I have just taken the Lead Auditor course, and was told that the MR shouldn't be doing internal audits because he/she can't be truly objective. What is everyone's thoughts on this? This has been common practice here where I am the MR, yet I see where our instructor was coming from. I also issue all NCR's to the areas after an internal audit, and screen the corrective action when they are returned. How is everyone else doing this? I thought we were doing good!

Our MR does about half of the internal audits, the other half done by the other 3 people we have trained. Prior to our registration the MR did all the internal audits and it was not a problem with our auditor. After registration we thought it would be a good idea to spread the fun around.

Greg

We audit in teams of 2 people, 6 teams.
Audits are scheduled by a QE who is audit coordinator. Mgt Rep. is member of a team but coordinator takes care to schedule Rep's team in area where there is total independence. Coordinator reports audit status to Rep who inturn reports to Mgt.

Just went through a session of selecting a registrar and the question of whether the MR can also be the Lead Internal Auditor was part of our decision process.

In all cases we had a representative from the registrar and the potential auditor. They all unanimously said that, yes, the MR can be the LIA as long as they do not audit areas that they are responsible for.

In my situation that means that I cannot audit 4.1 management responsibility, 4.5 document control, and 4.17 internal audit.

We do have an internal audit team that would audit the areas that I could not, although it is still my responsibility to produce and report the audit results to management and issue corrective actions.

Along with this responsibility I also realize that I must ensure that my areas of responsibility are conforming to standards and requirements. If not, there would be no credibility to my position. It comes down to personal and corporate integrity.

Would you mind posting the name of your lead auditr trainer?

All companies are continually striving to reduce costs and the cost of having a full time internal auditor can be prohibitive to small and medium sized companies. We all wear many hats and reputible registrars and auditors realize this.

Hell, most of the lead auditors probably started out as managements reps and internal auditors!

ASD...

Like Al, I don't see an issue with having the MR handle audits. In fact, based on the defined responsibilities for the MR within the standard, I tend to think this is logical.

Of course, integrity could be an issue but that's where the registrar comes in. Now, the MR shouldn't audit areas of direct responsibility (4.17 is the most obvious). Use an alternative lead auditor for those areas. Better yet, have the President coordinate and review those audits...after all it's his/her system and the MR works for him/her!

I don't see any problem in MR conducting the internal audits. I myself being a MR for our group of companies, I almost audit all the areas (except ofcourse 4.1, 4.5 & 4.17). And this has never been a issue with the Registrars. Audit of 4.1, 4.5 & 4.17 was done by other qualified internal auditors who were independent within our company.

------------------
Eskay
Seven Seas Group of Companies
Dubai

Russ,
In 8.2.2 of the 2000 edition states
"Auditors shall not audit their own work." You should be OK unless you have a lot of overlap at your company.
Mike

Russ

I just had this very discussion with my registar at our last audit. He told me I was not to be auditing areas I was responsible for. I do co-ordinate the Internal Auditing but I stll felt I should be auditing Internal Auditing. I felt that it was a good way for me to check up on my Internal Auditors and how they were doing. He disagreed. So then end result.... I can't audit any areas I am responsible for.

:confused

Russ,
Most of our written procedures contain signatures by Quality Assurance. Either as the originator or the authorizer. A case could be made that I can't audit any of those procedures. We'll argue that when the time comes. I would stay away from those areas mentioned in the previous postings. As MR all audit findings get reported to Top Management for review and disposition, so there is no conflict of interest there.
As far as auditor courses go, and I've been to a few, there are differing opinions between instructors on a number of topics. I treat the disparities as opinions and concentrate on the nuts and bolts of auditing.
energy

:frust:
I just ran across this thread even though it's old and would like to comment.
I do all the internal audits for our entire corporation as the Corporate Quality Manager. We have been written up several times for auditor independance. Although I direct and advise our MRs I do not have any day-to-day responsibilities in any areas including setting audit schedules, issuing CARs, etc. related to internal audits. I don't know how to convince the auditors that I am independent and that the finding should be reversed.
Any suggestions?

Ted - In a word No - in two words - no suggestins.

For sake of explaination my thoughts run this way :

Although you may be "independant of the day to day physical activities" - the way I'm reading this is that you can NOT be independant of the planning or "decisions made" for many overall system activities as the Corporate Quality manager (and I'm assuming Corporate Management Representative.)

As such you "are responsible" for ensuring processes are established and in place "implemented and maintained."

Possibly you would agree that there remains a certain amount of ISO system "work" involved with this activity??

