Company Conducted Internal Audit Offsite using a Document Review Process

#41
I wrote them up against 8.2.2b for inadequate planning, execution and reporting.

They have been doing it this way for years, I was told.
But I still don't see any evidence of ineffectiveness in what you're reporting to them which justifies your statement. You mentioned the container, but is this part of your objective evidence?? Just saying the implementation was inadequate is as bad as their audit, quite frankly. This is your opportunity to lead by example.

Also, are you saying your colleagues, from the CB you represent, have allowed this type of thing to go on? What are you taking back to the CB on this matter to get something changed?
 
Elsmar Forum Sponsor

DannyK

Trusted Information Resource
#42
As an auditor I would concentrate on their Internal Auditing procedure and see if they followed it. Internal audits is a documented requirement and if the method for performing offsite audits was not part of the procedure, I would zero in on that aspect for a nonconformity.

As part of the process, I would also ask to see the objective evidence that was reviewed by the internal auditor.

Part of the requirement for internal audits is to ensure that the processes are effective. I would focus on how the internal auditor determined if the processes are effective.

Your lead auditor should have provided you with guidance since it looks like this practice has happened before and may be used at other sites.
 

Big Jim

Super Moderator
#43
There is a chain of command. This is a multi-site, multi country audit. There is a project Lead Auditor. I audited one site this past week and will be auditing another site next week. other auditors are auditing other sites including one in Europe. I do not go directly to my CB in this case. I notify the Project Lead auditor and let her handle the issue.

This is something new. Looking at the audit report, I thought that it was done the usual way. After asking a few questions, I found out that it was an offsite audit and they have been doing it for years.

-Tony
Have you had any feedback from the lead auditor?
 

phxsun2001

Involved - Posts
#44
But I still don't see any evidence of ineffectiveness in what you're reporting to them which justifies your statement. You mentioned the container, but is this part of your objective evidence?? Just saying the implementation was inadequate is as bad as their audit, quite frankly. This is your opportunity to lead by example.

Also, are you saying your colleagues, from the CB you represent, have allowed this type of thing to go on? What are you taking back to the CB on this matter to get something changed?
ISO auditing is not an exact science. I wish everything is black and white and we can quote a section of the standard and issue N/C or CAR. There are many areas of the standard that is in the gray area. A good example is in 8.3- Products dispositioned for scrap has to be .......or positively controlled. There had been tons of discussion on this. It is in a very gray area. Auditors need to use common sense to interpret the intent of the AS standard. I audited a company that manufactured gears used on aircraft 747 engines. Most of their scrap parts were not painted red or locked up. I could not write them up because all the gears had serial numbers. The S/Ns were tracked in the MRP system. Scrap gears cannot be entered back into the manufacturing system, unless they were reworked, re-inspected and the N/C ticket bought off. The scrap gears were "positively" controlled in their system.

In our situation, I feel that performing internal audit offsite does not meet the intent of the AS standard. The standard does not state that it has to be done onsite. Some auditor may think that it is OK. I don't agree. It is common sense again. You simply cannot conduct offsite internal audit effectively on section 7.5, 7.6, 8.3, just to name a few. My strategy has been: write it up . Let the company answer the NCR to show compliance and let them appeal to the CB and ANAB and all the way up. That way we can get a clarification on these gray areas. This is continuous improvement to clean up gray areas or special situations.

-Tony
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#45
ISO auditing is not an exact science. I wish everything is black and white and we can quote a section of the standard and issue N/C or CAR. There are many areas of the standard that is in the gray area. A good example is in 8.3- Products dispositioned for scrap has to be .......or positively controlled. There had been tons of discussion on this. It is in a very gray area. Auditors need to use common sense to interpret the intent of the AS standard. I audited a company that manufactured gears used on aircraft 747 engines. Most of their scrap parts were not painted red or locked up. I could not write them up because all the gears had serial numbers. The S/Ns were tracked in the MRP system. Scrap gears cannot be entered back into the manufacturing system, unless they were reworked, re-inspected and the N/C ticket bought off. The scrap gears were "positively" controlled in their system.

In our situation, I feel that performing internal audit offsite does not meet the intent of the AS standard. The standard does not state that it has to be done onsite. Some auditor may think that it is OK. I don't agree. It is common sense again. You simply cannot conduct offsite internal audit effectively on section 7.5, 7.6, 8.3, just to name a few. My strategy has been: write it up . Let the company answer the NCR to show compliance and let them appeal to the CB and ANAB and all the way up. That way we can get a clarification on these gray areas. This is continuous improvement to clean up gray areas or special situations.

-Tony
Granted, NCs from CB auditors seem to at times be issued based on a gray area of reference to the standard. We have not disputed that. Quite the opposite. We asked exactly what you issued, and against what element. We are interested to learn the precise manner in which you called out nonconformance against which specific elements of the AS9100 standard, and what evidence you cited.
 

