Hi folks,

My previous client was given a NC by a certifying body because one of their experienced internal auditor facilitated an internal audit training for new auditors. The CB told them that ISO 9001 internal audit training must be conducted only by a certified lead auditor and is IRCA registered.

Can't find any basis for raising this nonconformity I hope you can help us.

Regards to all,

tony s

Hi folks,My previous client was given a NC by a certifying body because one of their experienced internal auditor facilitated an internal audit training for new auditors. The CB told them that ISO 9001 internal audit training must be conducted only by a certified lead auditor and is IRCA registered.Can't find any basis for raising this nonconformity I hope you can help us.Regards to all,tony s

It may depend on the industry, standard being registered to (e.g., ISO, AS, TL, ...) and/or contract. But in no case have I ever seen this to be a requirement, unless the organization has designated it so in their internal procedures.

They should ask the external auditor what clause of what standard/procedure the nonconformity was against. Then consider firing the registration body/organization and going with one that itself has calibrated auditors!

I agree for ISO 9001:2000 there is no definition.
8.2.2
Selection of auditors and conduct of audits shall ensure objectivity and impartiality of the audit process. Auditors shall not audit their own work.

and a refrerence to
NOTE See ISO 10011-1, ISO 10011-2 and ISO 10011-3 for guidance. that is noloner existent

TS though
8.2.2.5 Internal auditor qualification
The organization shall have internal auditors who are qualified to audit the requirements of this Technical Specification( see 6.2.2.2).

Get the reference from the auditor

Everyone is right. I haven't seen any requirement in ISO9001:2000 that requires this. The only thing that I see is what was said regarding the internal procedure.

Ask the auditor where this is stated?

And I agree also. The only NC I've ever gotten was that the procedure for Internal Audit said the IA had to have a certain level of education and that was just some arbitrary requirement from the corporate HQ that we had overlooked in the procedure changes. It was written up as an obeservation and it was changed before the auditor left the building on the last day of the audit. It had been overlooked in previous audits by the CB's assessors.

And I would ask where he got that. It seems that auditors have a tendency to look for problems in areas they were invovled in prior to becoming auditors, i.e, if they spent 20 years in production before becoming auditors for DNV, ABS or whoever that will be the area they look at the hardest.

But yes I would definately protest that. If they are a respectable registrar you can request "mediation" from them on it. But be careful, you may aggravate someone. And changing CB's can create a lot of problems as well. Been there, done that. Turned out badly.

To All,

Thanks. I'm happy that what I understand is the same with you guys.:)

I guess there are some CBs even consulting firms who bring this kind of idea to push their interests to gullible companies here. That's why in a place where there is much confusion and where people who should be bringing the light is the one casting more shadows - then the more business opportunity for them.

Is'nt HONESTY the best policy?

I'm just dissapointed with these kind of people. Anyway, I'm still lucky to get informative/valuable replies from you guys. Thanks. :thanx:

tony s

Tony,

An NC is formalised when the auditee accepts it. He has the choice to dispute. Obviously your client seems to have accepted the NC.

Just curious to know what corrective action has he committed. Maybe you could enlighten.

Howard,

This reminds me of another thread, but as you say, there is no ISO 10011 series anymore. It is obsolete and has been replaced by ISO 19011. Pl refer to the new standards for info.

Reference to obsolete external documents!

It may depend on the industry, standard being registered to (e.g., ISO, AS, TL, ...) and/or contract. But in no case have I ever seen this to be a requirement, unless the organization has designated it so in their internal procedures.

They should ask the external auditor what clause of what standard/procedure the nonconformity was against. Then consider firing the registration body/organization and going with one that itself has calibrated auditors!

I'm a 10 year certified 3rd party Lead Auditor, and am not IRCA registered...:cool:
Does that mean I have to resign?

Hi folks,

My previous client was given a NC by a certifying body because one of their experienced internal auditor facilitated an internal audit training for new auditors. The CB told them that ISO 9001 internal audit training must be conducted only by a certified lead auditor and is IRCA registered.

