Auditors are trying to drive this business

K

kgott

#1
We are a small engineering consultancy, less than 100 staff.

We were recently audited by a contractor on behalf of a major international mining company, (annual survielance audit).

The audit report includes some observations. We were advised by the auditor at the time of the audit, that while we did not have to address a observation if we did not wish to do so, they may regard it as a non-conformance next time around (next year.)

The observation was: "No documented evidence that all significant incidents are investigated using an approved investigation methodology."

I replied to the auditing company saying that according to our definiition of a significient incident, we did not have any significient incidents in the last 12 months and that we investigate incidents to the extent that is comensurate with the severity of the incident." I added, that if we did have a significient incident we would use an industry recognised incident investigation technique such as 5 whys or root cause analysis.

The auditing representative came back by email saying this:

The definition of an observation is something that could lead to a non-conformance, if allowed to continue uncorrected; or an existing condition without adequate supporting evidence to verify that it constitutes a non-conformance. An observation can also identify areas and/or processes of the organisation that may meet the minimum requirement of the standard, but which could be improved. An opportunity for improvement may be system or performance related and is normally addressed based on the auditor?s own experience, knowledge of industry?s best practice or practices within another unit/department of the organisation.

When I went to my internal auditing course it was impressed upon us that the first rule of auditing is that an audit is carried out against a standard, not whatever the auditor thinks is a good thing. In our case, complaince to the mining companys safety standards which we were given copies of.

I requested that this observation be reviewed with a view to its withdrawal as per my comments above.

I dont beleive any auditor has the right to drive our busienss nor does any auditor have the right to determine what best practice is. (I'm not saying we dont want to be best practice, but thats not the point.)

I resent being audited against whatever the auditor thinks is a good thing.

The MD is on leave so I will not be taking this further until I speak to him about this when he returns as this mining company is major customer for us.

Sorry all this is long winded; but I was wondering what views experienced auditors out there have on this and how we should approach this from here on.

thank you - k
 
Elsmar Forum Sponsor

Wes Bucey

Quite Involved in Discussions
#2
We are a small engineering consultancy, less than 100 staff.

We were recently audited by a contractor on behalf of a major international mining company, (annual survielance audit).

The audit report includes some observations. We were advised by the auditor at the time of the audit, that while we did not have to address a observation if we did not wish to do so, they may regard it as a non-conformance next time around (next year.) <snip>
There is a decided difference between the objectives of 3rd party auditors, 2nd party (customer or customer's agent), and internal auditors.

3rd party auditors are supposed to audit for conformance to a Standard (either an international one or the organization's own published standards created to conform their operation to the international Standard.)

2nd party auditors are more concerned with the nuts and bolts of the process to deliver good product or service to them - is it consistent? documented? and, MOST IMPORTANTLY, is it effective?

An internal auditor is the eyes and ears of management and management is interested in the effectiveness of the organization to satisfy customers and (in most cases of commercial organizations) make a profit. Thus, an internal auditor should (and many do) make value judgements about the processes they observe:

  1. Does the process follow the written plan and is it effective?
  2. Does the process not follow the written plan?
  3. If not following, is it still effective or not?
  4. Is the process followed AND effective, but reports from operators suggest possible improvements?
  5. If so, should the management consider DOE to test a possibly more efficient and profitable process?
 
Last edited by a moderator:
#3
If there are no agreed upon audit criteria, then the auditor has no basis for writing the finding. I'm rather dubious about these types of audits and whether you'll have any luck bouncing it back, however, since if this kind of auditor is running around, his organization may not even have an appreciation that he's a loose canon!

There are many questions which need to be asked of this situation, but my guess is that anyone who is standing behind this type of definition and escalation of an audit situation but can't give you chapter and verse on why it needs fixing isn't going to listen to reason.

You say it's an annual surveillance - under what scheme? What are they holding you to, by contract?
 

somashekar

Staff member
Super Moderator
#4
2nd party auditors are more concerned with the nuts and bolts of the process to deliver good product or service to them - is it consistent? documented? and, MOST IMPORTANTLY, is it effective?
You had a 2nd party audit and Wes's point above is apt here. The concern is the customer (mining company) and the 2nd party on behalf of the customer looks at what can be more secure to his client (mining company)
If you have a definition for significant incident and you do not have such an incident in the past 12 months., How much are you doing for the not so significant incidents to either stop occurring, or do not turn into a significant incident due to your definition and inaction ???

In cases like this, the 2nd party who represents your customer will most likely keep his stand and leave it to the customer to take the final call. So I guess you have to take it up with your customer all your feelings and next steps. The 2nd party is finally doing a business like you with your customer and his main interest is his customer and keeping his business. The same must be your interest too .....
 

Big Jim

Super Moderator
#5
Even 2nd party auditors are not permitted to make their own rules, or his own definitions.

