SBS - The Best Value in QMS software

Does ISO 9001 Audit fit in within the Corporate Internal Audit department?

G

gg-audit

#1
I am new to this forum, and to the ISO 9001 world. Let me give you a brief description of how our Internal Audit department is structured, and I'd really appreciate your thoughts on whether you think the structure is effective or harmful to the certificate.

I work for a large service company that has a single corporate Internal Audit Department with 150+ auditors who perform audits of the internal control environment for financial, operational and IT processes/systems (are the controls adequate to prevent, detect or correct problems). Several years back, a small group of ISO auditors were restructured under the IA department. It used to belong to a Quality Department, but that was basically done away with and the "auditors" needed a home.

A new member of management wants to "integrate" the ISO audit function into the "typical" audit function thinking it will increase coverage, and since the auditors are already in an area, why not do some review against the ISO standard.

And I can buy that, but what I can't get on board with is completely losing the expertise of the ISO auditors and letting 150 people with very limited exposure and understanding of ISO to be "let loose". I'm afraid we are diluting our efforts for no real reason. The ISO program has been extremely sucessful in the past, and I feel like we are being forced to change for no reason. For those of you that are familiar with IIA (Institute of Internal Auditors) standards, these ISO audits are now going to have to abide by IIA stds, which requires statistical sampling and over-scrutinization of the audit work. Our ISO auditors can crank out audits in 80 hours, but abiding by these stds will probably double their time, which in effect, makes them half as productive.

Has anyone else seen this integration and has it worked? If so, what were some key aspects that helped it work?

I'm really looking for validation that this is not the right avenue to pursue, but I'd like to get your objective opinions.

Thanks in Advance!
 
Elsmar Forum Sponsor

Randy

Super Moderator
#2
Re: Does ISO Audit fit in within the Corporate Internal Audit department?

1st let me say Welcome to the Cove:bigwave:

2nd...What you are asking about is nothing new or something that hasn't already been done 100's of times already across the globe.

Here's a big secret...please don't tell...ISO Auditors aren't any better, smarter, or more capable than any other type of auditor...They just like to think and portray that image.

All you really need to do is make sure that whatever auditor you use possess's the requisite competencies and that the objectives, scope and criteria of the audits to be conducted are clearly defined and understood.

That's it, and it ain't nuttin' but a thang.;)
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#3
Re: Does ISO Audit fit in within the Corporate Internal Audit department?

Welcome to The Cove, GG! :bigwave:

The management person who said your company's IA members can just swing into doing ISO audits apparently has little idea of what goes into said audit.

That doesn't mean these people couldn't do the work; it means I doubt they're any more ready than I would be to say, "I think I'll go do a financial audit now." I'd have to learn some things, like accounting... :notme:

My recommendation is to press for Lead Auditor training for each of these persons.

But why do that when you already have internal auditors?

It seems common for some people to think, "Since you're there, you can just do this extra audit," perhaps in the same basic time frame but maybe with just a little extra time. What such a person is forgetting is that the time is going to be taken away from the regular auditing work. Can't stop the clock, ya know...

Auditing corporate operations is a little different from auditing production processes. If the corporate folks are being pulled into the audit schedule for the first time (I've seen this) they'll need to start from the beginning and be led through how their activities fits into a quality system. This handholding is not the job for someone who is inexperienced in the quality discipline.

Doing all that hand holding (making them ready for a registrar's visit or an audit by some other outsider) can perhaps take 80 hours, including the time to make process maps, flow charts and maybe turtle diagrams, plus coaching them on how to answer the auditor's questions (don't babble, don't go off on this or that tangent). Normally, however, auditing a department for ISO shouldn't take anywhere near that long. Oh my, no.

Nor am I familiar with the need to take a large sample, or hold yourself to any statistically designed audit method. I'd like to know why ISO auditing is being held to IIA standards. It's not a regulated function.

Key aspects to make it work are, as I mentioned, being willing to behave as internal consultant for corporate support functions being audited for the first time. What also works is competence, which is required for registration...proven in ways like passing an ISO Lead Auditor class and/or certifying for Quality Auditor with American Society for Quality. The auditor might as well be competent at the git-go.