Can't find any basis for raising this nonconformity I hope you can help us.

Regards to all,

tony s

:agree1: I agree with others. It is not necessary to have training conducted by such a person.

At best it can be a suggestion for improvement, wherein the IRCA or other recognised Internal Quality Audit Training Programs may be considered but certainly NOT a nonconformity. :frust:

Infact these programs do not necessarily iinclude particular industry / organisation specific systems and work areas unless customised so.

e.g. while conducting training for my clients, i include examples from the company itself and sometime involve their personnel. These are customised but not IRCA or otherwise registered training programs!!!

Tony,

An NC is formalised when the auditee accepts it. He has the choice to dispute. Obviously your client seems to have accepted the NC.

Just curious to know what corrective action has he committed. Maybe you could enlighten.

Because of that NC they changed their documented procedure and included something like: "internal auditor's must undergo and successfully complete an internal audit training course provided by an accredited/certified body..."

Then hired an IRCA registered consultant, to make matters worse for them.

I only got to know this after the QMR telephoned me to tell that they're worried because only two of them out of almost 20 training participants failed the exam given by their facilitator. So their auditors are now depleted and they have to complete again another round of audit before the upcoming surveillance which is scheduled on October 30, 2006.:mg:

tony s

Most likely a self inflicted wound.

I just did an on-site training course that included some of the clients documents and guess what, a pretty similar thing about training and so forth. Thes folks had developed some great stuff, but never really "read" it. They of course asked why their registration auditors ( I admit, they're ours) had never seen the things I saw. I simply say that as a trainer I have a different perspective than an assessor and that I was probably looking at a different piece of the system.

Because of that NC they changed their documented procedure and included something like: "internal auditor's must undergo and successfully complete an internal audit training course provided by an accredited/certified body..."

Then hired an IRCA registered consultant, to make matters worse for them.

I only got to know this after the QMR telephoned me to tell that they're worried because only two of them out of almost 20 training participants failed the exam given by their facilitator. So their auditors are now depleted and they have to complete again another round of audit before the upcoming surveillance which is scheduled on October 30, 2006.:mg:

tony s


Well your comment :mg: says it all. I dont know what I could add. Maybe :lmao: , maybe :frust: or maybe :applause: . But anyway, for other auditees likely to be, or already in such a situation, this is a great :caution: .

Thanks for a nice case. Lots to learn for all.

Howard,

This reminds me of another thread, but as you say, there is no ISO 10011 series anymore. It is obsolete and has been replaced by ISO 19011. Pl refer to the new standards for info.

Reference to obsolete external documents!

Slightly:topic:
How should one act in reference to this Note?

Slightly:topic:
How should one act in reference to this Note?

1. This just gives the new documents that have come into existance and replaced the ISO 10011 series - for reference of all who may need the info.

2. Completely:topic: This refers to discussion in the thread "Non-Conformance due to obsolete ISO/TS 16949 audit checklist" regarding whether normative references mean the latest edition, and whether using an outdated edition is an NC.

Because of that NC they changed their documented procedure and included something like: "internal auditor's must undergo and successfully complete an internal audit training course provided by an accredited/certified body..."

tony s

It appears that this was a "Reactive" action and not a "Proactive" action by Top Management. A typical reactive management group in my opinion. I would have Management rethink their reactive action. :bonk: :frust:

Because of that NC they changed their documented procedure and included something like: "internal auditor's must undergo and successfully complete an internal audit training course provided by an accredited/certified body..."

Then hired an IRCA registered consultant, to make matters worse for them.

I only got to know this after the QMR telephoned me to tell that they're worried because only two of them out of almost 20 training participants failed the exam given by their facilitator. So their auditors are now depleted and they have to complete again another round of audit before the upcoming surveillance which is scheduled on October 30, 2006.:mg:

tony s

It is unclear.

If only two passed the training, then either the trainer did a poor job of training or testing.

Or perhaps the original NC was justified and the auditors were not good at auditing.

