Auditing Approach - Staff auditing their own area

S

Sorin

#1
This morning, I read a white paper about auditing approach.

The approaches lsited are:

- Use a checklist.
- Use a process auditing approach.
- Use an element-by-element approach.
- Internal staff audit.

The one that raised my curiosity alert was the last one.

And I quote:

Each staff person shall conduct an audit in their area based on the procedures they use in their job role.

Now, my questions:

Ever used that last approach?
Do you think it would be effective to use this kind of approach?
Ever heard/read of this kind of approach in an Auditor Training?

Thank you for consideration and replies (in advance ;) )
 
Elsmar Forum Sponsor

BradM

Staff member
Admin
#2
Sorin, would the white paper be worthy for posting here? Or are there issues with posting it?

Interesting...

In my experience, most organizations have limited budget and resources for internal audits. That said, what precious audits that do occur should be as objective and unbiased as possible.

That said, not sure how valuable it would be for person X to audit person X's work. :) If they were deficient the first time they did the work, what magical event will now have them see it? I mean, they may catch some errors, but I would think tunnel vision would kick in and limit the value of the audit. Too would they not perceive it as somewhat personal, and further diminish any value?

To answer your question, no. I have never seen or heard of internal auditors intentionally auditing their own areas and/or processes.
 
S

samsung

#3
The author may be pointing to what is otherwise known as self assessment; a method normally aimed at finding opportunities for improvement. The approach is not bad as long as it isn't considered as a substitute for independent assessment of the system.

Otherwise I support the opinion BradM has already expressed in the above post.
 

Randy

Super Moderator
#4
As long as an unbiased, objective and impartial audit (self assessment) is performed no big deal.

This is where all the bogus HS :horse: comes to play with the lame "independent" emphasis....Independence is being free from undue influence and not separation from the activity. Being free from undue influence allows an auditor maintain an unbiased, objective and impartial approach to the audit (The results are not pre-determined)

Yeah ,yeah ,yeah..."Thou shalt not audit thy own work...blah, blah, blah 8.2.2..." So instead of you looking the other way, the "independent" auditor looks the other way or the other way around.

Tell 'em to go for it.
 
Last edited by a moderator:
#5
I've seen this type of thing before, but it bring more questions than answers. Randy made some comments relating to objectivity..I'd suggest that it can't be part of an internal audit program and that's mainly because of the competency of everyone who's going to be doing these audits. Also, they're rarely done to a defined schedule - based on status and importance - so they wouldn't meet that requirement either.

(A bit like LPAs) such audits become a pencil whipping exercise after a while...
 
J

John Martinez

#6
- Use a checklist.
Checklist help a new internal auditor focus; however, do not develop tunnel vision by using only the checklist.
- Use a process auditing approach.
While there is no requirement in ISO 9001 to do a process approach audit, question: How can you demonstrate that the interactions of the processes are effective if you do only an element approach?
- Use an element-by-element approach.
Without regard for starting another firestorm on this issue, it is my humble opinion there is still a need for element auditing where you find a need to dig deeper (i.e. many non-conformances on document control). It may be beneficial to focus on the element document control across all processes.
- Internal staff audit.
Not sure of the context here. If layered process audit, ok. I was against that when I first heard about it, and like Andy N stated, it has become a “tick and flick” to quote a British friend of mine.

And ISO 9001:2008 states that you shall not audit your own work. IT DOES NOT state you can not audit your own process. Does it make good practice to NOT audit your own process, yes. Requirement, NO.

If; however, the context is that you should use your own staff to internal audit (as opposed to an outside consultant) then I may agree. While there may be a benefit to have some outside eyes look at your system, employees knows your system best. There can be benefits to using both.
 

Colin

Quite Involved in Discussions
#7
A couple of years ago I ran 3 training courses for a commercial airline in the UK. They didn't have ISO 9001 but of course they had to comply with the Civil Aviation Authority (CAA) requirements and the JAR-OPS requirements.

One of the recent requirements from the CAA was that each area had to conduct 'self audits'.

I ran the courses pretty much like a 'normal' internal auditor course but without the '... shall not audit your own work' aspect and using the CAA and JAR-OPS requirements as the audit criteria.
 
H

huayu

#8
Hi there,

I kind of have a similar question. I work for a small department in a public hospital and the department is in the process to ISO13485 certification. (Not the hospital). We have just over 30 technicians and they are rotated through all work areas in the department. How can I find internal auditors that "will not audit their own work"? Or do we have to go for external resources?

I'd really appreciate your opions.

Regards,
 

Raffy

Quite Involved in Discussions
#9
Hi Sorin,
One thing I learned from my recent training for 1st party and 2nd party audit is start asking the performance of the process you are auditing. Next is how the said performance improved? declined? Followed by what were the methods and controls that are in place? and lastly is the process and controls established cascaded to all personnel involved in the said process?
Hope this helps.
Raffy :cool:
 
#10
Hi Sorin,
One thing I learned from my recent training for 1st party and 2nd party audit is start asking the performance of the process you are auditing. Next is how the said performance improved? declined? Followed by what were the methods and controls that are in place? and lastly is the process and controls established cascaded to all personnel involved in the said process?
Hope this helps.
Raffy :cool:
Did they say anything about studying the relevant documentation before you start asking questions? Was it mentioned that an internal auditor should have studied the process controls beforehand, so they would know the answer before they asked any questions?

