Smernice Za Pisanje Auditorskih Izveštaja

SMERNICE ZA ISO 9001:2015 AUDIT
Ovo su smernice za auditore koji ocenjuju prema zahtevima ISO 9001:2015. Primer auditorskog teksta je dat isključivo kao smernica i ne treba ga kopirati u auditorskim
izveštajima. Napomene su pisane oblikom italic. Napoemene I smernice su prikupljene iz različitih izvora, npr. IAF, ISO, ISO 9001 Auditing Practises Group, itd. Učinjeni su
svi napori da se obezbedi tačnost informacija, ipak ovaj dokument predstavlja samo smernice I različita mišljenja I tumačenja mogu postojati.
Definicije:
Objektivni dokaz, kako je definisano u ISO 9000, je podatak koji podržava postojanje ili istinitost nečega. Objektivni dokaz se može obezbediti kroz posmatranje, merenje,
testiranje ili drugim sredstvima. Objektivni dokaz za potrebe audita najčešće predstavlja zapis, izjavu o činjenici ili drugu informaciju koja je relevantna za kriterijume audita
I proverljiva.
Put audita, u nedostatku definicije iz ISO 9000, standardna definicija iz rečnika za 'audit' i ‘trag’ daje sledeće: Sistematski pristup prikupljanju dokaza, zasnovan na
specifičnim uzorcima, da rezultat niza interno povezanih procesa zadovoljava očekivane ishode.
npr. Put audita za rizikie I mogućnosti: ovaj put audita počinje internih+m I eksternim pitanjima I zahtevima zainteresovanih strana. Ovo zajedno sa politikom kvaliteta
određuje ‘’nameravane rezultate’’ organizacije. Organizacija je onda obavezna da odgovori na rizike I mogućnosti kako bi obezbedila sposobnost da postigne svoje ciljeve
(‘’nameravane rezultate’’). Mogućnosti odgovaranja na rizike mogu uključiti izbegavanje rizika, prihvatanje rizika kako bi se iskoristila mogućnost, eliminisanje uzroka rizika,
izmenu verovatnoće ili posledice, podelu rizika ili zadržavanje rizika. Drugi deo audit puta za rizik ispituje da li je organizacija utvrdila rizike I mogućnosti koji utiču na
usaglašenost proizvoda I usluga. Na primer, rizici mogu biti ublaženi u procesu razvoja novog proizvoda počevši sa planiranjem projekta, zatim planom proizvoda I
proizvodnje I konačno u samom procesu proizvodnje I pružanja usluga.
Procesni pristup
Understanding and managing interrelated processes as a system contributes to the organisation’s effectiveness and efficiency in achieving its intended results. This
approach enables the organisation to control the interrelationships and interdependencies among the processes of the system, so that the overall performance of the
organisation can be enhanced. The process approach involves the systematic definition and management of processes, and their interactions, so as to achieve the intended
results in accordance with the quality policy and strategic direction of the organisation.
A process is not a clause or element of ISO 9001 and it is probably not confined within a single organisational department but typically process is cross-functional and done
“what we do level”. Sometimes there is confusion between a business processes and procedures that are flowcharted. Procedures are ‘how’ something happens, and as
such are not cross-functional. If an organisation is to manage the process it needs to understand the results that it achieves and how those results are used to improve the
performance of that process.
The process approach starts with a full understanding of the external and internal environments in which the organisation operates. This covers all customer and other
stakeholder requirements and is where a clear understanding of what the unique requirements are for the organisation. From this, the senior management can prioritise
and define the strategic objectives and the standards or frameworks they need to apply within the organisation. When this has been done it is possible to describe the key
processes that will deliver them. These processes then have to be defined in order to deliver these objectives. The performance of the processes needs to be appropriately
measured and used to identify and drive improvements.
1
Izdanje 1
The processes need to cover everything that is included in the 'scope' of the management system. They need to cover all functions and all elements of the organisation's
planning and operational cycle - all the way from gaining market intelligence to learning and improving based on the results achieved. It must also include all of the
‘support' processes necessary to ensure the core processes can be consistently delivered.
Clause 4.4 lays out detailed requirements on how processes need to be structured, address risk, be measured and monitored, and include performance indicators. It also
requires the organisation to evaluate a process and make changes if it’s not achieving intended results. Process performance is also a requirement of the organisational
roles and responsibilities in clause 5.3. The auditor should start the process performance audit by checking the structure of the process i.e. process owner and process
linkages. Some auditors find a useful to document the process in the form of a turtle diagram. The auditor should look for answers to the questions like what overall
objective is this process trying to help achieve? Are there risks and opportunities identified for the process? Are the actions implemented? Did it mitigate the risk? Is the
process performing satisfactorily? Are there any changes planned due to the process performance not met?
MIšljenje zasnovano na riziku

ISO 9001 specifies requirements for the organisation to understand its context and determine risks as a basis for planning. Risk based thinking considers both risks and
opportunities. An audit of risk-based thinking in an organisation cannot be performed as a stand-alone activity. It should be implicit during the entire audit of a QMS,
including when interviewing top management.
Although clause 6.1 specifies that the organisation shall plan actions to address risks, there is no requirement for formal methods for risk management or a documented
risk management process. Organisations can decide whether or not to develop a more extensive risk management methodology than is required by the Standard, e.g.
through the application of ISO 31000. Not all the processes of a quality management system represent the same level of risk in terms of the organisation’s ability to meet
its objectives, and the effects of uncertainty are not the same for all organisations. Under the requirements of 6.1, the organisation is responsible for its application of risk-
based thinking and the actions it takes to address risk, including whether or not to retain documented information as evidence of its determination of risks.
4. Kontekst organizacije
Standard Kriterijum Dokaz Nalazi audita Usklađenost
ISO 9001:2015 4.1 Razumevanje Ocenjivati na Fazi 1 I 2. Ako je usklađen = usklađeno/OFI
organizacije I njenog Zarad efektivnog planiranja, organizacija mora da razume: primena I efektivnost mala/velika NC
konteksta. • svoj status, ocenjivanog procesa su
• šta želi da postigne, i uzorkovani I smatraju
• svoju strategiju kako to želi da postigne. se usklađenima.
Ako je neusklađen =
Informacije koje bi mogle biti od pomoći u ovom procesu bi mogle da obuhvate: opis za OFI/NCR
• Biznis plan
• preispitivanje strateških planova
• analizu konkurencije
• ekonomske izveštaje iz poslovnih sektora
2
Izdanje 1
• SWOT ili PESTLE analizu
• Zapisnike sa sastanaka
• Listu aktivnosti/mera
• dijagrame, tabele/kalkulacije, mape umova
• izveštaje eksternih konsultanata
Auditr bi trebao da pristupi ovom području putem intervjua sa članovima najvišeg

rukovdstva organizacije.
Izlaz iz ove aktivnosti bi trebao biti evidentan kod utrđenih rizika I mogućnosti iz tačke
6.1.
Primer audita za ovu tačku:

Intervju sa CEO, Direktorom, kojim se potvrđuje da organizacija utvrđuje eksterna I
intrena pitanja koja su relevantna za njenu svrhu I strateški pravac I koja utiču na njenu
sposobnost da postiže nameravane rezultate svog integrisanog sistema menadžmenta.
Ocenjeno je kako oni prate I preispituju informacije o eksternim I internim pitanjima.
Najviše rukovodstvo je ovo objasnilo pozivajući se na XY dokument u svom poslovniku.
XY – Dokument o kontekstu organizacije.
Eksterni kontekst:
Okruženje – lokalno / regionalno / nacionalno / međunarodno.
Konkurentnost – 2 regionalna izvođača / najboljih 20 izvođača / takmičenje sa sličnima
na globalnom nivou.
Kulturološki – stav ‘’mogu da uradim’’.
Ekonomski – ekonomsko tržište je veoma stabilno. Turbulencije su sezonske I vođene
tržištem.
Zakonski - samo propisi o poslovanju, bezbednosti I zdravlju I životnoj sredinu. Nema
specifičnih propisa.
Finansijski - stabilanost – nema velikih skokova niti padova u strukturi prihoda.
Tržišni – najveći na lokalnom području.
Prirodni – zaštita životne sredine.
Politički – nema uticaj.
Socijalni – socijalni trendovi I moda usmeravaju tržište.
tehnološki – vođen korisnicima / zahtevima & zadovoljstvom.
Interni kontekst:
Problemi I perspektiva:
3
Izdanje 1
Kultura – relaksirano / prijateljski / ‘’mogu uradi’’.
Znanje – Postoji visok nivo iskustva, koje je umereno jako. Organizacija je snažna u
predstavljanjima, slabija kod posebnih događaja I maloprodaje. Mora da radi više na
marketingu.
performanse – 100% isporuka na vreme / snažni u kvalitetu.
Struktura: plitka struktura.
Strategija: planiran je rast od 1mil. godišnje u narednih 5 godina, I, takođe, povećanje
bruto granice sa 34 na 39% u istom periodu.
Vrednosti: kreiranje, zajednički rad i isporuka sjajnih proizvoda uz ‘’mogu uraditi’’
filozofiju
ISO 9001:2015 4.2 razumevanje potreba I Ocenjivati na fazi 1 I 2. Ako je usklađen = usklađeno/OFI
očekivanja zainteresovanih primena I efektivnost mala/velika NC
strana Zainteresovane strane – interesne grupe: ocenjivanog procesa su
Osoba ili organizacija koji mogu uticati, biti pod uticajem ili imaju percepciju da su pod uzorkovani I smatraju
uticajem odluke ili aktvnosti. PRIMER: Korisnici, vlasnici, ljudi u organizaciji, isporučioci, se usklađenima.
bankari, regulatorna tela, sindikati, partneri ili društvo koje može da obuhvati Ako je neusklađen =
konkurenciju ili grupe koje kao protivnici vrše pritisak. opis za OFI/NCR
Auditori bi trebali da razumeju I da ocene način na koji organizacija odlučuje o

zahtevima zainteresovanih strana koje su relevantne za sistem menadžmenta uzimajući
u obzir:
• razmotreni rang zainteresovane strane,
• kriterijume za selekciju relevantnih zainteresovanih strana,
• aspekte za selekciju relevantnih zahteva.
Mada ne postoji zahtev za čuvanjem dokumentovane informacije, za očekivati je da

organizacija održava neke podatke o svojoj analizi zarad sadašnjih I budućih referenci.
Ovo može biti izraženo, na primer, kao:
• zapisi sa sastanak
• tabele
• tabelarni proračuni
• baze podataka
• hiperlinkovi
• eksterna dokumentacija
• poslovnik kvaliteta (ako organizacija odluči da ga ima)
4
Izdanje 1
• itd.
Auditori bi trebali da sprovedu ovo preispitivanje u okviru intervjua sa najvišim
rukovodstvom I da prate ove nalaze kroz audit.
Ne postoji zahtev da organizacija razmatra zainteresovane strane tamo gde je odlučeno

da te strane nisu relevantne za sistem menadžmenta. Na organizaciji je da odluči da li
određeni zahtev relevantne zainteresovane strane jeste relevantan za njen sistem
menadžmenta.
Zahtevi ovih zainteresovanih strana bi morali biti uzeti kao ulazi u proces planiranja,
klauzula 6.1, kao potencijalni rizici ili mogućnosti.

