Hi all,
I am the QMR in a small company where I'm implementing the first QMS.
I do not plan on training an internal auditor, but will complete the audits myself with the Quality System being audited by the Registrar. I will also be requesting customers and suppliers to perform 3rd party audits.

Do you think this will satisfy the requirements?
Thanks,
julie

Hi all,
I am the QMR in a small company where I'm implementing the first QMS.
I do not plan on training an internal auditor, but will complete the audits myself with the Quality System being audited by the Registrar. I will also be requesting customers and suppliers to perform 3rd party audits.

Do you think this will satisfy the requirements?
Thanks,
julie

Hi Julie,

Can you give us a little bit more information?
What Standard applies to your QMS?
How many employees?

Stijloor.

Sure, ISO9001:2000 total employees = 26 Manufacturing/Design facility

Sure, ISO9001:2000 total employees = 26 Manufacturing/Design facility

Hello Julie,

The way you described it, I believe that you're OK. You have to comply with ISO 9001:2000, but how you accomplish this is your decision. Make it work for you.

Keep us posted.

Stijloor.

I see this a lot in small companies. I wonder if you will be stuck with auditing your suppliers as well, better yet creating a supplier quality management system?

Hi all,
I am the QMR in a small company where I'm implementing the first QMS.
I do not plan on training an internal auditor, but will complete the audits myself with the Quality System being audited by the Registrar. I will also be requesting customers and suppliers to perform 3rd party audits.

Do you think this will satisfy the requirements?
Thanks,
julie

This seems to be fine in my opinion, the only question remaining is, 'who will audit the QMR processes and any other processes looked after by you?'

Maybe the Top Management can take some time out and audit your processes, or the customer can, or even you may like to hire the services of an outside auditor once in a while to audit alongwith you and complete the cycle.

These are just suggestions and comments are invited.

or even you may like to hire the services of an outside auditor once in a while to audit alongwith you and complete the cycle.

These are just suggestions and comments are invited.


Parag,

The ISO 9001:2000 system does not mention anything on hiring the services of an external auditor. And it is a common practice to hire the services of an outside auditor for internal auditing.

but is it a healthy practice aftearall? Because the outside auditors generally do not have long term association with the organization and hired before the internal audit cycle.

In majority of the cases the out side auditor is the consultant employed by the organization to implement / maintain the qms. so his / her audit becomes biased at times.

isn't it better to go for atleast two internal auditor instead, i am not sure what should done for any organization having a manpower less than two and going for ISO implementation.

I would request Marc to go for a poll on this topic( what should be the minimum no. of internal auditors for small organization) if possible.

cheers:cool:

Arindam

Arindam

I agree with having two auditors, and maybe even more than two.

Very often questions like this one seem to really be asking, "How few auditors can we get away with?" The short answer to that is "One, along with an occasional someone to audit the process(es) the auditor is responsible for."

However, in a small company it seems to me a good idea for more people to do this work because auditing tends to press a different perspective on day-to-day activities. Suddenly the focus is (or should be) on effectiveness and continuous improvement, and not just getting things accomplished. Then the focus becomes one of effective communication (via high quality audit reporting) and perhaps administrating organized change (via the corrective action process). To give more than one person this focus in a small organization seems like a good idea to me.

This is simply not an answer of numbers, 'more than 1', '2 or more'.

Looking at the OP's details, the company does both design and manufacturing. These processes and other supporting processes require someone who is knowledgeable of them, to audit them.

Firstly,there should be a list of competencies drawn up, including all the 'standard' auditor attributes (taken from ISO 19011) to which should be added those auditor competencies required which relate to the processes of the organization. For example, who's going to audit the design process? If you have calibration/maintenance, who has sufficient knowledge/competence to audit those aspects? What must/could the auditor possess in terms of knowledge etc. to allow them to audit any process.

From this review, and having identified the required competencies, you will determine how many auditors needed. Maybe you will have to get started with an outside resource to coach the newbie auditors. It may be typical to have auditors who don't know much about the processes they're auditing, but that doesn't make for effective audits........

Parag,

.....

but is it a healthy practice aftearall? Because the outside auditors generally do not have long term association with the organization and hired before the internal audit cycle.

......

isn't it better to go for atleast two internal auditor instead, i am not sure what should done for any organization having a manpower less than two and going for ISO implementation.

......

Arindam

It is definitely better to have auditors within the company to conduct the audit. It was suggested only as an alternative and the management / MR has to determine the competence needed and appoint an auditor from internal and/or external resources.

I completely agree and endorse AndyN's views on this.

Hello Julie,

The way you described it, I believe that you're OK. You have to comply with ISO 9001:2000, but how you accomplish this is your decision. Make it work for you.

Keep us posted.

Stijloor.


