Good Day all;

I am the ISO 9001:2000 Lead Auditor for the company I work for. I AM THE ONLY AUDITOR for the company that I work for. Therefore, who can audit me? Our certified internal auditors are no longer with us and they have not been replaced yet. I am finishing up my internal audits of the processes except for Internal Auditing.

The Quality Manager stated that he will audit me. He is not "certified" as an auditor so would this fly with a 3rd party auditor? :cool:

Any thoughts would be appreciated.

thanks
Kiddo

The Quality Manager stated that he will audit me. He is not "certified" as an auditor so would this fly with a 3rd party auditor? :cool:

What do you mean by "he is not certified"? Does he have an internal audit course under his belt? Is it recent? If so, I see no problem in him auditing you...

certified to what or who? make sure that your procedures are not so prescriptive that you paint yourself into a corner. In two hours (or less:notme: ) time you can train someone to audit the internal audit program. Tell them to have fun and turn them loose.

You can train him to audit whatever. Just make sure that the training is documented, on file and available for review. Same thing happens here, people come and go, so you have to train new people. I have never had an issue with an outside auditor for doing things in this manner. Of course I will fight any auditor who imposes or tries to impose his methods on our company.

I would suggest that you accompany him during the first five audits he performs. You will have to train him to issue n/c's, if necessary. If you only use him for internal audits, the steelmaiden is correct, it won't take long.

Therefore, who can audit me?In this situation I usually suggest asking some other company nearby, if they would be interested in swapping favours: They audit you and you audit them, and both get a learning experience and widened views as a bonus.

/Claes

Try this exercise to help come up with the solution....

You got hit by a bus on the way to work and can't do the audit scheduled for today (and today is the drop-dead dead if it isn't done).

What's the solution?

Try this exercise to help come up with the solution....

You got hit by a bus on the way to work and can't do the audit scheduled for today (and today is the drop-dead dead if it isn't done).

What's the solution?


Gee, Randy, couldn't you at least let him win the lotto or something...rather than the old "hit by the bus..." Have a heart!

One way or another there should be a back-up plan.

P-P-P-P-P-P-P

Good Day all;

I am the ISO 9001:2000 Lead Auditor for the company I work for. I AM THE ONLY AUDITOR for the company that I work for. Therefore, who can audit me? Our certified internal auditors are no longer with us and they have not been replaced yet. I am finishing up my internal audits of the processes except for Internal Auditing.

The Quality Manager stated that he will audit me. He is not "certified" as an auditor so would this fly with a 3rd party auditor? :cool:

Any thoughts would be appreciated.

thanks
Kiddo

The same problem happens here too.
I maintain both ISO 9001 & ISO 17025 as an MR. The internal auditor is only quaified to do ISO 9001 audits. On the contrary when he audits MR he audits both ISO 9001 as well as ISO 17025. The reason that he mentions is that the management clauses are same for both the standards.

In this situation I usually suggest asking some other company nearby, if they would be interested in swapping favours: They audit you and you audit them, and both get a learning experience and widened views as a bonus.

/Claes

I fully agree with Claes; our experience in using auditors from other companies has been excellent. We have also tried the following: (a) we invited retired employees (qualified auditors) to carry out our internal audit and (b) we invited qualified auditors from other Divisions/Factories of the company to carry out our internal audit. In both the cases the results were excellent.

(a) we invited retired employees (qualified auditors) to carry out our internal audit and (b) we invited qualified auditors from other Divisions/Factories of the company to carry out our internal audit.Good ideas :agree1: We actually use (b) as well. I just forgot to mention it.

/Claes

Use anybody. Many suggestions around.

Just make sure that he is competent to work as an internal auditor (by training / qualification .. whatever). Also ensure that your competency record shows that he is competent.

Good Day all;

I am the ISO 9001:2000 Lead Auditor for the company I work for. I AM THE ONLY AUDITOR for the company that I work for. Therefore, who can audit me? Our certified internal auditors are no longer with us and they have not been replaced yet. I am finishing up my internal audits of the processes except for Internal Auditing.

The Quality Manager stated that he will audit me. He is not "certified" as an auditor so would this fly with a 3rd party auditor? :cool:

Any thoughts would be appreciated.

thanks
Kiddo

The idea of auditing the auditor leads to an unavoidable infinite regression. It has to stop somewhere, no? While there should be some backup person in your company in case you do get hit by a bus or win the lotto (with my luck I'd win the lotto and then get hit by a bus :lol:) there's no reason to think that a lead auditor must be audited. That's what management review is for, at least in part.