Jim Wynne

Staff member
Admin
#46
ISO auditing is not an exact science. I wish everything is black and white and we can quote a section of the standard and issue N/C or CAR. There are many areas of the standard that is in the gray area. A good example is in 8.3- Products dispositioned for scrap has to be .......or positively controlled. There had been tons of discussion on this. It is in a very gray area. Auditors need to use common sense to interpret the intent of the AS standard. I audited a company that manufactured gears used on aircraft 747 engines. Most of their scrap parts were not painted red or locked up. I could not write them up because all the gears had serial numbers. The S/Ns were tracked in the MRP system. Scrap gears cannot be entered back into the manufacturing system, unless they were reworked, re-inspected and the N/C ticket bought off. The scrap gears were "positively" controlled in their system.
You make it sound like you were disappointed in not being able to write it up. This was no "gray area"; the company controlled the scrap in a manner you weren't used to seeing--a manner that didn't fit your preconceived notions.

In our situation, I feel that performing internal audit offsite does not meet the intent of the AS standard. The standard does not state that it has to be done onsite. Some auditor may think that it is OK. I don't agree. It is common sense again. You simply cannot conduct offsite internal audit effectively on section 7.5, 7.6, 8.3, just to name a few. My strategy has been: write it up . Let the company answer the NCR to show compliance and let them appeal to the CB and ANAB and all the way up. That way we can get a clarification on these gray areas. This is continuous improvement to clean up gray areas or special situations.
You're advocating allowing auditors to create their own requirements and then leave it to the audited company to clean up the resulting mess through the appeals process. If the company's audit practices are so obviously at odds with common sense, common sense would also dictate that evidence of audits being ineffective should be pretty easy to find. All you need to do is demonstrate the ineffectiveness with objective evidence, which is what you're supposed to do.
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#47
I'd like to know if there was a writeup about the lack of traceability in that 5x5x5 box full of parts. I'd like to know if there was a nonconformance against that and audits - two NCs for a single observed situation.
 

Big Jim

Super Moderator
#48
ISO auditing is not an exact science. I wish everything is black and white and we can quote a section of the standard and issue N/C or CAR. There are many areas of the standard that is in the gray area. A good example is in 8.3- Products dispositioned for scrap has to be .......or positively controlled. There had been tons of discussion on this. It is in a very gray area. Auditors need to use common sense to interpret the intent of the AS standard. I audited a company that manufactured gears used on aircraft 747 engines. Most of their scrap parts were not painted red or locked up. I could not write them up because all the gears had serial numbers. The S/Ns were tracked in the MRP system. Scrap gears cannot be entered back into the manufacturing system, unless they were reworked, re-inspected and the N/C ticket bought off. The scrap gears were "positively" controlled in their system.

In our situation, I feel that performing internal audit offsite does not meet the intent of the AS standard. The standard does not state that it has to be done onsite. Some auditor may think that it is OK. I don't agree. It is common sense again. You simply cannot conduct offsite internal audit effectively on section 7.5, 7.6, 8.3, just to name a few. My strategy has been: write it up . Let the company answer the NCR to show compliance and let them appeal to the CB and ANAB and all the way up. That way we can get a clarification on these gray areas. This is continuous improvement to clean up gray areas or special situations.

-Tony
I still have a problem with this level of control. It is not enough.

AS9100C (and so did AS9100B) calls for such positive control UNTIL PHYSICALLY RENDERED UNUSABLE. I don't see this addressed.

But I think we are getting off-topic.
 
#49
Tony;

It is black and white - no interpretation needed! Either their audits were effective, whether they stood at the plant or not! I believe you are letting this become an emotional matter, when you use words like 'I feel" is is becoming subjective. As an auditor you will know what effective internal audits look like, plain and simple. Admittedly, a large multi-site audit is difficult - I've done them, so I can speak from first hand knowledge, but in talking with your CB counterparts, can't they tell you some insights into the system, which might be an indicator that effective internal audits were/not performed? When you describe this situation as needing common sense, whose version are you speaking of? Yours or mine?
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#50
It is black and white - no interpretation needed! Either their audits were effective, whether they stood at the plant or not!
No, Andy. It is subjective. Hugely subjective. Effectiveness of internal audits is a "subjective subject". Most CB auditors verify that an internal audit plan exists and records of audits are available. Most CB auditors don't keep the internal audit program accountable to the standard requirement of being developed based on status, importance and historical performance. Most CB auditors don't assess internal auditor competence. And, most definitely, most CB auditors don't assess the effectiveness of the internal audit process. That is a fact, not opinion. So, Toni's question is very hard to respond to because, one must really dig and be creative to write the situation (virtual internal audits) up.

