Can You Internally Audit a Process You Own?

chetws

Starting to get Involved
#1
I am the QA and the QMS manager for a small manufacturer with less than 40 full time employees. Thus I own the QA process and the Internal Audit process. There is an assistant auditor who normally audits the QA process being that I own that process. The problem is that we have no one to audit the Internal Audit process because the assistant auditor audits the QA process, while I audit all the others. There isn't an uninvolved third auditor to audit the internal audits. There will not be a third auditor ever because, as those of you who work at a small company know, everyone wears multiple hats and is already spread thin. I'm lucky to have one person available to audit one process at all.

My question: is it possible to internally audit a process you own given the lack of personnel at a small company?
 
Elsmar Forum Sponsor

Al Rosen

Staff member
Super Moderator
#2
If you audited a process that you owned how would you comply with
9.2.2
.
.
c) select auditors and conduct audits to ensure objectivity and the impartiality of the audit process;?
 

Randy

Super Moderator
#3
If you audited a process that you owned how would you comply with
9.2.2
.
.
c) select auditors and conduct audits to ensure objectivity and the impartiality of the audit process;?
By trusting in the fact that people act ethically and honest unless demonstrated otherwise. Environmental and OHS audits never had that bogus "auditors shall not audit their own work" dribble, it was like slapping Quality professional in the face and saying they weren't trustworthy, honest or ethical.....In fact I just did a 9-14-45 recertification last week where the quality guy audited the lab he was responsible for and found no problem with the process, his findings or anything else other than his higher corporate documented audit procedure said "no-no"....Nonconformity, not with the audit, but with not following the procedure.....Guess what the correction might possible be?
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#4
Ohhhhhhh boy, here we go again. Issue rehashed a number of times. A person can be ethical and honest and subjective and partial when it comes to a self assessment exercise. Further, as a management system auditor, you have NO WAY to ascertain people's ethics and honesty, Furthermore, the ISO definition of audit has this little term called "independent". Now, if someone could come up with a rational way of explaining how a person can be independent from him/herself, without a serious case of multiple personalities disorder, I am sure Freud would like to hear it.

As for the OP query, what is the "internal auditing" of the internal audit process? Verify that the audit schedule was adhered to? Verify that reports were generated? Verify that corrective action requests have been triggered? Does any one really need any special qualifications to ensure those things?
 

outdoorsNW

Quite Involved in Discussions
#5
An honest, highly ethical person who set up or runs the internal audit process will be a less effective auditor than someone more independent of the process. If the person who sets up or runs the system misinterprets a clause, makes a mistake, etc., they are less likely to recognize the problem than someone with more distance from the process. A person who is tightly connected to a process is more likely to skim read and not see an important word or two was overlooked or that a clause was interpreted too narrowly or too broadly.

In response to the question, the assistant auditor is likely sufficiently independent from the internal audit process. Search the forum for the multiple discussion in the past on this topic.
 

Tagin

Trusted Information Resource
#6
You don't mention the standard you are trying to comply with, but assuming its 9001....9001 states "NOTE See ISO 19011 for guidance."

From 19011:2018 clause 4:

e) Independence: the basis for the impartiality of the audit and objectivity of the audit conclusions
Auditors should be independent of the activity being audited wherever practicable, and should in all cases act in a manner that is free from bias and conflict of interest. For internal audits, auditors should be independent from the function being audited if practicable. Auditors should maintain objectivity throughout the audit process to ensure that the audit findings and conclusions are based only on the audit evidence.

For small organizations, it may not be possible for internal auditors to be fully independent of the activity being audited, but every effort should be made to remove bias and encourage objectivity.
So, its recommended but not required to be fully independent, and the limitations of small orgs is taken into consideration.

f) Evidence-based approach: the rational method for reaching reliable and reproducible audit conclusions in a systematic audit process
Audit evidence should be verifiable. It should in general be based on samples of the information available, since an audit is conducted during a finite period of time and with finite resources. An appropriate use of sampling should be applied, since this is closely related to the confidence that can be placed in the audit conclusions.
Independence is a concern because it affects the level of the confidence in the results. Yet, a heavy reliance on objective evidence with minimal interpretation could provide that confidence, even if the auditor is not fully independent. (i.e., "the data speaks for itself")

Finally, if you are really concerned, you could have two people audit as a team, in order to bring in some independence.
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#8
You don't mention the standard you are trying to comply with, but assuming its 9001....9001 states "NOTE See ISO 19011 for guidance."

From 19011:2018 clause 4:
line_scissor.gif
There is a much more direct and requirements-based route than this. Section 2 of ISO 9001:2015 stipulates that ISO 9000:2015 is a NORMATIVE REFERENCE. Normative means it must be followed.

The ISO 9000:2015 definition of audit is pasted below.
Annotation 2019-09-06 103151 ISO 9000 definition of audit.jpg
 
#9
So there seems to be some contention in the posts.

We are going through a major non-conformance for IATF right now specific to this topic and the definitions do not specify you cannot audit a process you own, just that it creates an "open loop". You have to audit your process since that is a management requirement; you have to be responsible for the process, then you must audit it regularly, just document changes to the process.