Razgovor sa najvišim rukovodstvom je pokazao kako je ORG utvrdila:
a) zainteresovane strane koje su relevantne za sistem menadžmenta;
b) zahteve ovih zainteresovanih strana koji su relevantni za sistem menadžmenta
ORG prati I preispituje informacije o ovim zainteresovanim stranam I njihovim
relevantnim zahtevima.
Zainteresovane strane su identifikovane kao:
1. Korisnici - Potrebe – da se proizvod/usluga isporuče (pruže) na vreme, sa
ugovorenim kvalitetom po ugovorenoj ceni.
2. Dobavljači/izvođači – potrebe – da budu plaćeni na vreme I da svi ugovorni I drugi
elementi budu pruženi na vreme omogućujući njima da svoj proizvod/uslugu isporuče
na vreme.
3. Susedi – potrebe – ne izazivati nepotrebnu buku ili zagađenje.
4. potrebe zaposlenih – da postoji bezbedno, prikladno radno okruženje, toplo I suvo
(iznutra) I da su plate (gde je primenljivo) I troškovi vremenski uređeni.
5. izvršni direktor – da mu se kreditne rate isplaćuju prema ugovorenom vremenskom
planu.
ISO 9001:2015 4.3 Utvrđivanje obima Ocenjivati na Fazi 1 I 2 audita. Ako je usklađen = usklađeno/OFI
primene ORG sistema primena I efektivnost mala/velika NC
menadžmenta Obimm primene sistema menadžmenta u mnogim slučajevima je jasan sam po sebi I ocenjivanog procesa su
definisan aktivnostima koje se sprovode na jednoj lokaciji. Obim primene sistema uzorkovani I smatraju
menadžmenta postaje izazovniji u slučajevima gde postoji: se usklađenima.
• outsource-ovanje Ako je neusklađen =
• logistika opis za OFI/NCR
5
Izdanje 1
• više lokacija
• servisni centri
• servisna I korisnička mesta
• postojanje I proizvoda I usluga
Iz preispitivanja operacija, proizvoda I usluga ORG, obim sistema menadžmenta bi
trebao biti jasan. Ovo bi trebalo biti iskazano kroz domen procesa I upravljačkih mera
koje je ORG uspostavila.
Pošto se termini obim sistema menadžmenta I obim sertifikacije često koriste

naizmenično, to može da dovede do zabune kada kupac ili krajnji korisnik pokušava da
utvrdi koji su delovi organizacije sertifikovani prema zahtevima iz ISO 9001 I koje su
proizvodne I uslužne linije ili procesi obuhvaćeni sistemom menadžmneta.
Kako bi se izbegla ta konfuzija I omogućila identifikacija onog što je sertifikovano, obim
sertifikacije bi jasno trebao da definiše:
- obim primene sistema menadžmenta, vrste proizvoda I usluga, lokacije u vezi sa time,
odeljenja, divizije itd. Koji su obuhvaćeni njime
- glavni operativni proces ORG-a za proizvodnju ili pružanje usluge, kao što je
projektovanje, izrada, pakovanje, isporuka, itd., za proizvodne linije koje su obuhvaćene.
Domen (obim primene) sistema menadžmenta bi trebao biti sadržan u dokumentovanoj

informaciji u vezi sa procesnim pristupom. Takva dokumentacija bi mogla da obuhvati:
• dijgrame procesa (ulaz – proces – izlaz)
• dijagrame koji pokazuju veze procesa (ulazi / izlazi / korisnici)
• pregledi koji pokazuju lokacije aktivnosti
• identifikaciju procesa iz outsource-a
• dijagrame resursa (npr. analiza kapaciteta, mapiranje toka vrednosti, “Lean”…. )
• programe
Odgovornost je auditora:
- da obezbedi da konačna izjava o obimu sertifikacije ne dovodi u zabludu;
- da verifikuje, tokom audita, da se ovaj obim odnosi samo na procese, proizvode,
usluge, lokacije, odeljenja ili divizije itd. organizacije koja je obuhvaćena obimom
sertifikacije;
- da verifikuje da ovaj obim definiše svaki neprimenljivi zahtev iz ISO 9001, I da je
opravdanje za neprimenu pruženo I razumno.
Aneks A iz ISO 9001:2015 pruža objašnjenje za “Primenljivost” svojih zahteva. Tačka 4.3
6
Izdanje 1
“Obim će sadržati vrste proizvoda I usluga koji su njime obuhvaćeni I pružiti opravdanje
za svaki zahtev iz ovog međunarodnog standard za koji je organizacija odlučila da
nije primenljiv.”

Obim primene je dokumentovan u XXX.
Organizacija je uspostavila obim primene sistema menadžmenta kao:
Šta je ono šta mi radimo (obim primene): “Projektovanje, izgradnja, instalacija, selidba I
skladištenje izložbenih, prostornih, korporativnih i maloprodajnih enterijaera, muzejskih
panoa I velikih grafičkih formi.”
Gde to radimo (granice obima) - sedište I lokacije xxx, xxx i xx za QMS I EMS.
Zahtevi koji nisu primenljivi su XXXXXXX. Opravdanje za isključivanje zahteva xxx je
navedeno u xxx. Obim primene je prispitan od strane ključnih funkcija unutar kompanije
I odobren od strane xxx. Obim primene sistema menadžmenta je odgovarajući za
procese, proizvode I usluge organizacije, kao I za geografsko područje unutar koga se
vrši realizacija.
ISO 9001:2015 4.4 XXX sistem Ocenjivati na Fazi 1 I 2 audita. Ako je usklađen = usklađeno/OFI
menadžmenta I njegovi primena I efektivnost mala/velika NC
procesi Primena ‘’procesnog pristupa’’ je obavezni zahtev iz ISO 9001:2015 I jedan od ocenjivanog procesa su
najvažnijih za sistem menadžmenta. Auditori moraju da razumeju da ocenjivanje uzorkovani I smatraju
sistema menadžmenta je ocena procesa organizacije I njihovih interakcija. se usklađenima.
Primeri moguće dokumentacije su: prikaz procesa, mape procesa, IT dijagrami toka, Ako je neusklađen =
Posebni dijagrami, itd. opis za OFI/NCR
Ako opis procesa nije na isti način interpretiran od strane auditora I organizacije,
auditor bi trebao da se potrudi da razume gledište organizacije, a ne da nameće svoje
viđenje, osim kada je jasno (I postoji dovoljno objektivnih dokaza) da zahtevi standarda
nisu zadovoljeni. Isto važi I u slučaju kada auditor veruje da određeni process nije
pravilno identifikovan ili nedostaje. Tokom audita, auditor bi trebao da utvrdi da li je
problem samo terminološke prirode, ili postoji pravi nedostatak u primeni procesnog
pristupa od strane organizacije.
Slede primeri pitanja za auditiranje procesnog pristupa.

• Da li mi možete objasniti ovde vaše aktivnosti?
• Koji su osnovni zadaci koji se izvršavaju u vašem odeljenju?
• Koje informacije su vam porebne da biste počeli sa radom?
• Odakle one dolaze?
7
Izdanje 1
• Ko prima rezultate vašeg rada?
• Kako znate da ste ispravno odradili vaš posao?
• itd.
Auditor bi takođe trebao da verifikuje da je organizacija definisala ciljeve za relevantne

procese koji su saglasni sa poslovnim ciljevima, I da ova dva skupa ciljeba nisu
međusobno suprotstavljena.
Auditor bi trebao da oceni da li su indikatori performasni organzacije dozvoljeni za

efektivne operacije I upravljanje njenim procesima, I da li se odnose na rizike I
mogućnosti u vezi tih procesa.
Organizacije često identifikuju previse procesa; neki ili svi od njih su aktivnosti, ili
definišu po jedan za svaku tačku standarda, koji ne ispunjava zahteve za proces. U
ovakvim situacijama, auditor bi trebao (u Fazi 1 inicijalnog auidta) da konstatuje
potrebu da se redefinišu procesi, zasnovanu npr. na kritičnim tačkama aktivnosti I
procesnom pristupu.