I hope this helps!
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#4
Re: Does ISO Audit fit in within the Corporate Internal Audit department?

Here's a big secret...please don't tell...ISO Auditors aren't any better, smarter, or more capable than any other type of auditor...They just like to think and portray that image.
Well then! I guess I am feeling pretty full of myself. :lol:
 

Randy

Super Moderator
#5
Re: Does ISO Audit fit in within the Corporate Internal Audit department?

My recommendation is to press for Lead Auditor training for each of these persons.


Auditing corporate operations is a little different from auditing production processes.

What also works is competence, which is required for registration...proven in ways like passing an ISO Lead Auditor class and/or certifying for Quality Auditor with American Society for Quality. The auditor might as well be competent at the git-go.

Why a Lead Auditor class Jennifer?

The only real difference between corporate and production auditing is the conference room and maybe lunch.

Passing a Lead Auditor exam means you pass, not that you are competent.
 
G

gg-audit

#6
Re: Does ISO Audit fit in within the Corporate Internal Audit department?

To address the training issue, we are having one of our Lead Auditors train the corporate internal auditors. But in only a 4 hour class. Basically giving them the ISO 101 class. To train 150 people by an accredited Lead Auditor instructor would cost more money than management's willing to spend, and take too much time away from the "real" audit schedule...i.e. financial risk areas.
 
G

gg-audit

#7
Re: Does ISO Audit fit in within the Corporate Internal Audit department?

Here's a big secret...please don't tell...ISO Auditors aren't any better, smarter, or more capable than any other type of auditor...They just like to think and portray that image.
The opposite is true in our company...the corporate IA's think they are better than the ISO auditors. So I don't think they will spend very much time really looking at the elements of the standard like a qualified ISO auditor would. They'll gloss over it, to get to the important stuff...regulatory risk, financial risk, etc.
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#8
Re: Does ISO Audit fit in within the Corporate Internal Audit department?

Why a Lead Auditor class Jennifer?

The only real difference between corporate and production auditing is the conference room and maybe lunch.

Passing a Lead Auditor exam means you pass, not that you are competent.
If they specialize in financial audits, it's a different world.

Like GG said, without understanding what needs to be done, they may just skim over it and get to the "real auditing" work.

I suggest a lead auditor's class as a fast introduction. A person needs some knowledge of quality systems.
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#9
Re: Does ISO Audit fit in within the Corporate Internal Audit department?

To address the training issue, we are having one of our Lead Auditors train the corporate internal auditors. But in only a 4 hour class. Basically giving them the ISO 101 class. To train 150 people by an accredited Lead Auditor instructor would cost more money than management's willing to spend, and take too much time away from the "real" audit schedule...i.e. financial risk areas.
Yes, it's the desired answer for a question that was frankly a set-up. The logical idea is to use the qualified auditors you already have.
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#10
Re: Does ISO Audit fit in within the Corporate Internal Audit department?

The only real difference between corporate and production auditing is the conference room and maybe lunch.

Passing a Lead Auditor exam means you pass, not that you are competent.
I don't agree with the first one, but I do agree with the second one, especially if the corporate types have not been through the ISO process before. The blind leadeth the blind...:cool:

Although I want to keep in mind we know almost nothing about these people, we do know how wide the range of auditing skills can be. My understanding was that these corporate auditors are financial types and IS. To audit ISO, a person needs some experience with quality, don't you think?
 
