Is it ever a good idea to provide the auditee a copy of your checklist prior to an audit? Why or Why not?

Bonterra

I think it's a good idea due to the fact that it allows the auditee time to prepare. It could reduce the no of findings if there is time to correct something before the audit, but but I see that as a good thing. We want improvement, right?

Here is an old thread on the same subject (Some posts in it have been deleted, so I'm afraid it's a bit lopsided): Unorthodox auditing - Providing Auditee with Checklist prior to Audit (http://elsmar.com/Forums/showthread.php?t=5620)

/Claes

Is it ever a good idea to provide the auditee a copy of your checklist prior to an audit? Why or Why not?

Bonterra

It depends on how you want your audit to be percieved. If you want to be a part of the team, and demonstrate that you are there to help ensure compliance and effectiveness - then by all means forward the checklist. The result may be that the auditee fixes some minor problems and may even develop plans to work on the major ones, at which point your business wins (isn't this what your after).

On the other hand, if you want to play "Audit Police" then keep the auditee in the dark and write-up every thing you can - it will make you look like your the only one who knows what the rules are, and will go far towards alienating you and any other auditors.

IMHO, making the checklist available is a nice courtesy.

In one previous position, we wrote up our checklists the day of the audit, so it wasn't possible to provide it at the time of the audit. However, I did announce the audits about 2 weeks in advance. In the e-mail, I let the dept and/or process owners know the basic things the audit was going to cover. This was well-received by the various managers. It gave them each a chance to look over instructions, postings and the like documentation to make sure it was OK. It also gave them a chance to give the other folks in the area a heads-up that the audit was coming.

NO!

Most folks not knowing the +'s or -'s of a checklist would tend to develop a state of appoplexy (get excited) when an audit trail takes the auditor off of it. In auditing a checklist is a memory aid for the auditor as to "what to look at" and "what to look for". The checklist does nothing more that start the process, help keep the auditor on track, and allow the auditor to identify basic things that should be looked at.

Some audits, like those for AS9100, have a prescribed checklist.

If someone wants my "checklist" for 9K, 14K, 18K or anything else my response is look at the agreed to criteria...that's my checklist.

NO!

Most folks not knowing the +'s or -'s of a checklist would tend to develop a state of appoplexy (get excited) when an audit trail takes the auditor off of it. In auditing a checklist is a memory aid for the auditor as to "what to look at" and "what to look for". The checklist does nothing more that start the process, help keep the auditor on track, and allow the auditor to identify basic things that should be looked at.

Some audits, like those for AS9100, have a prescribed checklist.

If someone wants my "checklist" for 9K, 14K, 18K or anything else my response is look at the agreed to criteria...that's my checklist.
I agree, although maybe not as emphatically. The checklist should be nothing more than a mnemonic device--a memory jogger for the auditor. If the auditees are concerned about not knowing what to expect, it means that the audit has uncovered a system failure before the audit has even begun.

I think it used to be common pracitce for the "no surprise audit". Now with process audits I do not believe that it is as common as it was.

What's the surprise? They define the process's and how requirements are fulfilled. Auditors just audit the shalls and the organization specifics for verifying evidence (in theory anyway)

What's the surprise? I agree 100%. If there is a 'surprise', there is something wrong to begin with.

When I set up the QMS at my old workplace just about every registrar that made it to our second round talked about a "no surprise audit". Meaning that you will know what to expect and what will be asked. A part of that was the official checklist being distributed and some even gave/offered help lists. Giving the checklist also IMO, helps to take the Police Action feeling out of the audit. Especially in the early audits, as people are getting used to being audited by 3rd parties. A lot of it is based on FEAR (False Evidence Apearing Real)

A lot of it is based on FEAR (False Evidence Apearing Real)

More is based upon ignorance of the process due to lack of participation from the get-go, the attitudes of bonehead auditors on ego trips and tricksters trying to play mindgames by answering "yes, no and not-my-responsibility".

This is of course an unsolicited personal opinion.

I always send a copy of my checklist and audit plan to the auditee (internal and suppliers). I tell them that its a device to keep me focused and to let them know what I will be examining and approximately when (time of day) I will be doing it.
So far my feedback has been positive. Everyone likes getting the up front notification. But if they stopped to think about the auditing process, they would realize that everything is fair game and that they should be ready for an audit at all times.