Organizacija je identifikovala procese kakom bi obezbedila da se sistemom
menadžmenta upravlja efektivno kako bi se održala usaglašenost sa zahetvima.
U okviru QMS, organizacija je identifikovala pojedinačne procese koji čine da sistem
konstantno omogućava da se proizvodi I usluge isporučuju kako je predviđeno.
Sledeće je verifikovano:
Lista procesa (ref: xxxxx), karte procesa/toka (ref: xxxx), karte procesne interakcije (Ref:
xxxx)
Uspostavljeni su kriterijumi za operacije I indikatori performansi, matrica uloga I
odgovornosti (ref: xxx), odgovorajuće praćenje I preispitivanje procesa. Dokumentovani
planovi kvaliteta (ref: xxx), analiza podataka, preisptivanja radnih procesa, itd. Su neke
od aktivnosti za menadžment rizikom I identifikovanje mogućnosti za poboljšanje. >>
<< drugi>> procesi sistema menadžmenta su identifikovani. Npr. analiza rizika za <<
životnu sredinu, OHSbezbednost informacija>> Doc ref:xxx, interni audit Doc ref:xxxx,
Preispitivanje od strane rukovodstva, Doc ref: xxxx.
Obilazak objketa, preispitivanje dokumenata I druge aktivnosti audita pružaju
adekvatne dokaze da je process sistema menadžmenta utvrđen I da se njime pravilno
vrši menadžment.
8
Izdanje 1
5. Liderstvo
ISO 9001:2015 5.1 Liderstvo I posvećenost Da se oceni na Fazi 1 uzimajući u obzir dostupnost dokumentovanih informacija I na Fazi Ako je usklađen = usklađeno/OFI
2 kroz intervjue I dodatne dokaze. primena I efektivnost mala/velika NC
Auditori bi trebali da uključe najviše rukovodstvo u audit, tj. da ih pozovu na uvodni I ocenjivanog procesa su
završni sastanak, da odrede dovoljno vremena u audit planu za intervjuisanje najvišeg uzorkovani I smatraju
rukovodstva, da diskutuju o nalazima audita direktno sa njima, traže dokaze o njihovoj se usklađenima.
posvećenosti, itd. Važno je da promene centar pažnje sa samo menadžera kvalkteta na Ako je neusklađen =
celo najviše rukovodstvo. opis za OFI/NCR
Auditor bi trebao da smatra aktivnosti najvišeg rukovodstva za procese I u skladu sa
time I da ih auditira.
Česti metodi za ocenu posvećenosti najvišeg rukovodstva su:

1. Intervjuisanje najvišeg rukovodstva
Auditor može, koristeći adekvatnu terminologiju za najviše rukovodstvo, da postavi
relevantna pitanja
a) nastoji da prikupi dokaze o posvećenosti najvišeg rukovodstva kvalitetu I njenom
značaju za sveobuhvatne ciljeve organizacije I sistema menadžmenta,
b) ustanovi dokaze o usaglašensoti sa zahtevima iz ISO 9001.
c) ako je organizacija odlučila da ne zadrži poziciju Predstavnika rukovodstva,
auditor bi rebao da pokloni posebnu pažnju dodeli odgovornosti I ovlašćenja koji su
nekada bili dodeljivani ovoj ulozi.
2. Prikupljanje I potvrđivanje dokaza
Auditor / audit tim bi trebao konstantno da traži mogućnosti da potvrdi dobijene
odgovore od strane najvišeg rukovodstva kada ga intervjuiše.
Ovo obuhvata
a) dostupnost I relevantnost politika I ciljeva
b) uspostavljanje veza između politika I ciljeva
c) prikupljanje dokaza da su ove politike I ciljevi efektni I da su shvaćeni u
organizaciji
d) utvrđivanje da lis u politike I ciljevi odgovarajući za kontinulano poboljšanje
sistema menadžmenta I postizanje zadovoljstva korisnika.
e) utvrđivanje da li je najviše rukovodstvo uključeno u preispitivanje.

Intervju najvišeg rukovodstva je obavljen sa << Names and Positions>>. Struktura
menadžmenta kompanije je xxx kao što je detaljno prikazano u xxx. Članovi odbora
9
Izdanje 1
prisustvuju godišnjim preispitivanjima sistema I zapisnici su distribuirani svim
članovima. Članovi odbora I viši rukovodioci aktivno učestvuju u preispitivanju rezultata
sa audita. Članovi odbora I generalni direktor su bili prisutni na uvodnom I završnom
sastanku demonstrirajući svoju ulogu I posvećenost procesima sistema menadžemnta.
Periodični poslovni sastanci razmatraju poslovno planiranje I strateške pravce. Na
sastancima se takođe raspravlja o status ciljeva, zahtevima za resurse, rizicima I
mogućnostima I drugim oblastima. Zapisi sa ovih sastanaka su verifikovani, uključujući
xxx, xxxx.
ISO 9001:2015 5.2 Politika Ocenjivati na Fazi 1 I 2. Ako je usklađen = usklađeno/OFI
Politika I njen efektivni razvoj može biti istinski ocenjen samo na osnovu sveobuhvatnih primena I efektivnost mala/velika NC
rezultata audita. ocenjivanog procesa su
Metodi audita bi trebli da obuhvate: uzorkovani I smatraju
• intervjuisanje najvišeg rukovodstva da bi se shvatio njihov pristup i posvećenost; se usklađenima.
• ocenjivanje, putem zapisa sa prispitvanja sistema, posvećenosti I umešanosti najvišeg Ako je neusklađen =
rukovodstva u uspostavljanje, primenu, praćenje iažuriranje politike; opis za OFI/NCR
• Procenjivanje da li najviši menadžment efektivno ‘’preveo’’ politiku u razumljive reči
smernice na svim relevantnim nivoima organizacije, sa odgovorajaućim ciljevima za
svaki primenljivi process, fuknciju, nivo;
• Prikupljanje dokaza o efektivnom širenju politike kroz adekvtanu komunikaciju.
Odogovarajući dokazi o efektivnom širenju I razumevanju politike mogu biti prikupljeni
jedino na kraju audita, nakon procene rezultata audita.

Politika sistema menadžmenta xxx je dokumentovana I potvrđena od strane XX xx.
Politika je sitaknuta na više lokacija: viđena tokom audita na prijemu, u odeljenjima,
poslovnicima sistema menadžmenta, web-u I drugim mestima u organizaciji. Osoblje
ispitivano tokom audita je svesno postojanja I sadržaja politike. Sadržaj politike je
odgovarajući za posloevni sektor, u skladu sa poslovnom strategijom, daje okvir za
postavljanje ciljeva I posvećenost ispunjenu I unapređenju ciljeva sistema
menadžmenta I obavezama za usklađenost.
ISO 9001:2015 5.3 Organizacione uloge, Ocenjivati na Fazi 1i 2. Ako je usklađen = usklađeno/OFI
odgovornosti I ovlašćenja Nema zahteva da se imenuje predstavnik rukovodstva. Međutim, ova uloga može biti primena I efektivnost mala/velika NC
zadržana od strane najvišeg rukovodstva ili biti delegirana kroz ostale uloge. ocenjivanog procesa su
Takođe, zahtev je da se uloge I odgovornosti "dodele I saopšte" i "razumeju". uzorkovani I smatraju
se usklađenima.
Primer audita za ovu tačku: Ako je neusklađen =
10
Izdanje 1
Organizacija je vođena dobro definisanim najvišim rukovodstvom I struturom opis za OFI/NCR
odgovarajućom za organizacionu veličinu I operacije. Uloge I odgovornosti su dodeljene
I saopštene unutar organizacije od strane najvišeg rukovodstva I interjui sa xx, xxx i xx
potvrđuju da imenovano osoblje razume svoje uloge I odgovornosti dobro. Doc ref:
xxxx. Tipično, procesi odeljenja I procesi sistema menadžmenta su projektovani kao I
krajnje odogovrno osoblje. Starijoj funkciji << ime I rang>> imenovanoj od strane << ime
I funkcija>> dodeljena je odgovornost koordinacije procesa sistema menadžmenta, da
bi se postigla konzistentnost I efektivnost. Ovaj tim je odgovoran za performanse
sistema menadžmenta, upravlja internim auditima, koordinira analizu sistema
menadžmenta sa ciljem poboljšavanja I olakšava preispitivanje sistema. Više internih
auditora je kvalifikovano za jedan ili više standard sistema menadžmenta. Zapisi sa
obuke su dostupni.
6. Planiranje
ISO 9001:2015 6.1 Aktivnosti postupanja sa Ocenjivati na Fazi 2. Ako je usklađen = usklađeno/OFI
rizikom I mogućnostima Standarda specificira zahteve za organizaciju da mora da razume svoj kontekst (vidi 4.1) primena I efektivnost mala/velika NC
I utvrdi rizike kao osnovu za planiranje (vidi 6.1). Ovo predstvalja primenu RBT-a radi ocenjivanog procesa su
planiranja I primene procesa sistema menadžmenta (vidi 4.4) I pomoćiće u utvrđivanju uzorkovani I smatraju
potrebnog obima dokumentovanih informacija. se usklađenima.
Ako je neusklađen =
Audit RBT-a u organizaciji se ne može izvesti kao zasebna aktivnost. Trebala bi biti opis za OFI/NCR
implicirana tokom čitavog audita uključujući intervjuisanje najvišegr ukovodstva.
Auditor bi trebao da se sledećih koraka I da prikupi objketivne dokaze kao što sledi:
• kakve ulaze koristi organizacija kod utvrđivanja rizika I mogućnosti?
Ovi ulazi bi trebali da obuhvate sledeće:
 Analizu internih I eksternih pitanja
 Srateški pravac organizacije.
 Zainteresovane strane, u vezi QMS-a, I njihove zahteve, takođe u vezi sa QMS-
om
 Obim primene QMS-a u organizaciji.
 Procese organizacije.
• Auditor bi trebao da notira da je organizacija utvrdila potreban obim dokumentovanih
informacija potrebnih da se pruži objketivan dokaz o primeni RBT-a.
• Kako će organizacija da utvrdi svoje rizike I mogućnosti, imajući u vidu navedeno?
Objketivni dokazi mogu biti u više oblika.Npr:
 Zapisi sa sastanaka
11
Izdanje 1
 SWOT analiza
 Izveštaji o povratnoj informaciji od korisnika.
 Brain-storming aktivnosti
 Analiza konkurencije.
 Planiranje, analiza I procena aktivnosti vezanih za nekoliko procesa, npr.
Srtateško planiranje, projektovanje I razvoj, marketing, proizvodnja I pružanje
usluge, korektivne mere, …
 Preisptivanje od strane najvišeg rukovodstva
 Utvrđivanje rizika ili zapisi sa procenom, ako je organizacija utvrdila da je
primenljivo ili potrebno
 itd.
• Kako bi organizacija mogla da odgovori na utvrđene rizike I mogućnosti? Mere koje bi
se trebale preduzeti mogu biti u različitim formama. Na primer:
 revizija starih ili postavljanje novih ciljeva.
 Akcioni plan.
 Obuka na poslu
 Radna uputstva
 Ciljevi I projekti poboljšanja itd.
• da li organizacija ocenjuje efektivnost gore preduzetih mera?
Auditor bi trebao da potrvdi da li interni auditi ili ocean performansi uzima u obzir
efektivnu primenu RBT-a.