Thread starter Similar threads Forum Replies Date
M Does the scope of ISO 9001:2015 applies to tenders, pricing and sales department of a medical devices distributor? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
M Does the ISO 9001:2015 standard require a disaster recovery plan or emergency response plan ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 16
A Does ISO 9001:2015 cover all the requirements of ISO 10012:2003? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
BeaBea Interesting Discussion Where Does Marketing/ Advertisement of Products fit in to ISO 9001? Process Maps, Process Mapping and Turtle Diagrams 39
G Is ISO 9001:2015 certification worth it for a company that does only contract manufacturing? Quality Management System (QMS) Manuals 14
C Does ISO 9001-2015 have a requirement for manufacturing equipment to be numbered? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
Q Does our material suppliers’ supplier have to be at least ISO 9001 certified? IATF 16949 - Automotive Quality Systems Standard 3
M Does ISO 9001 mandates cooking procedure for restaurants ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
Tagin Does ISO 9001:2015 require a full internal audit annually? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 21
N Does anyone know a registrar that offers both ISO 9001 and ISO 17020? Registrars and Notified Bodies 6
Q Does ISO 9001 require CARs for all customer complaints? Customer Complaints 2
qualprod ISO 9001 Cl. 4.1 and 4.2 - What does monitoring and review mean? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
Sidney Vianna ASQ apparently doesn't know ISO does not issue ISO 9001 certificates? ASQ, ANAB, UKAS, IAF, IRCA, Exemplar Global and Related Organizations 4
C Optic Patchcord Cables - Does 8.3 (Design) Apply Here? ISO 9001:2015 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
A Does anyone have a comparison between ISO 9001:2015 and ISO 13485:2016? ISO 13485:2016 - Medical Device Quality Management Systems 2
G Does ISO 9001:2015 call for a Policy or a Statement ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
Q Does ISO 9001 Requirement for Document Approval (a service organization) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
J Does the word "claim" in ISO 9001 Clause 8.2.2 mean "requirement"? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
T Does your Quality Dept Control Procedures Outside the Scope of ISO 9001? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
S ISO 9001:2008 Certification Scope does not mention "manufacturing" ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
Q Where does 5S technique fit into ISO 9001? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
L What does "conformance matrix" means in terms of ISO 9001:2008? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
G Does AS9100 Certificate include ISO 9001 Certification? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 9
P Does the term ISO 9001:2008 imply we are all five years out of date? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
Marc Does ISO 9001 *require* that Internal Audits be Process Audits? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
L What exactly does Configuration Management in ISO 9001, Clause 7.5.3 means? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
T If a company becomes TS 16949 certified does it still need ISO 9001 certification? IATF 16949 - Automotive Quality Systems Standard 12
G Customer Property Cl. 7.5.4 - Where does ISO 9001 stop and ISO 27001 start? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 33
F Paperless Procedures - Does ISO 9001 Require Paper Documents? Quality Manager and Management Related Issues 37
K Does ISO 9001 require Supplier Pre-Qualification? Supplier Quality Assurance and other Supplier Issues 27
L Does ISO 9001 require that hard copies of documents be archived? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
T Does the Layout Design of a PCB fall under clause 7.3 in ISO 9001 Design and Development of Products and Processes 7
T Employee Satisfaction - Does ISO 9001 Require Monitoring of Employee Satisfaction? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 14
M Does ISO/IEC 17025:2005 require the Laboratory to have separate ISO 9001 Procedures ISO 17025 related Discussions 4
N How does a company determine what ISO standard (9000 or 9001) to register to? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
S How does ISO 9001:2008 apply to a logistics Company? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
C How long does it take to get the ISO 9001 certificate after passing the audit? Registrars and Notified Bodies 21
S Does ISO 9001 Clause 7.3 Design and Development apply? Design and Development of Products and Processes 18
J Customer Property ISO 9001:2008 Clause 7.5.4 - Does this include E-mails? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
H Does ISO 9001 have nothing to do with profitability? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
T ISO 9001 Clause 7.3.2 (a) Functional & performance requirement - what does it mean? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
G Does BSI do ISO 9001/TS 16949 Lead Auditor training? Training - Internal, External, Online and Distance Learning 5
J Does plant personnel need to be re-trained to the new ISO 9001:2008 revision?? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 15
V ISO 9001:2008 - How does an organization demonstrate "sustain success"? General Auditing Discussions 14
H QMS - How does ISO 9001 apply to Service Providers (utility or facility management) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
A What is ISO 9001 Certification and how does it relate to Product Quality? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 38
J What does the revised standard ISO 9001:2008 mean to Jim "Q" public ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 44
J Change Management System - Does ISO 9001 specify you need a process flow? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
B Does that Q-Policy fulfill ISO 9001 requirements? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
G Does ISO 9001 require a procedure for every part of the business? Document Control Systems, Procedures, Forms and Templates 8

Similar threads

Top Bottom