I disagree. The poster is the QMR, and would be auditing their own work. ISO is seeking to avoid this. There would be a need for at least a second internal auditor, to audit certain processes. Or, as already mentioned, an external auditor could be commissioned for certain processes to avoid conflict.

I disagree. The poster is the QMR, and would be auditing their own work. ISO is seeking to avoid this. There would be a need for at least a second internal auditor, to audit certain processes. Or, as already mentioned, an external auditor could be commissioned for certain processes to avoid conflict.

Hello hjilling,

My response to jelsdonheight: "you're probably OK" was based on the statement: "I will also be requesting customers and suppliers to perform 3rd party audits"; thus ensuring "auditors shall not audit their own work."

In your opinion, could this work?

Stijloor.

Hello!
Even in a small company, I suggest to have a second (or more, if you can) to audit QMR processes and as a backup also.
Nowadays, there is no company that stops because someone is missing. If you have a backup you can prevent nonconformity in case you have any problem in the day scheduled for your internal audits, as well as have someone to audit QMR.

Regards!

Hello hjilling,

My response to jelsdonheight: "you're probably OK" was based on the statement: "I will also be requesting customers and suppliers to perform 3rd party audits"; thus ensuring "auditors shall not audit their own work."

In your opinion, could this work?

Stijloor.


Qualified people (competent, trained auditors) from other companies are permitted to participate in an audit. So, if the poster uses them to help complete their internal audit, that could meet the requirement. Perhaps they can barter time, and particpate in their audits as well. It could even provide good exposure to other systems and methods.

I would think that the extra burden of having any customer or supplier performing an 'internal audit' wasn't worth the hassle. Firstly, they'd have to follow the OP's own internal audit procedure, they'd have to provide evidence that they were, indeed, competent to perform the audit (and I don't mean a training certificate.....) and even then, there's no real comfort, IMHO, that the audit is going to be very effective. One of the many benefits of having someone from inside the organization (er, that is, internal) is that they 'know' the business. They (should) know the people, the culture, they know the customer/s requirements, they know the issues, changes, etc. etc. etc.

Even though many of us (I know 'H' does) do audits for clients, which are supposed to be 'internal', the fact of the matter is, unless the auditor is intimately familiar with the business, we actually won't do a very effective audit, IMHO. That's not to say we aren't good auditors, or we wouldn't do a thorough audit, we just aren't that close to the day to day business.

So, IMHO, for a customer or supplier to do an audit (BTW, it's not a 'third party audit') to me it wouldn't count as qualifying under ISO 9001 due to the reasons list at the top of this post.
:2cents:

(now, back to Wimbledon.......):lol:

I would think that the extra burden of having any customer or supplier performing an 'internal audit' wasn't worth the hassle. Firstly, they'd have to follow the OP's own internal audit procedure, they'd have to provide evidence that they were, indeed, competent to perform the audit (and I don't mean a training certificate.....) and even then, there's no real comfort, IMHO, that the audit is going to be very effective. One of the many benefits of having someone from inside the organization (er, that is, internal) is that they 'know' the business. They (should) know the people, the culture, they know the customer/s requirements, they know the issues, changes, etc. etc. etc.

Even though many of us (I know 'H' does) do audits for clients, which are supposed to be 'internal', the fact of the matter is, unless the auditor is intimately familiar with the business, we actually won't do a very effective audit, IMHO. That's not to say we aren't good auditors, or we wouldn't do a thorough audit, we just aren't that close to the day to day business.

So, IMHO, for a customer or supplier to do an audit (BTW, it's not a 'third party audit') to me it wouldn't count as qualifying under ISO 9001 due to the reasons list at the top of this post.
:2cents:

(now, back to Wimbledon.......):lol:


Andy's points are well taken. Having outsiders do these, would be classed as 2nd party audits. There is a pro and con to each level.

In a 1st party audit, the auditor has the most familiarity to the system. Audit skills may or may not be on the weaker side.

In a 2nd party audit, you lose the familiarity of the system, so you better gain something on the audit skill side. Very experienced auditors can compensate. Also, you may get some cross-polinization from the other company.

3rd party audits are by definition registrar audits.

Where Andy and I might differ, is that I don't see any reason why a 2nd party audit, or a hired outside auditor for a 1st party audit, would not meet the requirement. Particulary for a very small company, this is often the only viable solution.

Train more internal auditors. There is little excuse to not have more people in your facility engaged in the QMS.

Train more internal auditors. There is little excuse to not have more people in your facility engaged in the QMS.

With respect, that's not going to happen, except in extreme circumstances.........It's costly and is not going to address getting people involved in the system (see other recent related posts).

As much as some of us would enjoy having classes full of people becoming auditors, I rather doubt if management will, literally, buy this......

I thought that it was an option to train auditors by having them participate along side a qualified auditor for a length of time. As a alternative to spending money.

BTW - how costly is it to train an internal auditor?