Depends (and yes, it's extremely uncomfortable sitting on the fence like this!) :o

For internal audits, I refuse to provide a copy of the checklist. If they want a copy of the standard or have questions, hey, I'm more than happy to help them out, but once I don my auditor garb (aka lady-in-black), they get ask "tea time" questions. Seldom do I ask verbatim from the standard (ex. "Do you have document for document control?"...yawn!). Our guys are used to questions like "So, how does what you're doing right now impact quality or our Customers being happy?", "I see you're getting ready to receive a shipment, can you walk me the process of it?", "Okay, testing machine, recording software....how does all of this ensure the Customer gets the product they want?", and so on.

External audits, though, there's a slightly different angle. Despite my pseudo-Darth Vadar approach, our guys know me...they accept me on the floor. Strangers make 'em a bit on edge...primarily for safety reasons, but still, here's someone to critique our system. You can't honestly expect us to welcome External Auditors with open arms, now, can you?

So...if there are new auditees or people who just wish to refamiliarize themselves with the requirements, I'll give them a copy of our checklist or the standard and will sit down with them to explain things in plain English.

A lot of it, though, depends on the maturity of the system. For ISO 9001 (attained in 1998), I can give a few days notice about an audit and all is well with the world. My biggest worry is what to order for lunch. :) For ISO 14001 (attained in 2001), a bit more notice is given and an occasional reminder about the requirements is provided. For ISRS, well, our external will be in November....folks have known about it for 2 months already and will be provided with a checklist of the requirements, the requirements in common english, and examples of how we meet the requirements. My recent internal audit demonstrated a slight discomfort with the questions and there was definately a steep learning curve for all involved (myself, included!).

When I started the first round of internal audits we agreed that it should be a learning experience and used to promote the entire QMS. So I furnished a completed questionaire with my notice of audit. To my surprise, on more then one occassion, I was asked to belay the audit. It seems that when we were writing the QMS all was well but when put into question form an awakening occurred. (This guy is serious! Do we really do what this says?)
Now of course the entire management team has learned just what is expected during an audit and I simply announce when it will be. I do the same when perforimg a time study.

Wow, ISO/IEC 17025 accreditation is easier I think.....

I remember my days in the 9K world, multitudes of checklists and so forth.....

The accrediting bodies operating in North America (in fact, pretty much globally) use essentially the same checklist, based on the Standard. Each of us tweaks the look a bit to satisfy our particular way of doing things, but the basic checklist is the same.

Much easier to deal with.

And most ABs will provide the checklist if requested by the customer.

Hershal

Hi there,

I am new here, I came across the forums when I was browsing the net for some information on how to conduct proper Environmental Management Audit based on ISO14001:2004 version.

Our company here in the Philippines will undergo certification audit for the new version of the ISO14001 and must conduct an internal audit.

I just don't know how to begin, what to include in the checklist, etc...I know of a process-based Quality Management Audit, how about in EM?

Could someone provide me a procedure or a method on EMS auditing?

It would really help a lot.

Thanks.

Hi tsarlymayn

Welcome to the Cove! There are so many information that you could search on this forum. It did also work for me in many times.
We'll also undergo the ISO14001:2004 probably Q1 of 2006.
Best regards,
Raffy

if we are talking about an internal audit. Sure, doing a surprise audit is a bad thing! But what's sharing your checklist before the audit got to do with it?:frust:
Do you think the auditee gives a fig for what you've got on your checklist?:mg:

Do they understand what the words mean, what you're looking for etc? You have to stop doing audits like 3rd party/Registrar auditors and join the 21st century!!:bonk:
Most internal auditors get trained and behave like 3rd party/registrar auditors. No wonder folks get defensive when an audit is done! When did anyone who's planning an audit, actually involve the management of the process? When did any auditor actually ask management what they want to see corrected or improved about their process(es)? Shouldn't the checklist be details of those problems, instead of some dumb questions, based on phrases of 'ISO' that no-one has ever read or understood:read:

