ISO audits are like sets of fingerprints, no two are exactly the same. Still, that doesn’t mean we can’t learn a thing or two from those who’ve been there before.
You never can tell what an ISO auditor is going to ask you about, until he/she asks it. So most audits come down to a mix of being prepared for anything and being calm and cool under pressure.
Even though you can’t predict exactly what they’re going to want to know, you can still have a pretty good idea going in.
Here’s a list of three questions – compiled by Quality Digest’s Miriam Boudreaux – that form the basis of most ISO audits, as well as some ideas on how to answer ’em.
Question #1: What are your objectives?
The goal of this question is to determine if a set of Quality objectives are in place. Also, it checks that everyone in an organization is on the same page and knows where it’s headed, in terms of quality and improvement. As a follow-up, most auditors will want to see proof of those objectives, as well as the data/metrics used to show that an objective has been met.
Best possible outcome: Employees are able to demonstrate a clear and detailed knowledge of the company’s objectives and show the auditor where to find a listing of those objectives.
Question #2: Where do you get your procedures from?
Documentation is a huge part of any ISO audit. The question checks to make sure a company’s internal process and procedures and written down, accessible and repeatable by all members of the staff.
Best possible outcome: Employees are able to show auditors the work instructions, quality manuals, etc. they use day in and day out. They’re also able to explain why those documents and forms are important to their role in the company.
Question #3: What do you do if you find a nonconformance?
Most ISO standards revolve around the idea of continuous improvement. So if something goes wrong, auditors are going to want to see an action plan in place ready to address the problem and make sure it doesn’t happen again.
Best possible response: Employees are able to go step-by-step through the company’s disaster response plan. This includes who they report issues to, what steps the employee should take right away and what, if any, follow-up actions are needed.