Auditing against a procedure you had input to

D

dodds

#1
Had an NCR raised against us by a client who on reviewing some internal audits quoted that the auditor was auditing his own work.

Now, the person carrying out the internal audit helped to write the procedure but is not involved in the actual process, so I am arguing that he isn't auditing his own work.

Advice, opinions please?
 
Elsmar Forum Sponsor

somashekar

Staff member
Super Moderator
#2
Where is the cited example for the NCR ?

I will take a safe bet and show that by the responsibility and authority that is documented and communicated, the auditor has not audited his own work.
 
D

dodds

#3
Where is the cited example for the NCR ?
I will take a safe bet and show that by the responsibility and authority that is documented and communicated, the auditor has not audited his own work.
A specific example was not given.

This is what the report says -
"In at least one case, the person auditing a process is also the author of the procedure that governs that process presenting a conflict disallowed as "Auditors shall not audit their own work"

To which I replied -
No action is required because auditor was auditing the process not the procedure.

And received the following -
Will not accept. Client is requiring that we audit with a party that has not had input into procedure
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#4
Had an NCR raised against us by a client who on reviewing some internal audits quoted that the auditor was auditing his own work.

Now, the person carrying out the internal audit helped to write the procedure but is not involved in the actual process, so I am arguing that he isn't auditing his own work.

Advice, opinions please?
Customer audits are always tricky; many times because the qualification/competence of the auditors are questionable. If we were assessing this reported NC against ISO 9001:2008, in principle, you could try to fight it. Because one could make a case that the internal auditor was not auditing his/her own work.

On the other hand, if the (documented) procedure had a flaw, in terms of complying to a mandatory standard or customer requirement, and the internal auditor was responsible for (co)authoring the document and, only during the course of the audit realized the mistake, s/he would be biased, and in part the authoring of the procedure is part of the work. After all, procedure adequacy is a typical component for assessment during the course of an internal audit.

So, the customer rep concern is not totally unfounded.

Welcome to The Cove, by the way.
 

Marc

Hunkered Down for the Duration
Staff member
Admin
#5
I have never hear of this type of connection and "nonconformance". The internal auditor may have had input on many procedures in the company which could/would exclude the auditor from auditing many, many processes. I totally disagree with your client's interpretation.

Has anyone else ever heard of this type of "nonconformance"?
 

somashekar

Staff member
Super Moderator
#6
Will not accept. Client is requiring that we audit with a party that has not had input into procedure
I would take it back strongly... if I had my management backing >>>
How can an auditor do a good job when he has no input about procedure at the time of audit or earlier ?
What ever be the procedure, the audit part is to see by various examples, the procedure application and effectiveness. If and when a NCR is made out., the CA could be in the procedure itself or in its application.
Where is the harm (and the NC) if the internal auditor happens to be the author of the procedure ? He is not the approver anyway ~~~
 
G

GoKats78

#7
We would be in trouble here are my boss and I are the auditors and also have had a hand in almost every procedure and I am listed as an approver (to assure conformance ISO requirements, customer requirements, and our other internal procedures.)

This is a very tenuous connection...I would push back...and hard (again, if you have management support).
 
D

dodds

#8
Thanks for the feedback and welcome folks.

You're basically confirming what I know, its nice to have the backing/opinions of a well respected forum.
 

Paul Simpson

Trusted Information Resource
#9
Firstly I agree with a lot of the points here. I'm responding to Sidney's post only because the structure is easier for me to work with! :D
Customer audits are always tricky; many times because the qualification/competence of the auditors are questionable. If we were assessing this reported NC against ISO 9001:2008, in principle, you could try to fight it. Because one could make a case that the internal auditor was not auditing his/her own work.
Now, Sidney. You and I both know that some CB auditor's have questionable competence. I'd go so far as to say some of my best audits as an auditee have been from customers. IMHO they often have better industry knowledge and that leads to better judgement on the implications of an NC. Not in every case - as seems to be the case here.

I'd agree that the OP could fight this NCR but I'll suggest an alternative below.
On the other hand, if the (documented) procedure had a flaw, in terms of complying to a mandatory standard or customer requirement, and the internal auditor was responsible for (co)authoring the document and, only during the course of the audit realized the mistake, s/he would be biased, and in part the authoring of the procedure is part of the work. After all, procedure adequacy is a typical component for assessment during the course of an internal audit.

So, the customer rep concern is not totally unfounded.

Welcome to The Cove, by the way.
Sidney has hit on the nub of the question here. What was the audit scope? If it was simply compliance with the procedure (as documented) then there is no problem with independence. The procedure is being worked to by others. But we don't yet have any information about quality planning (including development of documents and procedures). If this is covered elsewhere in the audit programme then this could be presented as evidence (on a sample basis) that the process for planning (again including the procedure in question) has been audited by an independent person (presumably :)).

I'd be happy to separate out the two elements as described above by Sidney:
  1. Do procedures address all standards requirements - requires good knowledge of the standard(s) and a working knowledge of the ways of working
  2. Are people following (complying with) the procedure as documented - requires good knowledge of the company and ways of working and no knowledge of the standard(s)

The two elements can be covered together if you have a suitably competent and independent auditor (internal, customer or third party).:D
 
#10
Agreed on the incorrect nature of the audit finding. What is the relationship with this client? How much work do they represent? What is the relationship between the auditor and the client's purchasing organization? How may auditors do you have?