It has zero/nothing/zilch/nada to do with 'sharing' checklists. It's all about how effectively you schedule, plan and prepare for the audit. For example, how many audit managers/process owners schedule a whole year's worth of audits on some kind of calendar? It's not required to do that, but most 3rd party auditors want to see it done that way!:mad: So the organization's management get little/no benefit from audits - try asking them (of course they won't tell you straight, but if you didn't maintain an 'ISO' registration, just see if they'd continue to pay for/support internal audits):rolleyes:

Of course, 3rd party auditors will always do what they do, because they don't learn from their experiences. They've (essentially) been doing audits the same way since they started over 15 years ago:nopity:

It has zero/nothing/zilch/nada to do with 'sharing' checklists. It's all about how effectively you schedule, plan and prepare for the audit. For example, how many audit managers/process owners schedule a whole year's worth of audits on some kind of calendar? It's not required to do that, but most 3rd party auditors want to see it done that way!I thought "at planned intervals" meant scheduled so I maintain a yearly schedule. It doesn't mean that it always happens exactly according to the schedule, since you can't always predict everything that might occur a year in advance.

if we are talking about an internal audit. Sure, doing a surprise audit is a bad thing! But what's sharing your checklist before the audit got to do with it?:frust:
Do you think the auditee gives a fig for what you've got on your checklist?:mg:

Do they understand what the words mean, what you're looking for etc? You have to stop doing audits like 3rd party/Registrar auditors and join the 21st century!!:bonk:
Most internal auditors get trained and behave like 3rd party/registrar auditors. No wonder folks get defensive when an audit is done! When did anyone who's planning an audit, actually involve the management of the process? When did any auditor actually ask management what they want to see corrected or improved about their process(es)? Shouldn't the checklist be details of those problems, instead of some dumb questions, based on phrases of 'ISO' that no-one has ever read or understood:read:

It has zero/nothing/zilch/nada to do with 'sharing' checklists. It's all about how effectively you schedule, plan and prepare for the audit. For example, how many audit managers/process owners schedule a whole year's worth of audits on some kind of calendar? It's not required to do that, but most 3rd party auditors want to see it done that way!:mad: So the organization's management get little/no benefit from audits - try asking them (of course they won't tell you straight, but if you didn't maintain an 'ISO' registration, just see if they'd continue to pay for/support internal audits):rolleyes:

Of course, 3rd party auditors will always do what they do, because they don't learn from their experiences. They've (essentially) been doing audits the same way since they started over 15 years ago:nopity:


Andy, I appreciate your comments, at least most of them. (I do think many auditors have learned a lot over the last 15 years however).

You have raised several good points in the last couple days. However, from this thread, it sounds like oyu have had more bad experiences than good with audits, both internal and external. For that I am sorry. I do both types of audits, and can assure you that some auditors try very hard to do really good, value added audits.

But like any field, not all practitioners are skillful. By definition, at least half are always below average. But curiously, I find that same ratio to apply to the Managers and Engineers I audit. (hmmm... there might be an audit trail in there somewhere...lol).

We here on the Cove must remember we are drivers and owners of the Quality process. Most of us are in that process, and that process must learn to see itself as the internal suppliers of a product or service to other internal customers in our plants.

Therefore, I think we need to seek ways to improve the services we offer our internal customers, to improve the level of internal customer satisfaction. And that means the internal auditors must learn to see themselves as suppliers too, not Kwality Kops. Many already do understand.

That alone would make a big improvement in some companies.

PS: annual schedules may be a req. after all. ISO says "planned intervals" (8.2.2) and TS requires they be scheduled to an "annual plan." (8.2.2.4). Of course, the plan can be adjusted as the year unfolds, but that can't be that big a sticking point, is it?

Hi there,

I am new here, I came across the forums when I was browsing the net for some information on how to conduct proper Environmental Management Audit based on ISO14001:2004 version.

Our company here in the Philippines will undergo certification audit for the new version of the ISO14001 and must conduct an internal audit.

I just don't know how to begin, what to include in the checklist, etc...I know of a process-based Quality Management Audit, how about in EM?

Could someone provide me a procedure or a method on EMS auditing?

It would really help a lot.

Thanks.


I appreciate your enthusiasm, but a key point of ISO 9001 and ISO 14001 are skills and competency. If oyu are new to this, and all of us were at one time, the first thing would be to get some training, reading some books (and the standard of course), and learning how to do it. Just getting a procedure and starting is not recommended, and would technically not even be compliant with the intent of ISO 14001 and ISO 19011.

