All Internal Audits on 1 day once a year?

RoxaneB

Super Moderator
Super Moderator
#31
Icy Mountain said:
Nota Bene: Internal Audit is listed in 9k4, Section 8.2, Measurement and Monitoring (reactive, passive). If you have honestly self-assessed your system and it is mature and proactive, Internal Audit is more likely catch regression (good line, db) than find things that could be improved. 9k4, Section 8.5, Improvement (proactive, active) is where you find Preventive Action (verrrrrry innnnnterrrrresting). Your Preventive Action system should be identifying "opportunities for improvement". JMHO.
Interesting...just finished up my Planning and Preparing for this week's ISO 9001:2000 Internal System Audit. One of the rookie audits aka "slug" asked "So, we're looking to find stuff, right?" Oh, the control it took for me to not bang my head on the desk!

Once I was done counting to 10, I replied "Our system is mature enough that I don't want to see findings saying 'Work Instruction XXX does not adequately reflect the practiced process.' I want to see Opportunities for Improvement...we're an extra set of eyes out there...we're like toddlers and continually asking 'Why?'.

I also remember that two External Auditors ago with this company, our Auditor (recently an auditor for a sister company...with whom I have set up a therapy group) said that OFI's were not Preventive Actions. One is true improvement and one is to avoid a potential nonconformance. I asked if the avoidance wasn't improvement and earned one heck of a glare that shut me down (that was back in the days when I was quiet and docile...hah!). Never did get an adequate answer.....
 
Elsmar Forum Sponsor
#32
RCBeyette said:
Oh, the control it took for me to not bang my head on the desk!
See, how mature you are? I would have banged the slug's head on the desk! :bonk:

RCBeyette said:
I also remember that two External Auditors ago with this company, our Auditor (recently an auditor for a sister company...with whom I have set up a therapy group) said that OFI's were not Preventive Actions. One is true improvement and one is to avoid a potential nonconformance. I asked if the avoidance wasn't improvement and earned one heck of a glare that shut me down (that was back in the days when I was quiet and docile...hah!). Never did get an adequate answer.....
In the grand scheme of things they are different...sorta. Preventive actions are designed to avoid potential nonconformances, no argument there. But you are correct in that they are a form of improvement. I explain it this way. Preventive actions are a subset of continual of improvement. All preventive actions are continual improvement, but not all continual improvements are preventive actions. Is this an "adequate answer"? ...or what?
 
#33
Claes Gefvenberg said:
What a great thread this turned out to be :applause:

Good one, Bill. :agree1: You really have a knack for cutting through the background noice, and asking the relevant question.

Very well put... I for one would not mourn the demise of the audit as long as we replace it with something better. For the time being though, I consider auditing to be a valuable improvement tool.

Now it's my turn. We have several threads with discussions about how to improve audits. How about suggestions on what that something to replace them with could be (Not just auditing under a new buzz-word name, but something new and better)?

/Claes
Friends,

I consider auditing as a process of enabling improvement and the following is one of the methods I use to catalyse improvement actions.

At times we send a set of questions to the auditee before the internal audit; the purpose of this is to enable IMPROVEMENT in his/her area of activity/product/service. If the auditee can do certain things to improve before the audit, in most cases, he/she does carry out the improvement action. In case he cannot carry out the improvement action before the audit, again in most of the cases, he/she prepares a plan of improvement action. In this process the audit achieves its objective of enabling improvement of activities/products/services. Since the ISO-14001 audit (internal or self audit) is not a financial audit, we are not interested in "catching" people committing mistakes and the objective is to improve, this method works. This method enables the auditee to come out with improvement options and intiatives; since the auditee "owns" the "option and initiative" the probability of success of such initiative is high. The auditor, however, has to spend a lot of time to frame the questions (and he should have a thorough knowledge of the activity/product/service that he will be auditing) to get the benefit out of this method.

I have used this method successfully many times as a part of internal audit carried out by me, especially when auditing Chief Executives, Financial Controllers and other Senior Management Members.

I look forward to your views on this.

With best wishes,

Ramakrishnan
 

The Taz!

Quite Involved in Discussions
#34
Interesting approach. . . I can look at it in a couple of ways.

What if a teacher gave the students copies of the final exam a week prior to the actual exam. . . is the teacher improving the student? . . . or is the teacher boosting success levels?

What if you check a few parts, make a machine adjustment, take a few more parts and then chart the results on a control chart. . . you are improving the process or product quality level. . . but are you meeting the intent of control charting the process? Are you seeing the REAL process in action?

While I see "some" value in this approach, I think that it is not meeting the intent of auditing a process. I'd be surprised if you had ANY findings. . . and another question, is the improvement you mentioned permanent. . . or is the deck stacked to pass the audit. Don't misunderstand my comment, I do not look at audits as a black and white Pass/Fail issue. . . they are facilitating improvement in the overall system by exposing OFI's. . .