Okay, we've all agreed that poor Tony's finding was not the best and that management's response was even worse. Time to move forward.

There's a saying in english : "Fool me once, shame on you. Fool me twice, shame on me."

So, your organization accepted the finding, changed their processes to a format that did not benefit them, spent lots of money on training and now are feeling pretty low in the morale department.

You can not change the past...but you can alter how you approach internal auditing in the future.

Tony, by now you have hopefully realized that the NC your company was issued held no merit (let alone value). So...revise your internal auditing process so that it will add value to your organization. There are lots of threads here in the Cove on developing an audit programme and I suggest you use the "Search" function to find them.

Chalk up this whole event to a 'lesson learned'.

We´ve been registered since 1999 and to begin with, we trained 3 lead internal auditors with a consulting firm. Ever since then, all our internal auditors have been trained by me (I only have internal auditor training) and no CB has ever questioned this.

Another example of poorly trained or inexperienced CB lead auditors?

Because of that NC they changed their documented procedure and included something like: "internal auditor's must undergo and successfully complete an internal audit training course provided by an accredited/certified body..."

Then hired an IRCA registered consultant, to make matters worse for them.

I only got to know this after the QMR telephoned me to tell that they're worried because only two of them out of almost 20 training participants failed the exam given by their facilitator. So their auditors are now depleted and they have to complete again another round of audit before the upcoming surveillance which is scheduled on October 30, 2006.:mg:

tony s

This all could have been avoided if someone would have said "Can you show me the shall, please?"

Hi folks,

My previous client was given a NC by a certifying body because one of their experienced internal auditor facilitated an internal audit training for new auditors. The CB told them that ISO 9001 internal audit training must be conducted only by a certified lead auditor and is IRCA registered.

Can't find any basis for raising this nonconformity I hope you can help us.

Regards to all,

tony s

I don't mean to muddy the waters here but before judging the nonconformance I think it would be good to have a better understanding of what the nonconformance actually said. With all respect, I doubt the nonconformance stated anything about IRCA or any other body. It is more likely the nonconformance was given for something in 6.2 (Human Resources), or maybe in the case of a TS16949 company - 8.2.2.5.

If an experienced auditor has been auditing to ISO 9001 or QS9000 and now wants to train internal auditors, I would expect him/her to first be trained or have experience in auditing the applicable standard. In a case where the standard has gone from element auditing to process auditing, I would expect to see evidence reflecting the training. If the experienced auditor had no such training, I can see writing a nonconformance.

The possibility that the auditor suggested the easiest and probably quickest way to acquire the training/experience would be to attend a class would seem a logical discussion of the finding. I am sure there are other ways to demonstrate competency and maybe those were also discussed.

My point is we can't jump on the auditor if we don't know all the information. I don't think I am alone in the position that we could build a scenario where a N/C could be warranted. The bigger issue going through my mind is that competency of an auditor has to include knowledge, training/experience of the standard they are auditing. We just had a major change from element to process auditing. There is also the possibility of customer specific requirements. I have seen some customer requirement manuals that specifically state a certified lead auditor is required.

One last thought is that I seem to remember an interpretation (for TS, I think) stating internal audit training must be done by a certified lead auditor. Any CBs here that could help out on that?

Dave

This all could have been avoided if someone would have said "Can you show me the shall, please?"

That is right on. :cool: :agree1:

The possibility that the auditor suggested the easiest and probably quickest way to acquire the training/experience would be to attend a class would seem a logical discussion of the finding. I am sure there are other ways to demonstrate competency and maybe those were also discussed.

The auditors are supposed to report observations with facts and supporting references. If they stamp any observation as an NC, they are supposed to report:

- What was observed.

- What requirement is getting violated (a clause of the standard / a document in the QMS / a CSR).

- What exactly does the requirement say.

They are not supposed to dictate or even suggest solutions. Definitely not in writing.

The auditors are supposed to report observations with facts and supporting references. If they stamp any observation as an NC, they are supposed to report:

- What was observed.