It would make it easier, and result in better audits, if you learn first, and then audit. We have a saying in the USA, when you cut lumber, if you "measure once, you cut twice. Measure twice, only cut once..." Good luck to you in your effort.

My principle issue is that coming up with a schedule for audits then constantly changing it is a bureaucracy that has management tending to ignore it, since the audit manager is always 'changing their mind'. Most audits aren't scheduled based on 'status and importance of the process'. Indeed, how can you schedule an audit out a whole 6 months to a year? If you have a crystal ball! The guidance in ISO 9004 tells how it should be, but no-one reads that document. Audits should be planned with input from interested parties. The idea of a whole calendar of audits, apart from some audits to clean up before an external audit, is old world. Sure your registrar wants to see that - but they can't give you a good reason. I was a registrar auditor since 1990 so I speak with some authority. Why not set a frequency of 1 audit per month (for example) then decide in the previous 30 days or so, what the scope/criteria of the audit is. An annual plan (as required by ISO/TS 16949) doesn't mean a full year's schedule. I've had more success with my clients doing it this way than the other conventional way, just to please a 3rd party.
After all, who are we doing audits for? Or maybe you have never thought about that? Better still, why do audits - just 'coz the standard requires them?

Andy

My principle issue is that coming up with a schedule for audits then constantly changing it is a bureaucracy that has management tending to ignore it, since the audit manager is always 'changing their mind'. Most audits aren't scheduled based on 'status and importance of the process'. Indeed, how can you schedule an audit out a whole 6 months to a year? If you have a crystal ball! The guidance in ISO 9004 tells how it should be, but no-one reads that document. Audits should be planned with input from interested parties. The idea of a whole calendar of audits, apart from some audits to clean up before an external audit, is old world. Sure your registrar wants to see that - but they can't give you a good reason. I was a registrar auditor since 1990 so I speak with some authority. Why not set a frequency of 1 audit per month (for example) then decide in the previous 30 days or so, what the scope/criteria of the audit is. An annual plan (as required by ISO/TS 16949) doesn't mean a full year's schedule. I've had more success with my clients doing it this way than the other conventional way, just to please a 3rd party.
After all, who are we doing audits for? Or maybe you have never thought about that? Better still, why do audits - just 'coz the standard requires them?

Andy

I'm not quite sure where you are going, but I'll offer a couple comments. Perhaps your method works, and if so, fine. But I don't find any difficulty achieving the things you mention.

1. My consulting clients map out a years worth of audits on a simple annual schedule, similar to a vacation planner. One matrix, twelve months, lists each of the processes, and when we think we're going to do it. Common format, most of my clients do some similar thing, that's where I got the idea. The intent is to arrange audits into a logical linking of common processes. Also, tells the managers when they can expect us. If we need to change or adjust, it's not a problem. It also leaves trails so we can see if a particular audit has been rescheduled too often. And, I think it meets the requirement for an annual plan, but we do it for us, not the auditor.

2. ALL my auditing clients base their schedule on some sort of review of 'status and importance of the process'. It is a requirement, after all, and all of them do it. The result is either more time is being given to a particular audit or it is audited more frequently. Both methods meet the requirement and intent very well. Both are indicated on the annual schedule I described above.

3. Audits, and everything else within a company's system, clearly should be done for the benefit of the company, not the audit. The auditor is merely supposed to look over their shoulder, and review objective evidence to see that they have done the things that the standard and their systems state they are supposed to do. And determine if it was effective. If they do their things appropriately, I find that I can do my job pretty well, also.

Don't really have much conflict during my audits, except in rare cases where the client really does not understand the requirements, and therefore did not meet them. And, this is rare in my group of clients.

There are almost always more than one way to achieve desired results. As you spend some time on this forum, you'll find many good people with many ideas that are different than your own. Some are good, and some are not so good. But good always seems to rise to the top, eventually.

Welcome to the Cove, my friend.

