Q: "ISO 9001:2000 section 8.2.2 requires my internal audits determine conformity to, '...this International Standard...' (meaning ISO 9001:2000). My internal auditors do not audit full time, and while they do a great job checking how well our procedures are followed, I'm not sure they do a very good job auditing against ISO 9001. How do I address this situation in a manner that would be acceptable during a third-party registration audit?"

John Broomfield of Quality Management International, Inc. (www.aworldofquality.com): "Look not to satisfy your registrar's auditor. Look first to satisfy your organization's need for an effective management system. Your system will not be effective unless it conforms to ISO 9001 (has all the necessary processes and controls) and is helping employees to meet customer requirements and organizational objectives. A system that is missing visible leadership or any of the essential processes and controls specified in ISO 9001 will not be effective for your organization to assure quality or manage continual improvement.

This may have you think again as to the caliber of person selected to conduct the occasional audit your management system. Once a system conforms to ISO 9001 it needs only an occasional reverification of that status. Whether in-sourced or out-sourced your auditors must be competent. According to the IRCA, here are some of the competencies sought by customers of lead auditors:
1) Consider our business in terms of the value we give to our customers.
2) Understand our business issues
3) Command our respect and be engaging (not aloof)
4) Have maturity and credibility
5) Have knowledge of our industry
6) Feel comfortable, yet not over confident
7) Be an excellent and accurate writer
8) Analyze and make clear conclusions
9) Actively listen
10) Converse as a partner with our top managers
11) Identify issues otherwise unsaid internally for political reasons (fear)
12)Rank findings in terms of business benefits/risk reduction
13) Tune into the culture of the organization
14) Be employable as a top manager

For this you may have to consider training your entire management team to conduct the system audits. Training the cross-section of less senior employees to conduct internal process audits against the process objectives. If your process do not have objectives then ask the process owners to determine the criteria for effectiveness per clause 4.1c."

Ron Sedlock of The Quality Catalyst (www.thequalitycatalyst.com): "You need to audit the audit requirement. Think like an auditor. Do you have objective evidence the internal auditors determine conformity to ISO 9001:2000? ISO 9001:2000 is the 'master' standard. All auditors must know the words of this standard as well as the intent. This means effective auditor training.

Also consider putting some ISO 9001:2000 requirements verbatim on audit checklist (even on audits of specific work procedures). This works well with new auditors. Remember objective evidence is what is acceptable during a third-party registration."

Gerald Clarke of Lean Quality Associates, LLC: "One of the laws of mathematics states that if a=b and b=c then a=c. This is not irrelevant to the subject at hand. During the early days of registering your QMS, or EMS for that matter, the registrar takes pains to insure that the Quality Manual and Procedures follow the requirements of the ISO standard. If the standard is A and the Quality Manual is B and the Procedures are C then, the registrar, by the initial audit and surveillance audits, tracking through all the document revisions strives to assure that A=B=C.

Therefore the internal auditors are checking the system, piece by piece against the standard.

This was explained to me by my first registrar auditor, Mike Burden. Mike was a kindly gentleman who spent a lot of time to guide and instruct me in a lot of ideas that were in the 'Standard.'"

Patrick Hughes of Quality Consultant Management Services (www.pathug.com): "You seem to have gotten ahead of yourself. First of all, you don't 'audit against ISO 9001'. You audit your conformance to your procedures. They should already be aligned with ISO 9001 to begin with. If they aren't, you have a different problem and that needs to be resolved first."