the entire Quality Management System (QMS). Treating the internal audit as a superficial compliance exercise wastes engineering resources and obscures risk. The goal of an internal audit is to proactively identify structural gaps in the foundation before they impact customers.

    The Auditor’s mindset: fact finder, not fault finder

    Section titled “The Auditor’s mindset: fact finder, not fault finder”

    A professional audit is a structured sampling exercise designed to verify objective conformity to a defined engineering standard. The auditor’s authority comes from that written standard.

    The Golden Rule of Independence:

    An auditor cannot audit a process they currently manage; a conflict of interest compromises the result. Auditors should have a direct reporting line to Quality Leadership to maintain independence from Production.

    The “Show Me” Rule:

    Auditors rely on documented evidence rather than verbal assurances. Data is essential.

    • Auditee: “We calibrate the torque drivers on the line every Monday.”
    • Auditor: “Excellent. Show me the specific calibration log for the last three Mondays.”
    • The Logic: When the log is missing or unsigned, the calibration cannot be verified, resulting in a non-conformance finding.

    Risk-based scheduling (optimize your audits)

    Section titled “Risk-based scheduling (optimize your audits)”

    Auditing every department with the exact same frequency simply to fill out an annual schedule must be avoided. Auditing resources must be allocated where the active risk resides.

    The Scheduling Logic:

    Whenever a specific process generates a major CAR (Corrective Action Request) or a severe Customer Complaint, its audit frequency must be increased. For processes involving “Special Processes” (e.g. Wave Soldering, Conformal Coating) where the physical output cannot be fully verified by non-destructive inspection, they must be audited more frequently. When a low-risk department has been stable with zero findings for an extended period, their audit frequency can be reduced to baseline compliance levels to optimize resources.

    Classifying findings (the grading scale)

    Section titled “Classifying findings (the grading scale)”

    Predefined definitions must be used to correctly categorize factory issues.

    Major Non-Conformance (The Systemic Gap):

    • Definition: A systemic breakdown of a critical quality requirement, or a direct risk of shipping non-conforming product to the customer.
    • Example: No formal Control Plan exists for a newly launched product line, or a product was shipped without a signed Engineering Deviation waiver when required.
    • Action: Immediate investigation and Escalation to Executive Management Review.

    Minor Non-Conformance (The Isolated Lapse):

    • Definition: A single, isolated observed lapse in procedural discipline that does not actively threaten the integrity of the overall system or the final product.
    • Example: One traveler document in a sample of ten is missing a secondary signature, or a calibration sticker fell off a storage bin.
    • Action: The specific gap must be formally documented and fixed within an agreed timeframe.

    Opportunity for Improvement (OFI):

    • Definition: The process is technically ISO compliant, but it is inefficient or carries unnecessary latent risk.
    • Example: “The standard is met, but consider digitizing this handwritten log into the Manufacturing Execution System (MES) to prevent future transcription errors.”
    • Action: Optional implementation by the process owner, recommended for continuous improvement.

    Recap: Non-Conformance Classification and Audit Triggers

    Section titled “Recap: Non-Conformance Classification and Audit Triggers”
    Finding ClassificationCore Definition / TriggerRequired ActionEvidence / Condition
    Major Non-ConformanceSystemic failure of a critical requirement; direct risk of shipping non-conforming product.Immediate investigation and escalation to Executive Management Review.e.g., Missing Control Plan for a product line; product shipped without required Engineering Deviation waiver.
    Minor Non-ConformanceIsolated, single lapse in procedural discipline; no threat to system or product integrity.Document the specific gap and correct within an agreed timeframe.e.g., One missing secondary signature in a sample of ten traveler documents.
    Opportunity for Improvement (OFI)Process is ISO compliant but inefficient or carries latent risk.Optional implementation by the process owner; recommended for improvement.e.g., Recommendation to digitize a handwritten log into MES to prevent errors.
    Audit SchedulingTriggered by major CAR, severe Customer Complaint, or involvement of a “Special Process”.Increase audit frequency for the specific process.Process output cannot be fully verified by non-destructive inspection (e.g., Wave Soldering).
    Auditor IndependenceAuditor cannot audit a process they currently manage.Maintain direct reporting line to Quality Leadership.Conflict of interest prohibited; evidence must be documented (“Show Me” rule).

    Сообщение об ошибке