Consistently Late Internal Audits- Any Suggestions?

[Big Jim]

Where does it suggest that an internal QMS auditor has to be competent in the standard?

How on earth can they meet the requirement to audit to the requirements of the standard if they don't know the standard? (reference element 9.2a2)

 

[Big Jim]

Internal auditors shouldn't be writing "CARs".

Auditors need to document the nonconformances they find. I would agree that a CAR isn't the only way to write them, but it a horrible stretch to say they should not write them at all. If you intended to say that auditors should not be the ones resolving the CARS I would agree, but that doesn't seem to be what you wrote.

 

[AuditFan]

If they don't understand the standard how on earth are they going to be able to determine if your documentation meets the requirements of the standard?

Maybe that's not part of the internal audit process. Maybe the review and approval of documentation - to ensure the standards requirements are met, is managements' job. We don't make the end of line QC folks competent in design controls, so they can second guess the design at final inspection. The take the design output and check that it's been implemented as specified.

 

[Big Jim]

Maybe that's not part of the internal audit process. Maybe the review and approval of documentation - to ensure the standards requirements are met, is managements' job. We don't make the end of line QC folks competent in design controls, so they can second guess the design at final inspection. The take the design output and check that it's been implemented as specified.

Is management part of the audit? Does the audit scope include them? Looks like you want to make them part of the audit but are they?

 

[Mike S.]

If they don't understand the standard how on earth are they going to be able to determine if your documentation meets the requirements of the standard? Are you just trusting the consultant that set it up a few years ago? What do you do when you revise how you are doing something to ensure you haven't drifted away from the standard?

Education is needed for as many as need it.

The way it's been done in the companies I have worked for for the last 20 years or so is that the average internal auditor is not required to determine if the documentation meets the requirements of the standard. That's the job of the quality engineer(s), lead auditor, and/or quality management. During initial QMS creation and every time a document or process is revised.

What consultant are you referring to?

 

[Jen Kirley]

Maybe that's not part of the internal audit process. Maybe the review and approval of documentation - to ensure the standards requirements are met, is managements' job. We don't make the end of line QC folks competent in design controls, so they can second guess the design at final inspection. The take the design output and check that it's been implemented as specified.

Internal Audit isn't a replacement for responsibilities to be met in the QMS. The Internal Audit (and external audit) is meant to verify effectiveness of the QMS, which can include noticeable gaps, inconsistencies and/or errors in process documentation. One advantage that auditors have which process managers may not is the widespread exposure that could make inconsistencies, errors and/or omissions noticeable.

 

[Jen Kirley]

Internal auditors shouldn't be writing "CARs".

Why not, since that person was the one who observed the issue first hand? That said, I 100% support the audit process owner overseeing the CARs to ensure they are clear, actionable, supported by objective evidence, appropriate, and properly responded to in a timely way.

Management can't "make" their auditors competent at all. Management should be far more interested in the results of audits providing information about the QMS and any lack of effectiveness which lies therein. Having an internal auditor who knows/has experience of those performance issues is worth $$$ more than any bunch of words or clause numbers from ISO. Unless, that is, they have the objective of keeping an ISO certificate on the wall and are being measured on that.

Wouldn't audit results be rather heavily influenced by competency?

 

[John Broomfield]

Internal Audit isn't a replacement for responsibilities to be met in the QMS. The Internal Audit (and external audit) is meant to verify effectiveness of the QMS, which can include noticeable gaps, inconsistencies and/or errors in process documentation. One advantage that auditors have which process managers may not is the widespread exposure that could make inconsistencies, errors and/or omissions noticeable.

Exactly.

If auditors find themselves doing something for the system that the system should be doing for itself that ain’t audit.

It is covering up a weakness in the system.

 

[Jen Kirley]

Exactly.

If auditors find themselves doing something for the system that the system should be doing for itself that ain’t audit.

It is covering up a weakness in the system.

One such weakness is an author's natural tendency to overlook one's own mistakes. This makes an auditor's input more like an opportunity/continual improvement.

 

[RoxaneB]

One such weakness is an author's natural tendency to overlook one's own mistakes. This makes an auditor's input more like an opportunity/continual improvement.

No just overlook them, but to also not learn from them.

In my opinion, many of us in this field are 'fixers.' We wish to point out those opportunities within the system and/or to be a part of the solution to those opportunities. Where we fail is in taking that long, hard look in the mirror and the opportunities within ourselves.

Case in point, the cap on the 'N' key on my laptop has popped off. This started a joke within the team - I mean, the 'N' key?!?! Why not the 'F' key? LOL! Someone suggested that I say 'no' too quickly. New approach to something in my portfolio? No. Revisions to my system/process? No. We all had a good laugh...but then I took some time to reflect on that.

Now, I ask people to explain their ideas and questions more fully. Rather than give an immediate, knee-jerk answer, I want to know more about what prompted the question or idea. It's easy to say 'no.' It's not so easy to listen (or read) and understand. It's faster to say 'no.' It takes time to listen (or read) and understand.

We see these fast responses here in the Cove far too often. We (myself included) jump in with solutions from the get-go instead of first trying to understand the 'why' behind the question/scenario.

Okay, so I was a tad philosophical and off topic, yet I think this was an excellent segue for many of us to pause, take a breath, and expand our listening/reading skills.

...and for those wondering about my 'N' key, I have not fixed nor replaced it. Makes for some difficult typing if I'm using my laptop keyboard instead of larger one plugged into the USB port, but it's a wonderful reminder of this shift in my approach to discussions.