"OK, so I need to clarify. ISO 9001 is a quality management system. What is actually checked at audit? Is it: that the processes identified in the documentation actually happen or are the processes themselves checked to ensure that they actually are the right processes in the first place. For example, if I build something and I implement a QMS, when I am audited do you check that the product I am making actually gets built to a specific standard or do you check that I am tracking this for myself and noting where there are any changes that need to be made. I am slightly confused as to what the ISO 9001 audit actually entails and welcome your response.”
An audit to a quality management system has two purposes, auditing:
conformity – is the organization working according to its own requirements and to ISO 9001 requirements;
effectiveness – is the organization meeting its objectives.
Also, audits are about the quality management system, not about the quality of products and services. That is why organizations are n ot allowed to put the logo of certification in contact with the products they manufacture. What is audited is not the product but, for example, if manufacture and quality control activities were performed and decisions made according to planned. About that phrase “ensure that they actually are the right processes”, ISO 9001 uses the word determine instead of identifying. There are no right processes waiting to be discovered. Process definition is an act of management. Determining means establishing the processes by research or calculation, there is will in there. Identify processes means recognizing, discovering processes among the available processes. The truth is, there are no available processes waiting to be discovered. Organizations should decide which processes they need. Conformity and effectiveness are the critical evaluation criteria.
The following material will provide you information about internal audits: