Auditors are trying to drive this business

K

kgott

#21
kgott,

You have feedback from your customer. Treat it as a potential customer complaint. Your organization's preventive action should involve the customer to determine the magnitude of their concern.

Do not ask for any further input from the auditor. Build all round confidence in your management system.

Unknown to you the auditor may have had an audit objective from your customer that required audit of this particular part of your management system against criteria also unknown to you.

As part of your preventive action with your customer you may open up a channel for communicating any additional customer requirements. You can then update your management system to manage such customer-requested changes including any changes to your prices.

The customer may then tame its auditors so both parties are working to the same contract.

John
Thanks for that John, it's something I had'nt thought of. It's also just occured to me that perhaps I have read their finding the wrong way.

Perhaps what they are saying is that our documentation does not say that in the event of a significient incident an approved investigation methodology will be used, even though I have said that orally.

thanks
 
Last edited by a moderator:
Elsmar Forum Sponsor

Wes Bucey

Quite Involved in Discussions
#22
Thanks for that. No, the report stated "No documented evidence that all significant incidents are investigated using approved investigation methodology." -k
Interesting! What is the criterion for "approval?" Customer's approval? Is it in the contract? Is the approval an advance checklist or is it ad hoc on a case by case basis? According to a pre-agreed methodology? If so, what are the details? When was it agreed? When will the methodology be reviewed for renewal/amendment/discard?

It still all comes down to "Show me the shall!" Auditor or customer must cite chapter and verse of WRITTEN criteria to declare nonconformance. Unless the contract says in writing the supplier must adopt unilateral OFI as process (without negotiation), supplier's top management must either knuckle under or show some spine when presented with such an "or else" statement by the outsourced auditor.
 
I

immaya08

#23
news about Apple's supplier - Foxconn were all over the dailies, 2012. your customer would just want to avoid being in the lime light, should they miss their suppliers' activities. this is part of supply chain risk management. no need to become ballistic about this finding.:bigwave:
 
K

kgott

#24
Interesting! What is the criterion for "approval?" Customer's approval? Is it in the contract? Is the approval an advance checklist or is it ad hoc on a case by case basis? According to a pre-agreed methodology? If so, what are the details? When was it agreed? When will the methodology be reviewed for renewal/amendment/discard?
I found this:
[FONT=&quot]
Interesting! What is the criterion for "approval?" Customer's approval? Is it in the contract? Is the approval an advance checklist or is it ad hoc on a case by case basis? According to a pre-agreed methodology? If so, what are the details? When was it agreed? When will the methodology be reviewed for renewal/amendment/discard?
[/FONT]

[FONT=&quot][/FONT]
[FONT=&quot][/FONT]
[FONT=&quot]This is the customers documented requirement.[/FONT][FONT=&quot] - 'There must be a procedure for the management of all incidents. It must include reference to the appropriate methodologies for a) xyz and b) investigating.' I cannot find a reference to the [/FONT][FONT=&quot]'appropriate methodologies ... for b) investigating' in that same document anywhere.
[/FONT]
[FONT=&quot]
[/FONT]
[FONT=&quot]This was the auditors actual finding. ?No documented evidence that all significant incidents are investigated using approved investigation methodology.[/FONT]

[FONT=&quot][/FONT]
Unless as I said above, I have miss-read their meaning in that they are saying there is nothing in our documentation stating that in the event of a significent incident we would use an industry recognised investigation method, then I'm going to have to do some more research on the customer documentation and seek some clarifications on the customers standard which all this comes from.


One of the problems I am up against is that we are minows and the customer is a monolith and I have to take that on board but I'm just wondering how to advise the MD in this matter. I don't see that I can do much more until the MD returns and then its his call.
[FONT=&quot][/FONT]
[FONT=&quot]
[/FONT]
 
K

kgott

#25
Interesting! What is the criterion for "approval?" Customer's approval? Is it in the contract? Is the approval an advance checklist or is it ad hoc on a case by case basis? According to a pre-agreed methodology? If so, what are the details? When was it agreed? When will the methodology be reviewed for renewal/amendment/discard?

It still all comes down to "Show me the shall!" Auditor or customer must cite chapter and verse of WRITTEN criteria to declare nonconformance. Unless the contract says in writing the supplier must adopt unilateral OFI as process (without negotiation), supplier's top management must either knuckle under or show some spine when presented with such an "or else" statement by the outsourced auditor.
After reading the customers standard I can see that I'm going to have to research their documentation more to find where the approved methodolgy is defined in the customers documentation.

One of the things the auditing company has not done is stated the 'shall' by quoting the customers text and then placed their finding near it so that we can see the 'shall' and their finding together. I see this as being a little unprofessional.

The difficulty for me is that at worst the auditing company is, IMO, drawing conclusions they have insufficient evidence to draw about our processes unless, they are referring to our documentation only. In addition I think they are trying to push us into what they regard as best practice, something they have no right to do.