IMHO, Can't necessarily agree with your approach. . . could be just me though. . .

As to your comment regarding the top level execs. . . I'm sure they have bigger fish to fry, and need all the help they can get when it comes to a QMS
 
#35
Improvement

db said:
Preventive actions are a subset of continual of improvement. All preventive actions are continual improvement, but not all continual improvements are preventive actions. Is this an "adequate answer"? ...or what?
I think both you and Roxane have it right. If I discover a potential to err (but not an error) and I lower (or remove) the potential, that's Preventive Action AND it MUST be a Continual Improvement. If I have an effective and error-proof, but inefficient, process that I have documented as an OFI during an audit, and then we streamline that process, it's a Continual Improvement.

Continual, Corrective and Preventive are all listed under 8.5 Improvement. 8.5.1 says we should use "the quality policy, quality objectives, AUDIT RESULTS, analysis of data, corrective and PREVENTIVE actions, and management reviews" for Continual Improvement.
 

RoxaneB

Super Moderator
Super Moderator
#36
db said:
Preventive actions are a subset of continual of improvement. All preventive actions are continual improvement, but not all continual improvements are preventive actions.
More than adequate! :D I do understand the difference, thankfully, and what you said matches my own thoughts.

Dr. L. Ramakrishnan said:
At times we send a set of questions to the auditee before the internal audit; the purpose of this is to enable IMPROVEMENT in his/her area of activity/product/service.
At first thought, I have to agree with my fuzzy and drooling friend, The Taz!. But, I also have this feeling that we're not getting the whole story here.

Dr. L, how far in advance do you send the questions? A day, a week, a month, longer? Too be honest, if it is just a day or a week, I would not think much improvement would be seen or enabled. Even a month is doubtful, in my opinion, however more time has been provided for the auditee to provide evidence of a plan to improve. Could you clarify what you mean by "enable improvement"?
 
#37
RCBeyette said:
More than adequate! :D I do understand the difference, thankfully, and what you said matches my own thoughts.



At first thought, I have to agree with my fuzzy and drooling friend, The Taz!. But, I also have this feeling that we're not getting the whole story here.

Dr. L, how far in advance do you send the questions? A day, a week, a month, longer? Too be honest, if it is just a day or a week, I would not think much improvement would be seen or enabled. Even a month is doubtful, in my opinion, however more time has been provided for the auditee to provide evidence of a plan to improve. Could you clarify what you mean by "enable improvement"?
Hi ! I shall try to answer both Taz and RCB here.

The set of questions is sent to the auditee just after sending the audit plan; that means about two weeks to a month before the audit.

To give you an idea of the type of questions - the following is one of the questions to the CEO : "Could you give examples of including environmental considerations while taking business decisions in the last six months". This can help the CEO to collect enough information before the audit. It is likely that the preparation for this question reinforces the need for including environmnetal considerations while taking business decisions. In the initial stages of the system establishment the CEO will be looking for examples. What I find is that over a period of time (i.e. after say a couple of audits) the CEO is well tuned to think environmentally while taking business decisions and he has many examples to give. This part comes out well (ie. the CEO is able to come out with many examples) when external auditors audit him on these issues during the certification or surveillence audits.

Taking another example for the Management Team member in-charge of manufacturing activity, some of the questions are: What are the key characteristics that you monitor regularly ? How do you ensure progress in areas of concern ? What is the management support that you provide to meet the targets ? This helps him to review the key characteristics that are being monitored by him, e.g. energy consumption per unit production, waste generation per unit production, KG VOC emissions per $ value added etc - to see if he covers all the issues that are relevant to the organization. If he has missed any key characteristics, now is an opportunity to include it in his monitoring programme. He can also review his own activity to check if he has been supporting his organization to meet the targets; if so is it adequate. In areas where there has been no progress or negative progress he is given an opportunity to review his procedures - does he act in a way to enable progress.

AS an auditor, this process helps me to prepare the auditee for facing the audit; during the physical audit I spend more time on collecting evidence against audit criteria; and wasting of time by the auditee (searching files, getting information from other departments etc.) is avoided.

What is enabling IMPROVEMENT: I am sure you would agree with me that the auditee behaviour is different during the audit than before/after the audit. During the audit the auditee is normally stressed. It is likely that the auditee "understands, accepts and acts" on suggestions (or identified gaps) during the interactions before or after the audit. Take the example of the first question above. If the CEO had considered environmental concerns while taking business decisions during the last six months, he would try to collect as many examples as possible - positively reinforcing his commitment. If he had not, it is likely that he starts doing it after receiving the question or plans to do it in the months to come. If he has not responded in any of the ways given, the auditor can still bring this issue in the audit report for corrective action. Since the question is already known to the auditee, there is less likelihood of arguments with the auditor at this point. This example shows how the above Question can enable the auditee (CEO)to improve his activity by including environmental concerns in his decision making process.

