Audit Focus Area: Tribal Knowledge

EEJen

Involved In Discussions
#1
Our auditor started off this years audit stating that in their audit they had a finding in not identifying Focus Areas. This was all that I am aware of he mentioning during our 2nd Surveillance audit.

Our 1st Surveillance Report indicates "No Focus Areas were identified" with no rating.

Our 2nd Surveillance Report indicates "Focus Area - Tribal knowledge" and rates it a 2 out of 5 for Degree of Control. This years audit was to ISO 9001:2008

1) Are CB auditors suppose to be evaluating "control"? I thought the audits were to be evaluating effectiveness.

2) Next years focus area is "Reduce tribal Knowledge" - Do you think this might fall under the Organizational Knowledge?

3) Our company does not plan to reduce tribal knowledge because we are a small company. Any suggestions on how to steer the auditor away from "Tribal Knowledge" and focus on something in the standard.
 
Elsmar Forum Sponsor

Sidney Vianna

Post Responsibly
Staff member
Admin
#2
Re: Principles of Auditing ISO 9001:2015 - Focus Area - Tribal Knowledge

Any suggestions on how to steer the auditor away from "Tribal Knowledge" and focus on something in the standard.
Was this audit done by a CB under the Risk Based Certification methodology?
 

howste

Thaumaturge
Super Moderator
#3
Re: Principles of Auditing ISO 9001:2015 - Focus Area - Tribal Knowledge

1) Are CB auditors suppose to be evaluating "control"? I thought the audits were to be evaluating effectiveness.

2) Next years focus area is "Reduce tribal Knowledge" - Do you think this might fall under the Organizational Knowledge?

3) Our company does not plan to reduce tribal knowledge because we are a small company. Any suggestions on how to steer the auditor away from "Tribal Knowledge" and focus on something in the standard.
1) Yes. Audits include verification of conformity and verification of effectiveness. Anywhere a control is supposed to be in place, the auditor should verify that the control is in place AND effective.

2) Yes. Whenever someone with "Tribal Knowledge" leaves the company the organization loses knowledge. How do you make sure that losing people doesn't lead to lost organizational knowledge is what this requirement is all about.

3) See #2. Don't steer them away from it. It's a problem (with requirements in the new standard) that needs to be addressed. A plan to rely on tribal knowledge is a plan to fail, regardless of the size of the company.
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#4
Re: Principles of Auditing ISO 9001:2015 - Focus Area - Tribal Knowledge

A plan to rely on tribal knowledge is a plan to fail, regardless of the size of the company.
Fully agree with Howste. If you want to maintain and promote "tribal knowledge" you are not risk based thinking. One of the biggest risks for any organization is for corporate knowledge being mismanaged.

That's not to promote over documenting your organization, but reliance on "tribal knowledge" is risky for you and your customers.
 

EEJen

Involved In Discussions
#5
Re: Principles of Auditing ISO 9001:2015 - Focus Area - Tribal Knowledge

1) Yes. Audits include verification of conformity and verification of effectiveness. Anywhere a control is supposed to be in place, the auditor should verify that the control is in place AND effective.

2) Yes. Whenever someone with "Tribal Knowledge" leaves the company the organization loses knowledge. How do you make sure that losing people doesn't lead to lost organizational knowledge is what this requirement is all about.

3) See #2. Don't steer them away from it. It's a problem (with requirements in the new standard) that needs to be addressed. A plan to rely on tribal knowledge is a plan to fail, regardless of the size of the company.
1) The control rating of 2 out of 5 does not have any support evidence except we don't have a documented procedure for inventory control. I am familiar with the PEAR Levels ratings. Is anyone familiar with what the DNV control ratings are in relations to the PEAR levels?
PEAR - Process Effectiveness Assessment Report

2) I have been reading more on how Tribal Knowledge fits into the "Organizational Knowledge". I am just more frustrated that the Auditor did not even discuss this during our audit. It showed up in the report. Organizational Knowledge is a 2015 requirement and not a 2008 requirement. There is lack of evidence to support the rating negative or positive. His one area for improvement comment "The QMS documentation does not address the physical inventory process in (city)."