From what you've described, it seems that asking these kinds of things without actually reviewing the qms beforehand isn't going to do the auditor much good!
 
Thread starter Similar threads Forum Replies Date
tony s What is the automotive process approach for auditing? IATF 16949 - Automotive Quality Systems Standard 2
A How to approach ISO 9001:2015 Clause 7.1.6 when 3rd Party Auditing ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
P System Audit Approach - Application of VDA 6.3 - Process Auditing VDA Standards - Germany's Automotive Standards 2
G The future of the Process Approach to Auditing General Auditing Discussions 10
B Process Approach to Auditing Quality Management System Internal Auditing 12
V How do you approach auditing of R&D department? Internal Auditing 4
C The Holistic Approach to Internal Auditing (ISO 9001) Internal Auditing 14
A Process approach to auditing ISO 9001:1994 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
A A macro-process structure approach to auditing for ISO 9001:2000(8) General Auditing Discussions 19
D Internal Auditing ? A Practical Approach General Auditing Discussions 4
A Process Approach to Auditing Undocumented Processes at the System Level Internal Auditing 7
W What is meant by Process Approach Auditing and What questions should be asked? Process Audits and Layered Process Audits 11
V Process approach based internal auditing Internal Auditing 1
S Automotive Process Approach Auditing sanctioned interpretations S1 04 04 General Auditing Discussions 1
H Auditing - System Approach and Process Approach Differences? General Auditing Discussions 20
W Internal Auditing of individuals - Can anyone suggest a format or approach? Internal Auditing 19
howste New IATF Sanctioned Interpretation: Automotive Process Approach Auditing ASQ, ANAB, UKAS, IAF, IRCA, Exemplar Global and Related Organizations 14
E Approach to Internal Auditing Internal Auditing 6
M Auditing Statistically - A statistical approach to sample sizes General Auditing Discussions 11
S ISO 9001:2015 Internal Auditing Internal Auditing 8
H Auditing Santa's workshop General Auditing Discussions 0
C List of MDSAP Auditing Organizations Medical Device and FDA Regulations and Standards News 1
A What are the pros and cons of using an audit software for internal auditing? General Auditing Discussions 7
cscalise Suggestions for MDR Auditing tools EU Medical Device Regulations 1
J Auditing of Support Function IATF 16949 - Automotive Quality Systems Standard 9
D ISO 13485, FDA 21 CFR 820 and Auditing the Accounting Department ISO 13485:2016 - Medical Device Quality Management Systems 5
S Risk based internal auditing Internal Auditing 6
Randy Remote auditing (for disaster, disease, disturbance etc...) during the Neo Coronavirus Pandemic and Social Distancing Registrars and Notified Bodies 7
K ANVISA B-GMP Auditing requirements for Contract Manufacturers Other Medical Device Regulations World-Wide 1
F AS9100D Internal auditing requirements Internal Auditing 11
R Does any here use an internal auditing tool that works on different platforms? Internal Auditing 3
W Does anyone have an API Q2 checklist for internal auditing? Oil and Gas Industry Standards and Regulations 1
G Best Practices for IT auditing - Is a session-id necessary for a complete audit trail? IEC 27001 - Information Security Management Systems (ISMS) 0
I Questions to ask when auditing for Organizational Leadership and Planning for the QMS? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
C CE marking for general IVD (self-certified) & ISO 13485 QMS requirements - auditing EU Medical Device Regulations 6
blackholequasar Internal Auditing Inspiration - Getting volunteers to perform internal audits. Internal Auditing 22
W Internal Auditing carried out by a 3rd party - Review of previous audits AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
S Internal Auditing for API Spec Q1 - auditor qualification requirements Oil and Gas Industry Standards and Regulations 6
R I've been auditing for a CB for 18 years General Auditing Discussions 10
P Consultant Auditing Qualifications Requirements ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 23
E Informational Internal Audits - Wear multiple hats what can and can't I audit (so I'm not auditing my own work) Internal Auditing 149
M We still have not received our certificate due to a 'backlog' with our auditing body Registrars and Notified Bodies 25
N Online Internal Auditing Course for ISO 13485 - Suggestions ISO 13485:2016 - Medical Device Quality Management Systems 8
A Agenda for 8D audit on Supplier's side - Auditing Corrective Actions General Auditing Discussions 5
U Internal auditing - Company employees or contract second party Internal Auditing 10
J Recomended Values - Auditing process in a supplier IATF 16949 - Automotive Quality Systems Standard 18
M Canada - Registrars that allow e-auditing for ISO 9001? Registrars and Notified Bodies 4
K Internal Auditing - Umbrella QMS and Multiple Standards Oil and Gas Industry Standards and Regulations 4
D Auditing Our Outsourced 2nd-3rd Party Internal Audit Company ISO 13485:2016 - Medical Device Quality Management Systems 6
supadrai Auditing Organization dragging their heels on issuing our MDSAP Surveillance Audit Confirmation Letter - everyone is nervous ... are we the only ones? Canada Medical Device Regulations 7

Similar threads

Top Bottom