Coming to the comment on "examination", I would like to submit that the final examination is conducted by the external certification auditors; internal audits prepare the organization to meet the requirement of the system, including continual improvement. Of course, internal audit should meet IAF guidance on the Application of ISO/IEC Guide 66 criteria as the certification agencies will be looking for the evidence against G.5.3.20 (a,b,c,d) while auditing the organization.

I shall be glad to share more with you on specific issues on the above subject.

Best wishes,

Ramakrishnan
 

The Taz!

Quite Involved in Discussions
#38
Dr. L. Ramakrishnan said:
Hi ! I shall try to answer both Taz and RCB here. The set of questions is sent to the auditee just after sending the audit plan; that means about two weeks to a month before the audit.

To give you an idea of the type of questions - the following is one of the questions to the CEO : "Could you give examples of including environmental considerations while taking business decisions in the last six months". This can help the CEO to collect enough information before the audit. It is likely that the preparation for this question reinforces the need for including environmnetal considerations while taking business decisions. In the initial stages of the system establishment the CEO will be looking for examples. What I find is that over a period of time (i.e. after say a couple of audits) the CEO is well tuned to think environmentally while taking business decisions and he has many examples to give. This part comes out well (ie. the CEO is able to come out with many examples) when external auditors audit him on these issues during the certification or surveillence audits.
OK. . .I understand that issue. . .but why are you prepping the CEO? wasn't he/she a part of developing the system? Are they reminded every time you are going to be audited by an outside auditor?

Dr. L. Ramakrishnan said:
Taking another example for the Management Team member in-charge of manufacturing activity, some of the questions are: What are the key characteristics that you monitor regularly ? How do you ensure progress in areas of concern ? What is the management support that you provide to meet the targets ? This helps him to review the key characteristics that are being monitored by him, e.g. energy consumption per unit production, waste generation per unit production, KG VOC emissions per $ value added etc - to see if he covers all the issues that are relevant to the organization. If he has missed any key characteristics, now is an opportunity to include it in his monitoring programme. He can also review his own activity to check if he has been supporting his organization to meet the targets; if so is it adequate. In areas where there has been no progress or negative progress he is given an opportunity to review his procedures - does he act in a way to enable progress.
Just being the devil's advocate here. . . isn't he/she aware of the impact of those measures and aren't they being monitored on a regular basis? Why would they need reminding?
Dr. L. Ramakrishnan said:
What is enabling IMPROVEMENT: I am sure you would agree with me that the auditee behaviour is different during the audit than before/after the audit. During the audit the auditee is normally stressed. It is likely that the auditee "understands, accepts and acts" on suggestions (or identified gaps) during the interactions before or after the audit. Take the example of the first question above. If the CEO had considered environmental concerns while taking business decisions during the last six months, he would try to collect as many examples as possible - positively reinforcing his commitment. If he had not, it is likely that he starts doing it after receiving the question or plans to do it in the months to come. If he has not responded in any of the ways given, the auditor can still bring this issue in the audit report for corrective action. Since the question is already known to the auditee, there is less likelihood of arguments with the auditor at this point. This example shows how the above Question can enable the auditee (CEO)to improve his activity by including environmental concerns in his decision making process.
OK. . . you have facilitated efficiency in the external auditing process
Dr. L. Ramakrishnan said:
Coming to the comment on "examination", I would like to submit that the final examination is conducted by the external certification auditors; internal audits prepare the organization to meet the requirement of the system, including continual improvement. Of course, internal audit should meet IAF guidance on the Application of ISO/IEC Guide 66 criteria as the certification agencies will be looking for the evidence against G.5.3.20 (a,b,c,d) while auditing the organization.
OK. . . here's where I think I sorta disagree with your philosophy. . . the Internal Audits are for you and your organization. . . you should be your own worse critics. IMHO, if the audit process works properly, all the outside auditor should have to do is review the audit process at the 2000' level (or from the Giraffe's view) to ensure that you are doing an adequate job. This is my feeling for surveillence audits. Initial certification audits is a different story. . . while they are typically easier that surveillence audits, they do ensure you are meeting the intent and requirements of the standard.
IMHO, It still looks like you are prepping for the "final exam" (and it is really not the final exam if you intent to maintain certification), by presenting the exam questions prior to the exam. There really should be no need to do that IF you have a functional compliant QMS, and your management team is a solid part of it and committed. I am not sure you are realizing lasting "improvements" if you are periodically reminding people of what they should be doing anyway. I know. . . Motherhood and Apple Pie. . . and it is your QMS. . .

