Do "Informal" Internal Audits count?

L

lianayada

#1
We have a consultant do a 3-day ISO 9001 audit once a year. In addition to that, I (Lead Auditor in-house) perform supplemental audits of specific processes/trouble areas throughout the year. These all documented as Internal Audits. We've been ISO certified for years, and our registrar is confident in our existing system.

Once in a while, an employee will take it upon themselves (or a supervisor will ask them) to do a "check" of an area (not one they are responsible for). For example, they will walk through a production area to check revision levels of documents in use to see if they are current, or check the condition of the documents to see if they are torn/stained. Or someone will review the Approved Vendor List to see if the vendors are still active. Random stuff like that. They will document their results in an email or memo to me, but they are not trained internal auditors by any means. I assign Corrective/Preventive actions as necessary.

My plan is to modify our Internal Audit procedure to include these additional "informal internal audits". There won't be any checklist or audit report or interviews involved. Just an email or memo from them to me. And I never know when they are going to take place, so I add them to the schedule "after the fact". Is there any problem with this if I define it in our procedure?
 
Elsmar Forum Sponsor

Jim Wynne

Staff member
Admin
#2
We have a consultant do a 3-day ISO 9001 audit once a year. In addition to that, I (Lead Auditor in-house) perform supplemental audits of specific processes/trouble areas throughout the year. These all documented as Internal Audits. We've been ISO certified for years, and our registrar is confident in our existing system.

Once in a while, an employee will take it upon themselves (or a supervisor will ask them) to do a "check" of an area (not one they are responsible for). For example, they will walk through a production area to check revision levels of documents in use to see if they are current, or check the condition of the documents to see if they are torn/stained. Or someone will review the Approved Vendor List to see if the vendors are still active. Random stuff like that. They will document their results in an email or memo to me, but they are not trained internal auditors by any means. I assign Corrective/Preventive actions as necessary.

My plan is to modify our Internal Audit procedure to include these additional "informal internal audits". There won't be any checklist or audit report or interviews involved. Just an email or memo from them to me. And I never know when they are going to take place, so I add them to the schedule "after the fact". Is there any problem with this if I define it in our procedure?
I think it's a great thing that people in your company are able to do things like this, but I'm not sure why you would want to formalize it, especially in view of the fact that your IA process is efficacious. The fact that you're taking appropriate action (and presumably documenting it) on what's discovered should be considered enough. Nonetheless, I don't see a particular problem with including it if you think it might be helpful.
 

SteelMaiden

Super Moderator
Super Moderator
#3
I would like to commend your employees for their commitment. I agree though that I'm not sure formalization of these reviews would be of a great benifit to your internal audit system....but....I think recording that these reviews are done goes a long way to helping you show that you are reviewing (monitoring) your processes and also control of documents (review and update as necessary). As well as showing that your team is actively seeking opportunities for continual improvement.:applause:
 
Q

Qualqueen

#4
Once in a while, an employee will take it upon themselves (or a supervisor will ask them) to do a "check" of an area (not one they are responsible for). For example, they will walk through a production area to check revision levels of documents in use to see if they are current, or check the condition of the documents to see if they are torn/stained. Or someone will review the Approved Vendor List to see if the vendors are still active. Random stuff like that. They will document their results in an email or memo to me, but they are not trained internal auditors by any means. I assign Corrective/Preventive actions as necessary.

My plan is to modify our Internal Audit procedure to include these additional "informal internal audits". There won't be any checklist or audit report or interviews involved. Just an email or memo from them to me. And I never know when they are going to take place, so I add them to the schedule "after the fact". Is there any problem with this if I define it in our procedure?
IMHO I wouldn't include this into a Procedure, although I find a "check" of the area or random walk through a very good tool. Basically, they are N/C's which in turn are CA's. It sounds as if, when the cats away the mice will play. What are you using as a root cause?

What is your correction and corrective action? Most importantly, what is your verification of effectiveness? If these three questions aren't considered and answered correctly, you'll be writting CA's after every internal audit. After the CA is written, is it followed up? What is the outcome? Bottom line - if the verification of effectiveness is valid, then an employee shouldn't be able to find anything. Maybe you need to add an additional IA to your schedule. Just food for thought.
 

somashekar

Staff member
Super Moderator
#5
We have a consultant do a 3-day ISO 9001 audit once a year. In addition to that, I (Lead Auditor in-house) perform supplemental audits of specific processes/trouble areas throughout the year. These all documented as Internal Audits. We've been ISO certified for years, and our registrar is confident in our existing system.

