The Cove Business Standards Discussion Forums
Go Back   The Elsmar Cove Business Systems and Standards Discussion Forums > >
Forum Username

Elsmar Cove Forum Visitor Notice(s)

Wooden Line

Types of Internal Audit findings based on ISO 9001 Clause 8.2.2

Monitor the Elsmar Forum
Courtesy Quick Links


Links Elsmar Cove visitors will find useful in the quest for knowledge and support:

Jennifer Kirley's
Conway Business Services


Howard's
International Quality Services


Marcelo Antunes'
SQR Consulting, and
Medical Devices Expert Forum


Bob Doering
Bob Doering's Blogs and,
Correct SPC - Precision Machining


Ajit Basrur
Claritas Consulting, LLC



International Standards Bodies - World Wide Standards Bodies

AIAG - Automotive Industry Action Group

ASQ - American Society for Quality

International Organization for Standardization - ISO Standards and Information

NIST's Engineering Statistics Handbook

IRCA - International Register of Certified Auditors

SAE - Society of Automotive Engineers

Quality Digest

IEST - Institute of Environmental Sciences and Technology


Some Related Topic Tags
8.2.2 - internal audits, audit nonconformances and findings, audits and auditing, internal audits, iso 9001 - quality management systems
Reply
 
Thread Tools Search this Thread Rate Thread Content Display Modes
  Post Number #1  
Old 31st July 2012, 10:12 PM
Integrator - 2012

 
 
Total Posts: n/a
Question Types of Internal Audit findings based on ISO 9001 Clause 8.2.2

ISO 9001 8.2.2 Internal audit states
"The organization shall conduct internal audits at planned intervals to determine whether the quality management system

a) conforms to the planned arrangements (see 7.1), to the requirements of this International Standard and to the quality management system requirements established by the organization, and
b) is effectively implemented and maintained."

I've always fellt that this definition of internal auditing is effective but awkward. To me it boils douwn to

+ Does the internal audit show:-
a) (Documented) system conforms to (ISO 9001) standard requirements and company requirements?
b) (Documented) company system is being followed by auditee.



I put "documented" in brackets because systems are normally but not always documented.

These two aspects of internal audit are critical and are separate issues. An auit nonconformance should always be categorisable into type a) and type b).

Audits that focus on type a) are sometimes called "process" or "desktop" audits and there are some other names for type b), but it is always possible to do an internal audit and categorise findings into type a) or type b) inyetnal audit nonconformances.


I came up with my own 'labels' for these two types of audit findings but I wish to reconsider these labels.

My question is:- What do other quality practititioners call these type a) and type b) findings?

Integrator



Sponsored Links
  Post Number #2  
Old 1st August 2012, 08:50 AM
Big Jim

 
 
Total Posts: 2,915
Re: Types of Internal Audit findings based on ISO 9001 Clause 8.2.2

The standard only requires six topics have documented procedures (Control of Documents, Control of Records, Internal Audit, Control of Nonconforming Product, Corrective Action, and Preventive Action).

Organizations can choose to document more, and most do, but few choose to document every topic.

In your scheme, how would you audit the topics that are not documented?

Auditor's need to audit your actual practice. That is done by auditing any applicable documents and records as you have noticed as well as auditing your organization's actual practice. When there is no documented procedure and no required records, the actual practice is audited is by interview and observation.

Something else amiss in your understanding is that "desktop audit" does not equal "process audit".

The comparison instead is between "element based audit" and "process based audit". An element based audit uses a checklist that walks through the standard one element at a time from 4.1 to 8.5.3. It can be useful for confirming each element is addressed, but usually is not very useful in determining how healthy the organization is overall. It is especially weak in addressing element 8.2.3 (Monitoring and Measurement of Processes).

A process audit is performed by determining what the auditee says their processes are (identified from the description of the interaction of processes), determining what elements apply to that process, and then auditing that process. For example, when auditing Purchasing, an auditor would stress element 7.4 as well as the outsourcing portion of 4.1. Of course, all other elements would be considered too as applicable. Any pertinent documents and records would be audited to accomplish this as well as auditing the actual practice of that process.