Dr. L. Ramakrishnan said:
I shall be glad to share more with you on specific issues on the above subject. Best wishes, Ramakrishnan
Ditto!
 
Last edited:
Thread starter Similar threads Forum Replies Date
lanley liao How to understand this words that the planning of internal audit shall take into consideration the results of previous audits? Oil and Gas Industry Standards and Regulations 10
M ISO13485:2016, MDSAP and Internal Audits ISO 13485:2016 - Medical Device Quality Management Systems 8
S Would this be a second site for the purposes of internal and third party audits? General Auditing Discussions 4
J ISMS - Internal Audits Internal Auditing 3
L Documented Information in Internal Audits Process (9.2) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
D CB and customer audits considered as internal audits? General Auditing Discussions 9
R IATF 16949 - Outsourcing of internal audits Internal Auditing 10
M Major vs. Minor for Internal Audits? Internal Auditing 10
C Internal Audits in a tiny Dx Company Internal Auditing 33
N Sampling Plan for Internal Audits - ISO 2859 or 3951 - Or Neither? Internal Auditing 6
O ISO13485 implementation - Are internal audits expected before stage 1 audit? Design and Development of Products and Processes 3
O Informational Scaling back internal audits due to corona virus while avoiding a NC Internal Auditing 7
G Internal Audits and Employee engagement Internal Auditing 16
S Internal audit discrepancy - We missed a few audits that were scheduled Internal Auditing 12
F ISO 17025 8.8 Internal Audits in a segmented company ISO 17025 related Discussions 5
qualprod Internal Audits - Categories of non conformances Internal Auditing 12
G Non Conformance During ISO 9001 Audit - Not All Internal Audits Completed General Auditing Discussions 19
K A way to monitor our Internal Audits as a KPI AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 7
blackholequasar Internal Auditing Inspiration - Getting volunteers to perform internal audits. Internal Auditing 22
A External Auditor issue with Internal Audits Internal Auditing 7
W Internal Auditing carried out by a 3rd party - Review of previous audits AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
E Informational Internal Audits - Wear multiple hats what can and can't I audit (so I'm not auditing my own work) Internal Auditing 149
Gman2 Quality Record Retention (Internal Audits, CA's) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
T Informational What is the purpose of Internal Audits? Internal Auditing 27
F API Spec Q1 9th Edition Surveillance Audit - Questions about internal audits. Oil and Gas Industry Standards and Regulations 22
Pmarszal ISO 19011:2018 - Risk Based Approach for planning, conducting and reporting of internal audits Internal Auditing 8
R ISO 13485:2016 Registration - NC on full cycle of internal audits ISO 13485:2016 - Medical Device Quality Management Systems 7
J Internal Audit clarification - How to perform the audits IATF 16949 - Automotive Quality Systems Standard 6
S Corrective Action from Internal Audits not performed ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 24
W FAA Advisory Circular (AC) Requirements (FAA AC 00-56) - Internal Audits AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
B Going into IATF 16949 transition without Internal Audits IATF 16949 - Automotive Quality Systems Standard 4
S Internal Audits performed by another local business ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 26
K No Internal Audits For Upcoming IATF Trans Audit IATF 16949 - Automotive Quality Systems Standard 5
J Supporting Processes - Internal Audits - Need help settling a debate IATF 16949 - Automotive Quality Systems Standard 4
K AS9100 Rev. D Transition - Internal Audits & Gap Analysis Requirements AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 14
J Internal Audits - Closing Audit Deficiency Reports (ISO 13485) Internal Auditing 4
S Is Audit Plan / Agenda required for Internal Audits? Internal Auditing 2
J ISO 9001:2008 - Can I still conduct Internal Audits in my company? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
F What is your favorite software for ISO 9001:2015 Internal Audits? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
C ISO 9001:2008 Surveillance Audit - No Internal Audits Internal Auditing 9
J Dinged on Internal Audits for supervising an auditor I was training Internal Auditing 10
Marc ISO 9001:2015 vs. 2008 - Internal Audits - What changes are you making? Internal Auditing 44
M Are auditing checklists required for Internal Audits? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
dubrizo Internal Audit Value - What is the point of conducting internal audits to a checklist Internal Auditing 40
D Using consultants for Internal Audits Internal Auditing 24
O New Job 1 Month from Recertification Audit - Missing Documents, no Internal Audits ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 25
R How do I conduct my API Q1, ISO compliant internal audits? Internal Auditing 1
F Is it good to outsource the Internal Audits? Quality Manager and Management Related Issues 16
S Advice for ISO17025 First Round of Internal Audits ISO 17025 related Discussions 10
S Engineering Audits - Internal Audits IATF 16949 - Automotive Quality Systems Standard 7

Similar threads

Top Bottom