Once in a while, an employee will take it upon themselves (or a supervisor will ask them) to do a "check" of an area (not one they are responsible for). For example, they will walk through a production area to check revision levels of documents in use to see if they are current, or check the condition of the documents to see if they are torn/stained. Or someone will review the Approved Vendor List to see if the vendors are still active. Random stuff like that. They will document their results in an email or memo to me, but they are not trained internal auditors by any means. I assign Corrective/Preventive actions as necessary.

My plan is to modify our Internal Audit procedure to include these additional "informal internal audits". There won't be any checklist or audit report or interviews involved. Just an email or memo from them to me. And I never know when they are going to take place, so I add them to the schedule "after the fact". Is there any problem with this if I define it in our procedure?
It is impressive to read that your auditors show confidence in your system and that there is involvement of your staff in periodic reviews, what you call informal audits. With this in good faith, your internal audits per plan must be indeed deep and bringing out the QMS functioning in the right sense.
Internal audits are supposed to be planned activity. Why do you need to tinker with the procedure when the going is good. You still have all the inputs needed through those "Informal audits" to keep correcting the system there by the checks and balances are continuous....
 
L

lianayada

#6
It's a good question why I would want to formalize this. Here are a couple reasons:

1. I end up with valuable information from helpful employees and I'd like to have a repository for their efforts. We used to have an in-house internal auditing staff that received bonuses for performing the ISO 9001 internal audits (about 2/month) before we went to outsourced. Having supervisors/employees that take the initiative like this is something I want to be able to point to when asked by an auditor about our Quality Policy (encouraging proactive involvement of all employees), or by management for performance appraisals and recognition.

2. In case we are lacking coverage of a particular ISO clause (if our outsourced auditor doesn't spend time checking that quality records are legible, for example), this type of check can easily be performed by an employee with time on their hands, and that helps fill a void. (I'm not sure if the "every element - once a year" rule still is valid...?)
 

somashekar

Staff member
Super Moderator
#7
It's a good question why I would want to formalize this. Here are a couple reasons:

1. I end up with valuable information from helpful employees and I'd like to have a repository for their efforts. We used to have an in-house internal auditing staff that received bonuses for performing the ISO 9001 internal audits (about 2/month) before we went to outsourced. Having supervisors/employees that take the initiative like this is something I want to be able to point to when asked by an auditor about our Quality Policy (encouraging proactive involvement of all employees), or by management for performance appraisals and recognition.

2. In case we are lacking coverage of a particular ISO clause (if our outsourced auditor doesn't spend time checking that quality records are legible, for example), this type of check can easily be performed by an employee with time on their hands, and that helps fill a void. (I'm not sure if the "every element - once a year" rule still is valid...?)
Well, if I were in your place, I would seriously consider not outsourcing the IA process and encourage planned Internal audits by your qualified internal auditors and training more interested staff in the IA process. I would also initiate recognition to the team (auditor and Auditees) who work on a specific audit non-conformance, the corrective actions on which would benefit the company financially.
 
L

lianayada

#8
Internal audits are supposed to be planned activity. ....
This is one reason I am hesitant to add these to the document. They are not planned by me and are based on employee/supervisor initiative. However, I want to document them somewhere. I don't want to file them in the Internal Audit records without explaining in our document why these seemingly random memos/emails are in there, but I don't want them floating in the ether either. I thought if I put a paragraph in the document that says "Informal Internal Audits are allowed and consist of a memo/email and any non-conformances are assigned Corrective Action..." that I could cover my bases.
 
Q

Qualqueen

#9
This is one reason I am hesitant to add these to the document. They are not planned by me and are based on employee/supervisor initiative. However, I want to document them somewhere. I don't want to file them in the Internal Audit records without explaining in our document why these seemingly random memos/emails are in there, but I don't want them floating in the ether either. I thought if I put a paragraph in the document that says "Informal Internal Audits are allowed and consist of a memo/email and any non-conformances are assigned Corrective Action..." that I could cover my bases.
You didn't answer the question I posted earlier. What is your verification of effectiveness on your CA's?
 
#10
I see no problem with the way you are doing it. Formalizing it isn't really a bad idea, but when you formalize something, you add controls which tends to remove flexibility. If these audits that are currently informal, are in addition to what you already do, I think you are safe. If you plan on doing away with other components of what you do, then you may run into danger.

I tend to use "supplemental" audits a bit. They are above and beyond the normal audit schedule. For example, if I audit the materal handling process every May, and I detect an issue in July, I don't want to wait until May to re-audit. I would schedule a supplemental audit in August.

As far as scheduling your informal audits, if you make your process formal, just make sure you give supervisors (or whoever) authority to schedule these supplemental audits. As you say they notify you when it occurs, and then you annotate the schedule.

If you assign corrective actions, then either your internal audit procedure, or your corrective action procedure would be followed.

