Can someone explain why?

W

W. Kindel

#1
Hello, one and all,

I have a question about auditing (ISO and QS9000) that I so far haven't been able to get a good answer to, so I'm hoping one of you'se folks in the auditing field can help me out.

Why is it that a small company (we have a total of 18 people, including management) needs to perform its own internal quality system audit, when we've already hired a registrar to come in and do the same thing?

Since registering to ISO & QS9000 is in internal business decision, with the audit hired, paid for, and reported to top management, it seems to me that the registrar's work already qualifies as an internal audit. Why do it again? More work for auditors?

Many thanks,

W. Kindel
 
Elsmar Forum Sponsor
D

Dave Davis

#2
One main consideration is that personnel within an organisation are more likly to devulge information to internal auditors rather than external ones. The employees are more open and understand that this information is used to help the company meet its quality policy or objectives (they're supossed to anyway)... in other words - they don't hide stuff!
 

Kevin Mader

One of THE Original Covers!
Staff member
Admin
#3
Simply put: an internal audit (first party audit)is not the same as a third party audit (an external audit performed by a Registrar).

Every Audit is comprised of three players. Sometimes a player plays two roles.

The Players:

Auditor
Auditee
Client

An Auditor may be either Internal (a member of the organization)or External (not part of the immediate organization, generally a second or third party organization).

The Auditee is the person who is the ricipient of the audit. The Auditee may also be the Client.

The Client is the requester of the audit. The client may request the audit to be performed on themselves, and thus become both the Auditee and Client.

In some companies, the Internal Quality Auditing is sometimes sourced to a consultant, who on behalf of the organization, checks the System. There is debate on whether this is in keeping with the intent of the standard, but I have asked several auditors for a few Registrars and so far, none have found this to be an issue. To decide for yourself, please review past threads in this forum which address this at greater length (much greater!).

Trying to use your Third Party Audit as a First Party Audit is in conflict. The standard is looking for those intimate with the business details to independently and objectively review the Quality Program and System. Third Party folks understand the standard very well. But they couldn't possibly understand your System as well as those working in it (hopefully this is the case).

Regards,

Kevin
 
W

W. Kindel

#4
Thanks to you both for taking the time and trouble to try to explain all this to me. I don't know, though, whether middle-age has wrapped its flatulent grip around my brainstem, or if I learned just enough business law in college to be dangerous, but I'm still not seeing what the problem is with letting the registrar's audit serve as the basic ISO9000 Internal Audit.

The semantics of quality may be part of my problem, for in business law, the question of whether a function is "Internal" or "External" is easily answered: Who signed the check? If we, the supplier, requested the audit, hired the auditor, paid the auditor's invoice, and received the auditor's report, then the audit was "internal", no matter whether the legwork was done by first-party, second-party, or third-party auditors. Likewise, if a customer or other outside entity requests the audit, pays for the auditor's services (either using their own staff, our people, or a consulting service), and receives the final report, the audit is "external".

If you flip open your ISO or QS9000 manual to Element 4.17, you'll find this section on Internal Quality Audits to be quite short and sweet, with no mention of "first-party", "third-party", or any other party. And if you open your "ISO Standards Compendium" to ISO 10011-1, Section 4.1, you'll see where it says that "Audits are normally designed for ONE OR MORE of the following purposes:", followed by a list of audit types which includes conformity of the system with specified requirements, AND to permit the listing of the organization's quality system in a register. And to top it off, Note 13 states that "Quality audits should not lead to an increase in the scope of quality functions over and above those necessary to meet quality objectives." This all says to me that it's permissible, even encouraged, to have the registering auditor's system audit serve for the internal audit as well.

Many thanks for your thoughts on this!

W. Kindel
 
S
#5
W. Kindel,
Your logic or as you infer, lawyerism, makes sense to me, however, the group that you have to convince is your registration body. Without their buy-in you will be required to perform internal audits IAW 4.17. (QS9000)
 
J

Jim Biz

#6
Would this help?