These days you have to think out-of-the-box. The possibilities are endless.

I thought that it was an option to train auditors by having them participate along side a qualified auditor for a length of time. As a alternative to spending money.

BTW - how costly is it to train an internal auditor?

These days you have to think out-of-the-box. The possibilities are endless.

Pondo:
It is an option, but in my experience you've got a number of issues to face: -

Is the 'qualified' auditor any good as a teacher? How much experience do they have? What variety do they bring to the learning? Do they really do the job the way they were taught in class (I'm assuming you're sending one person to class!!). Who's reviewing the 'newbie' auditor's work? The person who taught them? Mmmmmmmmmm.

In addition, you will have a number of people who just don't get it. Why waste money on taking them out of their jobs and have them shadow an audit?

The costs of an accredited class (recommended) are various. A websearch or search here at the Cove will tell you the typical costs. Some of us have had quite a career teaching internal auditing...................:notme:

Out-of-the-box. :mg:

Out-of-the-box. :mg:

I'm with you - however, 'out of the box' still must meet the criteria of effectiveness and has to be acceptable to management........

What's your OOTB approach?

meet the criteria of effectiveness and be acceptable to management

You can do it or you cannot. That is the question.

meet the criteria of effectiveness and be acceptable to management

You can do it or you cannot. That is the question.

I'm not sure what you're looking for. Would you share, please?

BTW - I can and have done both the above. Would you like me to contact you directly and discuss?

What I am attempting to convey is that there is always a solution to meeting the requirements. Yes, as you have expounded on in great detail, there are many obstacles. There are always obstacles. What often separates the successful from the unsuccessful is the desire and passion to get past the obstacles and execute the solution.

What I am attempting to convey is that there is always a solution to meeting the requirements. Yes, as you have expounded on in great detail, there are many obstacles. There are always obstacles. What often separates the successful from the unsuccessful is the desire and passion to get past the obstacles and execute the solution.

Well said.

Dave

Oh if only there were always a solution. There would be no need for problem solvers. In fact, there would be no need for auditors to begin with because everything would already have been solved since there are solutions everywhere. Why audit the perfect system?

In a sense we are fortunate to have such a loose and unequal system that includes as many different auditing techniques as there are auditors. Registrar auditors have a tendency to overlook the obstacles that are still in need of solutions. I know from experience (over 200 registrar audits attended) that the registrar would rather keep the organization registered than to write a nonconformity that would challenge their ability to produce a solution.

Believe it or not many obstacles posed by ISO have no effective solution for many organizations. It is easy to just say "DO IT!" but I have had clients tell me "I can't even afford to buy my raw material - how can I possibly afford to have you come in?"

Money, and the availabilty of it, will always play an imprtant part in developing and implementing solutions of any kind. If it isn't there, and if the organization is not credit worthy, and if other financial resources have been exhausted then perhaps there is no immediate solution.

Companys go bankrupt - not because they have solutions, companys exercise mass lay-offs - not because they have solutions either, and companys move out of the country but once again, not because they have solutions.

Solutions can easily be defined - I do it all the time. The trick is to recognize your ability to incorporate the solution. That may be the first obstacle.

GMAC49

What I am attempting to convey is that there is always a solution to meeting the requirements. Yes, as you have expounded on in great detail, there are many obstacles. There are always obstacles. What often separates the successful from the unsuccessful is the desire and passion to get past the obstacles and execute the solution.

I totally agree, but my feelings are that something as simple as answering the OP doesn't need any kind of deep and meaningful zen-like analysis of the standard so you can come up with some kind of really, really creative way to do audits. It's subject, like most things, to the law of diminishing returns. Most of us don't have a lot of resources to devote to answering this question......

I prefer and pragmatic approach which gets the biggest return most effectively. It's based on my experience of over 25 years of implementing systems.

Pondo, your posts are intriguingly worded. DO you have any concrete examples you can share, or are you merely offering the proposition that there's always a solution...................?

Boy o boy. :frust:

I suggest reviewing the thread from the beginning.

My suggestion is for the original author of this post to train another associate within the company. They can tag along on internal audits until proficient. This does not cost the company anything but the time that it takes to observe and then participate in the auditing. Yes, as you mentioned, there are a lot of obstacles and unknowns. It seems you stopped just short of "what if the sky falls?" Remember, we are only talking about training one person.

It seems you stopped just short of "what if the sky falls?" Remember, we are only talking about training one person.

Hardly - merely pointing out the facts that others frequently overlook when attempting to "train just one person".:rolleyes:

And try not to :frust: too much, :lol::notme:

Hello - I am an outside auditor that has been going to 18 companies over the last 20 years and have worked very closely with the QMR to complete the internal audit cycles. It can work very well for smaller companies. The auditor really needs to be part of the team. As far as auditing a small company by yourself, it can be done. You just need to train your boss on auditing your quality elements.