Auditors are trying to drive this business

K

kgott

#11
If there are no agreed upon audit criteria, then the auditor has no basis for writing the finding. I'm rather dubious about these types of audits and whether you'll have any luck bouncing it back, however, since if this kind of auditor is running around, his organization may not even have an appreciation that he's a loose canon!

There are many questions which need to be asked of this situation, but my guess is that anyone who is standing behind this type of definition and escalation of an audit situation but can't give you chapter and verse on why it needs fixing isn't going to listen to reason.

You say it's an annual surveillance - under what scheme? What are they holding you to, by contract?
We have a contract with the international mining company and we were audited against compliance to the mining company's safety standards so its a customer audit carried out by an outsourced supplier of the mining company.

This may appear a little odd to many on the Cove but things are done that way and its common across the mining and O&G industry here.

The person I have been communicating with is the 'senior auditor' for the company who did the audit on behalf of the mining company.
 
Elsmar Forum Sponsor
K

kgott

#12
You had a 2nd party audit and Wes's point above is apt here. The concern is the customer (mining company) and the 2nd party on behalf of the customer looks at what can be more secure to his client (mining company)
If you have a definition for significant incident and you do not have such an incident in the past 12 months., How much are you doing for the not so significant incidents to either stop occurring, or do not turn into a significant incident due to your definition and inaction ???

In cases like this, the 2nd party who represents your customer will most likely keep his stand and leave it to the customer to take the final call. So I guess you have to take it up with your customer all your feelings and next steps. The 2nd party is finally doing a business like you with your customer and his main interest is his customer and keeping his business. The same must be your interest too .....
An example of the sorts of incidents that we have had in the last 12 months is 2 events where cars reversing out of a car bay touched another car, an inspect sting and other minor events on client sites unrelated to our operations arrund the office. E.g on one occasion a vehicle rolled out of a driveway of a residence in a mining town and missed two of our blokes who were driving along the road by about 20 metres. as I stated to the auditing company none of our staff have had injuries resulting in medical treatment and no workers compensation claims have been made.

I agree with your point above somashekar, that we have to cop it and move on but we cannot allow external auditors to drive our businenss.

Incidentley we have contracts with several large and international organisations who have similar standards and we have to comply with the standards of all those clients so its important to us that we remain in control of our own business.
 
K

kgott

#13
The issue cannot be ignored, but from a common sense standpoint, staffers are wise to buck the resolution up to someone at a higher pay grade, while offering documented evidence to that pay grade why the auditee organization has a more accurate appraisal of the observation than the auditor. .
That's what I'm going to do but it gets up my nose that the auditor has done two things. On the one hand they have tried to define what best practice is and push it on to us and the second is they have made and observation for which they have no basis and then they are threatening us with if we don't act on it. I know esculating OFIs to NC is common in auditing but we cant go implementing a process we have no use for so I think we need to hold the line here.

Moreover, we cant go changing our processes just to suit each individual client.

The question is for me, is am I correct in my assessment of the situation, what do we do about it, and how do we go about it?
 
Last edited by a moderator:
R

rsimano

#14
The observation was: "No documented evidence that all significant incidents are investigated using an approved investigation methodology."
Does your Company QMS address how a significant incident is investigated?
Does the QMS state the method/process for investigation of significant incidents? If yes. Is this an approved Investigation Methodology?

This may not be an issue is that your company has or has not investigated a significant incident. But the QMS may not specify how(as documented evidence) that when it does happen that you perform an approved process. Since your company has not had any significant incidents in the past 12 months there is no Non-Conformance to this part of the QMS. At the time it is just an observation. But if the Company does have a significant incident and the investigation is handled incorrectly cause there is no documented process in the QMS then what is an Observation then becomes a Non-Conformance.

If this is what the Auditor is pointing towards then yes an observation is a benefit to the company as a simple change to the QMS should keep a Non-Conformance from happening.
 
Last edited by a moderator:

Helmut Jilling

Auditor / Consultant
#15
We can weigh in on whether we feel the auditor is right or wrong... The fact of the matter is, the auditor performed an audit for the benefit of the customer. Right or wrong, you need to take action.