The idea of auditing the auditor leads to an unavoidable infinite regression. It has to stop somewhere, no? While there should be some backup person in your company in case you do get hit by a bus or win the lotto (with my luck I'd win the lotto and then get hit by a bus :lol:) there's no reason to think that a lead auditor must be audited. That's what management review is for, at least in part.


I think we are basically meaning auditing the Internal Audit process, not the auditor. I can definitely see value in auditing the process, and all of my clients basically do.

I think we are basically meaning auditing the Internal Audit process, not the auditor. I can definitely see value in auditing the process, and all of my clients basically do.

Great. Then who audits that process? Where does it stop? Sorry, but it makes no sense to audit the internal audit process, unless you do agree to an infinite progression (or regression). I've seen all kinds of things that lots of companies do that they shouldn't be doing, so the fact that lots of companies do it doesn't carry much weight. Monitoring the internal audit process is a function of management review.

Great. Then who audits that process? Where does it stop? Sorry, but it makes no sense to audit the internal audit process, unless you do agree to an infinite progression (or regression). I've seen all kinds of things that lots of companies do that they shouldn't be doing, so the fact that lots of companies do it doesn't carry much weight. Monitoring the internal audit process is a function of management review.

I understand your point, but I disagree. It stops with the first level of auditing, and there is no infinite regression.

The internal audit process is so important that I have to audit it at every surveillance. And I frequently find problems or improvements. Most internal audit programs need much improvement. To not have them audit it does not make sense. Besides, most companies define it as a "process" and thus, it needs to be audited.

I understand your point, but I disagree. It stops with the first level of auditing, and there is no infinite regression.

The internal audit process is so important that I have to audit it at every surveillance. And I frequently find problems or improvements. Most internal audit programs need much improvement. To not have them audit it does not make sense. Besides, most companies define it as a "process" and thus, it needs to be audited.

Sorry, but it still makes no sense to me. I understand the need for third-party review of the internal audit process. You haven't explained why, if it's so important to do it internally, that it's not also necessary to audit the process that audits the process. Why isn't management review sufficient?

Sorry, but it still makes no sense to me. I understand the need for third-party review of the internal audit process. You haven't explained why, if it's so important to do it internally, that it's not also necessary to audit the process that audits the process. Why isn't management review sufficient?

In no other process do we "audit the process that audits the process." I guess I'm not clear why we would single out internal auditing and apply that only to it?

Mgt. Review does not look at the same inputs as the audits are supposed to. So I don't see that as being equivalent for this process, or any other.

I guess, to me it is treated just as any other process. No more, no less.

In no other process do we "audit the process that audits the process." I guess I'm not clear why we would single out internal auditing and apply that only to it?

Wait a minute--that was my question. The OP asked specifically about who would audit his work, the work being internal auditing:

I am the ISO 9001:2000 Lead Auditor for the company I work for. I AM THE ONLY AUDITOR for the company that I work for. Therefore, who can audit me?

If you're saying that the internal audit process itself must be audited, then you are indeed proposing an infinite regression.

Mgt. Review does not look at the same inputs as the audits are supposed to.

Management, being management, can review whatever it wants to review, so long as the basic requirements of the standard are upheld. It makes sense to me that one thing that management should be concerned about is the efficacy of the internal audit process, and the buck has to stop somewhere. I think this is one of those instances where people need to climb out of the box and have a look around. If management doesn't have direct knowledge of the functioning of the system, then the whole idea of compliance to the standard has been missed.

I guess, to me it is treated just as any other process. No more, no less.

Unless we're misunderstanding one another, and I hope that's the case, you're proposing another process--one to monitor the internal audit process. If that's the case, and you want to treat it like any other process, then it must be audited.

Wait a minute--that was my question.

:D


If you're saying that the internal audit process itself must be audited, then you are indeed proposing an infinite regression.


Unless we're misunderstanding one another, and I hope that's the case, you're proposing another process--one to monitor the internal audit process. If that's the case, and you want to treat it like any other process, then it must be audited.



Yes, I think we are getting tangled up. I propose that all processes in the system get audited. That includes the CA process, the Management Process, and, yes, the internal audit process. These can be audited by any competent auditor except the owner of the process, who cannot audit his own work. The audits should look at the effectiveness of the process, schedule, etc....all the usual process stuff.

Thus far, there would be no infinite regression, because it goes no further. The infinite regression would begin if we then audit that layer, then another and so on. No reason to do that.

This does not come up very often as an issue. Pretty much most folks seem to do that. After all, in the old ISO/QS, Element 4.17 was generally audited just like the other elements.

My two cents, at any rate.