G
gg-audit
I am new to this forum, and to the ISO 9001 world. Let me give you a brief description of how our Internal Audit department is structured, and I'd really appreciate your thoughts on whether you think the structure is effective or harmful to the certificate.
I work for a large service company that has a single corporate Internal Audit Department with 150+ auditors who perform audits of the internal control environment for financial, operational and IT processes/systems (are the controls adequate to prevent, detect or correct problems). Several years back, a small group of ISO auditors were restructured under the IA department. It used to belong to a Quality Department, but that was basically done away with and the "auditors" needed a home.
A new member of management wants to "integrate" the ISO audit function into the "typical" audit function thinking it will increase coverage, and since the auditors are already in an area, why not do some review against the ISO standard.
And I can buy that, but what I can't get on board with is completely losing the expertise of the ISO auditors and letting 150 people with very limited exposure and understanding of ISO to be "let loose". I'm afraid we are diluting our efforts for no real reason. The ISO program has been extremely sucessful in the past, and I feel like we are being forced to change for no reason. For those of you that are familiar with IIA (Institute of Internal Auditors) standards, these ISO audits are now going to have to abide by IIA stds, which requires statistical sampling and over-scrutinization of the audit work. Our ISO auditors can crank out audits in 80 hours, but abiding by these stds will probably double their time, which in effect, makes them half as productive.
Has anyone else seen this integration and has it worked? If so, what were some key aspects that helped it work?
I'm really looking for validation that this is not the right avenue to pursue, but I'd like to get your objective opinions.
Thanks in Advance!
I work for a large service company that has a single corporate Internal Audit Department with 150+ auditors who perform audits of the internal control environment for financial, operational and IT processes/systems (are the controls adequate to prevent, detect or correct problems). Several years back, a small group of ISO auditors were restructured under the IA department. It used to belong to a Quality Department, but that was basically done away with and the "auditors" needed a home.
A new member of management wants to "integrate" the ISO audit function into the "typical" audit function thinking it will increase coverage, and since the auditors are already in an area, why not do some review against the ISO standard.
And I can buy that, but what I can't get on board with is completely losing the expertise of the ISO auditors and letting 150 people with very limited exposure and understanding of ISO to be "let loose". I'm afraid we are diluting our efforts for no real reason. The ISO program has been extremely sucessful in the past, and I feel like we are being forced to change for no reason. For those of you that are familiar with IIA (Institute of Internal Auditors) standards, these ISO audits are now going to have to abide by IIA stds, which requires statistical sampling and over-scrutinization of the audit work. Our ISO auditors can crank out audits in 80 hours, but abiding by these stds will probably double their time, which in effect, makes them half as productive.
Has anyone else seen this integration and has it worked? If so, what were some key aspects that helped it work?
I'm really looking for validation that this is not the right avenue to pursue, but I'd like to get your objective opinions.
Thanks in Advance!