Informational Internal Audits - Wear multiple hats what can and can't I audit (so I'm not auditing my own work)

[jmech]

Not sure what you mean by "lean heavily". My goal here is to substantiate my opinion on why "people can audit their own work" is against the requirements of ISO 9001, sound quality management principles, counterproductive and against risk based thinking. In this thread alone, I posted and hyperlinked a good number of associated and relevant documents. For those who think : if it is not in the (9001) standard, I don't care, sorry for bursting the bubble.

If people still believe that "people can audit their own work", while complying with ISO 9001, I don't give a rat's ass. Go for it and just do it. Quality system management, ISO 9001 implementation and auditing has been going on a downward spiral for a long time. People want loopholes, shortcuts, templates, etc...

I will remain on the side of standards and certifications as confidence-building components, assuring business in it's supply chain risks.

I spent a lot of time and effort on this thread, knowing full well that some people will never be convinced by my arguments, but I see my participation in The Cove as my little legacy and possible influence to the people involved in writing standards (most of them are shy voyeurs here) that they need to improve the clarity of their products.

While I've long been under the impression that people are not allowed to audit their own work, in an audit context, I prefer to defer to the standard. ISO 9001 itself does not explicitly ban auditing your own work. The ISO 9002 clause (9.2.2 paragraph 4) that Big Jim quoted explicitly states that auditing your own work is not only allowed, but necessary in some cases. While ISO 9002 is not a normative reference in ISO 9001, it is the official ISO guidance on ISO 9001 and published by TC 176, so it should be given consideration.

Sidney, do you disagree with ISO 9002 9.2.2 paragraph 4? Do you think a third-party auditor should write a finding if they find that an internal auditor audited their own work in a way that met the guidance of ISO 9002 9.2.2 paragraph 4?

ISO/TS 9002 published November 1st 2016. Quality Management System Guidance for the Implementation of ISO 9001:2015

Yes, it says guidance, but it was published by TC 176, The introduction starts out with "This document has been developed to assist users to apply the quality management system requirements of ISO 9001:2015 Quality management systems – Requirements."

The format follows the same numbering system as ISO 9001:2015, and here is what we find in the fourth paragraph of 9.2.2:

"When assigning persons to conduct audits, the organization should ensure objectivity and impartiality of the audit process. In some cases, specifically in smaller organizations or areas of the organization where specific job knowledge is required, it can be necessary for a person to audit their own work. In this situation, the organization might have the internal auditor work with a peer, or have the results reviewed by a peer or a manager, to ensure results are impartial. The organization could also consider obtaining resources from an external provider such as a university, external auditor, or another organization."

Now for my comments. To say that you cannot be impartial and objective and audit your own work is really arrogant. I will agree that not everyone could. I might say that two important factors would be the integrity of the individual and the culture of the company. Both are topics that an auditor would likely be hard pressed to challenge.

This guidance provides possible methods to be used to ensure impartiality and objectivity. It is also common sense.

 

[Randy]

While I've long been under the impression that people are not allowed to audit their own work, in an audit context, I prefer to defer to the standard. ISO 9001 itself does not explicitly ban auditing your own work. The ISO 9002 clause (9.2.2 paragraph 4) that Big Jim quoted explicitly states that auditing your own work is not only allowed, but necessary in some cases. While ISO 9002 is not a normative reference in ISO 9001, it is the official ISO guidance on ISO 9001 and published by TC 176, so it should be given consideration.

Sidney, do you disagree with ISO 9002 9.2.2 paragraph 4? Do you think a third-party auditor should write a finding if they find that an internal auditor audited their own work in a way that met the guidance of ISO 9002 9.2.2 paragraph 4?

Nope, as a 3rd party I've seen it, validated the objectivity and impartiality of the process and all the gobblety goo that goes with it, said nice job, and moved on to more serious stuff

 

[Sidney Vianna]

Sidney, do you disagree with ISO 9002 9.2.2 paragraph 4? Do you think a third-party auditor should write a finding if they find that an internal auditor audited their own work in a way that met the guidance of ISO 9002 9.2.2 paragraph 4?

I had already voiced the need to review ISO/TS 9002 a couple of times on this thread. First time was last Friday.

 

[Jim Wynne]

Ed,
When you say small, how small ? I'm a CB auditor and have run into your situation more than once.

Ed didn't say anything about something being small.

Why are so many of you trying to circumvent the requirements of the standard ?

Do you mean your interpretation of the requirements? There are people here with significant experience who have differing points of view. As I suggested earlier in the thread, this probably means that the standard isn't clear on the issue.

 

[jmech]

I had already voiced the need to review ISO/TS 9002 a couple of times on this thread. First time was last Friday.

I forgot your previous reference to 9002. I'm trying to understand your position. It is clear that you think auditing your own work is a bad practice and I generally agree, although I think there might be some exceptions. I think there is a difference between "(usually) bad practice" and "prohibited".
In that Friday post, you stated:

As for people auditing their own work, there is a requirement that prohibits it.

ISO 9002 9.2.2 paragraph 4 seems to allow auditing your own work in some cases and gives guidance on how to do it when necessary - this is contrary to prohibiting it.
Sidney, are you suggesting that auditing your own work is prohibited, contrary to the ISO 9002 guidance that states it is allowed?

 

[Eredhel]

Btw I'm reaching out for official clarification to see what they say. They're out of the office until the 25th, but I'll definitely followup. I feel like there is a need for language clean up personally. But I'll be curious to see how they respond.

 

[Eredhel]

One of the contacts was not out of office and has forwarded it to one of the people responsible for digging in to questions like these. However long that may take.

 

[Sidney Vianna]

Sidney, are you suggesting that auditing your own work is prohibited, contrary to the ISO 9002 guidance that states it is allowed?

Hi jmech, ISO/TS 9002 very specifically states IN SOME CASES, specifically in small organizations, where SPECIFIC KNOWLEDGE is required, you might allow "self audit", WITH THE PROVISION of an peer review and/or "supervision". So, the audit can be deemed reliable. As you can see, there are several caveats to one auditing their own work.

So, and obviously, when and if that happens, nobody would be auditing their own work ALONE, BY THEMSELVES.

If auditing their own work brought no risks, the 9001 requirement for ENSURING objectivity and impartiality would be totally irrelevant.

 

[Golfman25]

Hi jmech, ISO/TS 9002 very specifically states IN SOME CASES, specifically in small organizations, where SPECIFIC KNOWLEDGE is required, you might allow "self audit", WITH THE PROVISION of an peer review and/or "supervision". So, the audit can be deemed reliable. As you can see, there are several caveats to one auditing their own work.

So, and obviously, when and if that happens, nobody would be auditing their own work ALONE, BY THEMSELVES.

If auditing their own work brought no risks, the 9001 requirement for ENSURING objectivity and impartiality would be totally irrelevant.

Actually, they would make it clear -- Thou shall not audit their own work.

 

[Big Jim]

It should be very obvious that the members of TC-176 had something in mind when they chose to remove "auditors shall not audit their own work". Hopefully they will share their reasoning with us. In the mean time I'm taking it on face value.