- What requirement is getting violated (a clause of the standard / a document in the QMS / a CSR).

- What exactly does the requirement say.

They are not supposed to dictate or even suggest solutions. Definitely not in writing.

Obviously I didn't make my point clear enough.

At this point, no one has any idea of what was actually cited as a N/C. We have scenario based on second hand information. Nobody has said the auditor dictated or wrote anything about a solution. It would not be "consulting" for an auditor to discuss possible ways of providing evidence of conformity to parts of a standard.

What you have written is of course correct. I agree completely. What I am saying however is there could be some facts we are not yet aware of. I don't think we should immediately attack the auditor without full information. Let's face it, when an auditor is wrong, we don't hold back punches. I think it's only fair to have all the facts before we start swinging.

Dave

The CB told them that ISO 9001 internal audit training must be conducted only by a certified lead auditor and is IRCA registered.
Can you give us the exact words from the nonconformance and the clause that the auditor cited, please?

Can you give us the exact words from the nonconformance and the clause that the auditor cited, please?

I'll ask them about the exact words. Thanks

tony s

There is no requirement in ISO9001:2000 that requires internal auditors be trained by a certified lead auditor. It only requires that auditors be selected to ensure objectivity and impartiality. It also states that auditor shall not audit his own .....work...
This then defaults training to 6.2.2 where it states the organization shall determine the necessary competence, training, and records.

With respect to TS 16949 the same is true and it also goes to 6.2.2.2 where the same applies The Organization shall establish procedures to identify training needs.

The only place it was spelled out that a certified trainer is required is the Ford Motor Co. specific requirements. There it states the your company trainer must be trained by the certified auditor

That is the the best I can provide for you

Can I throw in another thought?

When I audit an organisation's internal audit process I will of course ask about the training of auditors and if appropriate, check training certificates.

However, I believe ISO 9001 6.2.1 is more relevant - .... shall be competent based on appropriate ......

I am less bothered by how auditors are trained, more by how well they can conduct audits. In process terms, (if internal audit is the process) look at the output of the process to see how effective it is. Good audits suggest competent auditors - no matter who trained them.

I'll ask them about the exact words. Thanks

tony sIt has been two weeks....:notme: Did you follow through?

Just finished 2 classes QAI ISO9000 internal auditing and ISO champion. In both I asked the certified instructors if internal auditors *have* to have an ISO certificate in internal auditing and both said yes. 3 of us are but we have 4 or so more that have been doing QS internal audits for years and we would like to be able to use them if need be. From what I gather in this thread is if they are competent they can do internal audits?

Just finished 2 classes QAI ISO9000 internal auditing and ISO champion. In both I asked the certified instructors if internal auditors *have* to have an ISO certificate in internal auditing and both said yes. 3 of us are but we have 4 or so more that have been doing QS internal audits for years and we would like to be able to use them if need be. From what I gather in this thread is if they are competent they can do internal audits?


I'm sorry but they're full of GARBAGE and the "S" word. Even the instructors for accredited Lead Auditor courses don't have to be certified, much less an internal auditor. There is an RABQSA certification scheme for QMS IA's, but it isn't "required" for internal auditors to have it in order to audit and I don't know of a credible Accredited Registration body that requires it of an organization.

Qrap, even ANAB, UKAS don't require the Registrar or CB auditors to be certified. They have to have successfully accomplished an accredited Lead Auditor course and gone through their own organizations process to be auditors but that's it.

By the way, there is no such thing as an "ISO" Certificate. So there's another pile of poop I'll call.

The possession of a certificate means nothing by itself. You guys come up with your own way to develop and determine your auditors competence and go for it. (Big suggestion....in the back of ISO 19011:2002 there is a table on page 31..Table 3...it is an example of how Auditor Competence within an hypothetical internal audit program can be achieved... Did your "certified instructors acquaint you with it?

I may have used the wrong term ("ISO" Certificate). Did not see what they said was correct and I thank you Randy for your input.

Absolutely there pardner....check out that Table on page 31 though