Most audits aren't scheduled based on 'status and importance of the process'. I think that's my cue... I suggest a look at this old thread: 8.2.2 - Opinions please... Audit schedule based on importance and 'status' (http://elsmar.com/Forums/showthread.php?t=6180&)

/Claes

What I've been trying to do here is help people to understand that internal audits often miss the issues that keep management 'sleeping with a foot out of bed'. That is to say, if the audit manager tries to schedule audits without seeking input from the management of the processes being audited, the audits will not be value added to management. With the advent of the ISO9001:2000 requirements which link processes, process measurements and quality objectives together, the internal audits should be being used (now) to verify and validate for management that they can 'trust' the process results. An audit programme which supports this approach (see ISO 9004 on self assessment, for example) requires much more management involvement in the planning and selection of what is to be audited and when (possibly even who does it). Scheduling audits without the active participation of management will miss the purpose or, at least, the results will be hit or miss.

When I teach auditing class most folks (even seasoned auditors who are upgrading skills etc) cannot talk to what 'status and importance' actually means - and those words have been in the standard for ever! Indeed, I had one 3rd party auditor in my class who had never heard it described before. Sure, everyone considers the 'previous audits' but that's what any self respecting auditor/audit manager should be doing anyways. Nearly everyone has been doing the same stuff - keeping a whole year's calendar, planning out all the processes, the 'ISO clauses', then changing them when there's n.c's - and missing the point entirely!

If you'd like to consider it this way; my experience has shown that internal auditors can find the same 'big buck' savings (potential) as a 6 Sigma team can (in one case over $8 million). A 6 Sigma project gets management support to direct the charter/focus of their efforts. So why not use that 'model' for internal audits?

Another take on how effective your audit scheduling is might be to ask your management why you are doing them and what's the reason for the schedule - can they tell you. I bet that for every other kind of schedule, production, maintenance, marketing etc., Management can tell you why. But what about the schedule for audits???

Just a thought
Andy

What I've been trying to do here is help people to understand that internal audits often miss the issues ... That is to say, if the audit manager tries to schedule audits without seeking input from the management of the processes being audited, the audits will not be value added to management... Andy


Andy, I think most of us would agree that it is beneficial to get management to particpate in planning internal audits. For some it is difficult to get this involvement ahead of time. For some, they get it at the beginning of an audit.

Hi, All,

i didnt want to create a new topic, because my question is closely related to the title of this thread.
I'd like to ask your opinion on Why Internal Audits must be scheduled?

ISO9001 states that "The organization shall conduct internal audits at planned intervals <...>"

ISO17025 states that "The laboratory shall periodically, and in accordance with a predertimined schedule and procedure <...>"

The problem I see is that when everyone in the company knows when they are going be audited - a couple days before the audit they start cleaning up the mess, filling in misisng calibration protocls etc. And auditors find very few nonconformities, even though a couple days ago there were plenty. After the audit the employees go loose again until the next audit.

Any thoughts?

Hi, All,

i didnt want to create a new topic, because my question is closely related to the title of this thread.
I'd like to ask your opinion on Why Internal Audits must be scheduled?

ISO9001 states that "The organization shall conduct internal audits at planned intervals taking into consideration the status and importance of the processes and areas to be audited<...>"

ISO17025 states that "The laboratory shall periodically, and in accordance with a predertimined schedule and procedure <...>"

The problem I see is that when everyone in the company knows when they are going be audited - a couple days before the audit they start cleaning up the mess, filling in misisng calibration protocls etc. And auditors find very few nonconformities, even though a couple days ago there were plenty. After the audit the employees go loose again until the next audit.

Any thoughts?

I have a bunch of comments, however:caution:

If in fact what you say is true, then perhaps the internal audit process is not rigorous enough. I have added the remainder of the standards clause on this subject.

IMHO, the IA process is a tool (required tool, but only a tool), if having (multiple ) planned routine IA will keep the lab and production boys on their toes and up to speed with documentation and protocols, that is okay with me. I use the IA as part of a larger thought process to drives employees to be more "Audit Ready" on a routine basis. I found that as a strategy is quite useful in working with the quality and manufacturing folks.....:yes:

After a period of time, the folk get the idea that the IA is not going away and recognize its value, so generally they tend to keep things up in a more positive manner.

The problem I see is that when everyone in the company knows when they are going be audited - a couple days before the audit they start cleaning up the mess, filling in missing calibration protocols etc. And auditors find very few nonconformities, even though a couple days ago there were plenty. After the audit the employees go loose again until the next audit.