As a matter of principle, I'd tell the purchasing agent that you will have to train another auditor due to this finding and, although it isn't non-conforming to ISO 9001, you will comply but will also be asking for them to pay the cost of the training. If you are certified, you can also raise the point that your CB never had this issue.

On the other hand, if you aren't worried about the principle, take the names off the documents (this isn't really needed anyway) and carry on auditing as you have!
 
Thread starter Similar threads Forum Replies Date
GStough Auditing Against Criteria Unfamiliar to Auditee - Yea or Nay? General Auditing Discussions 11
R Auditors Auditing Against ISO 9001:2015 Draft ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 33
P Corrective action against the auditing agency? Written contract is in error AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 17
cscalise Suggestions for MDR Auditing tools EU Medical Device Regulations 1
J Auditing of Support Function IATF 16949 - Automotive Quality Systems Standard 9
D ISO 13485, FDA 21 CFR 820 and Auditing the Accounting Department ISO 13485:2016 - Medical Device Quality Management Systems 5
S Risk based internal auditing Internal Auditing 6
Randy Remote auditing (for disaster, disease, disturbance etc...) during the Neo Coronavirus Pandemic and Social Distancing Registrars and Notified Bodies 4
K ANVISA B-GMP Auditing requirements for Contract Manufacturers Other Medical Device Regulations World-Wide 0
F AS9100D Internal auditing requirements Internal Auditing 3
R Does any here use an internal auditing tool that works on different platforms? Internal Auditing 3
W Does anyone have an API Q2 checklist for internal auditing? Oil and Gas Industry Standards and Regulations 1
G Best Practices for IT auditing - Is a session-id necessary for a complete audit trail? IEC 27001 - Information Security Management Systems (ISMS) 0
I Questions to ask when auditing for Organizational Leadership and Planning for the QMS? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
C CE marking for general IVD (self-certified) & ISO 13485 QMS requirements - auditing EU Medical Device Regulations 6
blackholequasar Internal Auditing Inspiration - Getting volunteers to perform internal audits. Internal Auditing 22
W Internal Auditing carried out by a 3rd party - Review of previous audits AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 3
tony s What is the automotive process approach for auditing? IATF 16949 - Automotive Quality Systems Standard 2
S Internal Auditing for API Spec Q1 - auditor qualification requirements Oil and Gas Industry Standards and Regulations 6
R I've been auditing for a CB for 18 years General Auditing Discussions 10
P Consultant Auditing Qualifications Requirements ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 23
E Informational Internal Audits - Wear multiple hats what can and can't I audit (so I'm not auditing my own work) Internal Auditing 144
M We still have not received our certificate due to a 'backlog' with our auditing body Registrars and Notified Bodies 25
N Online Internal Auditing Course for ISO 13485 - Suggestions ISO 13485:2016 - Medical Device Quality Management Systems 8
A Agenda for 8D audit on Supplier's side - Auditing Corrective Actions General Auditing Discussions 5
U Internal auditing - Company employees or contract second party Internal Auditing 10
J Recomended Values - Auditing process in a supplier IATF 16949 - Automotive Quality Systems Standard 18
M Canada - Registrars that allow e-auditing for ISO 9001? Registrars and Notified Bodies 4
K Internal Auditing - Umbrella QMS and Multiple Standards Oil and Gas Industry Standards and Regulations 4
D Auditing Our Outsourced 2nd-3rd Party Internal Audit Company ISO 13485:2016 - Medical Device Quality Management Systems 6
supadrai Auditing Organization dragging their heels on issuing our MDSAP Surveillance Audit Confirmation Letter - everyone is nervous ... are we the only ones? Canada Medical Device Regulations 7
Ed Panek Supplier Auditing - No purchases from our key suppliers in the last 24 months ISO 13485:2016 - Medical Device Quality Management Systems 5
P Auditing "process validation" process 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
Q Effective Auditing advice needed ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 16
M Acceptance of remote auditing techniques - Can you help me with my research? General Auditing Discussions 0
Q Auditing Product and Services doubts ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
R Auditing support and management processes General Auditing Discussions 7
F It is acceptable moving remote locations staff to manufacturing plant for auditing? IATF 16949 - Automotive Quality Systems Standard 3
D MSDS / GHS Walk-through / Auditing Occupational Health & Safety Management Standards 6
Pmarszal Supplier Auditing Services (Audit Needed?) General Auditing Discussions 4
S ISO 9001 Audit Observations - Transitioning my career into auditing Career and Occupation Discussions 16
G AS9101 Rev F - Worksheets for internal auditing AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 11
N API Q2 clause 6.2.2.1 Auditing Outsourced Suppliers Oil and Gas Industry Standards and Regulations 5
M Auditing processes followed by employees placed on client's site Internal Auditing 4
S ISO 13485:2016 and MDSAP internal auditing ISO 13485:2016 - Medical Device Quality Management Systems 6
M Auditing a Contractor in EMS and Non Conformity Report General Auditing Discussions 1
Richard Regalado ISMS Auditing Guideline V2 (based from ISO/IEC 27001:2013) IEC 27001 - Information Security Management Systems (ISMS) 7
S ISO 9001:2015 - Internal Auditing - Audit to the Standard? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
B Auditing Senior Management to determine the Effectiveness of Management Processes IATF 16949 - Automotive Quality Systems Standard 6
R Internal Auditor auditing Internal Audit Procedure (AS9100) Internal Auditing 18
Similar threads


















































Top Bottom