Conducting Internal Audits vs. Third Party (Registrar) Audits

Internal Audits vs. Registrar Audits - The Same Technique?

  • We no longer use check lists. We do internal audits like registrar audits.

    Votes: 1 11.1%

  • We use our own check lists but we don't particularly focus on inputs and outputs.

    Votes: 3 33.3%

  • We use our own check lists and we do focus on inputs and outputs.

    Votes: 5 55.6%

  • We're still trying to get upper management to support internal audits.

    Votes: 0 0.0%
  • Total voters
    9
Marc

Marc

Fully vaccinated are you?
Leader
I know that 'things have changed' and that registrars are now supposed to be doing 'process' audits. Tell me about the inputs, show me the outputs, tell me how you use the output data, etc. Of course, one does have to use some sort of 'check list' to ensure all required systems are looked at (audited, whatever) with the exception of those few with one heck of a memory.

But what about internal audits... How have they changed? In several recent threads internal audits and check lists are being discussed.

What I would like is comments from you folks - what are the differences? Are there any - i.e. Are internal audits now supposed to be akin to registrar audits? If so, how are you handling the transition?
 
T

Tom W

I selected we use our own checklist. Actually we do a combination of using our own checklists and also audit like our registrar with the process approach. We have a good mix of both.
 
D

db

Although process audits are expected, there are still places where process audits are hard to apply. For example, 4.2.2 has some specific things that the quality manual must contain. The quality manual is a thing, and although a process was used to develop it, the focus in on the manual itself.

What I do, is I develop process checklists (yes, I said checklists) as I examine the processes. The check lists looks at several things.

1) Process inputs (including documentation, competence, infrastructure)
2) Process controls
3) Process steps (the procedure)
4) Process outputs (including NC material, records, etc)
5) Process metrics

It not only helps in the auditing, but also in understanding the processes. Also, because the process owners and operators are involved, the checklists become more "real" and the resulting audits become more impactful and credible.
 
Claes Gefvenberg

Claes Gefvenberg

Admin
We actually didn't do much of a transition... but then again, our audits were pretty process oriented even before ISO9001:2000. We write our checklists as we used to, and of course inputs/outputs are among the questions.

/Claes
 
D

Dr. L. Ramakrishnan

Moderator
Friends, :) My comment is related to our ISO-14001 systems. From the beginning (from 1997) we have been conducting internal audits in the lines of certification audits and the results have been excellent. Each of the audit report comes with both conformance as well as non-conformance to audit criteria and that helps the organization to fine tune the system better for improvements. We used Check-lists during the establishment of the system not after establishing the system. Best wishes, Ramakrishnan
 
J

Jim Howe

We have been performing product and process audits using checklist for several years. This year, as part of our corporate goals, the exec's agreed to perform internal audits. These audits do not currently use checklist but I can visualize where some checklist would be appropriate. I see a continued use of both.
 
A

AllanJ

Internal Vs "registrar" audits

Marc said:
I know that 'things have changed' and that registrars are now supposed to be doing 'process' audits. Tell me about the inputs, show me the outputs, tell me how you use the output data, etc. Of course, one does have to use some sort of 'check list' to ensure all required systems are looked at (audited, whatever) with the exception of those few with one heck of a memory.

But what about internal audits... How have they changed? In several recent threads internal audits and check lists are being discussed.

What I would like is comments from you folks - what are the differences? Are there any - i.e. Are internal audits now supposed to be akin to registrar audits? If so, how are you handling the transition?
Click to expand...

The big difference is that internal audits must be aimed at delivering a value added service. That means the auditor must be truly au fait with the processes/ systems/ organizational arrangements and products or service involved such that he/ she can offer recommendations/ solutions for the auditee to consider. The solutions/ recommendations must be aimed at reducing or eliminating avoidable costs wherever it is found.

For a whole host of reasons, registrars are not capable of doing this - and they eschew making recommendations on the basis of preclusion in their remit.

Over the years, too many people tried to copy registrar practice when doing their own internal audits. As a consequence, they became stuck in the "element of the standard" approach, which made little sense to the auditees and delivered no added value for the firm. The end result was a sad deterioration of audit worth in the eyes of top management, who at one time would actually attend the exit critiques. (I am showing my age!)