The other factor as John indicates to is that we are minows and the customer is a world wide monolith and I'm sure the MD will be sensitive to.
 

Wes Bucey

Quite Involved in Discussions
#26
After reading the customers standard I can see that I'm going to have to research their documentation more to find where the approved methodolgy is defined in the customers documentation.

One of the things the auditing company has not done is stated the 'shall' by quoting the customers text and then placed their finding near it so that we can see the 'shall' and their finding together. I see this as being a little unprofessional.

The difficulty for me is that at worst the auditing company is, IMO, drawing conclusions they have insufficient evidence to draw about our processes unless, they are referring to our documentation only. In addition I think they are trying to push us into what they regard as best practice, something they have no right to do.

The other factor as John indicates to is that we are minows and the customer is a world wide monolith and I'm sure the MD will be sensitive to.
It certainly sounds as if the auditor was taking his role as the CUSTOMER'S AGENT to heart, in which case they do have a "right," perhaps even an obligation, in the customer's own self-interest, to push suppliers into best practice. I did with MY suppliers, but I was a lot more "diplomatic" in making it seem as if I was "HELPING" them become more efficient and thus more profitable.

Frankly, without being on the spot to observe for myself, the most I see this auditor guilty of is being rude and insufficiently documenting his reasoning. He may very well be wrong. The one thing missing from your account is a transcript of the Q & A session during the closing meeting at the end of the auditor's visit, where many of the ambiguities might have been eliminated BEFORE the report was written. If there was no closing meeting, why was the auditor allowed to leave? I have suggested a course of action in responding without ranting in one of my earlier posts.

Remember, this is ONLY a report, not a cancellation of a supplier contract. There has been no injury, except to your sense of fair play. You are given a chance to respond in manner which makes your case and you may, after due consideration, even adopt some of the suggestions, albeit with some heavy editing.
 

Big Jim

Super Moderator
#27
Something to temper your thoughts as you deal with is the old bromide of "the customer is always right", which most of know isn't completely true. Handle this situation somewhat carefully, because as often restated "the customer isn't always right, but he is always the customer".

Find a diplomatic way to deal with this that doesn't jeopardize your relationship with the customer.

Does the auditor expect you to reply directly to the observations before he returns? If not, one possible solution would be to create a response for your records showing your extensive investigation, including the fact that you could not find a requirement for what he cited, and show some reasonable logic for why it doesn't fit your companies needs.

That way, the auditor may see it at his next visit (if he returns, those things tend to change), he will see that you have done your homework, and he will need to decide if he is willing to push for something that he is mistaken about. He would probably dig a pit for himself if he tried.

Best of luck with this. Find the least obtrusive way to deal with it, put it to bed, and quite loosing sleep over it.
 
K

kgott

#28
Something to temper your thoughts as you deal with is the old bromide of "the customer is always right", which most of know isn't completely true. Handle this situation somewhat carefully, because as often restated "the customer isn't always right, but he is always the customer".

Find a diplomatic way to deal with this that doesn't jeopardize your relationship with the customer.

Does the auditor expect you to reply directly to the observations before he returns? If not, one possible solution would be to create a response for your records showing your extensive investigation, including the fact that you could not find a requirement for what he cited, and show some reasonable logic for why it doesn't fit your companies needs.

That way, the auditor may see it at his next visit (if he returns, those things tend to change), he will see that you have done your homework, and he will need to decide if he is willing to push for something that he is mistaken about. He would probably dig a pit for himself if he tried.

Best of luck with this. Find the least obtrusive way to deal with it, put it to bed, and quite loosing sleep over it.
Thanks for that, what I have done is defined a 'significient incident' in our documentation. The problem is that the customer has also defined "significient incident' in their documentation which I have to find and read. My fear is, is that next time round it will be a case of "you have to comply with the customers definition of 'significient.'

I know this is also wrong but what is happening here is that the big players are effectively pushing their systems on their suppliers. These big players are saying 'we only want to do business with suppliers who are in close alignment with our goals and objectives (read as 'use our systems'.)

For example; the big international O&G and mining players are big on behaviour based safety so in order for a supplier to demonstrate they are in alignment with the big customer, they have to take on behaviour based safety and begin doing 'safety observations' within their own busienss. There is even some pressure to push it onto ones own suppliers.

Our problem is that we cannot run multiple management systems for each client so we try to have a system that incorporates the requirements of most customers. We then use a management plan to account for the differences in each client.

By developing our own definition of 'significent' I am trying to hold the line.
 

somashekar

Staff member
Super Moderator
#29
By developing our own definition of 'significent' I am trying to hold the line.
For me continued business is the most significant aspect I will work for, and in the process if I have to match to higher or stringent levels, I will strive to do it. :agree:
 
B

Bretto

#30
@kgott

Sorry to come in late and somebody may have already said this and I have missed it.

