Our IA just wrapped up not to long ago. He found one major, four minors, and a handful of observations...all of which were real nit-picky, but regardless...

My MR and I accompanied him for the 3 days he was here and answered whatever questions he may have had. How do we now audit him? Do I go through our 8.2.2 Internal Auditing procedures and see if he followed them the way they were written? Is that the extent of how to audit an Internal Auditor? Neither I nor my MR have any training credentials for auditing ISO 9001:2000, yet. Our registration audit is scheduled for mid-August as well.

Our IA just wrapped up not to long ago. He found one major, four minors, and a handful of observations...all of which were real nit-picky, but regardless...

My MR and I accompanied him for the 3 days he was here and answered whatever questions he may have had. How do we now audit him? Do I go through our 8.2.2 Internal Auditing procedures and see if he followed them the way they were written? Is that the extent of how to audit an Internal Auditor? Neither I nor my MR have any training credentials for auditing ISO 9001:2000, yet. Our registration audit is scheduled for mid-August as well.


Hello noboost4you,

Are you referring to an internal audit that was outsourced?

Please clarify if you will.

Stijloor.

When it's time for our internal audit process to be audited, an auditor from one of our other manufacturing facilities comes over and does an audit of our IA procedures, audit records, training records, CA, etc. He interviews the auditors and me and writes his report based on his findings.

Pretty simple, really. Hope this helps. :)

Our IA just wrapped up not to long ago. He found one major, four minors, and a handful of observations...all of which were real nit-picky, but regardless...

My MR and I accompanied him for the 3 days he was here and answered whatever questions he may have had. How do we now audit him? Do I go through our 8.2.2 Internal Auditing procedures and see if he followed them the way they were written? Is that the extent of how to audit an Internal Auditor? Neither I nor my MR have any training credentials for auditing ISO 9001:2000, yet. Our registration audit is scheduled for mid-August as well.

you're auditing the internal audit process, not the auditor.

So, yes - walk through your procedure and:
1) make sure all the bases were covered during the audit in regards to your procedure
2) make sure your procedure meets the needs of the ISO standard.

Don't be put off by the fact that you don't have training credentials. It's all just comparing actions to the procedure and the procedure to the standard.

where does the standard say that you have to audit your auditor? I've never audited an auditor in my life.

What I meant was how do we go about auditing the work of the auditor. I pretty much figured it was what Discordian had replied with. I'll go through the procedure and document how he fulfilled the requirements.

If you have developed an actual "audit program" as required then it should have the procedures set up as to how to review and improve the program itself. The auditor and his/her output are just components of the program and not stand alone things.

This is just part of auditing 101.

I agree with Discordion's comment.

You are not auditing the auditor. You are auditing your internal audit process. Actually, since you hired the third party to do your audit, you can probably ask them how they qualify their auditors. They actually should evaluate the performance of their auditors against ISO 19011. ISO 19011 is what the registrars use to evaluate the performance of their auditors.

On a positive note, it's good that these auditors are nit-picky considering that this is your internal audit. It's a whole different story if this were your actual registration or surveillance audits...

What you need to audit is primarily ISO 9001 8.2.2 a & b.
a) Did the audit(s) determine if the system conforms to requirements?
b) Did the audit(s) determine if the system is effective?
What objective evidence do you have to show it?

By the way, was there only one audit conducted? If so, you will also need to audit the follow-up activities from the outsourced audit (corrections and corrective actions) and verify that the audit results were reviewed by management (5.6.2a).

What you need to audit is primarily ISO 9001 8.2.2 a & b.
a) Did the audit(s) determine if the system conforms to requirements?
b) Did the audit(s) determine if the system is effective?
What objective evidence do you have to show it?

By the way, was there only one audit conducted? If so, you will also need to audit the follow-up activities from the outsourced audit (corrections and corrective actions) and verify that the audit results were reviewed by management (5.6.2a).

This was our first and only audit so far. Next scheduled audit is the registration audit in August. Next scheduled MR meeting is the day after the close of the registration audit. Our auditor took 25 pages of notes, wrote out all nonconformities/observations, and filled out a short internal audit summary report form. Plenty of evidence of his presence and his findings.

Our procedure states that if internal audits are conducted by a third party, follow-ups may not occur. It will then be the responsibility of the manager/supervisor to ensure the nonconformity is closed.

This was our first and only audit so far. Next scheduled audit is the registration audit in August. Next scheduled MR meeting is the day after the close of the registration audit. Our auditor took 25 pages of notes, wrote out all nonconformities/observations, and filled out a short internal audit summary report form. Plenty of evidence of his presence and his findings.

Our procedure states that if internal audits are conducted by a third party, follow-ups may not occur. It will then be the responsibility of the manager/supervisor to ensure the nonconformity is closed.