Something either is in conformance or it is not.

It can be a legitimate observation to note something that you saw, that although conforming, is risky, and if you are not careful it could lead to a nonconformance.

It is not a legitimate observation to notice something that is nonconforming and call it an observation and it needs to be fixed before the next audit. That is called "soft grading" and is not permitted. It is a nonconformance or it isn't.

I would like to see where he found the requirement for:
"No documented evidence that all significant incidents are investigated using an approved investigation methodology."

It isn't in ISO 9001:2008. Unless it is a customer requirement that you are contractually bound to, he is making up his own rules.
 
Last edited by a moderator:

Randy

Super Moderator
#6
Significance is like beauty, what is significant (important) to you may be meaningless to me....Ask for a specific definition that has been either agreed to or accepted in the form of customer mandate. Even US law excludes ex-post-facto
 
J

Jeff Frost

#7
2nd party auditors sometimes forget that they are bound by the standard they are auditing to and the requirements of the client they represent. Go up the chain to the “major international mining company” and have a discussion about this observation and the auditor’s response. It would not be the first time a 2nd party auditor has exceeded his scope of work during an audit.
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#8
We were recently audited by a contractor on behalf of a major international mining company, (annual surveillance audit).
That is a significant issue. Whomever this subcontractor is, knows that their performance is also being assessed by the mining company. So, many times, they don't want to end up with a finding-less audit because it could be perceived by the audit client that the auditor did not dig deep enough. The end result? tic-tac, mickeymouse, meaningless findings, including nonconfomities.

If you were to take corrective actions on senseless issues just to appease an auditor, you might be adding costs to your system without any significant return and you need to let the mining company buyer know that you might need to renegotiate the contract if the auditors they send place unnecessary and burdensome expectations on to you, as the supplier.

Second party auditors have their own modus operandi. Some are very professional and really think along the mutually beneficial relationship mind-set. Others can be arrogant jerks, attempting to micromanage the supplier and misusing the fledgling little power they have.

React professionally, but forcefully. Don't let the contract auditor bully you into submission.
 

Big Jim

Super Moderator
#9
That is a significant issue. Whomever this subcontractor is, knows that their performance is also being assessed by the mining company. So, many times, they don't want to end up with a finding-less audit because it could be perceived by the audit client that the auditor did not dig deep enough. The end result? tic-tac, mickeymouse, meaningless findings, including nonconfomities.

If you were to take corrective actions on senseless issues just to appease an auditor, you might be adding costs to your system without any significant return and you need to let the mining company buyer know that you might need to renegotiate the contract if the auditors they send place unnecessary and burdensome expectations on to you, as the supplier.

Second party auditors have their own modus operandi. Some are very professional and really think along the mutually beneficial relationship mind-set. Others can be arrogant jerks, attempting to micromanage the supplier and misusing the fledgling little power they have.
React professionally, but forcefully. Don't let the contract auditor bully you into submission.
Very true.

Off Topic.

Unfortunately some of them end up becoming 3rd party auditors too. Luckily, they tend to get weeded out pretty quickly, or at least we hope.
 

Wes Bucey

Quite Involved in Discussions
#10
That is a significant issue. Whomever this subcontractor is, knows that their performance is also being assessed by the mining company. So, many times, they don't want to end up with a finding-less audit because it could be perceived by the audit client that the auditor did not dig deep enough. The end result? tic-tac, mickeymouse, meaningless findings, including nonconfomities.

If you were to take corrective actions on senseless issues just to appease an auditor, you might be adding costs to your system without any significant return and you need to let the mining company buyer know that you might need to renegotiate the contract if the auditors they send place unnecessary and burdensome expectations on to you, as the supplier.

Second party auditors have their own modus operandi. Some are very professional and really think along the mutually beneficial relationship mind-set. Others can be arrogant jerks, attempting to micromanage the supplier and misusing the fledgling little power they have.

React professionally, but forcefully. Don't let the contract auditor bully you into submission.
Sidney makes a point often echoed by folks in automotive about the Supplier Quality Engineers (SQE) sent by primes and Tier 1 organizations. For years, we here in the Cove have railed against the so-called auditors who fancy themselves as "authorities," but fail to provide their own evidence when confronted with "Show me the shall!" Very often, the "shall" offered as evidence is a mission creep interpretation out of context which exposes the auditor to ridicule as a "Kwality Kop" playing Gotcha for his own motives, having nothing to do with anything other than inflating his own importance.

HOWEVER, we do not know what the observation was, nor whether continuation of it would degrade to an actual nonconformance, despite the transparent threat by the contract auditor.