I'm not sure that I answered your question, but hopefully I have expanded your understanding, and sometimes that accomplishes the same thing.
Thanks to Big Jim for your informative Post and/or Attachment!
  Post Number #3  
Old 1st August 2012, 09:23 AM
Jim Wynne's Avatar
Jim Wynne

 
 
Total Posts: 14,228
Re: Types of Internal Audit findings based on ISO 9001 Clause 8.2.2

Quote:
In Reply to Parent Post by Integrator View Post

<snip> I came up with my own 'labels' for these two types of audit findings but I wish to reconsider these labels.

My question is:- What do other quality practititioners call these type a) and type b) findings? <snip>
I call them "findings." Why do you feel that you need give them separate names?
  Post Number #4  
Old 1st August 2012, 10:39 AM
Mikishots's Avatar
Mikishots

 
 
Total Posts: 884
Re: Types of Internal Audit findings based on ISO 9001 Clause 8.2.2

Quote:
In Reply to Parent Post by Integrator View Post

ISO 9001 8.2.2 Internal audit states
"The organization shall conduct internal audits at planned intervals to determine whether the quality management system
a) conforms to the planned arrangements (see 7.1), to the requirements of this International Standard and to the quality management system requirements established by the organization, and
b) is effectively implemented and maintained."

I've always fellt that this definition of internal auditing is effective but awkward. To me it boils douwn to

+ Does the internal audit show:-
a) (Documented) system conforms to (ISO 9001) standard requirements and company requirements?
b) (Documented) company system is being followed by auditee.



I put "documented" in brackets because systems are normally but not always documented.

These two aspects of internal audit are critical and are separate issues. An auit nonconformance should always be categorisable into type a) and type b).

Audits that focus on type a) are sometimes called "process" or "desktop" audits and there are some other names for type b), but it is always possible to do an internal audit and categorise findings into type a) or type b) inyetnal audit nonconformances.


I came up with my own 'labels' for these two types of audit findings but I wish to reconsider these labels.

My question is:- What do other quality practititioners call these type a) and type b) findings?

Integrator

I don't necessarily agree with your interpretation; the critical aspect (and the whole point of the audit) is to determine if the processes are effective or not. People can follow a documented company system to the letter, but if the system sucks, the audit cannot report a successful implementation. They specifically used the term "effective" for a reason.

As a result, I don't entirely agree with your categories. If I was told I had to document only two types, they would be:
a) The process is in place but planned results are not achieved (i.e. not effective). Actions are being taken to resolve.
b) The process is not in place and the planned results are not achieved.

The definition for non-conformance is explicitly detailed and I won't repeat it here. It comes down to the degree (separating a major from a minor). In my two examples above, the first would be classified as a minor and the second as a major.

I'm a bit confused as to why such emphasis is only made on documented procedures - what about the others?

Differentiating findings into "types" is unnecessary and helps nothing - if the finding is described adequately, it really isn't important.

Last edited by Mikishots; 1st August 2012 at 10:43 AM. Reason: early morning typos
Thanks to Mikishots for your informative Post and/or Attachment!
  Post Number #5  
Old 12th August 2012, 08:12 PM
Integrator - 2012

 
 
Total Posts: n/a
Re: Types of Internal Audit findings based on ISO 9001 Clause 8.2.2

Thank you all for your well considered comments.

As I haven't been deluged with a 'consensus view' I'll stick to my original labels, which are:-

1) "adequacy", i.e. (documented) procedure meets/does not meet requirements of std.
2) "conformance", (documented) procedure is/is not being followed.
3) "effectiveness", (documented) procedure is/is not effective.

All types of audit findings get a grade + OBS, - OBS, Minor NC, Major NC.

All audits have an assessment of conformance. For a well functioning process this is the very least that can be done in an audit, i.e. a + OBS with a copy of a compliant record. An explanation is then made in audit findings in this case by rote that the procedure is adequate to standard and is effectively implemented.

The main reason for the categorisation is the different "typical" outcomes.

1) adequacy NC - rewrite procedure to meet standard, company and client requirements, possible retrain staff.
2) conformance NC - retrain staff.
3) effectiveness NC - review process, re-document, retrain.