In order to "close the loop" we are implementing Kamishibai process (under Kaizen, not street performance). If it's good enough to clear major, then it's probably effective for sub-QMS automotive standard. You have individual mini-audits (10-15 minutes) by multiple members of the management team crossing all departments. We have 26 cards for 10 people and audit daily rotating who audits what (in this case you want to avoid auditing your own process). Record the data and reset daily, and if good you can remove card (time frame based on risk analysis) and replace with new audit card. 15 min a day of everyone's time is worth what you find in the audits.

I call it a Kanban for process control. Google Toyota & Kamishibai and it should come up.
 

Randy

Super Moderator
#10
IATF? Different beast that just 9001......

Contention? Yep, just like in the most recent attachment, the magic word being ignored is "CAN" which is an option, or indicates a possibility or a capability.....But it's not an absolute
 
Thread starter Similar threads Forum Replies Date
C How will I Internally Audit my BPO Center for ISO 9001:2000 Internal Auditing 8
K Requirements for 2nd languages? I can't even audit them internally IATF 16949 - Automotive Quality Systems Standard 59
B Why internally audit ISO clauses for ISO 9001:2000? (Small company) General Auditing Discussions 16
C Method of Monitoring our Internally Produced Non-Conforming Products Quality Tools, Improvement and Analysis 7
T Are internally found Medical Device Software "Bugs" Complaints? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 3
D Sharing ISO Standards internally on company computers ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
S Internally powered ME with non-conductive applied parts IEC 60601 - Medical Electrical Equipment Safety Standards Series 2
R Isolation of Internally Powered (3.3 Vdc) ME Equipment IEC 60601 - Medical Electrical Equipment Safety Standards Series 1
R Single Fault Condition for Internally Powered Medical Device IEC 60601 - Medical Electrical Equipment Safety Standards Series 4
S Should Client Controlled Procedures be Controlled Internally by us as well? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
R Referencing and Controlling Labels & Stickers used internally throughout Production Document Control Systems, Procedures, Forms and Templates 1
H How do we use AS9101D internally? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
A Internally Powered Medical Device and Dielectric Strength IEC 60601 - Medical Electrical Equipment Safety Standards Series 17
D Means Of Protection of the Video OUT of an Internally powered device IEC 60601 - Medical Electrical Equipment Safety Standards Series 5
M All Internally Generated Documents ? Required to be Controlled or Not All? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 19
J What PPM (Parts Per Million) targets do you use internally? Quality Tools, Improvement and Analysis 9
B Calibration of "Z" class ring gauges internally using a CMM General Measurement Device and Calibration Topics 5
B Can I calibrate Optical Comparators internally? General Measurement Device and Calibration Topics 22
A Gauges on pressure tank - What is the best way to calibrate a psi gauge internally? General Measurement Device and Calibration Topics 6
L Posting portion of standards internally? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
E Wall Internal Auditor Training - Done internally Training - Internal, External, Online and Distance Learning 7
Q ISO 9001-2015 Internal audit finding Internal Auditing 12
lanley liao How to understand this words that the planning of internal audit shall take into consideration the results of previous audits? Oil and Gas Industry Standards and Regulations 10
P Audit check for IT company (ISO 9001) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
D Supplier audit Medical Device and FDA Regulations and Standards News 2
M Go Live With New ERP System before Recertification Audit General Auditing Discussions 6
A Add MDSAP to Internal Audit Schedule Medical Device Related Regulations 0
A Define timeline for Major and Miner Audit finding General Auditing Discussions 4
J IATF 16949 Internal Audit question - Auditor's responsibility Internal Auditing 6
A API Monogram audit review process Oil and Gas Industry Standards and Regulations 4
S IATF 16949 Internal Audit Example IATF 16949 - Automotive Quality Systems Standard 7
B Remote IATF 16949 audit preparation General Auditing Discussions 10
M AS9100D Registrar pre-audit requirements AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 15
I Do I need to sign off my annual audit calendar? Internal Auditing 2
R AS9100D internal audit checklist or ISO 9001 2015 to AS9100 D AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
M Nice and simple invitation email to an audit kickoff meeting Internal Auditing 1
M IATF 16949 - Audit of Remote Location/Support Site and IT IATF 16949 - Automotive Quality Systems Standard 4
Q IATF audit - Root Cause Analysis results IATF 16949 - Automotive Quality Systems Standard 5
Q Self-assessment audit information Quality Management System (QMS) Manuals 6
Le Chiffre Online training available for ISO/IEC 17021-1: Requirements for bodies providing audit and certification of management systems Training - Internal, External, Online and Distance Learning 3
xfngrs NIOSH Audit for N95 respirators US Food and Drug Administration (FDA) 1
Sidney Vianna IATF 16949 News Risked Based Audit Day Calculation IATF 16949 - Automotive Quality Systems Standard 2
T AS9100 audit due to facility move AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
M ISO 13485:2016 internal audit checklist Medical Device and FDA Regulations and Standards News 5
A Internal Audit Questions ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
B SAP Audit trail Periodic Review EU Medical Device Regulations 1
N What are the software audit and control steps Reliability Analysis - Predictions, Testing and Standards 2
R Gap Audit Aerospsace and Rail QMS Quality Manager and Management Related Issues 0
salaheddine96 Internal audit planning Internal Auditing 2
A MDSAP Audit Questionnaire Medical Device and FDA Regulations and Standards News 7

Similar threads

Top Bottom