My opinion only - If the MR makes the decision that a process is indeed needed - plans the steps and makes sure it is implemented as he/she envisioned - continues to "direct and asvise" on the use of the process - then he/she can not be removed and be "objectivley independant" of its maintainance or its operation. (however good at "directing and advising" ie delegating Tasks one might be)

8.2.2
Auditors SHALL not audit their own "work"

;)
Jim,
Thanks for your comments. I do agree that I am not completely independant (technically). I am trying to convince the auditor to overlook this finding for two reasons:
1. Our divsions are small (8-15 persons) and do not have the resources to develop auditors internally (at least effective ones).
2. I use internal audits to not only determine conformance but to also identify areas that conform but could be improved and to help them determine a solution and implement these changes.
I would hate to give this up because an auditor feels that I cannot be neutral.
I guess we will need to get some auditors trained to audit our internal audit program.

As the Corporate Quality Manager is it your responsibility to enforce the systems that the auditor feels doesn't give you enough bias?

Since this finding has occurred a number of times how do you ever close out a Non-conformity? Or is the corrective action put in place not sustainable? You probably have asked what specifically the auditor had an issue with, and to be honest without that information I'm not sure that I could provide any other assistance.

The impartiality of an auditor, I thought, refers to the specific area being audited and its documents (8.2.2).
"What" is being audited is, a) conformity to the Standard and the QMS; and b) that the processes and their documents have been effectively implemented and properly maintained.
Therefore, has the auditor done the implementing, specifically of that area, and/or doing the maintenance of the QMS in that area?
In those organizations that have come at a QMS from the old "siloed" Product quality philosophy of many corporations, the answer is very often, Yes. The Internal Auditor helped write the procedures at the start. If you come at it from the Organizational quality viewpoint, the answer is usually No - each person owns their procedures and their only interaction with an Internal Auditor is when that other set of eyes is asked to determine if further opportunities for improvement can be found.
YesNo?

We do what can be called "cross functional"
internal audits here but are very careful with them from the independance standpoint.

Our welding department folks - although responsible for that portion of "processing" do internal audits of the "machining processes and visa versa.

We have our outside consultant - reccommend a qualified local retired person to come in once or twice a year (when needed) and audit the parts of the system I am responsible for as Mgt Rep. (internal auditing - internal auditors etc. )

Frankly the best solution to the "independence delima" (which we have yet to arrange & implement) is to "Team up - with a locally registered company and "trade internal auditors for a day or two each year... Our guys auditing their systems ... theirs auditing our systems... That method would I would think totally eliminate the independance aspects.

As for discovery of improvements - the new standards has made continual improvement a larger issue than "improving due to audit findings --- and will allow any Mgt rep to go over any business process aspect to rrcommend improving where it needs to be done (internal audits being only a part of the information he uses to come to that conclusion.

I would be real interested if you are successful in persuading the external auditor to "overlook" a finding because of lack of resources.

It may be a matter of local culture, but why would you approach the Registrar in a confrontational mode?

Our registrar is the 4th level of welcome review of our processes (NCs - known as Opportunities For Improvement - plus Internal Auditors, Management Review, Registrar). Each level searches for improvements that can be made to help the staff and the company.

Maybe this "nice Canuck" attitude would have trouble getting transplanted?

Show your MRs this p.56 in the QS9000 Quality Requirements book 4.17 second paragraph. But there is a difference in that and just an observation. Hope this helps you a little:bigwave:
You must get the team behind you. The plant manager is the Captain of the ship. He will go down with the Car in hand. hehe
4.1.1.2 f Managements responsibilities and 4.1.2.2 Resources:ca:

This is an excerpt of an Internal Auditor's findings in regards to accessing electronic and hard copies of released procedures:
50% (5 out of 10) of the employees audited were unaware of how to find the latest document

This in spite of written instructions detailing "exactly" how to do it. Realize that 80% of the people have computers and are not novices. Some have suggested that it is a training issue.:bonk:
I say it is a "I could care less" issue. The document acknowledgement sheet that states that "I have read and understand" the procedure and " will refer to this document on a regular basis" was signed by all.

The fact is, they signed it and returned it without a thought. It's a nuisance and has nothing to do with them. Oh, we'll issue CAR's and they will cite lack of training as the reason, dumping it right back on me. This is a pure case of not buying in to the system.

If you have to conduct training sessions for complicated procedures, we do for detailed OSHA mandated procedures, I can see that. This is not a training issue. This is an "ISO is for you, not me" issue. The names are quite revealing. Knowing all the personnel, I could have predicted who would pass and those who wouldn't. The personalities and comments made about the ISO effort from these morons have all been negative. 50% of the 50% who couldn't locate the procedures are supervisors/managers. No help there.
So, we will audit them again and write more CAR's and keep on trucking. What me worry?:ko: :smokin:

Energy,

Make the training the responsibility of each manager. I call them Responsible Managers in my procedures. That way the onus is on them to see that training is effective. In fact, if you outline that the RM's "shall ensure", then the CAR is actually on them! woo hoo

Depending on how large the company you work for is that may work. I work for a small (~130 people) privately held company and the Managers can do no wrong. I am sure in a larger company "passing the buck" would work.


Anyone out there looking for someone with FDA/MDD/ISO/EN experience??:biglaugh: