Auditing to ISO 9001:2008 - How do we qualify ourselves?

[Boscoeee]

Never had an auditor ask me if our auditors were competent in ISO 9001:2000, they only asked if the internal auditor was qualified, certified, or trained. Actually, never been ask if our internal auditors were competent, just whether they were certified, by who, and how.

 

[AndyN]

Never had an auditor ask me if our auditors were competent in ISO 9001:2000, they only asked if the internal auditor was qualified, certified, or trained. Actually, never been ask if our internal auditors were competent, just whether they were certified, by who, and how.

Oh, my - another example for my joke book! Wrong thread tho'!

Just goes to show how much some of these CB auditors know about the subject they're auditing!!

 

[Helmut Jilling]

And, may I ask, why is even the internal auditor being asked to consider these ISO documents anyway? It's a big mistake, IMHO, to even equip an internal auditor with a copy of ISO (or a similarly worded checklist) to do an audit. Internal audits should be focused on the processes of the organization and their performance, not being capable of nitpicking the parts of the peppercorn.........

I disagree this time, Andy. Many procedures I see are so generic, they don't clearly address some of the requirements of the ISO standard. I teach internal auditors to review the portions of the standard that are relevant to their process, during their audit prep. Plus, it helps more people at the company to actually know what the requirements are.

 

[Helmut Jilling]

Never had an auditor ask me if our auditors were competent in ISO 9001:2000, they only asked if the internal auditor was qualified, certified, or trained. Actually, never been ask if our internal auditors were competent, just whether they were certified, by who, and how.

I don't usually ask if they are competent, because the answer is predictable. But I certainly evaluate the competency of the internal auditors based on the audits, results, records, training, etc. The audits are important, and a good auditor must be evaluating whether they are beneficial and effective.

Your auditor may not specifically ask you, but if he/she is not doing that in some manner, get a better auditor.

 

[AndyN]

I disagree this time, Andy. Many procedures I see are so generic, they don't clearly address some of the requirements of the ISO standard. I teach internal auditors to review the portions of the standard that are relevant to their process, during their audit prep. Plus, it helps more people at the company to actually know what the requirements are.

Does that mean that you're taking back the kudos you gave me before?:mg:

My comments are based on seeing too many internal auditors only auditing to the standard, Helmut. Often, these auditors spend too much time lawyering the system to the standard, resulting in meaningless findings.

I don't disagree that auditors have to have a good grasp of the fundamentals of what makes effective systems - but that should be part of their competencies and development. Giving them a copy of the standard - and you know this happens all the time - and being told 'go do an audit', isn't appropriate! A quick look at the cries for help here at the Cove seem to me to prove my point!

I agree also that many times documentation is lacking in detail. But equipping the auditor with the standard won't help either. If the Management Rep has allowed such poor system design to occur, the hapless internal auditor, even equipped with a good understanding of ISO isn't going to make much of a difference, IMHO. It's a bit like the building code inspector taking on the building architect, while the builder looks on - it's too late, the thing's been built!

But I do agree, the auditor must know the basics!

 

[Big Jim]

Does that mean that you're taking back the kudos you gave me before?:mg:

My comments are based on seeing too many internal auditors only auditing to the standard, Helmut. Often, these auditors spend too much time lawyering the system to the standard, resulting in meaningless findings.

I don't disagree that auditors have to have a good grasp of the fundamentals of what makes effective systems - but that should be part of their competencies and development. Giving them a copy of the standard - and you know this happens all the time - and being told 'go do an audit', isn't appropriate! A quick look at the cries for help here at the Cove seem to me to prove my point!

I agree also that many times documentation is lacking in detail. But equipping the auditor with the standard won't help either. If the Management Rep has allowed such poor system design to occur, the hapless internal auditor, even equipped with a good understanding of ISO isn't going to make much of a difference, IMHO. It's a bit like the building code inspector taking on the building architect, while the builder looks on - it's too late, the thing's been built!

But I do agree, the auditor must know the basics!

What's wrong with having internal auditors audit to both? Saying that they should not involve the standard (should not even be shown a copy of the standard) is a bit out of balance.

 

[AndyN]

What's wrong with having internal auditors audit to both? Saying that they should not involve the standard (should not even be shown a copy of the standard) is a bit out of balance.

Because most don't have a clue about 'ISO' and only get to audit once or twice a year, so they never become familiar with it - even all the folks around here can't agree what it says/means - what chance does an internal auditor who only reads it a couple of times in their auditor career???

I read that you don't even have to have a copy of ISO to implement it, so doesn't the same apply to being able to audit, internally?

In another thread there's some debate over the number of procedures 'required' - I think you're part of that discussion Jim. So what about the hapless auditor who makes a finding of 'only six procedures' being documented and Sidney V (in character) is the Management Rep? Who's going to resolve that one?

 

[Big Jim]

2 hours? You can cover the new words in 5 minutes (there are no changes or new requirements)

Since IRCA set the standard of two hours for update training for their certified auditors, that seems like a reasonable standard.

Different people learn at different paces. Maybe you can learn it in five minutes, that doesn't mean that everyone could or even that they should try.

I think it took me about fifteen minutes the first time through it, But I'm still studying it, and have spent far more than two hours. I'll bet you have too.

 

[Randy]

Since IRCA set the standard of two hours for update training for their certified auditors, that seems like a reasonable standard.

Different people learn at different paces. Maybe you can learn it in five minutes, that doesn't mean that everyone could or even that they should try.

I think it took me about fifteen minutes the first time through it, But I'm still studying it, and have spent far more than two hours. I'll bet you have too.

Since IRCA doesn't pay my mortgage and they didn't get me anything for Christmas what they decided doesn't concern me. Anyway, IRCA has an inflated opinion of itself based on what I have experienced in the past.

I haven't really studied 9001, I just use it all the time and teach the stuff. So after a couple thousand hours of exposure one tends to learn the in's and out's.

Yeah, I pick up stuff fast...comes from having previous careers where you had to be quick on your feet or die in mid-step and didn't have all day to casually study stuff. (Qualifying for MENSA helps too...)

 

[Coury Ferguson]

Wait!!!! You mean to tell me that there is a Standard? Darn, I didn't realize that, so I guess I need to pay for some training or something, huh?