2nd Party and Internal Auditor Qualifications & Training

[Casana]

I’m trying to confirm that the internal auditor qualification requirements haven’t changed between TS 16949 and IATF 16949. From what I can see on the IATF document it appears so, I only see a reference to ISO 19011

As for personnel performing 2nd party audits, I see no requirement in IATF 16949 other than following ISO 19011.

Am I missing something? Do 2nd party auditors have to be trained on core tools? How about internal auditors? (as long as the customers don’t require it of course).

Also - trying to confirm if I could do the training for the internal auditors & 2nd party auditors as long as I follow ISO 19011. I have my ASQ Auditor cert, plus I took the Lead Auditor TS16949 class (and passed) many moons ago. And I've managed all our internal audits for years. I'll confess I'm trying to avoid having to use our external training consultant because the one we've been using is a horrible trainer, however I have no say on who we pick and he does provide a very pretty certificate.

Thx for any comments!

 

[Leaf Fan]

From the AIAG Guide on Transitioning to IATF16949:

"IATF 16949 adds additional requirements for both first and second-party auditors, which include:
•Organizations shall have a documented process to verify internal auditor competency.
•When training internal auditors, documented information shall be retained to demonstrate trainer’s competency with the additional requirements.
•Organizations shall demonstrate the competency of second-party auditors, and second-party auditors shall meet customer-specific requirements for auditor qualification.
This standard also outlines the minimum competencies for auditors, which include:
•Automotive process approach for auditing, including risk- based thinking
•Applicable core tools requirements
•Applicable customer-specific requirements
•Software development assessment methodologies, if applicable
These changes may require a competence gap analysis followed by additional auditor training and development activities."

 

[Peters]

IATF 16949 requirements
7.2.3 Internal auditor competency
Quality management system auditors, manufacturing process auditors, and product auditors shall all be able to demonstrate the following minimum competencies:
a) understanding of the automotive process approach for auditing, including risk-based thinking;
b) understanding of applicable customer-specific requirements;
c) understanding of applicable ISO 9001 and IATF 16949 requirements related to the scope of the audit;
d) understanding of applicable core tool requirements related to the scope of the audit;
e) understanding how to plan, conduct, report, and close out audit findings.

7.2.4 Second-party auditor competency
The organization shall demonstrate the competence of the auditors undertaking the second-party audits. Second-party auditors shall meet customer specific requirements for auditor qualification and demonstrate the minimum following core competencies, including understanding of:
a) the automotive process approach to auditing, including risk based thinking;
b) applicable customer and organization specific requirements;
c) applicable ISO 9001 and IATF 16949 requirements related to the scope of the audit;
d) applicable manufacturing process(es) to be audited, including PFMEA and control plan;
e) applicable core tool requirements related to the scope of the audit;
f) how to plan, conduct, prepare audit reports, and close out audit findings.

So:
1.ISO 9001 knowledge - YES
2.IATF 16949 knowledge - YES
3.Process approach knowledge - YES
4.Risk based approach knowledge - YES
5.CSR knowledge - YES
6.Core tools knowledge - YES
7.Audit knowledge - YES

So it is impossible to say: "internal auditor qualification requirements haven’t changed between TS 16949 and IATF 16949", because many requirements above are new.

Use of the external trainer / consultant is not required if you have other options to achieve and demonstrate auditor competence.

 

[Casana]

Thanks for the very helpful and detailed response!

 

[hjoul]

Additional question related to trainer competency...

Clause 7.2.3 requires that the trainer's competency needs to be demonstrated.

How do you demonstrate the competency?
What makes a trainer qualified to train in IATF 16949?
And the trainer also needs to acquire competency and their trainers aswell ....

 

[al40]

Again, This is what a good internal audit program should consist of also you need to take into account Customer specific requirements as well. Read your CSRs carefully.

Best wishes,
Al40

 

[dan_negrea]

Hi, and sorry for the intrusion, but does anybody know any companies that could provide training for core tools in the Toronto GTA area?

Thank you!

 

[Sherry Gill]

What we did for IATF16949 audit team, with a short timeline:
1. Certified TS16949 lead auditor conducted self-directed training to IATF16949 (with reliance on Elsmar and other sources for clarification).
2. Lead auditor created a series of tests with answer keys and team exercises based on requirements of consecutive clauses/clause groups from IATF16949 and ISO9001:2015.
3. Lead auditor conducted five two-hour training classes to IATF16949 for all auditors previously trained to TS16949, using IATF16949 as the training outline, with review and discussion during each class.
4. Tests were administered weeks 2-5 based on previous week's material, with all results scanned, attached to a training record, and averaged to achieve a final rating (reasons for incorrect answers were explained and the clause references provided).
5. Trainees with a cumulative score of 80% or above retained their internal auditor designation, now to IATF16949, per pre-defined criteria. All trainees achieved a score of 90 or above.
6. Although not certified to IATF16949, I am the only on-site certified lead auditor. I currently hold TS16949/ISO9001 lead auditor certification, and previously held AS9100 lead auditor certifications. I am keeping my fingers crossed that this will be sufficient for our CB auditors.

In any case, I am retiring in a few weeks, which created the initial time crunch.

 

[wildbill72]

So has anyone determined whether or not 2nd party auditors need to be IATF certified to audit IATF suppliers?

 

[Stijloor]

So has anyone determined whether or not 2nd party auditors need to be IATF certified to audit IATF suppliers?

2nd Party Auditors from the organization going out to audit external providers (suppliers) must be competent. The competence requirements are in IATF 16949:2016.