1) External audits by Registrations folks basically is a broad based view giving us confidence that our procedures
A)are actually implemented, authorized controlled etc.
B) match/satisfy the requirement needs of written standards?

2) Internal based audits "now that we know" the procedures are handeled properly and satisfy the standards. As a "CLOSER LOOK" Give us confidence that
A) Yes we are doing/matching all tasks we said we would.
B)What we have decided to do (In all detailed documents) is in fact working IE Effective) for our needs.

Regards
Jim
 

Kevin Mader

One of THE Original Covers!
Staff member
Admin
#7
4.17 Internal Quality Audits

The suggestion of the audit type is in the title of the element.

An annual or semi-annual third party audit is probably not be enough to ensure continued suitability of the Quality Program or compliance to it by the organization. As such, it is necessary to schedule internal Quality Audits to help ensure a healthy, functioning Quality System. It is but one of the many Check tools.

Regards,

Kevin
 
W

W. Kindel

#8
Thanks for everyone's feedback on this!

Are there any genuine card-carrying ISO- or QS-9000 auditors out there who can explain why the auditors I've suggested this to find the idea so ridiculous? It always seemed like it made good sense to use the registrar's audit as the cornerstone of the Interal Audit program, as though that's what the authors of 4.17 had in mind from the start. (Then a company would only have to do their own if they wanted to be fully compliant, but weren't seeking registration through a registrar.) Top it off with some focused audits of functions unique to the company, and you've got it done without waste or redundancy.

Thanks again for the feedback!

W. Kindel
 

Marc

Hunkered Down for the Duration
Staff member
Admin
#9
The bottom line is the intent of each is different. My smaller clients just hire out their internal audits.
 
A

AJPaton

#10
Originally posted by W. Kindel:
If we, the supplier, requested the audit, hired the auditor, paid the auditor's invoice, and received the auditor's report, then the audit was "internal", no matter whether the legwork was done by first-party, second-party, or third-party auditors. Likewise, if a customer or other outside entity requests the audit, pays for the auditor's services (either using their own staff, our people, or a consulting service), and receives the final report, the audit is "external".
I think you've got a small problem in this thinking due to who gets the "final report" in the registrar's audit.

You do not.

You get a copy of the report of what is found in the audit, but the original will remain with the registrar. What you're paying for is not an audit, but a shot at registration/continuing registration.

You get the same thing with regulatory bodies such as UL. They'll send folks in to see if rules are being followed. You're not paying for an audit, but they are auditing.

I know that the consultant as internal auditor/Management Representative has been covered in other posts in this forum, and the consensus seems to be that it's okay if the consultant is considered a "temporary employee".

I don't think any registrar out there is going to consent to it's auditors being considered your "temporary employees".

Just my two cents worth.

