Does ISO 9001 Audit fit in within the Corporate Internal Audit department?

Randy

Super Moderator
#21
Another issue we are dealing with is the reporting structure. The corporate audits are seen by basically every top executive at the company and the Audit Committee of the Board of Directors. Our ISO audit reports have been held at the local management level to provide lay terms to those who understand them the most and where the report can add the most value. Having that level of exposure at the highest levels will add time to the reporting process to make every thing read just-so for an audience of uninformed readers. Will the local management gain any value out of those types of reports?

Your comments are great!! I REALLY appreciate them!

gg
Whoa, whoa, whoa!

Are you saying that the results of your system audits are not forwarded to your Top Management? As said in the movie The Music Man "trouble in River City"

Did you also say that they are uninformed? I wonder why that would be considering your quote above?

Anybody care to get on board with this one?
 
Elsmar Forum Sponsor
B

Benjamin28

#22
Perhaps the root cause of top management making this decision is that they are not in the loop when it comes to ISO compliance,continual improvement issues, improvements and benefits gained from your ISO audits?

I definately agree with Randy, top management needs to be involved and informed or they just might make some bad decisions....
 
G

gg-audit

#23
Are you saying that the results of your system audits are not forwarded to your Top Management? As said in the movie The Music Man "trouble in River City"
The quality audit reports are sent to the director over the area, and his executive management chain. We are a large organization, so no, it is not sent to every EVP in the company. Again, the reports are very specific to that area...they aren't a representation of the quality system in every area, so the audience is more targeted to those who need to know and can fix the problem. We've been ISO certified for over 10 years now, so we very very very rarely have anything more than a 'requires correction'. If there was a significant problem, wider distribution may be warrented.
 
G

gg-audit

#24
Let me throw another curve ball at you. As I mentioned in a previous thread, the company had disbanded it's quality organization years ago. They are now restructuring it to be reporting to the highest levels of the company. Because of the current migration towards integration with corporate audits, and my fear that ISO audits will be diluted and even less of a focus for executive management, I've been thinking we need to move into the quality organization. It would provide us visibility once again at the highest levels. And we have other Operating Companies we'd like to get certified, so we could be given the resources we need if ex mgmt is aware of what we are doing. Do you also think we should report to the Corporate Quality organization, versus the Internal Audit organization...knowing the IA focus is not on quality??
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#25
Audit results are reported in the manner that reflects the system's performance, compliance, effective responsiveness to problems, improvement trends, open actions and stuff like that.

Immediate managers should get the audit reports. If the details are of interest to higher persons in that department or area, the audit report can go higher.

Site management should get results of the audit program as I described in the top paragraph.

More distilled numbers should go higher, and make connections to how the audit results reflect the organization's policy, goals and objectives, strategy and vision. The audit results could be compared from site to site, but only if the same auditors are doing the assessments--or the audit results are reflecting variations in auditors and not auditees.

I didn't get the part where immediate management is being kept informed with the intent to act on results of audits.
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#26
Let me throw another curve ball at you. As I mentioned in a previous thread, the company had disbanded it's quality organization years ago. They are now restructuring it to be reporting to the highest levels of the company. Because of the current migration towards integration with corporate audits, and my fear that ISO audits will be diluted and even less of a focus for executive management, I've been thinking we need to move into the quality organization. It would provide us visibility once again at the highest levels. And we have other Operating Companies we'd like to get certified, so we could be given the resources we need if ex mgmt is aware of what we are doing. Do you also think we should report to the Corporate Quality organization, versus the Internal Audit organization...knowing the IA focus is not on quality??
I would share your concern. While it's popular and good to make quality everyone's business, there should be a center for audit management that is not beholden to the results. For that obvious reason the function's management should be in the quality group.

Less than obvious reasons include the tendency for people to focus the most energy and devotion to their main interest. Also, conflicts and pressure can result in corrective action management if it's not independent.
 
