Home Resources Blog April 2016

Addressing ISO 9001 Auditor Requirements for Process Management

19 April 2016
ISO 9001:2015 reinforces the “process approach” with the clause ‘QMS and its processes’ and related requirements throughout the standard. The CQI explain how to audit this requirement effectively.

By Richard Green, CQI Interim Head of Membership Services and Mala Mistry, CQI PR & Communications Executive.
ISO 9001:2015 continues to refer to a process-based approach for quality management systems (QMS). However unlike previous versions, 2015 does more than simply ‘promote’ this, it reinforces it by including a new sub clause 4.4 the ‘QMS and its processes’ and by incorporating further process related requirements throughout the standard.
The 2015 standard continues to require a planning and development approach to processes but the introduction of requirements relating to process implemention and control are new. Additionally organisations must now determine risks and opportunities associated with its processes.

The organization must then plan to address or realise these with the level of planning being proportionate to the potential impact of the process, on the organisations ability to achieve its intended QMS outcomes. Once in place a process must be maintained and continually improved – organisations will need to evidence to their auditors that they are doing this.

A culture of continual improvement

If your business has already embraced a process approach and embedded it into the organisation, it’s likely these changes will be much simpler for you to implement. Use Plan Do Check Act to define, control and develop your processes and risk based thinking to avoid unintended process outputs.

This approach will help your organisation run more effectively and efficiently by delivering consistent and predictable results, because the organisation’s activities are understood and managed as a series of interdependent and interrelated processes that function as a coherent system.

Implications for auditors

With organisations taking on this new approach, auditors will need to have the right skills and knowledge in place to be able to conduct effective process audits.
The starting point is to identify what the organisation’s QMS processes are.
The auditor must then ensure that the organisation has:
  • Determined the inputs required and the outputs expected from these processes
  • Determined the sequence and interaction of these processes
  • Determined and applied the criteria and methods (including monitoring, measurements and related performance indicators) needed to ensure the effective operation and control of these processes
  • Determined the resources needed for these processes and ensured their availability
  • Assigned responsibilities and authorities for these processes
  • Determined and addressed process risks and opportunities
  • Evaluated their processes and implement any changes needed to ensure that these processes achieve their intended results.


Having the right competencies as an auditor is critical. ISO has recognised that and are currently working on a new document ISO/IEC 17021-3 that will set out specific competencies for QMS auditors – this will be an updated version of the technical standard, ISO/IEC TS 17021-3:2013.
Richard Green, CQI’s Interim Head of Membership Services is representing the CQI at ISO/CASCO-TC176-SC3 Joint Working Group 35. We are proud to have been invited to join this panel and input directly into the document, ensuring it reflects the new auditor competencies required, as a result of the introduction of ISO 9001:2015.
The proposed changes are significant and are unsurprisingly aligned directly to the changes to ISO 9001:2015 – focusing on leadership, context, risk-based thinking and documented information. The draft international standard, DIS 17021-3, will go out for ballot in the summer and comments will be reviewed in November.
To learn more about the CQI’s view on competencies required by quality professionals, take a look at our Competency Framework.