Timing of an Internal Audit Schedule

J

JJ777

I just had a debate with my manager regarding the audit schedule.
I developed my audit schedule with internal audits scheduled over a period of 2 months. Basically an internal audit a week allowing to consult with the process owners to correct findings etc. after the audit.
My manager feels that I should conduct all my audits before the bi-annual surveillance audits in order to show the external auditors that all processes has been audited. He feels that we should get everything in order that should the auditor audit a process that it has already been audited internally to avoid telling them that this process has not been audited.

I know there is no requirement on the schedule dates as to when all should be done.
Should I conduct all audits before the surveillance audit?
What will happen if an audit is scheduled after the surveillance audit and the external auditor wishes to audit the process in question?
 
T

tomvehoski

Re: Audit Schedule

I don't believe in designing my system or doing anything special because a thrid party audit is coming up. Audits are to be scheduled based on the status and importance of the activity being audited, so "because the registrar is coming next week" is not a valid basis for scheduling.
 

John Broomfield

Leader
Super Moderator
Re: Audit Schedule

I just had a debate with my manager regarding the audit schedule.
I developed my audit schedule with internal audits scheduled over a period of 2 months. Basically an internal audit a week allowing to consult with the process owners to correct findings etc. after the audit.
My manager feels that I should conduct all my audits before the bi-annual surveillance audits in order to show the external auditors that all processes has been audited. He feels that we should get everything in order that should the auditor audit a process that it has already been audited internally to avoid telling them that this process has not been audited.

I know there is no requirement on the schedule dates as to when all should be done.
Should I conduct all audits before the surveillance audit?
What will happen if an audit is scheduled after the surveillance audit and the external auditor wishes to audit the process in question?

JJ777,

Many organizations schedule their internal audits so they happen two months before the CB/registrar's auditor visits.

This may tell everyone the system is in place simply to keep a certificate and it probably is a rarely reported nonconformity (failure to audit processes according to their status and importance - see 8.2.2).

Of course, your management system is in place help its users to create more successful customers.

So, what is driving continual improvement? Are the operators, supervisors, managers and directors monitoring their processes to result value-adding nonconformity statements and $thousands-saving improvements then your manager's point of view may be somewhat valid.

Failing that I recommend you audit how well the system is helping employees to determine and fulfill requirements on a schedule you recommend and support with reasons for approval at the management reviews. That way it sanctioned by your TM and is not your schedule or your boss's.

Please note that well-monitored processes (resulting in many improvements that do not rely on audit) may not need to be audited as frequently as the neglected processes.

John
 
Last edited:

6thsense

Involved In Discussions
Re: Audit Schedule

I have the same problem also. My boss believes you have to audit the whole system at once before the surveillence. I have decided that this year. I will push to do this my way. By analysing your findings you tend to discover the areas that tend to give you problems. You can plan to audit these more frequently. As previous posters have said, the system must work for us, we cannot be auditing for the sack of auditing.
 
J

JJ777

Re: Audit Schedule

JJ777,

Many organizations schedule their internal audits so they happen two months before the CB/registrar's auditor visits.

This may tell everyone the system is in place simply to keep a certificate and it probably is a rarely reported nonconformity (failure to audit processes according to their status and importance - see 8.2.2).

Of course, your management system is in place help its users to create more successful customers.

So, what is driving continual improvement? Are the operators, supervisors, managers and directors monitoring their processes to result value-adding nonconformity statements and $thousands-saving improvements then your manager's point of view may be somewhat valid.

Failing that I recommend you audit how well the system is helping employees to determine and fulfill requirements on a schedule you recommend and support with reasons for approval at the management reviews. That way it sanctioned by your TM and is not your schedule or your boss's.

Please note that well-monitored processes (resulting in many improvements that do not rely on audit) may not need to be audited as frequently as the neglected processes.

John

John

I have scheduled my critical processes before the surveillance audit. The other process is the satellite broadcasting process whereby lectures use the technolgy to broadcast sessions to the students. These sessions are recorded, edited and available for purchasing a few days after the broadcast. There are daily broadcasts and their are not much room for improvement in the processes. This in my opinion is not critical and the process is fairly simple. My software development is far more critical and much more time will be spend here.
I know the reasoning of my boss is that some of the process owners still think quality is the person who maintains the QMS and that their processes should be checked more frequently.
 

Jen Kirley

Quality and Auditing Expert
Leader
Admin
Re: Audit Schedule

It seems natural to run through a system before the registrar gets there... from a compliance point of view. But I can think of three problems with the approach:

1) There's little chance to show how your scheduling is sensitive to system needs as discovered in the internal audits. If there's a problem area, do you audit more often? Registrars always probe me for this.

2) It may be difficult to show management commitment: how audit results and corrective action data are presented for Managemenr Review, and the subsequent resourcing and plans they come up with the improve the system's performance.

3) Something may be uncovered that's serious enough to not be resolved satisfactorily by the time the registration audit starts. Having open corrective actions doesn't bother me, but there are some that I really, really want to be closed out so I can ensure the system is functional before outsiders come have a look.

These concerns are about systems, whereas the objective in a quick series of audits seems to me to be one of compliance. It's a philosophical difference.
 

ScottK

Not out of the crisis
Leader
Super Moderator
Re: Audit Schedule

I'm 100% with tomvehoski. The audit plan must fit your organization, not an outside party's.

I do monthly audits throughout the year making sure that all processes I need to cover are audited in that time.

The registrar can come audit at the start, middle, end of the cycle. It doesn't matter.
 

John Broomfield

Leader
Super Moderator
Re: Audit Schedule

John

I have scheduled my critical processes before the surveillance audit. The other process is the satellite broadcasting process whereby lectures use the technolgy to broadcast sessions to the students. These sessions are recorded, edited and available for purchasing a few days after the broadcast. There are daily broadcasts and their are not much room for improvement in the processes. This in my opinion is not critical and the process is fairly simple. My software development is far more critical and much more time will be spend here.
I know the reasoning of my boss is that some of the process owners still think quality is the person who maintains the QMS and that their processes should be checked more frequently.

JJ777,

Looking beyond the next surveillance visit I recommend scheduling the following year's internal audits using some of the criteria you are already along the following lines - annual frequency:

  • Processes that are critical and well monitored - 2
  • Processes that are critical and poorly monitored - 4
  • Processes that are noncritical and well monitored - 1
  • Processes that are noncritical and poorly monitored - 2
Explain this logic with your recommended schedule for authorization at your next management review meeting. Your boss may need to approve it beforehand.

Focus on how well the processes are fulfilling their objectives and other criteria (see 4.1c).

Processes that are poorly monitored could be evidence of an 8.2.3 nonconformity so you may wish to address the lack of monitoring as a separate earlier corrective action.

Then you can move on to:

  1. Processes that are critical and well monitored - 2
  2. Processes that are new or causing problems - 4
  3. Processes that are noncritical and well monitored - 1

By then you will have gotten the responsibility for quality out of the quality department and with the people who do the work and supervise the work; where it belongs!

Best wishes,

John
 
D

db

Re: Audit Schedule

Scheduling internal audits just prior to the registrar's visit might violate the "status and importance" part of the standard.

I recommend scheduling your internal audits spaced out opposed from your registrar's visit. For example, if your registrar audits you in February, you audit 6 month's later in August. However..... keep in mind the status, importance and results of previous audits. If you audit only once a year and something happens (process change, increase scrap or complaints, etc), you don't want to wait for a year to audit. I recommend scheduling supplemental audits to cover those situations.
 
Top Bottom