Any thoughts?

Well, that is why Automotive started pushing layered audits. It was no mystery that this was going on, go they essentially have people audit every week, with layers of management participating in the audit. That way, the clean-up is smaller, the system is "kept up" more routinely. It is like 5S'ing the system.

That being said, if you are suspicious that is an issue, then perhaps certain areas should have a higher internal audit frequency. After all, the frequency is not stated to allow you to do what you think you need to in order to keep up your system.

I am not so sure "snap quizzes" are going to be the way to do it. You want to develop a culture of allowing the auditors to find things as a genuine help to the system, and snap quizzes do not project that approach. It projects more of a "gotcha' attitude, which will have people bury the skeletons deeper.

The problem I see is that when everyone in the company knows when they are going be audited - a couple days before the audit they start cleaning up the mess, filling in misisng calibration protocls etc. And auditors find very few nonconformities, even though a couple days ago there were plenty. After the audit the employees go loose again until the next audit.

Any thoughts?

Two! What are their management doing? If there's so much 'house keeping' what the h*ck are their supervision doing? Sleeping on the job?

To answer your question about scheduling, please read this (http://www.nqa-usa.com/resources/articles_detail.php?id=48)

I have a bunch of comments, however:caution:

perhaps the internal audit process is not rigorous enough.


Well, what do you mean? How to make it more rigorous? Example?


After a period of time, the folk get the idea that the IA is not going away and recognize its value, so generally they tend to keep things up in a more positive manner.

Quite diferent in my situation. Folks learn that after a scheduled audit they are not gonna be bothered until the next audit.

I wonder why the standards dont allow spontaneous IA. Like, you come to work one day, grab your pen and checklist, run into the lab, and: "Aha! Gotcha!" :D

It happens quite often that i come to the laboratory just to chat with my coleagues and i see a lot of nonconformities. And it just itches me to have an IA done, but, well, it's not the time for an IA.

Well, that is why Automotive started pushing layered audits. It was no mystery that this was going on, go they essentially have people audit every week, with layers of management participating in the audit. That way, the clean-up is smaller, the system is "kept up" more routinely. It is like 5S'ing the system.


From what I understand, Bob, that's not why Chrysler (then a main proponent) pushed them.

Their story was it improved the build process at their Kokomo 'KTP 2' transmission plant. Since they had a low FTC at launch - in his infinite wisdom - the then EVP of Manufacturing, Tom LaSorda told them to do LPA's. The FTC sky rocketed....but no one ever asked how come the Powertrain Advanced Manufacturing Engineering group launched such a crappy process on the Plant......Mr LaSorda never fixed that, did he and PTAME was never part of any QMS, either......

Today, anyone from KTP 2 will tell you it's become a pencil whipping exercise!

Well, what do you mean? How to make it more rigorous? Example?



Quite diferent in my situation. Folks learn that after a scheduled audit they are not gonna be bothered until the next audit.

I wonder why the standards dont allow spontaneous IA. Like, you come to work one day, grab your pen and checklist, run into the lab, and: "Aha! Gotcha!" :D

It happens quite often that i come to the laboratory just to chat with my coleagues and i see a lot of nonconformities. And it just itches me to have an IA done, but, well, it's not the time for an IA.

Your whole audit process needs an overhaul! More importantly, your people are a reflection of the company's management style, so that appears to need fixing first....

Well, what do you mean? How to make it more rigorous? Example? By increasing the number of audits you are going to send the signal that this is important and that audit ready is a way of life.



Quite diferent in my situation. Folks learn that after a scheduled audit they are not gonna be bothered until the next audit.This is a people issue, but if you have the audit as often as needed then you will be covered.

I wonder why the standards dont allow spontaneous IA. Like, you come to work one day, grab your pen and checklist, run into the lab, and: "Aha! Gotcha!" :DIt creates a harassment environment.:2cents:

It happens quite often that i come to the laboratory just to chat with my coleagues and i see a lot of nonconformities. And it just itches me to have an IA done, but, well, it's not the time for an IA.

My comment inserted in Red!

Today, anyone from KTP 2 will tell you it's become a pencil whipping exercise!

