Audit Response Help Please. ISO9001
- Thread starter DRPAudit25
- Start date
This audit report has a lot of words in it, the majority of them lacking actionable clarity.
Stock check records are called out multiple times for various things, stating that their mishandling is evidence of multiple types of process failure. To be of any use, statements such as:
1) Ineffective communication between the tooling team and procurement team has led to incomplete or missing records need to be substantiated with a description of specifically what was found, or not found, to decide that "ineffective communication" led to xyz.
2) The failure to consistently update stock records in the system demonstrates a lack of effective documentation needs to be actionable, not the issuance of a judgment.
This audit report focuses quite a lot on these stock checks, incorrectly identifying clauses when calling out nonconformances. Examples include:
1) If records are required, internal auditors need to call out what requires them. 7.5.3.2 is referring to process inputs, not outputs.
2) Missing stock is not about preservation.
3) Discrepancies in stock checks is not about control of conconforming outputs unless the process is to maintain stock on behalf of a customer.
4) Stock without GRN numbers is not about release criteria.
Why is this important? The audit is supposed to be about verifying effectiveness of the QMS. It helps no one when the wrong part of the QMS is being identified as a problem.
Okay, I understand that stock checks are important. Their purpose helps support the system by correctly understanding what is available and what is not. None of the nonconformances described the actual, actionable process performance issues:
I hope this helps.
Stock check records are called out multiple times for various things, stating that their mishandling is evidence of multiple types of process failure. To be of any use, statements such as:
1) Ineffective communication between the tooling team and procurement team has led to incomplete or missing records need to be substantiated with a description of specifically what was found, or not found, to decide that "ineffective communication" led to xyz.
2) The failure to consistently update stock records in the system demonstrates a lack of effective documentation needs to be actionable, not the issuance of a judgment.
This audit report focuses quite a lot on these stock checks, incorrectly identifying clauses when calling out nonconformances. Examples include:
1) If records are required, internal auditors need to call out what requires them. 7.5.3.2 is referring to process inputs, not outputs.
2) Missing stock is not about preservation.
3) Discrepancies in stock checks is not about control of conconforming outputs unless the process is to maintain stock on behalf of a customer.
4) Stock without GRN numbers is not about release criteria.
Why is this important? The audit is supposed to be about verifying effectiveness of the QMS. It helps no one when the wrong part of the QMS is being identified as a problem.
Okay, I understand that stock checks are important. Their purpose helps support the system by correctly understanding what is available and what is not. None of the nonconformances described the actual, actionable process performance issues:
- DP confirmed that stock checks are conducted monthly; however, updates to the system are not performed regularly or consistently.
- SM stated that stock check sheets are printed and distributed to the Tooling team, but these sheets are not returned for processing or record-keeping.
- A conversation with DP revealed that stock checks do occur; however, DP was not aware of the process requiring completed stock check reports be returned to Procurement for stock adjustments.
- A comparison was made between the Tooling Team's (TT) stock checks and our own, revealing that certain items had been withdrawn from stock and were in the process of tool servicing in the workshop. It was also noted that stock figures are not decremented in MERLIN until the sales order is despatched and invoiced.
I hope this helps.
The only thing I would add is that internal auditors who are not experts at a particular subject matter shouldn’t consult. Stick to an objective failure or nonconformance. Don’t guess at cause or solution. This only creates an adversarial relationship of bitterness.
Randy
Super Moderator
Strongly disagree. This is your interpretation of what internal audits should be. There is nothing in any auditing standard to suggest otherwise.
Going right back to the words of Philip Crosby, how can anything be a concern if it is not already a nonconformance to requirements? How would you KNOW it's a concern?
I model my internal audits on good practice from external audits (I've discarded a huge amount of bad practice, of course), and have never had any complaints so far. Not only does it prepare people like-for-like for external audits, but working to ISO 19011 ensures a truly unbiased and impartial audit, something which I don't see in the OP. It also makes my internal audit system bomb-proof to external auditors, because I simply point out that we're following the best practice which they themselves use.
Randy
Super Moderator
Call it 6th sense. Something new and untried can be a concern. Something that you've made a great investment of time or money can be a concern. You're digging for the response you want here can be a concern.
History is a great teacher. I see 2 guys walk into a 7-11 at 2AM, both carrying guns and wearing a mask is a concern. Flying in a helicopter and going into auto-rotation can be a concern. Crosby was Ok but his foresight was probably limited by his experience.
What on earth are you doing walking into a 7-11 at 2AM ?? You should be in bed.....