Organizacija je odlučila da dokumentuje svoj process menadžment rizikom u xxx koji
definiše process odgovora na rizike I mogućnosti.
xxx matrica rizika daje detalje o poslovnim rizicima.
xxx registar o primenljivim zakonskim propisima daje detalje o zahtevima za
usklađenost.
Xxx Registar poboljšanja se održava sa zapisima o mogućnostima koji su predmet
preispitivanja mesečnih sastanaka.
Pre otpočinjanja novog projekta/lansiranja proizvoda/planiranja operacijasprovodi se

ocean rizika u samom planu I preispituje se na sastanku. Svaki novi rizik se evidentira u
registru rizika I odgovoarajući plan postupanja sa rizikom se pruža kao bi se ublažio rizik
gde je moguće. Plan projekta xxx i zapisi sa sastanaka xxx.
12
Izdanje 1
Kada je planirala sistem menadžmenta, organizacija je razmotrila pitanja koja se odnose
na tačku 4.1 I zahteve iz tačke 4.2 I utvrdila rizike I mogućnosti kojima je potrebno da se
bavi:
Obezbediti da integrisani sistem menadžmenta može postići nameravane ishode;
 Upravljati aspektima životne sredine I obavezama za usklađenost;
 Utvrditi potencijalne vanredne situacije u odnosu na BC zahteve;
 Povećati željene efekte;
 Sprečiti ili smanjiti neželjene efekte;
 Postići poboljšanje.
ISO 9001:2015 6.2 Quality objectives and To be audited in stage 1 and 2. Ako je usklađen = usklađeno/OFI
planning to achieve them Auditors need to verify that the organisation’s overall objectives: primena I efektivnost mala/velika NC
• have been defined, ocenjivanog procesa su
• reflect the policy, uzorkovani I smatraju
• are substantially coherent, se usklađenima.
• are aligned and compatible with the organisation’s context and strategic direction, Ako je neusklađen =
• and are aligned with its overall business objectives, including customer expectations. opis za OFI/NCR
If this is not the case, the auditors should further evaluate Top Management
commitment to quality.
The auditors should obtain evidence of the way the objectives are suitably cascaded
throughout the organisation’s structure and processes, linking the general strategic
objectives to management objectives and down to specific operational activities.
Auditors should also keep in mind that there is a clear link between the dynamic aspects
of revising the policy, the objectives and the commitment of the organisation to
improvement.
Example audit of this clause:

The objectives established (Doc ref: xxxxx) are consistent with the policy established by
the top management and the associated business strategies. The objectives established
are relevant to the respective areas and have been communicated to those on a need-
to-know basis. Appropriate performance indicators and target timelines have been
established (Example objective in XXX management system: xxxxxx. Performance
indicator: xxxxx Planned target time of achievement: xxxxxx).
Objective management programme identifies the actions required, resources needed,
roles and responsibilities and ongoing monitoring review.
ISO 9001:2015 6.3 Planning for changes To be audited in stage 2. If compliant = The Compliant/OFI
13
Izdanje 1
References to change are made in several clauses in ISO 9001:2015: 4.4, 5.3, 6.3, 8.1, implementation and Minor/major
8.3.6, 8.5.6, 9.2, 9.3, 10.2. effectiveness of the
Some changes need to be carefully managed while others can be safely ignored. process audited has
In order to sort through this, the organisation should consider a method to prioritize. been sampled and is
To determine the priority, the organisation should consider a methodology that allows considered to be
them to take into account: compliant.
 Consequences of the change If not compliant =
 Likelihood of the consequence description of OFI/NCR
 Impact on customers
 Impact on interested parties
 Impact on objectives
 Effectiveness of processes that are part of the management system
 Others
Changes are intended to be beneficial to the organisation and need to be carried out as
determined by the organisation. In addition, consideration of new introduced risks and
opportunities need to be taken into account.
To achieve the benefits associated with changes, the organisation should consider all
types of changes that may need to occur. These changes may be generated, for
example, in:
 Processes
 Documented information
 Tooling
 Equipment
 Employee training
 Supplier selection
 Supplier management, etc.

Change Management Process xx supported with the process flowchart has been
prepared to address the Planning for changes. All changes are raised in the change
management system with the risk assessment and required details. Change requests
are reviewed weekly in the change board meetings.
14
Izdanje 1
7. Support
ISO 9001:2015 7.1 Resources To be audited in stage 2. If compliant = The Compliant/OFI
Auditors should verify that the resources needed to implement, maintain and improve implementation and Minor/major
the management system is adequately managed. This means that appropriate effectiveness of the
resources are to be identified, planned, made available, used, monitored and process audited has
changed as necessary by the organisation. been sampled and is
It is recommended that the management of resources is not audited in isolation. considered to be
Irrespective of the way the organisation is structured and identifies its processes, compliant.
auditors should be able to verify the adequacy and effective management of the If not compliant =
resources to achieve planned results. It is important for auditors to verify whether the description of OFI/NCR
organisation has evaluated past and present performance (e.g. using cost-benefit
analysis, risk assessment) when deciding what resources are to be allocated.
Evidence can be obtained at different stages of the audit – reviewing inputs, process
performance and outputs. This has to be carried out when auditing all the processes
and related system and process documentation, such as:
• management commitment and responsibilities;
• management review process;
• product realization processes, including the control of nonconforming products,
corrective and preventive actions and continual improvement.
Auditors should avoid making subjective judgements on the adequacy of the resources
allocated by the organisation and should limit their role to the evaluation of
the effectiveness of the resource management process.
Auditors should verify that the people, infrastructure and the environment for the
operation of the processes are provided and maintained in a way that is consistent with
the policy and objectives, as well as contributing to conformity to product or
service requirements.
When auditing monitoring and measuring equipment, it is important for auditors to

understand that the equipment supports monitoring and measurement methods that
the organisation has determined to be needed to ensure valid results.
It is also important to know the difference between “monitoring” and “measuring”:
 monitoring is to determine a status of something which implies observing,
supervising, keeping under review; it can involve measuring or testing at intervals,
15
Izdanje 1
especially for the purpose of regulation or control.
 measuring considers the determination of a value, e.g. a physical quantity,
magnitude or dimension (using measuring equipment).
“Measuring equipment” is defined in ISO 9000 as “measuring instrument, software,

measurement standard, reference material or auxiliary apparatus or combination
thereof necessary to realize a measurement process”.
In the extent needed, auditors should confirm that, in addition to providing the
necessary calibration records and assuring the related measurement uncertainty and
traceability, the organisation is aware of and has implemented, as appropriate, a
metrological confirmation system as described in ISO 10012 adequate to the extent and
types of the measurements performed.
The service sector (e.g. hotels, restaurants, education centres, consultants, public
services), perform monitoring and measuring activities using surveys, examination
papers, questionnaires, statistical methods, etc., due to the nature of their product. The
applicability and validity of these methods has to be determined.
Applicability vs non-applicability:
When the impact is relevant, auditors should evaluate issues such as:
- How the organisation validates that the monitoring and measuring resources are
consistent with the monitoring and measurement requirements.
- How the organisation assures the information validity and the consistency of the
results.
- The competence of those responsible for using the monitoring and measuring
resources
From the description above, the organisation should be able to decide whether or not all
or part of the relevant requirements may not be applicable. It is stressed that just
because an organisation does not have measuring equipment that needs to be
calibrated does not mean that it doesn’t automatically need to apply all the
requirements for monitoring and measurement resources. To do so would imply that it
also does not monitor or measure nor uses any monitoring or measuring resources.
Organisational Knowledge is the specific knowledge of the organisation, coming

either from its collective experience or from the individual experience of its persons. In
16
Izdanje 1
an explicit or implicit way this knowledge is, or can be, used to attain the organisation’s
objectives.
Requirements regarding organisational knowledge were introduced for the purpose of:
a) safeguarding the organisation from loss of knowledge, e.g.
 through staff turnover;
 failure to capture and share information;
b) encouraging the organisation to acquire knowledge, e.g.
 learning from experience;
 mentoring;
 benchmarking.
Auditors need to evaluate if the organisations consider internal and external

sources, such as:
 learning from failures, near miss situations and successes;
 gathering knowledge from customers, suppliers and partners;
 capturing knowledge (tacit and explicit) that exists within the organisation, e.g.
through mentoring, succession planning;
 benchmarking against competitors;
 sharing organisational knowledge with relevant interested parties to ensure
sustainability of the organisation;
 updating the necessary organisational knowledge based on the result of
improvements.
 Knowledge coming from conferences, attending to fairs,
 networking seminars, or other external events.

