8.2.2 Internal Audit - Seeking Opinions

C

Carl Exter

Opinions please...

In establishing the internal audit schedule (in compliance with ISO9001:2000 8.2.2), and the scopes for the various audits, is it valid to use documented problems with processes (noted through our nonconformance reporting system) as a focus in evaluating processes?

By way of example, I once focused an audit of our documentation/artwork approval process to determine why we had numerous similar problems with product labels. (Kind of like trying to do root-cause troubleshooting with the process via the audit).

I was rebuked and told that an appropriate audit starts blind and only evidence of problems uncovered during the conduct of the audit are valid areas to research. I was told that audits can't begin with evidence of problems.

This doesn't seem very smart to me and can lead to rather routine and frequently unproductive audits (other than filling the requirement to conduct internal audits). But I don't have an updated copy of 10011 so I don't know what the official ISO position is on auditing.

I would appreciate your thoughts, feedback, and experiences. Thank you in advance.
 
E

energy

Re: Opinions please...

Carl Exter said:

I was rebuked and told that an appropriate audit starts blind and only evidence of problems uncovered during the conduct of the audit are valid areas to research. I was told that audits can't begin with evidence of problems.

This doesn't seem very smart to me and can lead to rather routine and frequently unproductive audits (other than filling the requirement to conduct internal audits). But I don't have an updated copy of 10011 so I don't know what the official ISO position is on auditing.

I would appreciate your thoughts, feedback, and experiences. Thank you in advance.

Carl,

My understanding is that you can have "Special" audits. But, these have to be directed by Management. As Senior Management directs the Audits, they also "bless" all scheduled Internal Audits, too. They are incorrect in saying that N/C's cannot cause the need for a Special Audit. And, if they choose to not allow you to audit a recurring problem, it's their call. You then address it through your Corrective Action Sytem. JMHO
:ko: :smokin:
 

Raffy

Quite Involved in Discussions
Special Audit, I think this would I gonna do next week in our IT department. I was been tapped by our management to audit IT on their quality levels. Thanks to everyone who contribute opinios and recommendations to my query, it enlighten my mind on what are the things that i need to audit.
However, can this audit would refer as Internal Audit for a department? :confused: I would be auditing them against the ISO requirements, hope that i would be focus on ISO. :bonk:

Raffy :cool:
 
E

energy

Sure

You would cite the specific ISO requirements, Para. etc, and simply put the departments on your audit schedule. If you intend to audit one department at a time to the whole standard, good luck! If I misunderstood what you were asking, I apologize.

My own opinion would be to pick a section of the standard, like 4.2.3 Control of Documents and 4.2.4 Control of Records and audit each department to the procedures which were written with the Standard in mind. This is a pair that could very easily be audited at the same time. Then schedule, say 8.5.2 Corrective Action for all Departments.

Although is not my intent to audit our released procedures to ISO Requirements, which were written by a Steering Comitteee comprised of 4 Internal Auditors, you could always audit your own procedures. My fear is that we would get bogged down addressing "interpretation" differences, like we do here in the Cove.:vfunny: I prefer to trust Management to authorize procedures, etc., with ISO as their driver. And there is also the Mgt. Rep very aware of the requirements of the Standard who creates the drafts, gains approval from cognizant Managers.
Guess who? :bigwave:
 

Randy

Super Moderator
You can establish your audit schedule based upon the phases of the Moon or the tides if you want. What you don't want to do is have special audits that turn into "Witch Hunts". The audit process has to be pro-active in nature and looked upon as being a value added, positive approach to identifying shortcomings or opportunities for improvement. The internal audit should bring to light and emphasize "preventive more than corrective" measures needed.
 
B

Bob Ablondi

Auditing

Marc:

I am a practitioner of the "Vertical Slice" method when I do Registration and Surveillance audits for the Registrar. I have done this when I audited to Code of Federal Regulation 10CFR50 Appendix B.

Bob A
 
R

rrramirez

ISO 19011:2000; 5.2 clause

You could use the guides contents in the in the new ISO 19011:2002.
Please read additionally the Introduction paragraph of the standard.:bigwave:
 
M

M Greenaway

Carl

I think you have been given really bad advice !

I always will look at the sorts of non-compliances, complaints and previous audit results to get a flavour of where to look in an audit.

It saves time, and makes the audit focus on the real issues, and not dream up irrelevant problems, or even worse totally miss any problems at all.

Audits should be flexible, but not blind (in my opinion).
 
Top Bottom