As far as Qualqueen's concern on showing effectiveness. That could be accomplished the same way your normal audits are, through corrective action effectiveness and through auditing the audit program.

Hope that helps.
 
Thread starter Similar threads Forum Replies Date
M Informal Corrective Actions - AS9100DCl. 10.2.1 A-H Nonconformance and Corrective Action 12
T What constitutes a Management Review? Informal Management Review Management Review Meetings and related Processes 10
A Difference between formal and informal Kaizen Lean in Manufacturing and Service Industries 6
Hershal Only THREE foods - Informal sharing of tastes Coffee Break and Water Cooler Discussions 17
9 Informal Drawings being Used by Manufacturing Document Control Systems, Procedures, Forms and Templates 5
errhine Career limiting statements - Informal discussion with a manager Career and Occupation Discussions 13
Q ISO 9001-2015 Internal audit finding Internal Auditing 12
lanley liao How to understand this words that the planning of internal audit shall take into consideration the results of previous audits? Oil and Gas Industry Standards and Regulations 10
A Add MDSAP to Internal Audit Schedule Medical Device Related Regulations 0
J IATF 16949 Internal Audit question - Auditor's responsibility Internal Auditing 6
M ISO13485:2016, MDSAP and Internal Audits ISO 13485:2016 - Medical Device Quality Management Systems 8
S IATF 16949 Internal Audit Example IATF 16949 - Automotive Quality Systems Standard 7
R AS9100D internal audit checklist or ISO 9001 2015 to AS9100 D AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
S Would this be a second site for the purposes of internal and third party audits? General Auditing Discussions 4
V Internal Auditor Competency KPI IATF 16949 - Automotive Quality Systems Standard 14
J ISMS - Internal Audits Internal Auditing 3
M ISO 13485:2016 internal audit checklist Medical Device and FDA Regulations and Standards News 5
S ISO 9001:2015 Internal Auditing Internal Auditing 8
A Internal Audit Questions ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
L Documented Information in Internal Audits Process (9.2) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
salaheddine96 Internal audit planning Internal Auditing 2
D CB and customer audits considered as internal audits? General Auditing Discussions 9
M ISO 9001 Major Nonconformance Internal Audit Schedule/COVID-19 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
E MDR internal audit Internal Auditing 1
B Internal Auditor Competency - Product Auditors Internal Auditing 9
U Internal Auditor not trained but done Audit for some process Nonconformance and Corrective Action 5
F Internal transfer of work from one line to another? Qualification and Validation (including 21 CFR Part 11) 3
B Looking for 10 Internal Audit Online Training Participants ISO 17025 related Discussions 2
R Monitor production quality - Internal KPIs Manufacturing and Related Processes 5
R IATF 16949 - Outsourcing of internal audits Internal Auditing 10
M Major vs. Minor for Internal Audits? Internal Auditing 10
T Internal Nonconformance procedure thoughts (AS9100) AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 6
M Tips on preparing for IATF 16949 Internal Lead Auditor exam Manufacturing and Related Processes 1
C Internal Audits in a tiny Dx Company Internal Auditing 33
H AS9100 Checklist for Internal Audit needed AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
A What are the pros and cons of using an audit software for internal auditing? General Auditing Discussions 7
F Internal Audit before Pre-Assessment ISO 17025 related Discussions 2
Q Internal audit plan template Internal Auditing 12
E PEMS Hazards - IEC 60601 Clause 14.6 - Internal data use - Pressure sensor IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
L Internal audit during COVID-19 restrictions ISO 13485:2016 - Medical Device Quality Management Systems 5
A QMS Overhaul - Reorganizing and Renaming Documents - Internal References Document Control Systems, Procedures, Forms and Templates 24
N Sampling Plan for Internal Audits - ISO 2859 or 3951 - Or Neither? Internal Auditing 6
O ISO13485 implementation - Are internal audits expected before stage 1 audit? Design and Development of Products and Processes 3
B Using Unreleased Documents & Process Maps for Internal Audit purposes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
M Help me improve the definition for internal PPM Manufacturing and Related Processes 3
S ISO 13485 Lead Auditor - Debate between our Quality Team and Regulatory Auditor - Internal Auditor Training ISO 13485:2016 - Medical Device Quality Management Systems 17
S Risk based internal auditing Internal Auditing 6
O Informational Scaling back internal audits due to corona virus while avoiding a NC Internal Auditing 7
N Small Company - Internal audit process - Who does the audit? Internal Auditing 16
J Does anyone have an excel IATF 16949 Internal Audit checklist I could use? IATF 16949 - Automotive Quality Systems Standard 7

Similar threads

Top Bottom