Facility walk around was done to determine the visible state of implementation of the
management system. The resource provision is consistent with the capabilities (as well
as constraints). The processes and products obtained from outside have been
considered while providing the resources. Outsourced processes are <<xxxxxxxx>>.
They are controlled through the controls applied through 'control of externally provided
products and services'.
Operations and processes are controlled by people competent for the respective
processes. Verified: Purchasing officer << name/ID>>: Qualified in inventory
management, Welder <<name/ID>>: Certificated from local approved training
17
Izdanje 1
agency.>>
Relevant infrastructure facility is found to be adequate for achievement of conformity
to products and services. Following were verified:
Building and utilities: RCC structure, machinery layout matching the process flow,
availability of wash/cooling water adequate, in process parts/assembly movement
support adequate (fork-lift, trolleys). Upkeep of building and utilities adequate (Last
routine building maintenance done on <date>.
Equipment, other hardware, software: The organisation has installed state-of-the-art
machinery to realise its products and services. It operates and ERP and an intra network
to control the infrastructure. Machinery upkeep is managed by the maintenance
department. Responsible person <name / designation>. Current contractor <Name
xxxx>. Outsourced process in maintenance activity <xxxx>
Transportation resources: Type of transportation resources used for employees-
contractor name <xxxx>, For production parts <company owned>, for finished good <as
per customer instructions>.
IT infrastructure is outsourced for hardware. Contractor name: <xxxx> Contract expiry
date <xxx>, Last routine maintenance date <xxxx>, last breakdown maintenance <xxxx>.
Software management is done in house. Responsible person: <Name>, Competency
details <xxxx>.
The organisation operates in an environment adequate for achievement of conformity
of products and services. The walk around and people interactions provided evidence
of: good work culture, friendly workplace, good ventilation and airflow, temperature
and lighting.>>
The organisation maintains a list of inspection, monitoring and test equipment (IMTE) -
List ref:xxxxxx. The calibration and readiness for use is managed as per procedure ref:
xxxx. Measuring equipment are tagged to maintain control over calibration and
readiness. Critical measuring instruments are calibrated by externally contracted and
accredited laboratories. Non critical measuring equipment is calibrated internally by
using referenceable comparators. Monitoring and measuring equipment verified:
Micrometre IDxxxx. Last calibrated on: xxxx. Next calibration due: xxxxxx Calibrated
by:xxxxx. Calibration body is part of approved supplier list.
Ambient thermometer ID: xxxx, last calibration checks on: xxxx, calibrated internally
using glass thermometer. the company does not use any instrument where traceability
is requirement. Documented procedure: xxxxxx>>
All operational machineries have their own technical support information. This
information is included as part of operator and supervisor training programmes.
18
Izdanje 1
Example machinery: xxxxxx, Technical manual available with: xxxxxx, Operator name /
ID: xxxx. All process information maintained internally: Technical information is
maintained by <xxxxx>. Non-technical information is maintained by the respective area
operational heads. E.g. HR and training information with HR head. Lessons learnt, with
respective process heads.
Other knowledge is gained from external information gathers from various standards,
research publications, sector journals, conferences and industry interactions.
7.2 Competence To be audited in stage 2. If compliant = The Compliant/OFI

These requirements are usually audited as part of QMS processes and not in isolation. implementation and Minor/major
However, it is recognised that some organisations will have separate human resource effectiveness of the
processes, where most of the evidence needed can be found. process audited has
been sampled and is
In auditing competence, an auditor would typically be seeking evidence that the considered to be
following issues are addressed: compliant.
If not compliant =
1 - An organisation needs to identify what competencies are required by persons description of OFI/NCR
performing work that affects quality.
The objective of the auditor should be to determine whether there is a systematic
approach in place to identify these competencies and to verify that the approach is
effective. The outcome of the process may be a list, register, database, human resources
plan, competencies development plan, contract, project or product plan, etc.
Discussions could initially be held with top management to ensure they understand the
importance of identifying the competencies required.
Auditors need to determine whether the organisation has identified new or changed
competence needs during surveillance audits.
2 – Are competent people assigned to those work place activities necessary to control
the quality characteristics of its processes and products?
Verify that some form of evaluation process is in place to ensure that the competencies
are appropriate to the organisation's activities, and that the persons selected as
competent are demonstrating these competencies. Also, the process should ensure that
any deficiencies are being acted upon and the effectiveness of persons is being
measured. Verify that the activities that affect quality are performed by persons
selected as competent. Evidence may be obtained throughout the audit with an
emphasis on those processes, activities, task and products where human intervention
19
Izdanje 1
may have the greatest impact. The auditor may review job descriptions, testing or
inspection activities, monitoring activities, records of management reviews, definition of
responsibilities and authorities, nonconformity records, audit reports, customer
complaints, processes validation records etc.
3- The organisation needs to evaluate the effectiveness of the actions taken to satisfy
the competence needs and to ensure that the necessary competence has been achieved
The organisation may use a number of techniques including role-play, peer review,
observation, reviews of training and employment records and/or interviews (see ISO
19011, Table 2, for further examples). The organisation may need to demonstrate the
attainment of competence of its persons through a combination of education, training
and/or work experience.
4 – Maintenance of competence.
The auditor needs to verify that some form of effective monitoring process is in place
and being acted upon. Ways of doing this include a continuing professional
development process (such as the one described in ISO 19011), regular appraisals of
persons and their performance, or the regular inspection, testing or auditing of product
for which individuals or groups are responsible. Ongoing changes in competence
requirements may indicate that an organisation is proactive in maintaining persons’
performance levels.

HR has competency requirement documentation established for all functions. Verified:
Purchasing manager competence doc ref: xxxx, xxxx machine operator competency doc
ref: xxxx, where competency documentation is not available respective senior function
will develop the requirement as needed. Competency is judged by education, training
and experience. Before engaging in areas affecting the management system processes,
the person undergoes appropriate training and orientation as assessed during the
training need assessment. Training need assessment form ref: xxxxx. Training is
provided internally or externally depending on resources available.
Verified for: Machine operator ID/ Name: xxxx, joined on date xxxx, personal record file
ref: xxxx, education qualifications: xxxxx, sector job training: xxxx, work experience:
xxxxxx, On the job training dates: xxxxxxx, training evaluated by: xxxxx. Safety training
provided on: xxxx.
Similar records were verified for << supervisor records: Name/ID, training date xxxx,
20
Izdanje 1
First aid training records for <Name/ID> and date of training xxxxx>>.
Procedure for HR management/training: xxxxx.
Awareness trainings on management system requirements have been provided:

Management system team training date: xxxxx Trained external agency
Senior management training date: xxxxx trained by the Management system
coordinator: Other operatives, subcontractors and temporary employees: Management
system coordinating team.
7.3 Awareness To be audited in stage 2. If compliant = The Compliant/OFI

Audit methods should include: implementation and Minor/major
 Conducting interviews with persons to verify if they have the required awareness, effectiveness of the
understanding and knowledge of the way the organisation’s policy, objectives and process audited has
management system performance relates to their own activity, regardless of the been sampled and is
terms used by such people to express their understanding. Do not ask persons to considered to be
recite the policy; compliant.
 Evaluating training and induction programs and records within the organisation. If not compliant =
These programs should contain information on how the quality management description of OFI/NCR
system operates.
 Evaluating the organisation’s corrective action processes regarding involvement of
personnel.
see also clauses 5.2 and 6.2.
The workplace interactions have provided adequate evidence that the personnel are
aware of the policy, objectives relevant to their area, extent of contributions to be
made by them to achieve these objectives and the consequences of not conforming to
the requirements.
Awareness process also applies to temporary contractors and external entities (safety
council, regulatory and governance bodies, others as determined by the organisation).
7.4 Communication To be audited in stage 2. If compliant = The Compliant/OFI
Some or all of the following means of communicating information within the implementation and Minor/major
organisation should be examined by an auditor: effectiveness of the
 Management led communication in work areas process audited has
 Team briefings and other meetings, such as those for recognition of been sampled and is
 achievement considered to be
 Notice boards compliant.
21
Izdanje 1
 E-mail, intranet and web sites If not compliant =
 Company or in house magazine/newsletter description of OFI/NCR
 Staff meetings
 Individual notices or letters
 Product recalls
 Customer communication, e.g. brochures, sales presentations
 Any communication requirements based on the regulatory requirements, etc.
Compliance with the ISO 9001 requirements on communication should only be
determined at the end of the audit, after evaluation of the audit evidence and after
reaching consensus with other audit team members.