1. Agree that it is beneficial for you to have a robust incident investigation method. You may well already have one.

2. Get input from your customer as to what they would like to see in your incident investigation process.

3. If you want to humor the auditor, get his input too.

4. Implement something you all can live with, since point #1 is true.
 

somashekar

Staff member
Super Moderator
#16
An example of the sorts of incidents that we have had in the last 12 months is 2 events where cars reversing out of a car bay touched another car, an inspect sting and other minor events on client sites unrelated to our operations arrund the office. E.g on one occasion a vehicle rolled out of a driveway of a residence in a mining town and missed two of our blokes who were driving along the road by about 20 metres. as I stated to the auditing company none of our staff have had injuries resulting in medical treatment and no workers compensation claims have been made.

I agree with your point above somashekar, that we have to cop it and move on but we cannot allow external auditors to drive our businenss.

Incidentley we have contracts with several large and international organisations who have similar standards and we have to comply with the standards of all those clients so its important to us that we remain in control of our own business.
Hi kgott...
I have managed such audits from 2nd party in the name of sustainability, and keeping in mind our corporate image and the client business standing, we have sailed smooth and in the process gained our confidence with customer by way of certification to multiple international standards maintained with reputed CB.
This does not mean we have taken things laying down. We have ensured that the 2nd party does not depute certain specific auditor for the client assignment based on our previous experiences. Our responses to findings were directly discussed with customer representatives and convincingly closed.
Big corporates who use 2nd party audit process are well manned with several heads managing these activities who are independent from your business process personnel you are involved with. In your business interest, it is best to keep good relation with such heads and dampen any audit outcomes convincingly with them and keep the 2nd party away with minimum dealings only upto audit and reporting. This has worked well for us.
 

Wes Bucey

Quite Involved in Discussions
#17
That's what I'm going to do but it gets up my nose that the auditor has done two things. On the one hand they have tried to define what best practice is and push it on to us and the second is they have made and observation for which they have no basis and then they are threatening us with if we don't act on it. I know esculating OFIs to NC is common in auditing but we cant go implementing a process we have no use for so I think we need to hold the line here.

Moreover, we cant go changing our processes just to suit each individual client.

The question is for me, is am I correct in my assessment of the situation, what do we do about it, and how do we go about it?
For the following response, be aware I am speaking as a former C-level boss who has dealt with similar "mission creep" by customers on a number of occasions.
There must be a written response, signed by a high level officer at the supplier company to demonstrate that the situation HAS been examined seriously. The response should never be framed as "you can't push us around."

Each point in the observation should be covered separately and completely with an explanation to demonstrate one of the following:

  1. (Lead with this type, dealt without ridicule or sarcasm - the mere facts alone should be enough to demonstrate the validity of the supplier's view.)
    It was a "non event" akin to a meteor missing an aircraft in the sky. i.e. it was something which could never be foreseen (the auto rolling down a driveway), could have been disastrous, but certainly nothing that ANY corrective action on supplier company's part could correct in the future EXCEPT something absurd (like having a person walk in front of the vehicle with a red warning flag, as was done in Great Britain when self-powered "carriages" first made an appearance.)
    The first speed limits in the United Kingdom were set by a series of restrictive Locomotive Acts (in 1861, 1865 and 1878). The 1861 Act introduced a 10 mph (16 km/h) limit (automobiles were in those days termed ?light locomotives?). The 1865 (the 'red flag act') reduced the speed limit to 4 mph (6 km/h) in the country and 2 mph (3 km/h) in towns and required a man with a red flag or lantern to walk 60 yards (50 m) ahead of each vehicle, and warn horse riders and horse drawn traffic of the approach of a self-propelled machine. The 1878 Act removed the need for the flag[31] and reduced the distance of the escort to 20 yards (20 m).[32]
  2. Events happened off-site at someone else's facility, and, although supplier's personnel exercised due caution and awareness, neither they nor the supplier organization have the power to cause those facilities to implement change. Accordingly, supplier will try to implement more awareness of potential hazards while operating off premises during normal educational processes within the supplier organization.
  3. Such event DID occur and resulted in very minimal effect [fender bender/scrape at car bays.] It has been recognized as a potential hazard at the highest levels within the supplier organization and will be dealt with via the following specific actions (education, reminder posters, followup surveillance and evaluation to determine the effectiveness of the actions, and perhaps some parabolic mirrors to improve visibility for other vehicles and pedestrians.)
That's it. Don't try to engage in a contest of wills with either the customer or the customer's agent by intemperate language or action. The rule of thumb in relations with customers is the same as when playing poker - NEVER LET 'EM SEE YOU SWEAT! The supplier always wants to maintain composure in the event he is dealing with a troll who gets pleasure out of seeing suppliers squirm on a hook. Never even hint that the observations are inaccurate, merely that they are accepted and dealt with in a manner deemed suitable and adequate at the highest levels of the supplier organization.


