Standards off Limits during a 3rd party audit?

C

chaosweary

I am in a debate on whether an external auditor can use the actual standard when performing a 3rd party audit. Management states that they have a verbal contract with the external auditor that they must use the company manual only to audit by. Is this credible in the eyes of the RAB? Can an internal auditor use the standard to audit or must they use only the company manual (are they limited)?
 
Marc

Marc

Fully vaccinated are you?
Leader
What standard is the auditor looking at? Are you referring to ISO 9001?
 
Sidney Vianna

Sidney Vianna

Post Responsibly
Leader
Admin
chaosweary said:
I am in a debate on whether an external auditor can use the actual standard when performing a 3rd party audit. Management states that they have a verbal contract with the external auditor that they must use the company manual only to audit by. Is this credible in the eyes of the RAB? Can an internal auditor use the standard to audit or must they use only the company manual (are they limited)?
Click to expand...
Assuming that the external auditor is verifying compliance of the QMS to the ISO 9001 Standard, s/he MUST use the Standard. In theory, the Quality Manual only needs to address 3 things to satisfy ISO 9001, 4.2.2. The ISO 9001 Standard has many more requirements than the 3 items listed in 4.2.2.

Forget RAB. They no longer exist.

The internal auditor might use the Standard, as well.
 
C

chaosweary

Standards

We are being audited to the 9001, 14001 and 18001 periodically. Management has required that the registrar only to use the company manuals and the registrar has agreed. The argument is that the manuals have been approved as complying to the standards in question so an audit to the standard is not necessary (or allowed).


The ISO 9001 Standard has many more requirements than the 3 items listed in 4.2.2.


Thank you I will use the response you cited with my management and my registrar. I am sure he will use the argument that our certificate states the requirements of those standards and for instance 9001 would only need to reference section 4.0 though.
 
C

chaosweary

RAB no longer exists

Sidney Vianna said:
Assuming that the external auditor is verifying compliance of the QMS to the ISO 9001 Standard, s/he MUST use the Standard. In theory, the Quality Manual only needs to address 3 things to satisfy ISO 9001, 4.2.2. The ISO 9001 Standard has many more requirements than the 3 items listed in 4.2.2.

Forget RAB. They no longer exist.

The internal auditor might use the Standard, as well.
Click to expand...


Can anyone steer me to more information regarding the RAB no longer exists? Who audits/validates the registrars now?
 
H

Helmut Jilling

Auditor / Consultant
chaosweary said:
Can anyone steer me to more information regarding the RAB no longer exists? Who audits/validates the registrars now?
Click to expand...


ANAB has supplanted RAB after their restructuring. The change had more internal impact than external.
 
H

Helmut Jilling

Auditor / Consultant
chaosweary said:
I am in a debate on whether an external auditor can use the actual standard when performing a 3rd party audit. Management states that they have a verbal contract with the external auditor that they must use the company manual only to audit by. Is this credible in the eyes of the RAB? Can an internal auditor use the standard to audit or must they use only the company manual (are they limited)?
Click to expand...


I agree with Sidney. This is a ludicrious demand.

1. Your manual may have been assessed as complaint to ISO 9001, etc. but it is not likely to be identical.

2. If it were identical, then it would make no difference whatsoever which is used. If it is not identical, then the standard must be covered. That is what you are certified to.

3. If your manual has additional requirements, they can and should be audited as well.

Besides, they are not auditing the manual, they are auditing your processes.
 
Q

QualityPhD

Ludicrous at best...

A 3rd party auditor is required to audit several items:

1. Conformance to the relevant standard, i.e. ISO, AS, TS (both in the documented systems and the non-documented activities)

2. Conformance to internal documentation/specifications, i.e. company policies and procedures, including customer specific requirements

3. Depending on the nature of the audit, conformance to statutory and regulatory requirements that may be applicable to the industry, material or oragnization.

For the organization to require the registrar to only audit to their specifications is bass-ackwards. The registrar oversees the organization's qms, and is not dictated to or by the requests of the organization.... Sounds like the cart trying to lead the horse.... and IF your registrar has VERBALLY agreed to this (more like a salesperson, not a voice of the registrar with any credibility), I would not be surprised that your auditor may (WILL NOT) not follow those guidelines.
 
howste

howste

Thaumaturge
Trusted Information Resource
Ditto to what has been said above.

chaosweary said:
...Can an internal auditor use the standard to audit or must they use only the company manual (are they limited)?
Click to expand...

As far as your internal auditors, they also must audit against the requirements of the standard(s):

ISO 9001:2000 clause 8.2.2 said:
The organization shall conduct internal audits at planned intervals to determine whether the quality management system
a) conforms to the planned arrangements (see 7.1), to the requirements of this International Standard and to the quality management system requirements established by the organization
Click to expand...
 
Q

QualityPhD

chaosweary said:
We are being audited to the 9001, 14001 and 18001 periodically. Thank you I will use the response you cited with my management and my registrar. I am sure he will use the argument that our certificate states the requirements of those standards and for instance 9001 would only need to reference section 4.0 though.
Click to expand...

Please tell me what the reasoning is for inly referencing Clause 4 in this audit. I am not sure that I understand this concept.... are you saying that you are not audited against Clauses 5 - 8 ?

And just for giggles, who is this registrar? If I can audit just one clause (even for 3 standards) and get paid for a full audit, I want to apply!
 
Last edited by a moderator:
You must log in or register to reply here.

Similar threads

L
3rd Party Auditors
Replies
4
Views
514
Randy
Randy
G
Auditor Judgement vs Organization Judgement
2 3
Replies
27
Views
16K
Jen Kirley
Jen Kirley
G
How to determine which test requires Measurements of Uncertainty?
Replies
1
Views
421
Rob_Kellock
Rob_Kellock
R
Applicable Statutory and Regulatory Requirements
Replies
5
Views
4K
Randy
Randy
J
IR Pyrometer Calibration
Replies
0
Views
203
jimmymustang06
J
Top Bottom