Internal and external communication process is managed as situation and need basis.
Method of communication: Routine - Emails, text messages, Confirmation of specs:
Email, Legal liabilities: Email followed up with hard copy, if only email, with appropriate
signature
Communication responsibility:
Routine: Based on functional hierarchy.
Emergency: Emergency officer designate.
Product recall: Operations manager in consultation with marketing manager and top
management.
A review of computer system communication records and hard copy files provided
adequate evidence of conformance.
7.5 Documented To be audited in stage 1 and 2. If compliant = The Compliant/OFI
information Documented information is information required to be controlled and maintained by an implementation and Minor/major
organisation and the medium on which it is contained. effectiveness of the
Documented information can be in any format and media and from any source. process audited has
The following comments are intended to assist in understanding the intent of the been sampled and is
general documented information requirements. considered to be
Documented information can refer to: compliant.
a) Documented information needed to be maintained by the organisation for the If not compliant =
purposes of establishing a QMS (high level transversal documents). These include: description of OFI/NCR
 The scope of the quality management system (clause 4.3).
 Documented information necessary to support the operation of processes (clause
4.4).
 The quality policy (clause 5.).
22
Izdanje 1
 The quality objectives (clause 6.2).
b) Documented information maintained by the organisation for the purpose of
communicating the information necessary for the organisation to operate (low level,
specific documents). E.g. Organisation charts, Process maps, process flow charts and/or
process descriptions, Procedures, Work and/or test instructions, Specifications, etc.
c) Documented information needed to be retained by the organisation for the purpose
of providing evidence of result achieved (records).
 Documented information to the extent necessary to have confidence that the
processes are being carried out as planned (clause 4.4).
 Evidence of fitness for purpose of monitoring and measuring resources (clause
7.1.5.1).
 Evidence of the basis used for calibration of the monitoring and measurement
resources (when no international or national standards exist) (clause 7.1.5.2).
 Evidence of competence of person(s) doing work under the control of the
organisation that affects the performance and effectiveness of the QMS (clause
7.2).
 Results of the review and new requirements for the products and services (clause
 8.2.3).
 Records needed to demonstrate that design and development requirements have
been met (clause 8.3.2)
 Records on design and development inputs (clause 8.3.3).
 Records of the activities of design and development controls (clause 8.3.4).
 Records of design and development outputs (clause 8.3.5).
 Design and development changes, including the results of the review and the
authorization of the changes and necessary actions (clause 8.3.6).
 Records of the evaluation, selection, monitoring of performance and re‐evaluation
of external providers and any and actions arising from these activities (clause 8.4.1)
 Evidence of the unique identification of the outputs when traceability is a
requirement (clause 8.5.2).
 Records of property of the customer or external provider that is lost, damaged or
otherwise found to be unsuitable for use and of its communication to the owner
(clause 8.5.3).
 Results of the review of changes for production or service provision, the persons
authorizing the change, and necessary actions taken (clause 8.5.6).
 Records of the authorized release of products and services for delivery to the
customer including acceptance criteria and traceability to the authorizing person(s)
23
Izdanje 1
(clause 8.6).
 Records of nonconformities, the actions taken, concessions obtained and the
identification of the authority deciding the action in respect of the nonconformity
(clause 8.7).
 Results of the evaluation of the performance and the effectiveness of the QMS
(clause 9.1)
 Evidence of the implementation of the audit programme and the audit results
(clause 9.2.2).
 Evidence of the results of management reviews (clause 9.3.3).
 Evidence of the nature of the nonconformities and any subsequent actions taken
(clause 10.2.2).;
 Results of any corrective action (clause 10.2.2).
Organisations may be able to demonstrate conformity without the need for extensive
documented information. To claim conformity with ISO 9001:2015, the organisation has
to be able to provide objective evidence of the effectiveness of its processes and its
quality management system. Clause 3.8.3 of ISO 9000:2015 defines “objective
evidence” as “data supporting the existence or verity of something” and notes that
“objective evidence may be obtained through observation, measurement, test, or other
means.” Objective evidence does not necessarily depend on the existence of
documented information, except where specifically mentioned in ISO 9001:2015. In
some cases, (for example, in clause 8.1 (e) Operational planning and control, it is up to
the organisation to determine what documented information is necessary in order to
provide this objective evidence. Where the organisation has no specific documented
information for a particular activity, and this is not required by the standard, it is
acceptable for this activity to be conducted using as a basis the relevant clause of ISO
9001:2015. In these situations, both internal and external audits may use the text of ISO
9001:2015 for conformity assessment purposes.

This is detailed in xxx Documentation and Data Control.
All key requirements are documented.
Including identification / version / approval / format / distribution / change control /
storage / retention periods / management of external documented information / and
legibility.
All necessary documents and records are listed as required.
24
Izdanje 1
Drawing Issue and Control:
Drawings received for any part of the design process or for manufacture use the latest
version of the drawing.
Control of drawing change for all drawings is by use of a suffix. I.e. enquiry/job number,
project name, drawing number and then version 1, 2, 3 – tested on factory floor
Witnessed drawing xxx - status confirmed.
Various documents and records sampled are listed throughout this report.
Soft copy records and documentation are backed up periodically. Last back up done on:
<date>. Back up procedure is documented in ref: xxxx under the responsibility of
<Name>.
Ongoing protection against integrity, availability or loss is managed through appropriate
antivirus. Current antivirus used: xxxxxxx.
8. Operation
ISO 9001:2015 8.1 Operational planning To be audited in stage 2. If compliant = The Compliant/OFI
and control The organisation shall plan, implement and control the processes (see 4.4) needed to implementation and Minor/major
8.2 Requirements of meet the requirements for the provision of products and services, and to implement the effectiveness of the
products and services actions determined in Clause 6. process audited has
The output of this planning shall be suitable for the organisation’s operations. been sampled and is
The organisation shall control planned changes and review the consequences of considered to be
unintended changes, taking action to mitigate any adverse effects, as necessary. compliant.
The organisation shall ensure that outsourced processes are controlled (see 8.4). If not compliant =
description of OFI/NCR
The organisation has planned, implemented, maintains and controls its process to
ensure the management system achieves objectives, including when changes happen.
Controls applies to unintended changes.
Outsourced process has adequate controls established on them as per procedure ref:
xxxx
For realization of its production and services the organisation has developed quality
plans, referred to as QAP, for each of its product ranges. The quality plan details the
controls and criteria required for realisation of products/services. Example: Product
name: xxxxx, QAP reference: xxxxx.
25
Izdanje 1
Example outsourced process: XXXXXX, preliminary evaluation done on: xxxxx, audit
done on: xxxxx, work process monitoring frequency: xxxxx, responsible person within
the organisation: xxxxx Records maintained and available for verification with: xxxx.
ISO 9001:2015 8.2 Requirements of To be audited in stage 2. If compliant = The Compliant/OFI
products and services Customer communication falls into three general categories: implementation and Minor/major
• An organisation’s general communication to existing or potential customers – such as effectiveness of the
advertisements or marketing information, process audited has
• Specific information relating to a customer enquiry, requirement or order, and been sampled and is
• Communication in response to customer feedback and complaints considered to be
compliant.
Where the organisation receives orders from dealers and not the end users, the auditor If not compliant =
should establish that the product information available to the end users (pamphlets, description of OFI/NCR
brochures, web sites etc.) describes the products and services adequately and
accurately. The auditor should also try to establish how the customer needs have been
identified and product specifications arrived at.
The auditor would verify the product information to confirm that it is readily available
to
customers or potential customers and provides information that is up-to-date and
accurate.
Some or all of the following means of an organisation’s specific customer
communication may be observed by the auditor:
a) Enquiries, contracts or order handling, including amendments
• quotations
• order forms
• confirmation of order
• amendment to order
• delivery documentation
• invoices
• credit notes
• e-mail & general correspondence
• visit reports or notes to/from customer
b) Customer feedback and complaints management process
• Letters in response to complaints
• Acknowledgments
There are also further instances where the auditor will experience the organisation’s
26
Izdanje 1
communication with the customer:
• During the ordering process where the customer provides no documented statement
of requirements, the organisation needs to have a system in place to obtain or confirm
these customer requirements before the organisation accepts the order.
• During the design and development process there may be considerable
communication between the organisation and the customer.
• During the process of authorizing the use of nonconforming product by release or
acceptance under concession by a relevant authority and, where applicable, by the
customer.
The auditor needs to be aware of the specific characteristics of the organisation’s
products and services that are likely to impact customer satisfaction. Throughout the
audit the auditor should be alert for indications that may suggest customer satisfaction
or dissatisfaction which could serve as input into the audit of the customer feedback
process.
The organisation should demonstrate that the statutory and regulatory requirements
applicable to its products and services have been properly identified, are available and
easily retrievable.
During the audit phase, auditors should:

• ensure that the organisation has a methodology in place for identifying, maintaining
and updating all applicable statutory and regulatory requirements;
• ensure that these statutory and regulatory requirements are utilized as ‘process
inputs’ while monitoring ‘process outputs’ for compliance with requirements;
• ensure that any claimed compliance to standards, statutory and regulatory
requirements etc. are properly demonstrated by the organisation;
• if evidence is found during the audit that specific information regarding statutory and
regulatory requirements have not been taken into account, the auditors should issue a
nonconformity;
• auditors should issue a nonconformity if a non-compliance with such requirements is
identified.
To avoid the possibility of liability, auditors should not make statements regarding
statutory and regulatory compliance, or make any comprehensive identification of
specific statutory or regulatory requirements applicable to the products and services of
the organisation.
Auditor should also confirm what kind of claims the organisation does for the products
27
Izdanje 1
and services it offers and how it meets these claims.
The organisation needs to conduct a review before committing to supply products and
services to a customer.
The organisation need to retain documented information, as applicable:
a) on the results of the review;
b) on any new requirements for the products and services.
The organisation needs to also ensure that in the case of changes into the requirements
of products and services relevant documented information is amended, and that
relevant persons are made aware.

The organisation provides different methods for customer communication. Example:
Website, emails, brochures, presentations. All communication has appropriate records
maintained to ensure traceability in the future. Customer feedback is obtained by
sending a dedicated mail. If there is no response, telephonic contact is established to
collect the feedback. Customer complaints handling process is detailed in the website.
Organisation has identified the legal and obligatory requirements related to its products
(doc ref: xxxx), any other controls required for safe working of the products (product
control diagrams indicates interlocks, fusing, failsafe switching.)
Customer orders received by the marketing is passed on the product manager for
review and approval of capability to supply (technical, time, cost) and completeness of
information. Once all product requirements have been clarified and agreed the
customer requirement for the product/service is agreed and suitable documents
exchanged. This process also applies to changed requirements, where the organisation
ensures that appropriate location within the organisation are informed of the changed
requirements.
Customer enquiry traced: xxxxxxxxx
Enquiry register ref: xxxxx, quotation form: xxxx, Customer order register: xxxxxx, Order
acceptance form: ref: xxxxx
Verified for customer <name> xxxx. Customer order number: xxxxx dated: xxxxx,
Product ordered: xxxx, Order acceptance ref: xxxxx date: xxxx
8.3 Design and development To be audited in stage 2. If compliant = The Compliant/OFI