That is not entirely surprising. I have always pondered when we were directed by GM to have our "upper management" (read "owner") do LPA's that their assembly plant manager did one, too.

But, fact is any audit system can become pencil whipping exercise. On the other hand, I have been in quality systems where LPAs were very effective at maintaining the system and preventing mass clean-ups. So, it is clearly a not a problem conceptually - more so in implementation and culture.

It would help to know how often audits occur and how many auditors you have etc.

You may not, yet, be meeting the requirements of an effective internal audit program. Your problem may lie there, for a start....

Your whole audit process needs an overhaul! More importantly, your people are a reflection of the company's management style, so that appears to need fixing first....

Correct observation. The management is busy with other things, and thinks that QS is just necesarry requirement by our government.

Why are you saying that "gotcha" attitude would not help to keep the laboratory ISO17025-compliant all year round not just two days before the audit?

And back to my original question: why the standards do not allow spontaneous IA? It could leave up the company to decide which apporach is better. But no, they require IA to have a predetermined schedule.

It happens quite often that i come to the laboratory just to chat with my colleagues and i see a lot of nonconformities. And it just itches me to have an IA done, but, well, it's not the time for an IA.

As Dr. Phil would say "How's that working for you?"

In a control plan, if your sampling rate is too infrequent to recognize a problem until it is too late, you increase your sampling rate. Same thing here. If the plan is not working, fix the plan.

That is not entirely surprising. I have always pondered when we were directed by GM to have our "upper management" (read "owner") do LPA's that their assembly plant manager did one, too.

But, fact is any audit system can become pencil whipping exercise. On the other hand, I have been in quality systems where LPAs were very effective at maintaining the system and preventing mass clean-ups. So, it is clearly a not a problem conceptually - more so in implementation and culture.

Conceptually it is a problem......they've substituted a 'tool' for what should be routine supervisory and management practices, supported by a robust quality (business) management system.......I guarantee Mr. LaSorda (from GM, before Chrysler LLC) couldn't explain that one......

There'd be no pencil whipping then.......

Correct observation. The management is busy with other things, and thinks that QS is just necessary requirement by our government.

Why are you saying that "gotcha" attitude would not help to keep the laboratory ISO17025-compliant all year round not just two days before the audit?

And back to my original question: why the standards do not allow spontaneous IA? It could leave up the company to decide which approach is better. But no, they require IA to have a predetermined schedule.


They want - at a minimum - to cover all of the standard in the internal audits. So, to make sure you do, they want to see a schedule that covers it. Does that mean that is the sole limitation of internal audits? No. You can exceed the requirement all you want - especially as a corrective action verification activity.

Also, look at your resources requirement. Are they adequate? Are they prioritized correctly?

Correct observation. The management is busy with other things, and thinks that QS is just necesarry requirement by our government.

Why are you saying that "gotcha" attitude would not help to keep the laboratory ISO17025-compliant all year round not just two days before the audit?

And back to my original question: why the standards do not allow spontaneous IA? It could leave up the company to decide which apporach is better. But no, they require IA to have a predetermined schedule.

I didn't mention anything about 'gotcha' audits - but anyone who has been a kid and found 'smoking behind the bike sheds' knows it doesn't stop anything! It didn't stop you doing anything, did it?

So, you can do spontaneous audits if you wish! Create a monster, feed it! ISO 9001 doesn't have to have a predetermined schedule! Where did you read that????:read:

Thanks for all replies. I see that the winner is "increase frequency". And i am sure it would help. But IA can not be done every week or every month. It all relates to extra costs - extra hours or extra staff.
The simpliest (and most cost efficient) thing seems to be to have spontaneous IA...

They want - at a minimum - to cover all of the standard in the internal audits. So, to make sure you do, they want to see a schedule that covers it.

Who are they? Who says you have to cover all the standard? It's not a requirement is it?:notme:

CB auditors may say such things, but it's partly to relieve themselves of the potential for writing a major nc and causing some embarrassment due to the clients ineffective audit rogram management.

Conceptually it is a problem......they've substituted a 'tool' for what should be routine supervisory and management practices, supported by a robust quality (business) management system.