If not, I dare challenge anyone here to explain in a very objective manner how they would assess the effectiveness of an internal audit process. It is a complex, multi-faceted assessment which escapes scrutiny in most third-party audits, with VERY FEW exceptions.
 
Thread starter Similar threads Forum Replies Date
M Transferring ISO 17025 from one company to another ISO 17025 related Discussions 1
P Audit check for IT company (ISO 9001) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
lanley liao Does all of the suppliers need to integrated into the supplier list qualified of the company? Oil and Gas Industry Standards and Regulations 2
F IVD registration in EU - Northern Ireland based company EU Medical Device Regulations 0
W Where does a coatings and paint company fall in IATF? IATF 16949 - Automotive Quality Systems Standard 5
A AS9100D - Clause 8.1 Operation - Coating service company AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
O Informational Ford Motor Company Customer Specific Requirements for IATF 16949:2016 - 08 Jan 2021 Customer and Company Specific Requirements 0
L Have been purchased by a corporate company ISO 13485:2016 - Medical Device Quality Management Systems 7
R Advice needed: Shall I report my not complying company to NB / competent Authority (Europe) EU Medical Device Regulations 6
lanley liao What shoud i do if our company top management has been changed. Oil and Gas Industry Standards and Regulations 8
S Malcolm Baldrige Company Dashboard Quality Tools, Improvement and Analysis 3
T IATF Rules for sharing production space with another company IATF 16949 - Automotive Quality Systems Standard 10
J Leveraging another company's ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 5
R MDEL and company affiliate Canada Medical Device Regulations 0
E Our company is planning to file MDD not MDR next month. Do we require to show chemical characterization report ? CE Marking (Conformité Européene) / CB Scheme 2
S Is QMS like a set of rules and regulations that a company follows? ISO 13485:2016 - Medical Device Quality Management Systems 10
E Contract manufacturer FDA requirements foreign company US Food and Drug Administration (FDA) 6
J How much to charge for helping a startup company with initial ISO 13485 certification? Consultants and Consulting 3
J Sister-company providing parts is only ISO 9001 registered IATF 16949 - Automotive Quality Systems Standard 7
D IATF 16949 Requirement for CMMI in a Global Company Elsmar Cove Forum Suggestions, Complaints, Problems and Bug Reports 0
T Help to Suggest name for a new certification and inspection company Coffee Break and Water Cooler Discussions 7
M Address change for a company with CE/ISO13485 EU Medical Device Regulations 2
M IT validation for a paper based MD repair company QMS ISO 13485:2016 - Medical Device Quality Management Systems 6
M QMS for a repair/servicing company ISO 13485:2016 - Medical Device Quality Management Systems 2
C Internal Audits in a tiny Dx Company Internal Auditing 33
T ISO 13485 - 5.5.1 Responsibility and authority - Small Company Independence ISO 13485:2016 - Medical Device Quality Management Systems 13
F Quality manual for trading company ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
L Implementing the PRRC role in a company EU Medical Device Regulations 7
BeaBea ISO 9001 Customer Feedback Methods - What has worked for your company? Service Industry Specific Topics 17
M Customers Request AS9100 certification - Small Company (less than 20 employees) AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 8
U Document Approval - Software company ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
T EQMS for small medical device company ISO 13485:2016 - Medical Device Quality Management Systems 18
qualprod Corona virus Contingency plan - What have you done in your company? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 25
Q Must product name be listed the same name in FURLS, UDI, GUDID and Company Website? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
E Sharepoint for ISO 13485 QMS for small IVD company ISO 13485:2016 - Medical Device Quality Management Systems 11
N Small Company - Internal audit process - Who does the audit? Internal Auditing 16
Z 510(k) usage - Company has 2 physically similar products Medical Device and FDA Regulations and Standards News 2
Q Company Ownership Change ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
L Contracted Manufacture Company wanting to be able to design and manufacture own product. 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 7
D ISO9001 for one man company ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
T Client Communication - SaaMD company Misc. Quality Assurance and Business Systems Related Topics 3
R Notified Body for MDD 1Q20 - Florida Company Registrars and Notified Bodies 4
E In need of a new TGA sponsor - Small software company Other Medical Device Regulations World-Wide 4
F ISO 17025 8.8 Internal Audits in a segmented company ISO 17025 related Discussions 5
E Company A supplies pharmaceuticals to the MOI - Who is responsible? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
J Quality Assurance in China - Developing a quality management system for a California company Misc. Quality Assurance and Business Systems Related Topics 9
S How to determine & document Organizational Knowledge of a company Document Control Systems, Procedures, Forms and Templates 4
U IT Process is Taken From company and Added to Corporate Structure ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
G Is ISO 9001:2015 certification worth it for a company that does only contract manufacturing? Quality Management System (QMS) Manuals 14
N Non traumatic edge - Remark in some of my company drawings EU Medical Device Regulations 1

Similar threads

Top Bottom