Informational Internal Audits - Wear multiple hats what can and can't I audit (so I'm not auditing my own work)

H

Hendor

Involved In Discussions
JohnfromIN said:
Yes - I am John from IN...

We are speaking about ISO 9001 and I do understand it is only a framework designed to fit the multitude of businesses out there - any sector; be it manufacturing (which is what we are), healthcare, service based, product based...etc. Being the MR, I was heavily involved in the transition phase from 2008 to 2015 and the shift to risk based thinking was the bulk of the discussions (as were interested parties) but a major offshoot was the removal of the phrase in 8.2.2 "Auditors shall not audit their own work" and kept the more generic phrase that was in the older version (& open for interpretation) 9.2.2(c) "...shall... select auditors and conduct audits to ensure objectivity and the impartiality of the audit process.

I also, understand your point regarding shifting the audit to concentrate on areas that have shown a need for improvement. This is all about continual improvement and I somehow think this auditor felt as though he had to find something or he wouldn't be doing his job. A person can't drive across town with a policeman behind them and not get an infraction if that policeman/woman is intent on writing a ticket. In our industry (finishing) we call it inspecting to accept or inspecting to reject. Obviously, we want our inspectors to inspect to accept but that doesn't mean overlooking obvious reasons to reject. In the same light, auditors can look for conformances or look for non conformances and I think the better auditors look for conformance to the standard rather than trying their best to find a non conformance.
Click to expand...

Hi everyone,

Impartiality in internal audits is sometimes a headache for some organizations,

As a contribution, in ISO 9001 Cla. 9.2.2 includes a NOTE, which, as we know, is a mode of guidance for the understanding or clarification of the corresponding requirement, which reads: See Standard ISO 19011 for a guidance mode.

ISO 19011: 2018 textually says in: 4 Audit principles

e) Independence: the basis for the impartiality of the audit and objectivity of the audit conclusions

Auditors should be independent of the activity being audited wherever practicable, and should in all cases act in a manner that is free from bias and conflict of interest. For internal audits, auditors should be independent from the function being audited if practicable. Auditors should maintain objectivity throughout the audit process to ensure that the audit findings and conclusions are based only on the audit evidence.

For small organizations, it may not be possible for internal auditors to be fully independent of the activity being audited, but every effort should be made to remove bias and encourage objectivity.
-----------------

Perhaps this can be useful, to have a broader picture of impartiality
Regards
 
J

JohnfromIN

Registered
Hendor said:
Hi everyone,

Impartiality in internal audits is sometimes a headache for some organizations,

As a contribution, in ISO 9001 Cla. 9.2.2 includes a NOTE, which, as we know, is a mode of guidance for the understanding or clarification of the corresponding requirement, which reads: See Standard ISO 19011 for a guidance mode.

ISO 19011: 2018 textually says in: 4 Audit principles

e) Independence: the basis for the impartiality of the audit and objectivity of the audit conclusions

Auditors should be independent of the activity being audited wherever practicable, and should in all cases act in a manner that is free from bias and conflict of interest. For internal audits, auditors should be independent from the function being audited if practicable. Auditors should maintain objectivity throughout the audit process to ensure that the audit findings and conclusions are based only on the audit evidence.

For small organizations, it may not be possible for internal auditors to be fully independent of the activity being audited, but every effort should be made to remove bias and encourage objectivity.
-----------------

Perhaps this can be useful, to have a broader picture of impartiality
Regards
Click to expand...

Thanks - I have that document and sent that exact paragraph in with my dispute. Every effort was & continues to be made to encourage objectivity.

ISO TS/9002:2018 9.2.2 states:

When assigning persons to conduct audits, the organization should ensure objectivity and impartiality of the audit process. In some cases, specifically in smaller organizations or areas of the organization where specific job knowledge is required, it can be necessary for a person to audit their own work. In this situation, the organization might have the internal auditor work with a peer, or have the results reviewed by a peer or a manager, to ensure results are impartial. The organization could also consider obtaining resources from an external provider such as a university, external auditor, or another organization.

We'll see how the dispute unfolds. I was present at all times during the internal audit considering I am the MR. In essence, I could be considered a "peer" or a "manager" but I am also the president over EVERYTHING which, it could be argued, makes it difficult to be impartial/objective so I need an auditor to audit my audit of the internal audit.
 
Stijloor

Stijloor

Leader
Super Moderator
Dear Cove Colleagues,

As some of you know I am “half-way” retired so I am not as active here anymore. But I took the time to read and study all 15 pages in this thread. Very passionate discussions and in many posts good content including the chill pill thrown in by Marc.

About “auditing your own work”; has anyone looked at the connection between this practice and evidence of shipping/providing non conforming product/service to the customer?

If I was the 3rd Party Auditor, and there’s no evidence of putting the organization and/or the customer at risk, I would not have any issue with it.

Sometimes people get too bogged down in rules and regulations and miss the intent of what auditing is all about.