3) Tribal Knowledge is a management risk decision. This company is new (early 2015) to ISO but with lots of knowledge from document, tacit, and tribal. I am going to move the the Organizational Knowledge to that thread for more suggestions on how to implement for a small company (48 people.)
In my opinion if the Registrars are suppose to be doing Process audits - The focus area should be on a process. The other option is possibly focus on Organizational Knowledge which is in the standard instead of trying to confuse the auditee with the auditors definition of tribal knowledge is.
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#6
I am very familiar with the Next Generation Risk Based Certification methodology and:

1) the focus area(s) should be agreed upon between the lead auditor and the registrant before the audit commences.
2) the degree of control determination has to be based on evidence.
3) the focus area(s) have to be connected to the standard(s) which are in the audit criteria.
4) if you think tribal knowledge is not part of 9001:2008, just substitute the term for undocumented processes and, voilá, it is.
 
Last edited:

howste

Thaumaturge
Super Moderator
#7
Re: Principles of Auditing ISO 9001:2015 - Focus Area - Tribal Knowledge

1) The control rating of 2 out of 5 does not have any support evidence except we don't have a documented procedure for inventory control. I am familiar with the PEAR Levels ratings. Is anyone familiar with what the DNV control ratings are in relations to the PEAR levels?
PEAR - Process Effectiveness Assessment Report

2) I have been reading more on how Tribal Knowledge fits into the "Organizational Knowledge". I am just more frustrated that the Auditor did not even discuss this during our audit. It showed up in the report. Organizational Knowledge is a 2015 requirement and not a 2008 requirement. There is lack of evidence to support the rating negative or positive. His one area for improvement comment "The QMS documentation does not address the physical inventory process in (city)."

3) Tribal Knowledge is a management risk decision. This company is new (early 2015) to ISO but with lots of knowledge from document, tacit, and tribal. I am going to move the the Organizational Knowledge to that thread for more suggestions on how to implement for a small company (48 people.)
In my opinion if the Registrars are suppose to be doing Process audits - The focus area should be on a process. The other option is possibly focus on Organizational Knowledge which is in the standard instead of trying to confuse the auditee with the auditors definition of tribal knowledge is.
All CBs should use the same rankings for the PEAR forms, including DNV-GL. All of the IAQG AS9101 forms can be found here. The criteria are in the form instructions. The 2014 PEAR form has a scale of 1 to 4. The 2016 PEAR form has a scale of 1 to 5. They should have left you a copy of the PEAR showing which box they checked.
 

dsanabria

Quite Involved in Discussions
#9
Our auditor started off this years audit stating that in their audit they had a finding in not identifying Focus Areas. This was all that I am aware of he mentioning during our 2nd Surveillance audit.

Our 1st Surveillance Report indicates "No Focus Areas were identified" with no rating.

Our 2nd Surveillance Report indicates "Focus Area - Tribal knowledge" and rates it a 2 out of 5 for Degree of Control. This years audit was to ISO 9001:2008

1) Are CB auditors suppose to be evaluating "control"? I thought the audits were to be evaluating effectiveness.

2) Next years focus area is "Reduce tribal Knowledge" - Do you think this might fall under the Organizational Knowledge?

3) Our company does not plan to reduce tribal knowledge because we are a small company. Any suggestions on how to steer the auditor away from "Tribal Knowledge" and focus on something in the standard.
It looks like your CB auditor has a poor way of communicating. Ask the registrar for qualification or for another auditor.

The auditor should be looking for objective evidence to established goals / objectives. If the auditor can not point in the standard what the issue is then the auditor has an agenda - time to switch.

Your point # 3 is disturbing that you have chosen not to collect valuable knowledge and experience from people performing the task so when they leave the company - there goes your information and you are back to the very beginning - a long and steep learning curve. No one is suggesting a procedure and large format - keep it simple, effective and easy to understand for the next individual to keep your process running.
 
D

Duke Okes

#10
One of the options for dealing with risk is to accept it. If management:

- is aware of the risk
- believes it to be insufficient to require action
- and has evidence/rationale for why it is unlikely to affect product conformity or customer satisfaction

Then they should tell the auditor to bug off.

I remember an instructor in an audit class saying that a 20% turnover of employees would automatically be a NC. Oh yeah?

Run the criteria above against it. Supposed the organizational context is a call center that hires primarily students from a local college/university. Every year you could expect the seniors to graduate and go on to other jobs, and be replaced by incoming freshmen. About a 20% turnover woud not be abnormal.
 
