Auditing 4.17


Eli Black

New to the board, so hi all. :)

Anyway, my question is this:

Can the internal auditors of my company audit element 4.17?

I am the Lead Auditor and two OTHER internal auditors will audit the element, is this compliant with the ISO 9000 standard? We are working towards ISO 9001-1994 (long story short, we started the process before the release of the 2000 revision so our registrar will still allow us to register as 1994).

From my understanding an auditor cannot audit a process which he or she is directly responsible for. Since I am the Lead Auditor I am clearly responsible, but are the auditors "directly" responsible and unable to audit the element?

My trainer believes that the element can be internally audited by the auditors, just not by the Lead Auditor. My company just had an external audit by our parent company (not out registrars) and he believes that the auditors cannot.

Any answers out there?
Last edited by a moderator:

David Mullins

but of course

A quick search of the forum will find a couple of recent threads on this topic, and the answer is - ofcourse they can.

Whom ever from the parent company that did the audit has their head up their :ca:

To put your mind completely at ease, telephone your registrar and pose the question to them. What if you were a one person company - you'd even have to audit your own work, which whilst strictly a no-no, the standard is intended to improve management and processes, not be a millstone.

Other strategies have included getting some other manager to review and sign-off the audit report. Include your ecternal audit in your internal aschedule and get them to audit internal auditng every time they visit. Etc.

Carry on. You're doing fine.


Bruce Wade

What's 4.17? I cannot seem to find it in my copy of ISO 9001:2000. (Humor, this late in the day...)

In my interpretation: Yes, internal auditors may audit your internal audit process. No, the Lead Auditor, Management Representative or anyone else having direct responsibility for scheduling, overseeing the process or taking timely corrective action in response to audit findings cannot be involved in the process.

If you cannot use your trained internal auditors to perform this audit, whom do you use? Do you train additional internal auditors to audit the internal audit process? Would they then be used to perform other audits to keep current? (Would be an interesting way to swell the ranks of internal auditors!)

Only one caveat: those who audit the internal audit process must remain independent of the actual process, including scheduling and follow up of internal audits. Otherwise would result in significant conflict of interest, as it would be in their "best interest" not to identify nonconformances.

Al Dyer

What ever happened to the days when we could take any person in the company and say "please audit me"? One of the best audits to one of my audit systems that was performed per a checklist and a copy of the standard.

Now how about this, I had a discrepancy that he found and because of my position I was able to talk him out of it. Is that fair, NO

Consider internal auditing a training process and kill two birds with one stone. Anybody that works in a semi-modern manufacturing facility is able to follow a checklist and ask questions, and ask for proof.

Am I just being the red headed step child in saying that internal auditors need to know the companies system but not be QS/TS/ISO experts??????????

Like Marc said, I'm in a pessamistic mood today.

But after taling to judge stone, I feel much better now!

M Greenaway

ISO9001:2000 is slightly more relaxed on this.

It now says that auditors shouldnt audit there own work, i.e. they can audit the audit process, but not the audits that they themselves did.

It also now clearly states the requirement for objectivity in audit reports. So long as this is clear the integrity should be OK.
Top Bottom