|
|
 |
|
2nd November 2000, 12:39 PM
|
|
|
Can someone explain why?
Hello, one and all,
I have a question about auditing (ISO and QS9000) that I so far haven't been able to get a good answer to, so I'm hoping one of you'se folks in the auditing field can help me out.
Why is it that a small company (we have a total of 18 people, including management) needs to perform its own internal quality system audit, when we've already hired a registrar to come in and do the same thing?
Since registering to ISO & QS9000 is in internal business decision, with the audit hired, paid for, and reported to top management, it seems to me that the registrar's work already qualifies as an internal audit. Why do it again? More work for auditors?
Many thanks,
W. Kindel
|
2nd November 2000, 05:49 PM
|
|
|
|
One main consideration is that personnel within an organisation are more likly to devulge information to internal auditors rather than external ones. The employees are more open and understand that this information is used to help the company meet its quality policy or objectives (they're supossed to anyway)... in other words - they don't hide stuff!
|
3rd November 2000, 01:24 AM
|
 |
One of THE Original Covers!
Registration Date: Nov 1998
Location: Wallingford, CT USA
Age: 43
|
|
Posts: 1,158
Thanks Given to Others: 22
Thanked 63 Times in 43 Posts
Karma Power: 94
|
|
|
Simply put: an internal audit (first party audit)is not the same as a third party audit (an external audit performed by a Registrar).
Every Audit is comprised of three players. Sometimes a player plays two roles.
The Players:
Auditor
Auditee
Client
An Auditor may be either Internal (a member of the organization)or External (not part of the immediate organization, generally a second or third party organization).
The Auditee is the person who is the ricipient of the audit. The Auditee may also be the Client.
The Client is the requester of the audit. The client may request the audit to be performed on themselves, and thus become both the Auditee and Client.
In some companies, the Internal Quality Auditing is sometimes sourced to a consultant, who on behalf of the organization, checks the System. There is debate on whether this is in keeping with the intent of the standard, but I have asked several auditors for a few Registrars and so far, none have found this to be an issue. To decide for yourself, please review past threads in this forum which address this at greater length (much greater!).
Trying to use your Third Party Audit as a First Party Audit is in conflict. The standard is looking for those intimate with the business details to independently and objectively review the Quality Program and System. Third Party folks understand the standard very well. But they couldn't possibly understand your System as well as those working in it (hopefully this is the case).
Regards,
Kevin
|
3rd November 2000, 11:36 AM
|
|
|
|
Thanks to you both for taking the time and trouble to try to explain all this to me. I don't know, though, whether middle-age has wrapped its flatulent grip around my brainstem, or if I learned just enough business law in college to be dangerous, but I'm still not seeing what the problem is with letting the registrar's audit serve as the basic ISO9000 Internal Audit.
The semantics of quality may be part of my problem, for in business law, the question of whether a function is "Internal" or "External" is easily answered: Who signed the check? If we, the supplier, requested the audit, hired the auditor, paid the auditor's invoice, and received the auditor's report, then the audit was "internal", no matter whether the legwork was done by first-party, second-party, or third-party auditors. Likewise, if a customer or other outside entity requests the audit, pays for the auditor's services (either using their own staff, our people, or a consulting service), and receives the final report, the audit is "external".
If you flip open your ISO or QS9000 manual to Element 4.17, you'll find this section on Internal Quality Audits to be quite short and sweet, with no mention of "first-party", "third-party", or any other party. And if you open your "ISO Standards Compendium" to ISO 10011-1, Section 4.1, you'll see where it says that "Audits are normally designed for ONE OR MORE of the following purposes:", followed by a list of audit types which includes conformity of the system with specified requirements, AND to permit the listing of the organization's quality system in a register. And to top it off, Note 13 states that "Quality audits should not lead to an increase in the scope of quality functions over and above those necessary to meet quality objectives." This all says to me that it's permissible, even encouraged, to have the registering auditor's system audit serve for the internal audit as well.
Many thanks for your thoughts on this!
W. Kindel
|
3rd November 2000, 12:24 PM
|
 |
Registration Date: Sep 1999
Location: Oklahoma
Age: 67
|
|
Posts: 1,437
Thanks Given to Others: 1
Thanked 29 Times in 17 Posts
Karma Power: 90
|
|
|
W. Kindel,
Your logic or as you infer, lawyerism, makes sense to me, however, the group that you have to convince is your registration body. Without their buy-in you will be required to perform internal audits IAW 4.17. (QS9000)
|
3rd November 2000, 12:33 PM
|
 |
Forum Moderator
Registration Date: Mar 2000
Location: MID-WEST USA
|
|
Posts: 486
Thanks Given to Others: 0
Thanked 4 Times in 3 Posts
Karma Power: 51 Karma: 114
|
|
|
Would this help?
1) External audits by Registrations folks basically is a broad based view giving us confidence that our procedures
A)are actually implemented, authorized controlled etc.
B) match/satisfy the requirement needs of written standards?
2) Internal based audits "now that we know" the procedures are handeled properly and satisfy the standards. As a "CLOSER LOOK" Give us confidence that
A) Yes we are doing/matching all tasks we said we would.
B)What we have decided to do (In all detailed documents) is in fact working IE Effective) for our needs.
Regards
Jim
|
5th November 2000, 08:44 PM
|
|
One of THE Original Covers!
Registration Date: Nov 1998
Location: Wallingford, CT USA
Age: 43
|
|
Posts: 1,158
Thanks Given to Others: 22
Thanked 63 Times in 43 Posts
Karma Power: 94
|
|
|
4.17 Internal Quality Audits
The suggestion of the audit type is in the title of the element.
An annual or semi-annual third party audit is probably not be enough to ensure continued suitability of the Quality Program or compliance to it by the organization. As such, it is necessary to schedule internal Quality Audits to help ensure a healthy, functioning Quality System. It is but one of the many Check tools.
Regards,
Kevin
|
6th November 2000, 11:13 AM
|
|
|
Thanks for everyone's feedback on this!
Are there any genuine card-carrying ISO- or QS-9000 auditors out there who can explain why the auditors I've suggested this to find the idea so ridiculous? It always seemed like it made good sense to use the registrar's audit as the cornerstone of the Interal Audit program, as though that's what the authors of 4.17 had in mind from the start. (Then a company would only have to do their own if they wanted to be fully compliant, but weren't seeking registration through a registrar.) Top it off with some focused audits of functions unique to the company, and you've got it done without waste or redundancy.
Thanks again for the feedback!
W. Kindel
|
Lower Navigation Bar
|
|
|
|
Visitors Currently Viewing this Thread: 1 (0 Registered Visitors and 1 Unregistered Guests)
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
Rate Thread Content |
 Linear Mode
|
|
Posting Settings
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|