Something doesn't sound right here........:mg:

You've only had 1 internal audit? You are asking about doing an audit of the internal audit process, after just 1 internal audit? Right? If the Management Review is after the registration audit, how will you factor the results of audits in, to show your registrar??

What about all the other internal audits? What was the scope/focus of this internal audit? It sounds like the person who did it was from outside your organization and spent 3 days with you. Is this correct?

I may have this backwards, from what (little) you've told us, but I'd be concerned about not actually passing the registration audit............:mg: Your management review has to deal with the requirements (like audit results) and if you don't do it until after the reg. audit, how will you show compliance?? Did I miss something here?

Our IA just wrapped up not to long ago. He found one major, four minors, and a handful of observations...all of which were real nit-picky, but regardless...

My MR and I accompanied him for the 3 days he was here and answered whatever questions he may have had. How do we now audit him? Do I go through our 8.2.2 Internal Auditing procedures and see if he followed them the way they were written? Is that the extent of how to audit an Internal Auditor? Neither I nor my MR have any training credentials for auditing ISO 9001:2000, yet. Our registration audit is scheduled for mid-August as well.


You don't audit the internal auditor, you may audit the internal audit process. Audit it like any other process. By the way, nonconformities identified as a "Major" are generally not "nitpicky" things?

...Our procedure states that if internal audits are conducted by a third party, follow-ups may not occur. It will then be the responsibility of the manager/supervisor to ensure the nonconformity is closed.


Follow-ups would be expected to occur to deal with the findings. However, you can perform that. It does not have to be by the auditor. You should follow your corrective action procedure.

Something doesn't sound right here........:mg:

You've only had 1 internal audit? You are asking about doing an audit of the internal audit process, after just 1 internal audit? Right? If the Management Review is after the registration audit, how will you factor the results of audits in, to show your registrar??

What about all the other internal audits? What was the scope/focus of this internal audit? It sounds like the person who did it was from outside your organization and spent 3 days with you. Is this correct?

I may have this backwards, from what (little) you've told us, but I'd be concerned about not actually passing the registration audit............:mg: Your management review has to deal with the requirements (like audit results) and if you don't do it until after the reg. audit, how will you show compliance?? Did I miss something here?

We had one MR Meeting in May that covered all the Review Inputs and Outputs (minus the Audit criteria). Our 1st and only Internal Audit was in June. The day after the end of the audit, we had another MR Meeting to discuss the audit results and what needs to be done.

The scope of this audit was ISO 9001:2000 as it applies to the realization of our products. He spent 3 days with us going through pretty much everything we do.

You don't audit the internal auditor, you may audit the internal audit process. Audit it like any other process. By the way, nonconformities identified as a "Major" are generally not "nitpicky" things?

I suppose, but the major he found isn't a systematic breakdown and was easily fixed. But it's fine, we value everything he found. We challenged him to find anything and everything he could. Anytime he found something, we didn't complain about it, but asked his opinion in how he would correct it. I'm glad he found stuff, even if it was nitpicky (IMO).

I suppose, but the major he found isn't a systematic breakdown and was easily fixed. But it's fine, we value everything he found. We challenged him to find anything and everything he could. Anytime he found something, we didn't complain about it, but asked his opinion in how he would correct it. I'm glad he found stuff, even if it was nitpicky (IMO).


sounds like a good approach...

I have a question, how do you have a major nonconformance that is not systemic? No, I am not trying to be a wise acre, just something that has never crossed my radar before. thanks.

I have a question, how do you have a major nonconformance that is not systemic? No, I am not trying to be a wise acre, just something that has never crossed my radar before. thanks.

In my opinion, it isn't a systematic breakdown. There were many work orders without signatures. I understand where he's coming from (Element 7.5.1 and 8.2.4), but in his explanation, I didn't agree about the breakdown. Signatures were a new thing a few months prior to considering ISO and after 40 years without signatures, we're fine. But like I said, very quick fix. Just a 15 minute pow-wow with everyone in Production.

Our 1st and only Internal Audit was in June. The day after the end of the audit, we had another MR Meeting to discuss the audit results and what needs to be done.

The scope of this audit was ISO 9001:2000 as it applies to the realization of our products. He spent 3 days with us going through pretty much everything we do.

How do you meet the requirements of an audit programmme based on 'status and importance' if you only do one a year??

You may get registered, but IMHO you are not getting your bang for the buck. If the auditor is writing majors for no sigs on stuff, that's bogus. Steel's right to call the auditor on a major not being a systemmic issue, and, frankly, sigs isn't a major anything. Sorry to get aggitated, but I think someone's missing the point here.

You are supposed to have an internal audit programme which is intelligent - see what ISO 9004 says about audits. Don't your management want to pay for you to do them properly - that is have audits look into business performance issues? To find out why the process isn't doing what it should?

If I was your 3rd party auditor, I'd be all over this one, and your management review. Seriously, this is not what audits and a review of the operational performance of the business is about.