of products and services The objective of auditing the design and development process is to determine whether it implementation and Minor/major
is managed and controlled to enable products and services to meet their intended use effectiveness of the
and specified requirements. process audited has
28
Izdanje 1
It is necessary to note that for service organisations, the approach to design and been sampled and is
development may be different from “traditional” manufacturing organisations. considered to be
Product and service design and development is the set of processes for transforming compliant.
requirements for the products and services into specified product/ service If not compliant =
characteristics (characteristic = distinguishing feature. E.g. physical (e.g. mechanical, description of OFI/NCR
electrical, chemical or biological characteristics); sensory (e.g. related to smell, touch,
taste, sight, hearing); behavioural (e.g. courtesy, honesty, veracity); temporal (e.g.
punctuality, reliability, availability, continuity); ergonomic (e.g. physiological
characteristic, or related to human safety); functional (e.g. maximum speed of an
aircraft).
In order for to determine if the organisation is in fact involved in design and
development, auditors need to establish who is responsible for defining the
characteristics of the product or service, together with how and when this is carried
out. This may apply to original design or ongoing design changes.
The need for design and development comes from an organisation’s context and the
application of risk based thinking. Auditors should review how the decision to proceed
with design and development is taken, i.e. have risks and opportunities, including cost
implications, been considered and have all relevant interested parties (internal or
external) been consulted.
The following issues should be considered when auditing the planning function:
• what is the overall flow of the design planning process?
• how is it described?
• what resources and competencies are required?
• what part of the design will be outsourced?
• who is responsible and are the authorities defined?
• how are (internal and external) interfaces between various groups identified and
managed?
• are the required verification, validation and review points defined?
• are the main milestones and timelines identified?
• is the implementation and effectiveness of the plan monitored?
• is the plan updated and communicated to all relevant functions as necessary?
When auditing the design and development inputs, auditors should develop an
understanding of how the organisation identifies its own inputs. Auditors should
evaluate the risks, the possible implications for customer satisfaction and issues that the
29
Izdanje 1
organisation may encounter if some relevant inputs are not considered.
The design and development outputs should comply with the identified needs in order
to
ensure that the resulting product can fulfil its intended use.
Auditors should verify that the overall design and development process is controlled in
accordance with the organisation’s original plan, that it is being reviewed and that the
design and development reviews take place at appropriate planned stages.
Design and development verification is aimed at providing assurance that the outputs
of a design and development activity have met the input requirements for this activity.
Auditors should determine that only verified design and development outputs have
been submitted to the next stage, as appropriate.
Design and development validation is the confirmation by examination, and the
provision of evidence, that the particular requirements for specific intended use are
fulfilled. In other words, is the validation process capable of checking that the final
product and/or service will meet, or does meet, the customer’s needs when it is in use?
Where validation cannot be carried out prior to delivery or implementation, auditors
should ensure that these activities are carried out at the earliest opportunity, such as
when commissioning a complex plant or factory, and that this is communicated to the
client. Auditors should determine that only validated design and development outputs
have been submitted for customer use.
Design and development changes made during the design process need to be
controlled.
The organisation has a procedure for effectively managing the design and development
process. Procedure ref: xxxxx. Design and development process follows a
predetermined set of steps. The planning has been incorporated into a design
development documentation ref: xxxxx.
The format requires the number of information to be captured as evidence of the
process having been carried out.
Design process verified for: <Product name: xxxx>
Nature, description and timelines of the design and development: XXXXX (Design
inputs)
Products standards and default specs: xxxx (design input)
Other requirements specific to the products and requested by the customer: xxxxxx
(Design inputs)
Design & development activities, review, verification and validation requirements and
30
Izdanje 1
associated roles, responsibilities and authorities: XXXXX; (design controls)
Resources requirements: xxxxx; (design controls)
Interfaces within the organisation and external to the organisation including customers:
XXXXX (design controls);
Output of the design is in the form technical documentations like drawings, bill of
materials, product / part specification, assembly drawing, details of special processes.
All these are records/documented. Doc ref for the sample above: xxxxxx
8.4 Control of externally To be audited in stage 2. If compliant = The Compliant/OFI
provided processes, Auditors may consider it sufficient to evaluate conformity by checking that: implementation and Minor/major
products and services • there is documented information (e.g. a list) indicating which are the approved effectiveness of the
external providers and that this documented information is kept up to date, process audited has
• orders have been placed to external providers satisfying the defined criteria been sampled and is
• there is effective performance monitoring of outsourced processes providers, considered to be
and compliant.
• the activities necessary for ensuring that the specified requirements have been If not compliant =
met are carried out. description of OFI/NCR
Auditors have to verify that risk based thinking has been applied by an organisation in
determining appropriate controls over external providers.
In auditing the process for the management of procurement, the following points may
be useful:
• Confirm that the specification quoted in a purchase order is the same as the
specification contained in the design (or the specification received from the
customer);
• Identify whether or not there were discussions between the organisation and
potential suppliers regarding the design specification of critical components during the
design process or prior to an order being placed;
• Was there some form of “approval” of the specification before the final
specification/order was confirmed to the external provider?
• Does the purchase order contain or refer to any statutory or regulatory requirements?
In many cases, audits of the evaluation and selection of external providers simply
consists of a review of the organisation’s approved external provider list and whether
this list has been reviewed at regular intervals. Some cases this may not be
sufficient to ensure that the organisation has effective control of all of those external
31
Izdanje 1
providers within its supply chain. Issues to consider include:
• Are external providers of critical component products or critical services selected
based only on their ability to supply at an economical price, or is their ability to supply
consistently to specifications also taken into consideration?
• Are outsourced processes considered in the supply chain and relevant levels of
controls are in place?
• Are external providers included in approved lists solely on their continued registration
against a recognised quality standard, or is the scope of this registration reviewed?
• How frequently are credit notes raised by the organisation for products or
services that are initially rejected, but then subsequently accepted?
• How many concessions have been raised allowing the organisation to accept
previously rejected products or services?

The company has a formal procedure for managing suppliers and subcontractors. Doc
Ref: xxxx. The process explains selection, approval, period monitoring and re-approval.
the purchase order specification is in standard formats ref: xxxx. Incoming material
processes are verified as agreed in the purchase order.
Sample checked for supplies: Purchase order no: xxxx, items purchased: xxxx, Supplier
names xxxx appears in the approved supplier list ref: xxxx, Purchase order specification
and other terms and conditions available in the document, goods received on: XXXX,
inspected on xxxx.
Sample checked for sub-contracting: Purchase contract no: xxxx, items contracted: xxxx,
subcontractor name xxxx appears in the approved list ref: xxxx, contract specification
complete in sheet ref: xxxx. Subcontract work inspected by <name> xxxxx on date
xxxxxx.
Sample checked regarding the agreement with the outsourced provider. Agreement
xxxx dated xxx, between xx and xx, SLAs xxx. Latest review of the agreement was done
with the supplier on xxxx.
8.5 Production and service To be audited in stage 2. If compliant = The Compliant/OFI
provision The production and service provision actually provides the product or service to the implementation and Minor/major
8.6 Release of products and customer. This is an important audit trail especially because it is a critical for delivering effectiveness of the
services “good” products and services to the customers. process audited has
8.7 Control of The provision audit trail covers all the activities necessary to produce, manufacture, and been sampled and is
nonconforming outputs
deliver products and services to the customer. It includes activities for operating the considered to be
realization processes, identification and traceability of the products and services, compliant.
32
Izdanje 1
handling customer property, preserving product, measuring product and service output, If not compliant =
and handling nonconforming product, measuring product and service output, and description of OFI/NCR
handling nonconforming product.
The following should be assessed for each process audited:
Operator work instructions or documented information (clause 8.5.1a)
How operator operates and sets up the machine (if applicable)
Operator responses versus work instructions
Inspections of products
Inspection plans or similar
Equipment used and their calibration
Product marking/tagging procedure versus reality (clause 8.5.2)
What does the operator do for nonconforming parts versus nonconforming procedure
(clause 8.7)
Production records
Operators awareness about quality policy
Operators awareness of process changes
Overall cleanliness of the plant/factory and the maintenance process including
Packaging and shipping areas

Sampled job ref: xxxxx. product/service name: xxxxx.
Work order reference: xxxx dated XXxxx. Inspection plan ref: XXXX, Inspection record:
xxxx conforma to inspection plan. Machinery used for production, readiness record:
xxxxx, work environment meets the requirements specified for the processes.
Validation procedure doc ref: xxxxx. Validation record for this job: xxxxx, Error proofing
activity on the machine (interlocks, jigs, fixtures, etc.): xxxxx. Part release record: xxxx,
Job number followed by part number is used for identification and traceability: Example
IS: xxxxxxxxx for part name: xxxxxx. The final product is identified by a serial number
which is traceable to the date of manufacture xxxxxx. Example serial number:
xxxxxxxxx.
Organisation does not use any externally supplied equipment. It used customer
supplied <xxxxxx high pressure pipes>> for incorporation into the product assembly.
these pipes are received maintained under controls. Doc ref: xxxxxx. Stock record:
xxxxx.
Inventory management procedure xxxxxx is automated. Storage racks are appropriately
identified, segregated. Inspection and work in progress are identified in separate
33
Izdanje 1
locations. Handling of the product and products parts were seen to be adequate.
Material handling equipment include < forklifts, trolleys, pulley-blocks.
Post-delivery activities include only warranty maintenance requirements. The
organisation has a procedure for managing warranty claims. Doc ref: xxxxx.
Should there be a change in requirement after the work order has been released,
appropriate action is taken to review, approve and communicate the changes to the
relevant personnel.
The XXXXX is authorised for final release once all the records in process inspection and
stage approval has been recorded. The goods go into finished goods store or to
despatch once the final approval has been given. Final inspection and release record
ref:xxxxx. the release takes place only after the designated authority has authorised.
Sample checked: product name: xxxxx, ID: xxxxxx, Approved by xxxxxxx, date: xxxx.
Traceable in the format ref: xxxx
Organisation follows a documented process for managing non-conforming outputs at
all stages. doc reference: xxxx. Records retained: Part inspection / rejection record:
xxxx, Part rework record: xxxxx, Scrap record: xxxx. Rejection/rework / scrap report:
xxxx Product return record: xxxxx, Customer complaint record: xxxx, Rework /
replacement cost record: xxxxx, Concessional approval records: xxxxx, Rework
inspection record: xxxx. Corrective action and analysis report: xxxx
Records verified for product rejection complaint report Ref:xxxx datedxxxx. The records
traced up to redressal of the rejection.
9. Performance evaluation
ISO 9001:2015 9.1 Monitoring, To be audited in stage 2. If compliant = The Compliant/OFI
measurement, analysis and Management system performance is evaluated in the risk opportunity and planning, implementation and Minor/major
evaluation performance evaluation, and improvement audit trails. Auditor should study customer effectiveness of the
satisfaction, customer complaints and problem solving, and overall performance (e.g. process audited has
KPIs) of the organisation. Poorly performing indicators represent lack of “intended been sampled and is
results” or customer dissatisfaction (clauses 6.1.1 and 5.1.2). considered to be
Auditor should start the audit by analysing overall customer satisfaction and compliant.
organisational performance. Lack of results or poorly performing indicators are then If not compliant =
linked to poorly performing processes. These also could be an indicator of poor risk description of OFI/NCR
assessment. The auditor takes these into consideration when auditing management
review and/or process performance. The auditor should evaluate customer-related
issues and how the organisation responds to them.
34
Izdanje 1
The organisation has determined the performance indicators for the management
system and process parameters it wants to monitor and measure. The methods and
time lines of measurement have been documented in the respective
monitoring/measuring reports and formats. Responsibilities for analysis and evaluation
of management system performance happens effectively under the control of
responsible functions. Monitoring and measurement of the following areas were
verified:
Product rejection data: form ref: xxxx. Period: xxxxxxxx Data collected by XXXXX Data
analysed, reviewed and evaluated by: xxxxxx date: xxxxx, Action taken: xxxxx
Turnaround time data: form ref: xxxx. Period:xxxxxxxx Data collected by XXXXX Data
analysed, reviewed and evaluated by: xxxxxx date: xxxxx, Action taken: xxxxx
Supplier performance data: form ref: xxxx. Period: xxxxxxxx Data collected by XXXXX
Data analysed, reviewed and evaluated by: xxxxxx date: xxxxx, Action taken: xxxxx
Productivity data: form ref: xxxx. Period: xxxxxxxx Data collted by XXXXX Data analysed,
reviewed and evaluated by: xxxxxx date: xxxxx, Action taken: xxxxx
9.2 Internal audit To be audited in stage 1 and 2. If compliant = The Compliant/OFI
When third party auditors examine internal audit processes, they should evaluate issues implementation and Minor/major
such as: effectiveness of the
 the competencies that are needed for and applied to the audit, process audited has
 objectivity and impartiality of the internal audit process been sampled and is
 the risk based thinking performed by the organisation in planning internal audits, considered to be
 the degree of management involvement in the internal audit process, compliant.
 the guidance provided by ISO 19011 (but note that ISO 9001 does not require the If not compliant =
organisation to use ISO 19011), and description of OFI/NCR
 the way the outcome of the internal audit process is used by the organisation to
evaluate the effectiveness of its QMS and to identify opportunities for
improvements.
It is a good practice in third party audits to audit internal audits processes of the
organisation toward the end of the third party audit. Auditors will be able to compare
the results of internal audit process against their own findings and thereby be able to
evaluate effectiveness of this process and the resulting corrective actions.