The issue cannot be ignored, but from a common sense standpoint, staffers are wise to buck the resolution up to someone at a higher pay grade, while offering documented evidence to that pay grade why the auditee organization has a more accurate appraisal of the observation than the auditor. Given the fact the customer is major, more than one supplier has knuckled under to "post dated" contract changes without demanding a renegotiation for price and terms. Some executives at large corporations take perverse delight in twisting tender parts of suppliers just to see how far they can go. This could easily be one of those situations (communicated as a "wink and a nod" by the customer to the auditor) and not the incompetence of an on-site auditor.
 
Last edited:
Thread starter Similar threads Forum Replies Date
M Do AS9100 Registrar Auditors have nonconformity quotas? General Auditing Discussions 18
B Internal Auditor Competency - Product Auditors Internal Auditing 9
M Question for Auditors - "Off the Record" Conversation? General Auditing Discussions 14
I What direction do you provide your internal auditors on OFIs? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 38
M Choosing Auditors - ISO 9001 / ISO 27001 (UK) IEC 27001 - Information Security Management Systems (ISMS) 2
E Choosing an ISO 9001 registrar with auditors familiar with our industry Registrars and Notified Bodies 10
ScottK Question for Auditors on 7.1.4 in the ISO9001:2015 revision ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
S MDR (Medical Device Regulations 2017/745) training recommendation for Auditors EU Medical Device Regulations 1
S How can we demonstrate to MDSAP auditors that we have the requisite training ISO 13485:2016 - Medical Device Quality Management Systems 9
M CB and Internal auditors most common nonconformities against AS9100D AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 16
C Selecting potential internal auditors Internal Auditing 3
K Tips for dealing with third party auditors General Auditing Discussions 11
J ISO 9001 Competency - Forklift License and Internal Auditors ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
O How will you handle Clause 6.1 - Risks and Opportunities for AS9100 Rev. D Auditors? Risk Management Principles and Generic Guidelines 22
T Can a Lead Auditor Train other Auditors? Internal Auditing 4
A Professional Headhunters for External Auditors Career and Occupation Discussions 7
Sidney Vianna Auditors and CB's further investigating certified QMS' with ethical breaches? Registrars and Notified Bodies 8
W DCMA and AS9100C - Dedicating a week and 5 auditors to perform a AS9100C audit AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 7
Crimpshrine13 ISO/TS 16949 CBs & Auditors not following up on the schedules IATF 16949 - Automotive Quality Systems Standard 43
H Any ISO 9001 consultants/auditors in Oahu, Hawaii ? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
S Subject Matter Expert Training for Auditors Internal Auditing 13
S Is it a Finding if all Internal Auditors are from the Quality Department? Internal Auditing 18
R Are ISO 9001 Lead Auditors in demand? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
B ISO/TS16949 Internal Auditing - How many auditors? Internal Auditing 4
D Number of Internal Auditors Best Practice Quality Manager and Management Related Issues 18
A Training Supplier Auditors ISO 13485:2016 - Medical Device Quality Management Systems 5
T Would my AS 9110 certificate lapse due to non availability of auditors ? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 11
T Kids in the office from an auditors standpoint ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
T Qualification System of Internal Auditors is not Effective General Auditing Discussions 5
S Internal Auditors shall not audit their own work? Internal Auditing 21
R Female auditors earn 18% less than male auditors - IRCA Salary Survey 2014 Career and Occupation Discussions 0
J Wanting to Train our Internal Auditors Ourselves Internal Auditing 7
S Recertification Frequency for TS 16949 Lead Auditors General Auditing Discussions 4
Sidney Vianna As a profession we, auditors, are not doing enough - Simon Feary speech Registrars and Notified Bodies 36
Ninja Blind Gopher Auditors Comment - Who is responsible? Registrars and Notified Bodies 23
R Auditors Auditing Against ISO 9001:2015 Draft ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 33
R Auditors can NOT audit their own work audit finding Internal Auditing 17
Q Qualified Internal Auditors for AS9100 AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 37
B API approved Auditors in India Oil and Gas Industry Standards and Regulations 3
M How to measure effectiveness and efficiency of the established QMS as Auditors ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 14
R Should internal auditors be compulsorily certified as internal auditors ? Internal Auditing 11
W Is formal training required for Internal Auditors? Internal Auditing 7
K Auditor Objects to List of Internal Auditors General Auditing Discussions 6
Mikishots AS91X0 Third Party Auditor Cycling and Changing Auditors AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 6
D What Factors to consider to determine the Number of Auditors Internal Auditing 3
E Who Audits the Auditors in a Company? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
P Which training system or LMS (Learning Management System) to train Auditors? Training - Internal, External, Online and Distance Learning 8
A ISO 19011:2012 - Emphasis on Risk Analysis, Competence of Auditors and Vocabulary Internal Auditing 2
D AS 9104/1 has New Requirements for 3rd Party Auditors AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 6
somashekar EXAM for Energy Managers and Energy Auditors (INDIA) Miscellaneous Environmental Standards and EMS Related Discussions 2

Similar threads

Top Bottom