No, it is not a problem. Yes, it is a tool that provides a stuctured basis - not a substitution - for routine supervisory and management practices to maintain a robust quality (business) management system. Used correctly it is effective at keeping the system monitored more closely and even permits measureable verification of the condition of the system.

Does everyone need the tool? No, their systems and processes may be so simple and obvious that everything is right in front of them. Good for them.

I didn't mention anything about 'gotcha' audits - but anyone who has been a kid and found 'smoking behind the bike sheds' knows it doesn't stop anything! It didn't stop you doing anything, did it?


SURE it did!!! :yes:



So, you can do spontaneous audits if you wish! Create a monster, feed it! ISO 9001 doesn't have to have a predetermined schedule! Where did you read that????:read:


Sorry for confussion.
ISO9001 requires planned intervals (whatever that means).
ISO17025 requires a predetermined schedule

Thanks for all replies. I see that the winner is "increase frequency". And i am sure it would help. But IA can not be done every week or every month. It all relates to extra costs - extra hours or extra staff.
The simpliest (and most cost efficient) thing seems to be to have spontaneous IA...

Did you read my article? Of course you can do audits weekly or monthly! Costs are saved by the improvements audits bring, if the program is managed effectively. Just increasing frequency isn't the answer.......you need to target the processes where the maximum (management) benefit can be derived.....you can't just put a calendar together and audit without consulting performance issues!

The audits will be all over the place and simply feed the very problems you stated earlier about people cleaning up - because they see no value in your audit efforts!

Thanks for all replies. I see that the winner is "increase frequency". And i am sure it would help. But IA can not be done every week or every month. It all relates to extra costs - extra hours or extra staff.
The simplest (and most cost efficient) thing seems to be to have spontaneous IA...

Andy is right, it is not just the issue of audit frequency, but what you do to correct the problem (if and when you detect it). If you get to the point where the systems are corrected, you can reduce the audits. You do not have to increase the audits for the whole system, you can do it in the troubled areas.

It sounds like you are in a predicament where people are looking at your quality system requirements as an option rather than a requirement - and a lot of that comes from the perception of the message from upper management. If that is the case, you will have an ongoing problem - few will want to invest their efforts in fixing it, as it will be a low priority.

It happens quite often that i come to the laboratory just to chat with my coleagues and i see a lot of nonconformities. And it just itches me to have an IA done, but, well, it's not the time for an IA.

My former workplace was ISO 9001 and 17025 registered - and if we saw a lot of nonconformities just passing through the lab - we'd mention them to staff and maybe even write up an NC - you don't need to wait until an IA to generate nonconformities.

For example - I once passed an engineer receiving materials and commented "Oh, is that the pipe for project X?" "Yes" he replied "Is is PVC pipe, it looks a little different than our normal material?" I asked. "No" He replied, "We're using CPVC pipe for project X" "Is it being constructed under our Certificate of Authorization?" I asked "Yes" he replied. "Hmm... our COA doesn't allow us to use CPVC - only PVC - I'll have to ensure our Quality Manual is updated and that the Authorized Inspector has accepted our updates before we begin instruction - we have a nonconformance on our hands!" - I then went to write up the NC as our Engineering Department hadn't consulted our Quality person (me!) to ensure our COA covered all PVC types - and obviously they hadn't read the Quality Manual that would have told them what they needed to know! (Here in Ontario, if you manufacture or repair pressure systems you have to have a Certificate of Authorization from the Technical Standards and Safety Authority - which involves having a Quality Manual which an Authorized Inspector from their organization must approve - and they must also approve all changes).

IMHO - raising NCs, or empowering staff by letting them know they can raise NCs outside of the IA process helps promote ownership and gets people "thinking quality" on a day-to-day basis.

Darlene

I see you've had several replies to your questions and I concur. From my experience, giving the auditees the heads up of what will be reviewed during the internal audit encourages participation. Audits should not be pop quizzes - something to be feared, but seen as opportunities to improve the system. And if indeed the employees were cleaning up only for the audit, and the processes not being followed consistently, this would eventually be identified - most likely through defects in the downstream process. Also, the checklist is usually just an outline and not a detailed list so the auditees wouldn't really have all the answers before hand. I send the checklist as a courtesy 1 - 2 weeks prior to the audit. The auditees have it if they want to read it, but many times are too busy to take the time.