Wishing you all the best.

Stijloor (Jan)
 
B

Big Jim

Admin
JohnfromIN said:
To anyone interested...

FWIW
I contested it.
I had the dispute hearing this morning and the non-conformity was overturned.

Hope this may help someone going forward. I will, however, be more diligent bout auditing my internal audit process.

John
Click to expand...

Congratulations! Sometimes that's the only way to reign in rouge auditors.
 
B

Big Jim

Admin
Sidney Vianna said:
The situation as you described is closer to the scenario described in the Can I audit processes I've established but do not implement or maintain? thread. Auditing a process that you are the owner is perfectly acceptable.

As for people auditing their own work, there is a requirement that prohibits it. It is in the definition of the term audit, contained in ISO 9000, a normative reference in ISO 9001. The definition and the first note to the entry are provided below:

Note that the word independent is used and note 1 clearly stipulates the aspect of "carried out by personnel not being responsible for the object audited.

So, in my view, if you "audit" your own work, you are not in compliance with the requirements of the standard. Nobody will be independent, objective and impartial auditing their own work.

ISO/TS 9002 gives explanation of what to do in cases where you have to "audit" your own work, due to special circumstances....so you can find some guidance there.
Click to expand...

This appears to be another example of TC-176 showing us how sloppy they can be.

First of all, the sloppy use of the term "process". Does the internal audit need to be part of your interaction of process? I think not. Until they come up with better determination of what a process is and using the correct adjectives when they use it for different application they will continue to sew confusion.

Second, according to this definition it needs to be a documented process. Would that not be a written procedure? Something that was removed from ISO 9001:2015? Sloppy indeed!

Third, the confusion of contradictory guidance. 9002 provides for auditing your own work (but not just as you stated for small companies, also for when no one else has the knowledge) and gives examples of how to maintain impartiality and objectivity. This is inexcusable sloppiness!

Must be an example of one group not knowing what the other is doing / saying or some other form of managerial incompetence.
 
John Broomfield

John Broomfield

Leader
Super Moderator
Process is work.

Work by human, machine or animal that attempts to add value to inputs through a collection of interacting tasks*, often done by different disciplines or functions, that transform data or materials into services, products and by-products.

By-products may reduce the value of work.

We increase the chances of work adding value by design of the service, product and their processes to fulfill the needs of customers, employees and other stakeholders. Work or process may exist before its design or before validation of its design. Tasks within a process may be mistake-proofed to reduce losses.

* some refer to a task as a process, these leads to a lot of confusion and may reduce the potential value of process management in organizations unless it is viewed as cross-functional.

From this draft definition we can see how difficult it is to define process.
 
armani

armani

Quite Involved in Discussions
"So, in my view, if you "audit" your own work, you are not in compliance with the requirements of the standard. Nobody will be independent, objective and impartial auditing their own work." - sorry, Sydney, I have to disagree with you.

Look what ISO 9002:2016 says: "In some cases, specifically in smaller organizations or areas of the organization
where specific job knowledge is required, it can be necessary for a person to audit their own work".

Anyway, how samll is a "small organization" to apply this requirement??
 
armani

armani

Quite Involved in Discussions
Never mind my previous post, I already saw this subject was (was?) solved in this thread. Sorry !
 
Ninja

Ninja

Looking for Reality
Trusted Information Resource
Hello armani,

It's a recurring topic/question...it will come back around.

Just to be clear for future readers, though...
armani said:
"So, in my view, if you "audit" your own work, you are not in compliance with the requirements of the standard. Nobody will be independent, objective and impartial auditing their own work."
Click to expand...
This is a personal point of view, not a fact or requirement.

armani said:
Look what ISO 9002:2016 says: "In some cases, specifically in smaller organizations or areas of the organization
where specific job knowledge is required, it can be necessary for a person to audit their own work".

Anyway, how samll is a "small organization" to apply this requirement??
Click to expand...
It isn't a requirement...it is an allowance of freedom.
Small enough for them to consider it a valid approach, in the company's sole opinion.
If I were in a company where I only had one person I considered capable of performing the task, they would do it...somewhat regardless of company size. If it meant the best person to audit the work was the person who did it (all things considered)...then they would be the one I chose.
 
You must log in or register to reply here.

Similar threads

E
IATF 16949 QMS in OEM
2 3
Replies
20
Views
2K
Sidney Vianna
Sidney Vianna
T
Finally got a proper quality job - now do I know enough to do it?
2 3
Replies
26
Views
1K
TPMB4
T
Q
8.2.3 Review of the Requirements for Products and Services
Replies
3
Views
305
Big Jim
B
M
AS9100 examples of procedures, quality manual, etc.
Replies
7
Views
1K
John Predmore
John Predmore
B
Consistently Late Internal Audits- Any Suggestions?
3 4 5 6 7 8 9 10 11 12
Replies
116
Views
7K
Funboi
F
Top Bottom