Hello everyone. I am in the process of looking at training for internal auditing. I have found a number of different courses, but was interested in hearing from people who have attended any of the training to help choose a course. If anyone has attended any internal audit courses I would appreciate hearing your comments. Thanks.

I received training from a consultant group I hired that to me was very basic and not overly helpful. I haven't attended any seminars, but I suppose that if I did, I would use one of the more recognized providers (ASQ, RAB). I hope this helps some.

Anyone else out there have a recommendation??

Kevin

Hi Richard and welcome to THE COVE.

Yeah Kevin I have some recommedations.....USE ME!!!!:bigwave:

I contract with a couple of providers and do this type of training myself so I am more familiar with them.

You will find everyone to be basically the same. Approaches and content will vary some, but basically everyone who provides training conforms to requirements stipulated in ISO 10011 soon to become ISO 19001.

I send ol' Richard a private Email so as not to step on too many of my buddies toes here by not recommending them.;)

If you're new to this game Richard you will find tons of useful information and the best people in the field to get it from right here in THE COVE. Drop by often and take Marc up on the subscription materials he has (you'll save a lot of work for yourself).

My original internal auditor training was done by a consultant group that was helping our company get registered. It was a two day course given in-house. I then went on my own to a 16 hour lead auditor class. The internal auditor class was to me the most beneifical (excellent teacher). I also did a lot of reading and self study. The person that give the training is no longer with the consulting firm and has his own. If you are interested, I will find his number, e-mail me.

What you say may be true in the US, but not (totally) so in the UK.

The UK? Oh yes, now I remember. That's the little place across the lake where we secured civilization twice and kicked their behinds twice also:biglaugh: We Americans have high expectaions for that place, insignificant as it is;)

"Some of us feel very strongly that it's really bad practice to train internal auditors to have the same skills as registrars' auditors."

Jim,
Can you elaborate?
I have always felt that internal auditors should be as knowledgeble as registrars auditors. IMO it tends to level the playing field. But, I may be missing something.

Training the internal auditor is great, but if they are not utillized and can effective implement the training, then they will soon develop lapses in their knowledge and it will make for a poor audit. I agree with everyone else that the training is almost always the same type. It follows the same principles of auditing, what makes a good auditor and a good audit. I will attach a powerpoint file I use. But again, effectively implementing the training on a continuous basis will help your internal auditor become familure with auditing and make them more effective.

Jim Wade said:
ISO 10011/19001 is bad, harmful, evil ... help, I need a stronger word!

I used to be a 'sanctioned' trainer of the AIAG "Internal Auditing for QS-9000". I even taught it at the AIAG. I felt at the time, and still do, that they spent too much time in 10011. For example, I have never known an organization to convene an evaluation panel to oversee internal auditor selection and continuation. I don’t think I totally agree with Jim’s assessment, but will say that as with anything, you must filter what you are presented with that you really need.

The biggest drawback to most (every?) internal auditor class is they seem to lack training on how to audit procedures and processes. The whole focus seems to be on compliance to the standard. Internal auditing will not be a good improvement tool if the only focus is on compliance. (I think this is part of what Jim was saying, as well).

I'm sorry but I am totally lost by the argument that auditing compliance is a waste, and that auditing should be something 'more beneficial'.

If you are not auditing compliance to something, be it a national/international standard, business model, contract requirements, etc, etc, then all you are doing is spouting opinion. As undoubtedly that opinion is based on a very small snapshot in time it is of very little value.

Don’t get me wrong, Martin, I don’t think compliance is a waste. I think it should not be our “only” focus. Even 9K2K doesn’t address all the requirements of procedures or processes. It can’t – there is no way ISO can address all of the company level documentation. My concern, is most training focuses solely on the standard, and in many cases, doesn’t even mention how to address organizational documentation or how to audit a process.

Thank you for the information everyone. Little did I know that one question could start such a debate :D

I can see both sides of the argument. Checking for compliance does make sense since that will make external audits easier. But internal audits can be a very good tool for continuos improvement. We use a number of internal procedures that will be the primary focus, but part of it will be looking at how they fit in with the whole ISO program.

I am still getting a grasp on all this, so I'm sure I'll be figuring things out as I go (and I'm supposed to be the company ISO expert :confused: )

Thanks again everyone. I'm sure I'll be asking plenty of questions in the future.

Having attended and taught several ISO internal auditor courses I will throw in my comments/opinions.

The first course I attended was through the consulting firm we hired to help get us ISO certified. Five full days of training and practice auditing. They taught us the standard and 10011, but also focused on our procedures. Basic process was: 1. Audit the procedure to the standard. 2. Write a checklist to the procedure and audit practice to the custom checklist. The part I do not agree with (in retrospect) is they had us act like registration auditors - no advice, formal, independent, etc. The biggest help was that the trainers worked with us on our first "official" internal audit at another one of our plants. We would have been completely overwhelmed with all of the new material if they had not been there to help.