It will be up to the customer and his agent to PROVE by future observation that supplier's corrective action was inadequate, in which case, the supplier can merely say, "Oops! Back to the planning table."
 
L

lacarrye

#18
Your explanation is incomplete. I'm sorry. I honestly, I think they're right. Your business is not in compliance on that point. It is simple, show evidence how you do it.
regards, John
 

John Broomfield

Staff member
Super Moderator
#19
We are a small engineering consultancy, less than 100 staff.

We were recently audited by a contractor on behalf of a major international mining company, (annual survielance audit).

The audit report includes some observations. We were advised by the auditor at the time of the audit, that while we did not have to address a observation if we did not wish to do so, they may regard it as a non-conformance next time around (next year.)

The observation was: "No documented evidence that all significant incidents are investigated using an approved investigation methodology."

I replied to the auditing company saying that according to our definiition of a significient incident, we did not have any significient incidents in the last 12 months and that we investigate incidents to the extent that is comensurate with the severity of the incident." I added, that if we did have a significient incident we would use an industry recognised incident investigation technique such as 5 whys or root cause analysis.

The auditing representative came back by email saying this:

The definition of an observation is something that could lead to a non-conformance, if allowed to continue uncorrected; or an existing condition without adequate supporting evidence to verify that it constitutes a non-conformance. An observation can also identify areas and/or processes of the organisation that may meet the minimum requirement of the standard, but which could be improved. An opportunity for improvement may be system or performance related and is normally addressed based on the auditor?s own experience, knowledge of industry?s best practice or practices within another unit/department of the organisation.

When I went to my internal auditing course it was impressed upon us that the first rule of auditing is that an audit is carried out against a standard, not whatever the auditor thinks is a good thing. In our case, complaince to the mining companys safety standards which we were given copies of.

I requested that this observation be reviewed with a view to its withdrawal as per my comments above.

I dont beleive any auditor has the right to drive our busienss nor does any auditor have the right to determine what best practice is. (I'm not saying we dont want to be best practice, but thats not the point.)

I resent being audited against whatever the auditor thinks is a good thing.

The MD is on leave so I will not be taking this further until I speak to him about this when he returns as this mining company is major customer for us.

Sorry all this is long winded; but I was wondering what views experienced auditors out there have on this and how we should approach this from here on.

thank you - k
kgott,

You have feedback from your customer. Treat it as a potential customer complaint. Your organization's preventive action should involve the customer to determine the magnitude of their concern.

Do not ask for any further input from the auditor. Build all round confidence in your management system.

Unknown to you the auditor may have had an audit objective from your customer that required audit of this particular part of your management system against criteria also unknown to you.

As part of your preventive action with your customer you may open up a channel for communicating any additional customer requirements. You can then update your management system to manage such customer-requested changes including any changes to your prices.

The customer may then tame its auditors so both parties are working to the same contract.

John
 
K

kgott

#20
Does your Company QMS address how a significant incident is investigated?
Does the QMS state the method/process for investigation of significant incidents? If yes. Is this an approved Investigation Methodology?

This may not be an issue is that your company has or has not investigated a significant incident. But the QMS may not specify how(as documented evidence) that when it does happen that you perform an approved process. Since your company has not had any significant incidents in the past 12 months there is no Non-Conformance to this part of the QMS. At the time it is just an observation. But if the Company does have a significant incident and the investigation is handled incorrectly cause there is no documented process in the QMS then what is an Observation then becomes a Non-Conformance.