The TasK Element approach was pioneered in the early 1970s, first written about in 1978 and now known as the "Process Approach", but even in the early to mid 1990s it was scorned by the accreditation/ auditor certification fartaernity. Gradually as more people were trained in it, from the late 1970s onwards through the 1980s whpo then began to see how it would deliver business improvements, a critical mass of converts emerged. But, those using that approach for internal audits aless constrained in the depth to which they can use those Task Elements, than are the registrars.

In another thread, Wallace commendably has graphically shown the Task Element approach, with its underlying reference and origin.

You emulate registrar practice and example at your professional peril.
 
G

Greg B

Marc,

We used to use elaborate checklists designed around each work instruction or procedure. Since my Dinosaur boss left several years ago I now only use the ACTUAL WI or Procedure as my checklist. Our Internal audits have not changed that much although we do not audit the standard but our processes. We try and audit the actual task being carried out to see if they do what they say they are supposed to do. It is a bit like a Work Instruction review. We also look for the following:
  • Waste
  • Excess
  • Process Linkages
  • Training/Competency
  • Last reviews
I try and look at the whole process and offer observations on how they have captured their process i.e There are too many or too few work instructions, Try using Flowcharts or story boards to get the message across better, How they use forms and checklists to capture data or actions etc

I leave the STANDARD to the registrar. They check the clauses I check the process.
Greg B
 
R

Rachel

turtleturtleturtle

Hi all,

I have actually encouraged our internal auditors to "live and die by the turtle". I really find the turtle diagram helpful for internal auditing - so much so that it's at the top of our internal audit checklist forms! Each auditor or audit team develops their own set of questions - but the focus remains on the process. For us, it's all about ensuring that the customer stays in mind - whether internal or external. (We sometimes have some cattiness btwn departments in this facility that I'm hoping the "process approach" will help to soothe...eventually?) When I'm auditing, I always picture the turtle diagram - what are my inputs?outputs?measurables?tools?resources?instructions? Pretty much any question is a spinoff or variation of those key ones.

That's my bit for this rainy Wednesday morning. :tg:
Cheers,
-R.
 
RoxaneB

RoxaneB

Change Agent and Data Storyteller
Super Moderator
We still use checklists based upon the Standard. However, the questions have been written in plain English and potential expected answers are provided to help the auditor in preparation. These checklists, fyi, are protected from viewing except by auditors - experience has shown that some auditees will print off checklists in advance to prepare and the audit then becomes worthless.

The audit team becomes familiar with the process being audited and, if necessary, a pre-audit tour of the area is provided to ensure that all are comfortable with the area, familiar with the surroundings and aware of any specific safety/environmental issues.

As internal audits at my organization, we do not focus on documentation or WI specifics. That is the job of the document author and supervisor...to ensure that documentation is correct. We may do a random sampling of documentation, but we do not specifically go out and audit a document.

With the process-style of auditing, we do review the inputs and outputs, but they are not necessarily our focus. We look at the equipment used in the process, we look the measurements taken, we look at validation techniques, we look at how data and information is communicated to the appropriate people, we look at paperwork, and so on...

Rachel said:
That's my bit for this rainy Wednesday morning.
Click to expand...
It is rainy, isn't it? If only I had arrived at work a few minutes earlier...I could have avoided the walk in the downpour! Then again, I do admit to having some fun by jumping in the puddles on my way in past Security. I'm sure the security cameras have some lovely shots of me acting like a five-year old! :D
 
You must log in or register to reply here.

Similar threads

D
Opinions on internal audit schedule adjustment
2 3 4
Replies
34
Views
3K
Steve Prevette
Steve Prevette
B
Conducting an Internal Audit- AISC certified Structural Steel Building Company
Replies
3
Views
229
Jen Kirley
Jen Kirley
D
What are the rules regarding coverage in internal audits?
Replies
5
Views
658
malasuerte
malasuerte
L
Internal Audits during the MDR Transition Period
Replies
5
Views
757
Ed Panek
Ed Panek
J
Gauge R&R vs verification/calibration
Replies
0
Views
469
Jayfaas
J
Top Bottom