V

vanputten

#27
In my opinion, and this is a huge stereotype but it is my personal experience....


Financial auditors tend to be product auditors. They audit the output of the processes and not the process themsleves. They audit the books, reports, 10k and 10Q reports. With the introduction of Sarbanes Oxley, financial auditors are starting to look at the processes behing the product (reports.)


The functions can effectively be combined. Our organization did. The ISO internal auditors perform the SOX audits. We are the reverse of what is proposed at your organization.

Regards,

Dirk
 
Q

qualityboi

#28
We are having our first joint Financial and Quality Systems assessment. The differences I am learning are:
  • Finanical audit reports go to the board of directors (we are hoping to leverage that reporting route by doing a joint report)
  • Quality System audit reports rarely go to executive level management only aggregate reports during management review get to the executive level and often its only one executive.
  • Financial audits at my company take a siloed approach to controls, they are more used to doing department based audits and have no concept of the process audit or the whole being greater than the sum of the parts.
  • The FMEA risk assessment tool do not show cost as a risk...maybe we should add another column?
  • Neither audit entity can find a company metrics for planned vs. actual ROI per new device we are sure its out there...somewhere.
  • All of this is helping us to embark on a concept of not just process and product defects (called excursions) but "business excusions" or costly "defective" decisions.
As long as there is mutual respect, a good audit methodolgy and plan, I think these audits can be well worth it. I have to say in my last company internal financial audit had no interest in quality system management audits. I am happy to see the change.
 
G

gg-audit

#29
We are having our first joint Financial and Quality Systems assessment.
Who is performing the audit? Your quality system auditors, or financial auditors? Or have you created a mixed team with all experience?

Have your financial auditors received training on quality systems auditing?

Did you have a lot of changes to make to the financial audit approach, or was it pretty seamless?

I take it since this is your first integrated audit, then you are taking it slow, and only performing one integrated audit at a time? Versus trying to incorporate quality audits in with every financial audit at the same time. (for us, that could be about 20 large scale financial audits going on at one time, and I only have 3 trained Lead Auditors that could assist or consult with these teams)

I'm interested in the techniques that will make this work. I'm trying not to dwell on the negatives I see, so I think it will be good to learn best practices from groups like yours that have gone through the exercise.
 
C

CliffK

#30
ISO 19011:2002 has a few things to say about auditor qualifications. Here's what caught my eye relative to this discussion:

7.3.3 a) Quality related methods and techniques...quality terminology...quality management principles and their application...quality management tools and their application ... spc, fmea, etc.

7.3.3 b) Processes and products ... sector-specific terminology ... technical characteristics of processes and products ... sector-specific processes and practices

What's the chance the financial auditors have this knowledge?

How much damage do you suppose anyone would do without it?

Heck, why not download the sample CQA test from asq.org and see how a few of 'em do. It might be very informative. I suppose it would be fair to benchmark against the ISO auditors, too.
 