If this is what the Auditor is pointing towards then yes an observation is a benefit to the company as a simple change to the QMS should keep a Non-Conformance from happening.
Thanks for that. No, the report stated "No documented evidence that all significant incidents are investigated using approved investigation methodology." -k
 
Thread starter Similar threads Forum Replies Date
M Do AS9100 Registrar Auditors have nonconformity quotas? General Auditing Discussions 18
B Internal Auditor Competency - Product Auditors Internal Auditing 9
M Question for Auditors - "Off the Record" Conversation? General Auditing Discussions 14
I What direction do you provide your internal auditors on OFIs? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 38
M Choosing Auditors - ISO 9001 / ISO 27001 (UK) IEC 27001 - Information Security Management Systems (ISMS) 2
E Choosing an ISO 9001 registrar with auditors familiar with our industry Registrars and Notified Bodies 10
ScottK Question for Auditors on 7.1.4 in the ISO9001:2015 revision ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
S MDR (Medical Device Regulations 2017/745) training recommendation for Auditors EU Medical Device Regulations 1
S How can we demonstrate to MDSAP auditors that we have the requisite training ISO 13485:2016 - Medical Device Quality Management Systems 9
M CB and Internal auditors most common nonconformities against AS9100D AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 16
C Selecting potential internal auditors Internal Auditing 3
K Tips for dealing with third party auditors General Auditing Discussions 11
J ISO 9001 Competency - Forklift License and Internal Auditors ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
O How will you handle Clause 6.1 - Risks and Opportunities for AS9100 Rev. D Auditors? Risk Management Principles and Generic Guidelines 22
T Can a Lead Auditor Train other Auditors? Internal Auditing 4
A Professional Headhunters for External Auditors Career and Occupation Discussions 7
Sidney Vianna Auditors and CB's further investigating certified QMS' with ethical breaches? Registrars and Notified Bodies 8
W DCMA and AS9100C - Dedicating a week and 5 auditors to perform a AS9100C audit AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 7
Crimpshrine13 ISO/TS 16949 CBs & Auditors not following up on the schedules IATF 16949 - Automotive Quality Systems Standard 43
H Any ISO 9001 consultants/auditors in Oahu, Hawaii ? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
S Subject Matter Expert Training for Auditors Internal Auditing 13
S Is it a Finding if all Internal Auditors are from the Quality Department? Internal Auditing 18
R Are ISO 9001 Lead Auditors in demand? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
B ISO/TS16949 Internal Auditing - How many auditors? Internal Auditing 4
D Number of Internal Auditors Best Practice Quality Manager and Management Related Issues 18
A Training Supplier Auditors ISO 13485:2016 - Medical Device Quality Management Systems 5
T Would my AS 9110 certificate lapse due to non availability of auditors ? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 11
T Kids in the office from an auditors standpoint ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
T Qualification System of Internal Auditors is not Effective General Auditing Discussions 5
S Internal Auditors shall not audit their own work? Internal Auditing 21
R Female auditors earn 18% less than male auditors - IRCA Salary Survey 2014 Career and Occupation Discussions 0
J Wanting to Train our Internal Auditors Ourselves Internal Auditing 7
S Recertification Frequency for TS 16949 Lead Auditors General Auditing Discussions 4
Sidney Vianna As a profession we, auditors, are not doing enough - Simon Feary speech Registrars and Notified Bodies 36
Ninja Blind Gopher Auditors Comment - Who is responsible? Registrars and Notified Bodies 23
R Auditors Auditing Against ISO 9001:2015 Draft ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 33
R Auditors can NOT audit their own work audit finding Internal Auditing 17
Q Qualified Internal Auditors for AS9100 AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 37
B API approved Auditors in India Oil and Gas Industry Standards and Regulations 3
M How to measure effectiveness and efficiency of the established QMS as Auditors ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 14
R Should internal auditors be compulsorily certified as internal auditors ? Internal Auditing 11
W Is formal training required for Internal Auditors? Internal Auditing 7
K Auditor Objects to List of Internal Auditors General Auditing Discussions 6
Mikishots AS91X0 Third Party Auditor Cycling and Changing Auditors AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 6
D What Factors to consider to determine the Number of Auditors Internal Auditing 3
E Who Audits the Auditors in a Company? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
P Which training system or LMS (Learning Management System) to train Auditors? Training - Internal, External, Online and Distance Learning 8
A ISO 19011:2012 - Emphasis on Risk Analysis, Competence of Auditors and Vocabulary Internal Auditing 2
D AS 9104/1 has New Requirements for 3rd Party Auditors AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 6
somashekar EXAM for Energy Managers and Energy Auditors (INDIA) Miscellaneous Environmental Standards and EMS Related Discussions 2

Similar threads

Top Bottom