Corrective Action from Internal Audits not performed

S

scottjoh1412

We did not complete all of our planned audits for the previous audit cycle. There were several issues, but it mainly came down to we had too many planned for the manpower we have performing the audits.

Our auditor is now telling me that part of the corrective action plan is that all of those audits need to be made up. He has told us this comes from the certification body, and that is what they want to see when a CA is closed out for missing internal audits. This does not make any sense to me given what we have identified as the root cause. We are going to go ahead and make the audits up this time, just to get past this issue, but should make ups be part of corrective actions if things are missed, regardless of the root cause?
 
M

Mart0r

This does seem silly but What type of audits are you talking about?

9.2 basically have an audit schedule that you helps you understand if the QMS is working and your processes are correct. Take action if they’re not.

If we’re talking about process audits the corrective action would be to review the schedule and set a sensible frequency. Each process each year is a pretty standard number, but if you have lots just do fewer.


Sent from my iPhone using Tapatalk
 

Sidney Vianna

Post Responsibly
Leader
Admin
We did not complete all of our planned audits for the previous audit cycle. There were several issues, but it mainly came down to we had too many planned for the manpower we have performing the audits.

Our auditor is now telling me that part of the corrective action plan is that all of those audits need to be made up. He has told us this comes from the certification body, and that is what they want to see when a CA is closed out for missing internal audits. This does not make any sense to me given what we have identified as the root cause. We are going to go ahead and make the audits up this time, just to get past this issue, but should make ups be part of corrective actions if things are missed, regardless of the root cause?
Many questions arise from this. Why did you have too many audits scheduled for, to start with? Too ambitious? When you say that you did not have enough internal auditors to perform the proposed schedule of audits, it screams "LACK OF RESOURCES", which is something that leadership is supposed to ensure.

Audit schedules, in order to add value, must be carefully planned, taking into account status, importance, risk, etc...

Who knows? Maybe the original schedule was adequate and the failure to perform the audits is a result of lacking resources.

As for the external auditor's position of "demanding" that the previous cycle of audits to be completed as a "containment" component of the corrective action, it might make sense, depending on the organization's maturity and approach to internal audits.

Too many organizations perceive internal audits as a waste of time and effort and derive zero business benefit from it. In that case, the auditor should be carefully assessing the effectiveness of the internal audit process, something that is neglected in a massive scale in the world of certified organizations.
 

AndyN

Moved On
I'll be the bad boy and point out that this is the result of doing something which isn't actually required! ISO 9001 doesn't and never has required a whole calendar of audits. (some) CB auditors expect to see that, but in all practical reality, very few audits can be scheduled around something a year out.

I've successfully run internal audits with very few events on a calendar, and have used a rolling 30 day window to review the need for, scope and criteria of audits.

When you create a monster, as has been done, you are forced to feed the monster and the CB is handing you the spoon...
 

Stijloor

Leader
Super Moderator
Here's a question to ponder: If Internal Auditing was NOT a requirement, how many organizations would still conduct audits?
 

RoxaneB

Change Agent and Data Storyteller
Super Moderator
I realize that we probably do not have a complete understanding the situation, but to Sidney's point, why were too many audits scheduled? That being asked, I hesitate to say the failure to complete the audits was due to resources. It could also be due to a lack of experience/understanding on HOW to plan audits in such a way that will add value to the organization and make the most of the resources that are available.

Personally, I've never truly been a fan of multiple (mini) audits throughout the year. I prefer full-blown system audits. It does require a commitment from internal resources for a larger chunk of time (instead of small chunks over a space of time), but I find it provides a much better picture as to the state and health of the management system.

As for the external auditor saying the missed audits need to be done, I'd be on the phone and speaking with his boss about this asap. But I'd also dig a little deeper on your root cause...was it truly about a lack of manpower OR a lack of understanding on how to schedule meaningful, value-added audits?

Move over, Andy...I'm going to join you on the bad kid bench.
 
Last edited:
S

scottjoh1412

Thank you for your replies. My boss has already indicated he wanted the schedule window to be no longer than a quarter. I like the sound of a month better though. We have looked into the root cause more, I was just trying to keep it short and sweet for a forum. I guess I learned my lesson on doing that. :bonk:
 

AndyN

Moved On
Thank you for your replies. My boss has already indicated he wanted the schedule window to be no longer than a quarter. I like the sound of a month better though. We have looked into the root cause more, I was just trying to keep it short and sweet for a forum. I guess I learned my lesson on doing that. :bonk:

That's fine - just don't fix what you will be auditing too far in advance!
 

Randy

Super Moderator
Without even looking at the whole thing here's what I'll guess, the audit schedule and the audits were set up to look at the whole organization, something that's not required at all...Nope, not one bit:nope: So any negative results from not doing just that are self inflicted wounds.

Taking the time to actually read what is required we'll see that it's the management system, and not the organization that is required to be audited for it's effectiveness. The management system is all that dribble talk we find between 4.1 to 10.3 (4.1, 4.2 & 4.3 are actually out of sequence because 4.4.1 should be 1st with everything following it's requirements, but that would make too much sense)

Sidney kind of pegged it when he brought out importance and risk as well as previous results and of course the lack of added value.

You guys are probably trying to do too much, with too little, in too short of a time frame, a guaranteed formula for "lack of success"
 
Top Bottom