Thread starter Similar threads Forum Replies Date
M Does the ISO 9001:2015 standard require a disaster recovery plan or emergency response plan ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 16
A Does ISO 9001:2015 cover all the requirements of ISO 10012:2003? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
BeaBea Interesting Discussion Where Does Marketing/ Advertisement of Products fit in to ISO 9001? Process Maps, Process Mapping and Turtle Diagrams 39
G Is ISO 9001:2015 certification worth it for a company that does only contract manufacturing? Quality Management System (QMS) Manuals 14
C Does ISO 9001-2015 have a requirement for manufacturing equipment to be numbered? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
Q Does our material suppliers’ supplier have to be at least ISO 9001 certified? IATF 16949 - Automotive Quality Systems Standard 3
M Does ISO 9001 mandates cooking procedure for restaurants ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
Tagin Does ISO 9001:2015 require a full internal audit annually? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 21
N Does anyone know a registrar that offers both ISO 9001 and ISO 17020? Registrars and Notified Bodies 6
Q Does ISO 9001 require CARs for all customer complaints? Customer Complaints 2
qualprod ISO 9001 Cl. 4.1 and 4.2 - What does monitoring and review mean? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
Sidney Vianna ASQ apparently doesn't know ISO does not issue ISO 9001 certificates? ASQ, ANAB, UKAS, IAF, IRCA, Exemplar Global and Related Organizations 4
C Optic Patchcord Cables - Does 8.3 (Design) Apply Here? ISO 9001:2015 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
A Does anyone have a comparison between ISO 9001:2015 and ISO 13485:2016? ISO 13485:2016 - Medical Device Quality Management Systems 2
G Does ISO 9001:2015 call for a Policy or a Statement ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
Q Does ISO 9001 Requirement for Document Approval (a service organization) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
J Does the word "claim" in ISO 9001 Clause 8.2.2 mean "requirement"? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
T Does your Quality Dept Control Procedures Outside the Scope of ISO 9001? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
S ISO 9001:2008 Certification Scope does not mention "manufacturing" ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
Q Where does 5S technique fit into ISO 9001? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
L What does "conformance matrix" means in terms of ISO 9001:2008? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
G Does AS9100 Certificate include ISO 9001 Certification? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 9
P Does the term ISO 9001:2008 imply we are all five years out of date? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
Marc Does ISO 9001 *require* that Internal Audits be Process Audits? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
L What exactly does Configuration Management in ISO 9001, Clause 7.5.3 means? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
T If a company becomes TS 16949 certified does it still need ISO 9001 certification? IATF 16949 - Automotive Quality Systems Standard 12
G Customer Property Cl. 7.5.4 - Where does ISO 9001 stop and ISO 27001 start? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 33
F Paperless Procedures - Does ISO 9001 Require Paper Documents? Quality Manager and Management Related Issues 37
K Does ISO 9001 require Supplier Pre-Qualification? Supplier Quality Assurance and other Supplier Issues 27
L Does ISO 9001 require that hard copies of documents be archived? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
T Does the Layout Design of a PCB fall under clause 7.3 in ISO 9001 Design and Development of Products and Processes 7
T Employee Satisfaction - Does ISO 9001 Require Monitoring of Employee Satisfaction? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 14
M Does ISO/IEC 17025:2005 require the Laboratory to have separate ISO 9001 Procedures ISO 17025 related Discussions 4
N How does a company determine what ISO standard (9000 or 9001) to register to? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
S How does ISO 9001:2008 apply to a logistics Company? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
C How long does it take to get the ISO 9001 certificate after passing the audit? Registrars and Notified Bodies 21
S Does ISO 9001 Clause 7.3 Design and Development apply? Design and Development of Products and Processes 18
J Customer Property ISO 9001:2008 Clause 7.5.4 - Does this include E-mails? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
H Does ISO 9001 have nothing to do with profitability? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
T ISO 9001 Clause 7.3.2 (a) Functional & performance requirement - what does it mean? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
G Does BSI do ISO 9001/TS 16949 Lead Auditor training? Training - Internal, External, Online and Distance Learning 5
J Does plant personnel need to be re-trained to the new ISO 9001:2008 revision?? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 15
V ISO 9001:2008 - How does an organization demonstrate "sustain success"? General Auditing Discussions 14
H QMS - How does ISO 9001 apply to Service Providers (utility or facility management) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
A What is ISO 9001 Certification and how does it relate to Product Quality? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 38
J What does the revised standard ISO 9001:2008 mean to Jim "Q" public ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 44
J Change Management System - Does ISO 9001 specify you need a process flow? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
B Does that Q-Policy fulfill ISO 9001 requirements? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
G Does ISO 9001 require a procedure for every part of the business? Document Control Systems, Procedures, Forms and Templates 8
N Poor control of testing chemicals ? which ISO 13485/9001 clause does it contravene? ISO 13485:2016 - Medical Device Quality Management Systems 8

Similar threads

Top Bottom