Second course was another five day offered by the company, but this time by an internal employee who had gone to a five day lead auditor course. The material focused on compliance with ISO. We spent quite a bit of time arguing about interpretations. Also, he was of the opinion that we should not write nonconformances if they did not have time yet to implement the system. My opinion is to write everything, otherwise it may not be corrected. People need to get used to the fact that nonconformances will be written and they are not a personal attach - they are system failures that need to be fixed.

A couple jobs later I became a consultant and started teaching a course my boss had "borrowed" from one of the RAB approved providers. Same basic course as the second one, but I found I was able to customize it to my clients operations and provide better intrepretation for their business since we always taught it on site.

I thought about going the registrar route, so I signed up for the 16 hour RAB approved lead auditor (already had an ASQ-CQA as the pre-requisite). It was very intensive on case studies, not much in the way of procedures. Overall I liked the course and found it easy because I had been auditing for so long, but would not recommend it for beginners.

The course I teach now with my current firm is focused more on procedure compliance than the standard. We do use a pre-workshop assignment that makes the students become familiar with the standard, but have them audit more to procedures instead of the standard. We also are less formal in some areas, such as opening/closing meetings, since most of the time we are dealing with small clients. First day is a review of the pre-workshop assignment, ISO overview, and auditing techniques. The second day we audit for 1/2 the day, and then come together as a group to write up findings and review. We normally do public seminars, so we may have four or five different companies in the room. It seems to work well because it helps to let people see that there is no one right way to do ISO and provides for some good feedback and networking. Most of the attendees are clients we are working on full engagements with, or new people from past clients, so we often assist on the "real" audits or add a third day of assistance to let them get more audit experience with guidance.

If you have enough people to justify the cost of an on-site workshop, have an outside firm come in and teach so they can customize some of the material to your interpretation of the standard and how your company operates. You may also want to send one person to a five day lead auditor course to become an expert in ISO and manage the audit system, but all of your auditors do not need to have this level of training.

Hope this helps,

Tom Vehoski

Tom's approach is similar to mine. I teach techniques, touch on the standard, do lots of "activities' reinforcing the material including a round of audits...performed and reported/presented. I include a day of "customizing' and a review of the audit program with suggestions for improvements (in an internal audit format)....before the training. I also include techniques for reporting to management...and provide what I call an auditors tool box....I spread out the days, to promote thought and to not tax resources.

Clients have used this class for preparing managers to be audited, it generates support for the audit program in the factory, as well as training auditors. If there is a "need' for complete ISO standard training, then that is a seperate day.

I also do a QSLA for auditors not planning to be registered...its the same course, but not in the 5 consecutive days registered courses require. Its a good "management rep" training, and probably should be adjusted and called that...but i didn't get to it yet.

Jim seems to be saying (correct me if I'm wrong) to heck with internal auditing to the standard at all! Sorry, but to keep that certificate -- which in the real world many companies must do to keep customers - I think you have to do some of that to make sure you're keeping on-track. Maybe the registrar's auditor should do most of this, but to maintain I think you gotta audit to the standard with PART of your audit time. But I agree that the audit should also look at other things - for example to see that procedures/work instructions are being followed correctly, calibrations are current, processes are improving, etc. etc. Why not do both?

Okay, flack jacket on, fire away...

I tend to agree with Mike - we have system audits and process audits. The system audits are more like desk audits, we look for compliance to the standard in our documentation. Then we also do process audits were we look for adherance to our documentation. This way if the documents cover the standard, we we are following our documentation we are should be OK. We do an anually review of what we call the "Shalls Matrix" were we ensure that we have covered all of the requirements in the standard within our documents. Then we look for adherance to our documents on a six month schedule.

I received lead auditor training from our registar's company. Their training met the IRCA and RAB requirements. The course was very extensive 5 days with a 3 hour exam the last day. The days were long and provided hands on exercises. We were graded daily for our class participation and the daily exams.
It was difficult but was the best of training money could provide.

I'm with many of the others on this issue. In most cases a Lead Auditor course is overkill for internal auditors. Sure it may be of some use for the program manager, but unless the folks are going to get seriously involved in 3rd party & registration type stuff the money can be best used elsewhere.

A good solid implementation/awareness course and an internal auditor specific course that many providers have can go further than a QMS/EMS LA course.

I agree with Randy. We have some good internal auditor training here and that seems to do the trick. The Lead Auditor course is great, but probably is overkill for most internal auditors.

Lead Auditor training seems to be par for the course for people starting their systems. Why? There are better uses for the money that sure have a lot less pressure. An implementation course and internal audit course might be much better choices if there is not going to be 3rd party stuff done by the individual in question.

I just finished instructing a certified EMS-LA course onsite for a company (I had 10 students)....what a waste of money and time. Many didn't give a crap, wouldn't keep on track or focused, and did pretty poorly on the test. One reason is they didn't pay for it, the other is, it wasn't what they truly needed. I could have given them a better understanding with an implementing and an IA course.