Thread starter Similar threads Forum Replies Date
D Internal Audit Structure and Focus Internal Auditing 7
M Layered Audit Checklist with focus on daily quality General Auditing Discussions 3
N Customer Focus Process Audit Process Audits and Layered Process Audits 4
L Internal Audit to Focus on Customer Complaint Re-occurrences Internal Auditing 4
B IATF16949 audit requirement - Auditor request UCL and LCL must be show Xbar-R, IATF 16949 - Automotive Quality Systems Standard 6
T COVID, Furlough and ISO9001 Surveillance Audit Coffee Break and Water Cooler Discussions 2
R External Audit and Certificate prorogation due to the pandemic General Auditing Discussions 10
Dean Bell Implementation of Controls as per SOA for Stage 2 Audit IEC 27001 - Information Security Management Systems (ISMS) 0
G Logistic organization and controls - IATF/ISO 9001 audit Nonconformance and Corrective Action 2
Geoff Cotton Performing a Delta Audit General Auditing Discussions 12
N ISO 19011:2018 - 5.4.2 "...audit program should engage in appropriate continual development..." Training - Internal, External, Online and Distance Learning 4
G MSA check list to audit IATF 16949 - Automotive Quality Systems Standard 8
L Open Positions During AS9100 Audit AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
L Stage 2 audit - Requirement for 3 months of records ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
F Who can sit in/perform an API audit? Oil and Gas Industry Standards and Regulations 2
L Manufacturing Process Audit Help IATF 16949 - Automotive Quality Systems Standard 6
H AS9100 Checklist for Internal Audit needed AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
A What are the pros and cons of using an audit software for internal auditing? General Auditing Discussions 4
F Internal Audit before Pre-Assessment ISO 17025 related Discussions 2
Q Internal audit plan template Internal Auditing 5
G Self Assessment Audit from a new potential customer General Auditing Discussions 3
L Internal audit during COVID-19 restrictions ISO 13485:2016 - Medical Device Quality Management Systems 5
M OEM asking for NC report after certification audit. IATF 16949 - Automotive Quality Systems Standard 3
Ooi Yew Jin Customer E audit preparation Quality Manager and Management Related Issues 2
N Audit non-compliance API Q1 - Use of External Documents 4.4.4 in Product Realization Oil and Gas Industry Standards and Regulations 4
J Remote Audit Experiences - June 2020 General Auditing Discussions 26
F Product audit sampling plans IATF 16949 - Automotive Quality Systems Standard 3
O ISO13485 implementation - Are internal audits expected before stage 1 audit? Design and Development of Products and Processes 3
M Supplier Audit Report - Template for second party audit wanted Lean in Manufacturing and Service Industries 1
Stefan Mundt AS9100D Major nonconformity due to recurrence of a NC during a subsequent CB audit. AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
B Using Unreleased Documents & Process Maps for Internal Audit purposes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
Q ISO 9001:2015 man days for surveillance audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
F ISO 13485 - EU countries that could request another audit ISO 13485:2016 - Medical Device Quality Management Systems 2
H Layered audit updates after COVID-19 shutdowns Process Audits and Layered Process Audits 0
L How to deal with an ISO 13485 Supplier Audit nonconformance ISO 13485:2016 - Medical Device Quality Management Systems 17
M Description of the requirements of clause 9.2.2.3 manufacturing process audit- needs your feedback IATF 16949 - Automotive Quality Systems Standard 0
Armen Conflict of Interest if I audit the QC department? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 16
V Generic IATF 16949 Audit Checklist wanted IATF 16949 - Automotive Quality Systems Standard 3
A NB (Notified Body) Audit of Standards ISO 13485:2016 - Medical Device Quality Management Systems 3
N Audit non-compliance - API Spec Q1 9th Ed 5.6.1.2 b Oil and Gas Industry Standards and Regulations 10
M Any way to execute VDA 6.3 audit remotely? VDA Standards - Germany's Automotive Standards 2
D Audit for ISO and AS 91XX and mitigating exposure to COVID-19 AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 14
D Postpone IATF 16949 audit due to COVID-19 IATF 16949 - Automotive Quality Systems Standard 41
JoCam Certified Body Audit of MDR requirements EU Medical Device Regulations 4
D Do non-IATF customers need to be included in audit scope? IATF 16949 - Automotive Quality Systems Standard 23
Ajit Basrur Track audit findings on Excel tracker Excel .xls Spreadsheet Templates and Tools 9
N Small Company - Internal audit process - Who does the audit? Internal Auditing 16
J Does anyone have an excel IATF 16949 Internal Audit checklist I could use? IATF 16949 - Automotive Quality Systems Standard 7
Watchcat Anyone had an MDR technical file review/audit yet? EU Medical Device Regulations 13
G Addressing Non-Conformances from an Internal Audit that are not product related ISO 13485:2016 - Medical Device Quality Management Systems 11

Similar threads

Top Bottom