As the internal auditor I am often explaining these categories, especially 'adequacy' and 'conformance' and their different outcomes to my co-workers. They usually appreciate the simplicity of the approach. I know I could be accused of oversimplifying, but as we all know, everyone starts with baby food first.
  Post Number #6  
Old 12th August 2012, 08:37 PM
Big Jim

 
 
Total Posts: 2,915
Re: Types of Internal Audit findings based on ISO 9001 Clause 8.2.2

I don't have any particular problems with your thoughts, but it still seems a bit overly structured. But hey, if it works for you that's what counts.
Thanks to Big Jim for your informative Post and/or Attachment!
  Post Number #7  
Old 12th August 2012, 09:24 PM
AndyN's Avatar
AndyN

 
 
Total Posts: 9,118
Caution Re: Types of Internal Audit findings based on ISO 9001 Clause 8.2.2

I'm inclined to think that you're making a simple situation more difficult than it needs to be. A well constructed non-conformance statement doesn't need 'grading'. I believe, since this is your focus, you might do well to look at the content of any NC and see what that leads to. I also believe that your suggested actions are also a bit prescriptive. Why should any retraining be necessary? Unless a competency was detected as being required, don't just jump to training as the answer. Don't forget that management have to buy in to this and simple is best with them!
  Post Number #8  
Old 12th August 2012, 09:43 PM
JaneB

 
 
Total Posts: 3,518
Re: Types of Internal Audit findings based on ISO 9001 Clause 8.2.2

Quote:
In Reply to Parent Post by AndyN View Post

I'm inclined to think that you're making a simple situation more difficult than it needs to be. A well constructed non-conformance statement doesn't need 'grading'. I believe, since this is your focus, you might do well to look at the content of any NC and see what that leads to. I also believe that your suggested actions are also a bit prescriptive. Why should any retraining be necessary? Unless a competency was detected as being required, don't just jump to training as the answer. Don't forget that management have to buy in to this and simple is best with them!
I'm with Andy, in that it sounds as though you're making it more difficult than it needs to be.

My main reservations:
  • There's really no need to grade NCs. Just because external auditors do doesn't mean you have to.
  • In your original gradings, you pretty much discarded any consideration of effectiveness which is one of the most important things of all! in favour of complies/doesn't comply. Although a later post says you do determine if it is/is not effective.
  • It isn't the job of the internal auditor to decide what the solution to an identified weakness is. That responsiblity belongs to the manager of the area. Doing it your way is akin to telling them 'I found this weakness in your area, and here's what you must do in order to fix it' is usually a sure fire prescription for making 'quality' and 'internal audit' deeply unpopular with managers, and for good reason.
    Everyone has to own the system. Beware of the 'qwality kop' road.
Thank You to JaneB for your informative Post and/or Attachment!
Reply

Lower Navigation Bar
Go Back   The Elsmar Cove Business Systems and Standards Discussion Forums > >

Bookmarks



Visitors Currently Viewing this Thread: 1 (0 Registered Visitors (Members) and 1 Unregistered Guest Visitors)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Forum Search
Display Modes Rate Thread Content
Rate Thread Content:

Forum Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Emoticons are On
[IMG] code is On
HTML code is Off


Similar Discussion Threads
Discussion Thread Title Thread Starter Forum Replies Last Post or Poll Vote
Web based tool for benchmarking audit findings GTBroomfield Benchmarking 6 21st February 2018 11:36 AM
Audit Findings: Writing against Internal an ISO Clause dubrizo Internal Auditing 10 15th May 2015 02:19 AM
ISO 9001:2008 Internal Audit - Classification of Audit Findings xjsanit Internal Auditing 5 6th January 2011 10:31 AM
ISO 9001 Internal audit sub clause a) Jim Green Internal Auditing 1 5th June 2003 02:38 PM
ISO 9001:2000 Process Based Internal Quality Audit Plan Martin Bailey General Auditing Discussions 11 4th December 2001 09:59 AM



The time now is 09:34 AM. All times are GMT -4.
Your time zone can be changed in your UserCP --> Options.



Misc. Internal Links


NOTE: This forum uses "Cookies"