CB and customer audits considered as internal audits?

D

DarisS

Starting to get Involved
Hello,
Can we consider CB or customer audits as internal audits? Both ISO 9001 or 13485 are just stating that we must conduct audits but there is no mention that the audits must be done by our own employees. Therefore, knowing that my CB and some customers are auditing my company once a year, why can I not consider their work as equivalent as any other "internal" audit?
And if this is not acceptable, I'm wondering where it is mentionned on the ISO standards?
Thanks
Daris
 
Randy

Randy

Super Moderator
DarisS said:
Hello,
Can we consider CB or customer audits as internal audits? Both ISO 9001 or 13485 are just stating that we must conduct audits but there is no mention that the audits must be done by our own employees. Therefore, knowing that my CB and some customers are auditing my company once a year, why can I not consider their work as equivalent as any other "internal" audit?
And if this is not acceptable, I'm wondering where it is mentionned on the ISO standards?
Thanks
Daris
Click to expand...

Please don't even try that silly game, it's been done before with disastrous results..... Where is this mentioned?

9.2.1 The organization shall conduct internal audits at planned intervals to provide information on
whether the quality management system:
a) conforms to:
1) the organization’s own requirements for its quality management system;
2) the requirements of this International Standard;
b) is effectively implemented and maintained.

You're the "ORGANIZATION", not me, not your customer not anyone but YOU!!!!

Yep there's no mention about employees doing the audit or anything like that, but if you're thinking about this game you as so far wrong you'll go over the edge fast.
 
J

Johnny Quality

Quite Involved in Discussions
DarisS said:
Hello,
Can we consider CB or customer audits as internal audits? Both ISO 9001 or 13485 are just stating that we must conduct audits but there is no mention that the audits must be done by our own employees. Therefore, knowing that my CB and some customers are auditing my company once a year, why can I not consider their work as equivalent as any other "internal" audit?
And if this is not acceptable, I'm wondering where it is mentionned on the ISO standards?
Thanks
Daris
Click to expand...

Daris,

According to ISO 9000:2015 Quality management systems — Fundamentals and vocabulary as stated here, under section 3.13 note 2 "An audit can be an internal audit (first party), or an external audit (second party or third party), and it can be a combined audit (3.13.2) or a joint audit (3.13.3)."

Audits from your customer are classified as second party audits (parties interested in your organization) and audits from your CB are classified as third party audits. Neither of these count as internal audits so you cannot classify either as an internal audit.

First party audits do not need to be done by the organizations employees as they can be outsourced to contractors in 9001, I am unsure if this is still valid for 13485.
 
M

Mike S.

Happy to be Alive
Trusted Information Resource
Agree with all of the above folks. If someone has trouble with understanding this one, it's a bad sign.
 
D

DarisS

Starting to get Involved
Thanks for your feedback Randy, Johnny, Sidney, Mike and Jim. Seems I pinched a sensitive point...:notangel:

I agree that my question was a bit provocative... I've been in quality for more than 30 years so I know the job and I have to admit that I'm just bored by internal audit (as you are more than often identifying the same findings once every two to three years) and I was looking at other ways to get valuable inputs and as a matter of fact, CB audits are bringing tons of valuable inputs that have the same flavor than "internal" audits. And if I am taking Sidney's words, when a CB is auditing my company, he is doing an "internal" audit of my organization and not a supplier audit or whatever... And as Johnny wrote, first party audits do not need to be necessarily done by your own staff, you can hire a consulting company to carry them. So why CB or customer inputs would not cover some of your "internal" audits. Let us be pragmatic, a customer auditing your non-conforming product management will do an equivalent or even better job than your own auditor team.
Back to Johnny inputs, I agree that the ISO 9000:2015 is clarifying what is a first, second and third party audit, but the ISO 9001 and 13485 are then not addressing how do you "value" those second and third party audits.
I know so many companies that are doing internal audits just to fulfill the ISO requirements and "please" the CB auditors that I feel the need to shake the basement.
PS: I'm not an English-speaking person, so my words may be too simple to express my mood.
And thanks again for your comments and reactions.
Daris
 
J

Johnny Quality

Quite Involved in Discussions
DarisS said:
I have to admit that I'm just bored by internal audit (as you are more than often identifying the same findings once every two to three years)
Click to expand...

Would you say that the root cause is the scope of internal audits, the lead auditor planning the audits, the auditor or something else?
 
D

DarisS

Starting to get Involved
Johnny Quality said:
Would you say that the root cause is the scope of internal audits, the lead auditor planning the audits, the auditor or something else?
Click to expand...
Not sure about the reason...
It may be that the internal auditors have done so many audits and they are not anymore digging or questioning the same way as it was at the beginning with the full boost of enthusiasm that you have when you are new to audits. I can feel it when reading the audit reports, I am not anymore seeing interesting inputs but always the same old stories, with procedure deviation, obsolete documentation, missing information on traceability, etc. no big deals, only the common human errors that are not significantly impacting your quality system.
Other example, when auditing, let's say the Management review process, there is not that much of a challenge the auditor is taking. It will just tell you that "yes there is a management review process, yes it was correctly performed for the last period, and yes, it contains the required reviews, and yes all the inputs and outputs are present." Then few month later I get the same evaluation by the CB. And you then see my point... Why did I waste the internal auditor time to get the exact same input from the CB two month later? Not that much motivation beneath...
 
Randy

Randy

Super Moderator
1st...Don't ever apologize for your language and especially for not speaking English because you seem to be making your point better than many college trained Americans

2nd...Maybe you need to freshen up your audit process, if you're using some type of dribble ridden, pre-programed, regugitated checklist toss the stinking thing. Give your auditors one of your procedures, flowcharts, SOP, workaids or whatever you use and say "Prove that we do it to the letter" and for Pete's sake take ISO 9001 or whatever out of their hands, lay it on a table and drive a nail into it, using that document over and over again is nothing but a total rehash of the Gap Analysis you should have done years ago.
 
Last edited:
You must log in or register to reply here.

Similar threads

Cats Clause
ISO9001:2015 Clause 9.2 How to audit internal audits.
2
Replies
17
Views
939
FRA 2 FDA
FRA 2 FDA
A
Internal Audit-Clause 7.4
Replies
3
Views
341
SeanN
S
I
Internal audit report format for integrated QMS
Replies
2
Views
1K
Wolf.K
W
F
Difference between System Audit and Proces Audit
2
Replies
14
Views
1K
AMIT BALLAL
A
G
Internal audit plan
Replies
4
Views
484
Tom Penn
T
Top Bottom