I find this a very peculiar response on a quality forum. Surely the quality profession should be about data-driven decisions, not 6th sense? Surely it should be about prioritising a risk-management approach to new and untried processes? Surely it should be about providing the correct tools to project managers so that time and money concerns are lessened?
Auditors cannot deal in subjectivity. This is pretty much page one of the manual.
I have no idea what you mean. I simply posted a disagreeing reply to somebody who claimed that internal and external audits were very different. It wasn't my intention to engender any sort of response
Well, where I live, this is a very clear nonconformance, because this is illegal. I can't speak for other jurisdictions, but I'm willing to bet you wouldn't want to live somewhere where it's legitimate.
OK let’s take a deep breath. Randy is really talking about someone who has deep knowledge and tons of experience in highly functional quality ‘systems’. That is his sixth sense. There have been many many times where I have instinctively known the cause of a problem or if some situation was going to be a Problem. An old mentor of mine used to say he could solve so many problems becuase he was old. (He would expand one this and say he had a deep understanding of physics, systems and people as well as having seen a lot in his time).
Now is it perfectly acceptable to have an internal audit approach that matches the external audit approach? Sure and it can be helpful as you say.
BUT the QMS requirements as listed in the standard(s) are minimum requirements. They do not adequately describe a high functioning / state of the art system. And this is what Sidney and Randy are getting at. Of course if your internal auditors have only a minimal experience and shallow knowledge/understanding or misinformation of quality systems, (and physics etc.) then you probably shouldn’t let them ‘consult’ beyond a plain text reading of the written requirements. Or they shouldn’t even be allowed to audit without direct oversight if they are in a learning/apprentice mode. I’ve seen the damage and dissension these people have sown if they have an outsized opinion of their skills and authority.
In my 40+ years of experience I can say that there have been many many times that I’ve encountered processes, systems and conditions that may have been compliant to the standard but were not very effective and even were breeding grounds for physical product defects…
Two different beliefs/approaches can both be true even if they are different. Your approach however, doesn’t mean that Sidney is wrong; in fact he is correct that they are supposed to be two different (if overlapping somewhat) methods. Your approach meets the minimum requirements and so does Sidney’s…and Randy is also correct - there are things that be fishy, wrong or sketchy even if they are ‘compliant’ to minimum requirements of the standard.
Now is it perfectly acceptable to have an internal audit approach that matches the external audit approach? Sure and it can be helpful as you say.
BUT the QMS requirements as listed in the standard(s) are minimum requirements. They do not adequately describe a high functioning / state of the art system. And this is what Sidney and Randy are getting at. Of course if your internal auditors have only a minimal experience and shallow knowledge/understanding or misinformation of quality systems, (and physics etc.) then you probably shouldn’t let them ‘consult’ beyond a plain text reading of the written requirements. Or they shouldn’t even be allowed to audit without direct oversight if they are in a learning/apprentice mode. I’ve seen the damage and dissension these people have sown if they have an outsized opinion of their skills and authority.
In my 40+ years of experience I can say that there have been many many times that I’ve encountered processes, systems and conditions that may have been compliant to the standard but were not very effective and even were breeding grounds for physical product defects…
Two different beliefs/approaches can both be true even if they are different. Your approach however, doesn’t mean that Sidney is wrong; in fact he is correct that they are supposed to be two different (if overlapping somewhat) methods. Your approach meets the minimum requirements and so does Sidney’s…and Randy is also correct - there are things that be fishy, wrong or sketchy even if they are ‘compliant’ to minimum requirements of the standard.
Jake with the Calipers
Involved In Discussions
Something that really stuck with me during our first ISO 9001:2015 certification audit was a visual aid our very experienced auditor provided during the opening meeting.
He took two cups and said one cup was our processes and the other cup was the ISO standard.
He said oftentimes when he goes into a business for an initial audit these two "cups" may overlap but still have areas where they aren't fully compatible, worst case scenario these cups just don't interact or are contradictory and the process is one thing and the standard is another, but the magic of ISO 9001 happens when you can get those two cups to sleeve together where your processes and the standard are jiving.
The simplicity of that two cup analogy has made it easier to describe how ISO 9001 works for us and isn't just a piece of paper we are just trying to stay certified to.
He took two cups and said one cup was our processes and the other cup was the ISO standard.
He said oftentimes when he goes into a business for an initial audit these two "cups" may overlap but still have areas where they aren't fully compatible, worst case scenario these cups just don't interact or are contradictory and the process is one thing and the standard is another, but the magic of ISO 9001 happens when you can get those two cups to sleeve together where your processes and the standard are jiving.
The simplicity of that two cup analogy has made it easier to describe how ISO 9001 works for us and isn't just a piece of paper we are just trying to stay certified to.
Similar threads