The way I interpreted the auditors first comment was not about the fact that you had no significant incident in the last 12 months but you did not seem (at least to the auditor) have any documentation of exactly how you will investigate should an incident actually occur.

Is this the case or have or the auditor missed something?
 
Thread starter Similar threads Forum Replies Date
M Do AS9100 Registrar Auditors have nonconformity quotas? General Auditing Discussions 18
B Internal Auditor Competency - Product Auditors Internal Auditing 9
M Question for Auditors - "Off the Record" Conversation? General Auditing Discussions 14
I What direction do you provide your internal auditors on OFIs? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 38
M Choosing Auditors - ISO 9001 / ISO 27001 (UK) IEC 27001 - Information Security Management Systems (ISMS) 2
E Choosing an ISO 9001 registrar with auditors familiar with our industry Registrars and Notified Bodies 10
ScottK Question for Auditors on 7.1.4 in the ISO9001:2015 revision ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
S MDR (Medical Device Regulations 2017/745) training recommendation for Auditors EU Medical Device Regulations 1
S How can we demonstrate to MDSAP auditors that we have the requisite training ISO 13485:2016 - Medical Device Quality Management Systems 9
M CB and Internal auditors most common nonconformities against AS9100D AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 16
C Selecting potential internal auditors Internal Auditing 3
K Tips for dealing with third party auditors General Auditing Discussions 11
J ISO 9001 Competency - Forklift License and Internal Auditors ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
O How will you handle Clause 6.1 - Risks and Opportunities for AS9100 Rev. D Auditors? Risk Management Principles and Generic Guidelines 22
T Can a Lead Auditor Train other Auditors? Internal Auditing 4
A Professional Headhunters for External Auditors Career and Occupation Discussions 7
Sidney Vianna Auditors and CB's further investigating certified QMS' with ethical breaches? Registrars and Notified Bodies 8
W DCMA and AS9100C - Dedicating a week and 5 auditors to perform a AS9100C audit AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 7
Crimpshrine13 ISO/TS 16949 CBs & Auditors not following up on the schedules IATF 16949 - Automotive Quality Systems Standard 43
H Any ISO 9001 consultants/auditors in Oahu, Hawaii ? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
S Subject Matter Expert Training for Auditors Internal Auditing 13
S Is it a Finding if all Internal Auditors are from the Quality Department? Internal Auditing 18
R Are ISO 9001 Lead Auditors in demand? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
B ISO/TS16949 Internal Auditing - How many auditors? Internal Auditing 4
D Number of Internal Auditors Best Practice Quality Manager and Management Related Issues 18
A Training Supplier Auditors ISO 13485:2016 - Medical Device Quality Management Systems 5
T Would my AS 9110 certificate lapse due to non availability of auditors ? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 11
T Kids in the office from an auditors standpoint ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
T Qualification System of Internal Auditors is not Effective General Auditing Discussions 5
S Internal Auditors shall not audit their own work? Internal Auditing 21
R Female auditors earn 18% less than male auditors - IRCA Salary Survey 2014 Career and Occupation Discussions 0
J Wanting to Train our Internal Auditors Ourselves Internal Auditing 7
S Recertification Frequency for TS 16949 Lead Auditors General Auditing Discussions 4
Sidney Vianna As a profession we, auditors, are not doing enough - Simon Feary speech Registrars and Notified Bodies 36
Ninja Blind Gopher Auditors Comment - Who is responsible? Registrars and Notified Bodies 23
R Auditors Auditing Against ISO 9001:2015 Draft ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 33
R Auditors can NOT audit their own work audit finding Internal Auditing 17
Q Qualified Internal Auditors for AS9100 AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 37
B API approved Auditors in India Oil and Gas Industry Standards and Regulations 3
M How to measure effectiveness and efficiency of the established QMS as Auditors ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 14
R Should internal auditors be compulsorily certified as internal auditors ? Internal Auditing 11
W Is formal training required for Internal Auditors? Internal Auditing 7
K Auditor Objects to List of Internal Auditors General Auditing Discussions 6
Mikishots AS91X0 Third Party Auditor Cycling and Changing Auditors AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 6
D What Factors to consider to determine the Number of Auditors Internal Auditing 3
E Who Audits the Auditors in a Company? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
P Which training system or LMS (Learning Management System) to train Auditors? Training - Internal, External, Online and Distance Learning 8
A ISO 19011:2012 - Emphasis on Risk Analysis, Competence of Auditors and Vocabulary Internal Auditing 2
D AS 9104/1 has New Requirements for 3rd Party Auditors AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 6
somashekar EXAM for Energy Managers and Energy Auditors (INDIA) Miscellaneous Environmental Standards and EMS Related Discussions 2

Similar threads

Top Bottom