Internal audit procedure ref: xxxx, Internal audit schedule: xxxx List of internal auditors:
35
Izdanje 1
xxxx, record of training of internal auditors: xxx. Internal audit report: xxxx,
Presentation of non-conformance and corrective action: xxxxx. Internal audit checklist
available for sampled processes: xxxx.
Documentation of internal audit cycle period verified: xxxxx. No conflicts of interest
identified in audit assignment. Number of non-conformance raised: xxxx, corrective
implemented date: xxxx corrective action verified on: xxxx. Internal audit schedule
verified for any potential changes to be made in the next cycle of audits on: xxx. NCs
have been closed in reasonable time. Results of the internal audit is collated as a report
dated: xxxx for presentation in the next management review meeting scheduled.
9.3 Management review To be audited in stage 1 and 2. If compliant = The Compliant/OFI
The management review is a process that should be conducted and audited utilizing the implementation and Minor/major
process approach. Organisations need to be able to demonstrate that they have effectiveness of the
evaluated the effectiveness of actions taken to address risks and opportunities during process audited has
management review; consequently, auditors will be able to obtain objective evidence on been sampled and is
the use of this approach. considered to be
Documented information on management reviews is required, but the format of this is compliant.
not specified; minutes of meetings are the most common type, but electronic records, If not compliant =
statistical charts, presentations etc. could be acceptable types. description of OFI/NCR
Auditors should look for evidence that the inputs and outputs of the management
review process are relevant to the organisation’s size and complexity and that they are
used to improve the business. Auditors should also consider how the organisation’s
management is structured and how the management review process is used within this
structure.
Frequency of management review is xxxxx. Management review follows a set
procedure Doc. ref: xxxx. Present meeting agenda (doc. ref: xxxx) includes the minimum
requirements of the standard and is sent in advance by email to potential participants.
Minutes of the meeting (doc ref: xxx) maintained and retained by the management
system coordinating team. Management review documentation verified for
management review meeting dated: xxxxx, Meeting chaired by the Managing Director.
Agenda and notice sent on xxxx. number of attendees: xxx, Minutes of the meeting with
appropriate action points Doc ref: xxxx, prepared on XXXX and distributed to the
attendees on xxxx.
36
Izdanje 1
10. Improvement
ISO 9001:2015 10.1 General To be audited in stage 2. If compliant = The Compliant/OFI
10.2 nonconformity and According to ISO 9000:2015: implementation and Minor/major
corrective action Nonconformity= non-fulfilment of a requirement effectiveness of the
10.3 Continual improvement Correction=action to eliminate a detected nonconformity process audited has
Corrective action=action to eliminate the cause of a nonconformity and to prevent been sampled and is
recurrence considered to be
"Correction" is action to eliminate a detected nonconformity. For example, correction compliant.
may involve replacing nonconforming product with conforming product or replacing an If not compliant =
obsolete procedure with the current issue, etc. description of OFI/NCR
Corrective action cannot be taken without first making a determination of the cause of
nonconformity. There are many methods and tools available to an organisation for
determining the cause of a nonconformity, from simple brainstorming to more complex,
systematic problem solving techniques (e.g. root cause analysis, fish-bone diagrams, “5
whys", etc). An auditor should be familiar with the appropriate use of these tools. The
extent and effectiveness of the corrective actions depends upon identifying the true
cause.
An auditor should also check if the organisation has taken action to determine if the
cause of a nonconformity was systematic in nature or merely accidental. If a systematic
failure is treated as an accidental one-off occurrence, then the corrective action will not
be successful, and there will be a risk of the problem recurring.
The auditor should seek to determine if the auditee has attempted to set objectives that
establish the correlation between the 3 factors of: corporate objectives, customer
needs, and market expectations. ISO 9001 lists a number of areas that an auditor can
assess to obtain evidence of both planning and actually implementation of
improvement. It is important to understand that improvement doesn’t necessarily just
mean improvement of product or process, but can and should also apply to the quality
management system itself.
Examples of areas where the quality management system can be improved include, but
are not limited to:
• internal communications,
• follow-up activities,
• documented procedures,
• the effectiveness of management review meetings,
37
Izdanje 1
• customer feedback systems, and
• training programs (e.g. for management or for internal auditors).
An auditor should remember that it would be unrealistic to expect an organisation to
make progress on all potential improvements simultaneously. What it means is when
opportunities for improvement are identified and when such improvements are justified,
an organisation needs to decide how they are to be implemented, based on the
available resources.

The organisation identifies opportunities for improvements in its products, services,
interested party satisfaction (including customer) and other management system
objectives. The improvement process is explained in doc ref: xxxx.
Follows a formal process doc ref: xxxx. Records retained: List of NCs and corrective
actions implemented. Doc ref: xxxx
The organisation uses various data and information from performance measurement,
analysis and evaluation, review of objectives, actions taken on non-conformances
raised and review of risk, risk assessment and evaluation within the management
system sector to achieve continual improvement. The last set of improvements were
made in: < addition of process audit checklist for various process, training of internal
auditors for process audits, improvement of preventive maintenance schedules to bring
unplanned downtime to 0>
38
Izdanje 1

Smernice Za Pisanje Auditorskih Izveštaja

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Smernice Za Pisanje Auditorskih Izveštaja

Uploaded by

Copyright:

Available Formats

SMERNICE ZA ISO 9001:2015 AUDIT

MIšljenje zasnovano na riziku

Auditr bi trebao da pristupi ovom području putem intervjua sa članovima najvišeg

Primer audita za ovu tačku:

Auditori bi trebali da razumeju I da ocene način na koji organizacija odlučuje o

Mada ne postoji zahtev za čuvanjem dokumentovane informacije, za očekivati je da

Ne postoji zahtev da organizacija razmatra zainteresovane strane tamo gde je odlučeno

Primer audita za ovu tačku:

Pošto se termini obim sistema menadžmenta I obim sertifikacije često koriste

Domen (obim primene) sistema menadžmenta bi trebao biti sadržan u dokumentovanoj

Primer audita za ovu tačku:

Slede primeri pitanja za auditiranje procesnog pristupa.

Auditor bi takođe trebao da verifikuje da je organizacija definisala ciljeve za relevantne

Auditor bi trebao da oceni da li su indikatori performasni organzacije dozvoljeni za

Primer audita za ovu tačku:

Česti metodi za ocenu posvećenosti najvišeg rukovodstva su:

Primer audita za ovu tačku:

Primer audita za ovu tačku:

Primer audita za ovu tačku:

Pre otpočinjanja novog projekta/lansiranja proizvoda/planiranja operacijasprovodi se

Example audit of this clause:

Example audit of this clause:

When auditing monitoring and measuring equipment, it is important for auditors to

“Measuring equipment” is defined in ISO 9000 as “measuring instrument, software,

Organisational Knowledge is the specific knowledge of the organisation, coming

Auditors need to evaluate if the organisations consider internal and external

Example audit of this clause:

7.2 Competence To be audited in stage 2. If compliant = The Compliant/OFI

Example audit of this clause:

Awareness trainings on management system requirements have been provided:

7.3 Awareness To be audited in stage 2. If compliant = The Compliant/OFI

Example audit of this clause:

Example audit of this clause:

During the audit phase, auditors should:

Example audit of this clause:

8.3 Design and development To be audited in stage 2. If compliant = The Compliant/OFI

Example audit of this clause:

Example audit of this clause:

Example audit of this clause:

Example audit of this clause:

You might also like