AJP
 
Thread starter Similar threads Forum Replies Date
D En 62366:2006 - Can someone explain what EN 62366:2006 covers? Other ISO and International Standards and European Regulations 3
Q REACH - Is it not the same as RoHS /IMDS? Can someone explain? RoHS, REACH, ELV, IMDS and Restricted Substances 1
ScottK Can someone explain the marketing behind this ad? Coffee Break and Water Cooler Discussions 21
D A2LA vs. NADCAP - Could someone explain the differences? General Measurement Device and Calibration Topics 17
J Process vs. Function - Could someone explain the differences in simple terms ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
D Pareto vote - Could someone explain the pareto vote process? Quality Tools, Improvement and Analysis 6
M Can someone share a scrubbed version of Clinical Evaluation Plan (CEP) EU Medical Device Regulations 1
I "On the job training" as a response to how someone was trained? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 75
I Root Cause Analysis when someone simply stops performing a task? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 16
T Misbranding (by someone we've contracted with) in a Publication 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 15
Q QI Macro Histogram - Can someone define *sorted data*? Capability, Accuracy and Stability - Processes, Machines, etc. 7
J Can someone help me get the UCL AND LCL for this problem? Statistical Analysis Tools, Techniques and SPC 2
A Can someone provide an example of a Product Safety Policy? AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 1
L To share or not to share? Work distribution when someone goes on vacation Quality Manager and Management Related Issues 19
B What is the implication for someone who does not meet the 70% pass mark for QMS-Lead. Professional Certifications and Degrees 2
B Any future for someone working as Lead Quality right these days? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
C Can someone share example of FAI Inspection Plan ? Inspection, Prints (Drawings), Testing, Sampling and Related Topics 10
L Does someone has experience with a Supplier "Quality Watch" Supplier Quality Assurance and other Supplier Issues 3
R Full Time Internal Auditor - Where should I be looking for someone? Career and Occupation Discussions 15
P Can someone share their experience with KFDA Inspection ? Other Medical Device Regulations World-Wide 30
M Medical Device Regulation in Mongolia - Can someone help? Other Medical Device and Orthopedic Related Topics 3
R Someone can help me with the Volkswagen LiOn and BeON-QPN System? Customer and Company Specific Requirements 3
S Do Work Instructions need to be approved by someone other than the author? Document Control Systems, Procedures, Forms and Templates 14
E Can someone help me with ISO 11539:1999 for contact lens classification? Other US Medical Device Regulations 2
Jim Wynne Someone better "diffuse" me before I asplode Coffee Break and Water Cooler Discussions 7
B Does someone use APQP for non automotive industrie? IATF 16949 - Automotive Quality Systems Standard 2
G I hope someone can give me a hand.. Various Other Specifications, Standards, and related Requirements 4
1 Career Advice - What someone with my qualifications can shoot for Career and Occupation Discussions 7
S Seek advice from someone that passed through NADCAP AC7102 and AC7101/3 Various Other Specifications, Standards, and related Requirements 6
M Total Variation Formula - Can someone provide a source for this formula Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 11
Q COQ (Cost of Quality) - Would someone review this doc and offer feedback? Benchmarking 10
K Internal Audit Guidelines for someone new Internal Auditing 12
Q Can someone share an Excel spreadsheet to measure Cpk or Cp values. Excel .xls Spreadsheet Templates and Tools 15
P Device marketed by someone else & different name...is a 510(k) required? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 18
J Can I get someone to help critique this manual? Quality Management System (QMS) Manuals 19
S Could someone tell me what are the results of a Gage R&R & how to interpret it? Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 7
F Can someone to help to compare APQP and DMAIC? Six Sigma 10
C SPC presentation - How to convince someone to use SPC - Grind diameters Statistical Analysis Tools, Techniques and SPC 6
D Can Someone help me to understand....... Imported Legacy Blogs 3
J Sine Plate Charts - Someone lost the angle chart - Where can I get one? General Measurement Device and Calibration Topics 4
D Can someone take a look at my QM (Quality Manual)? Quality Management System (QMS) Manuals 7
C Can someone clarify "Resolution", "Discrimination" and "ndc"? General Measurement Device and Calibration Topics 4
A Internal Auditor - What is required to have someone qualified as an internal auditor? Other Medical Device and Orthopedic Related Topics 35
M Inspector Qualifications - Qualifying someone to be an inspector Inspection, Prints (Drawings), Testing, Sampling and Related Topics 12
ScottK Can someone clarify the Trans Fat thing? i.e. What = Bad Coffee Break and Water Cooler Discussions 8
GStough Looking for someone with experience in MDD, PPE, CMDR/CMDCAS regs General Auditing Discussions 1
H What I am trying to find is someone that remembers Memphis in the nineties Coffee Break and Water Cooler Discussions 10
M Escalation methods - Having to go over someone's head to address an issue Nonconformance and Corrective Action 6
E Synchronicity - Has someone lived an Event of Synchronicity? Coffee Break and Water Cooler Discussions 4
sardonyx DMR Index - Can someone share their Device Master Record Index structure or format? ISO 13485:2016 - Medical Device Quality Management Systems 15
Similar threads


















































Top Bottom