External Auditor asking for other Audit Findings

[Big Jim]

As I look back at the posts from Boris I realize that his concern was that CB auditors should not be looking at customer's audits because it could create a bias. I mistakenly pursued internal audits, which was not as much in question.

So, Jane, what is your position on CB auditors reviewing customer audits? Do you feel they are out of bounds?

 

[somashekar]

I apologize if this question has been asked before. I did a search and couldn't find the response. My ISO auditor is asking for the findings of my internal audit, as well as my state and federal audit. I was always taught never to give the findings of any other audit to another auditor, because it might bias their audit. They should be able to find any issues on their own. I thought we are only required to show that an audit was conducted. Please advise and cite the section that supports your argument.

Thank you in advance.

Have a good reading into your agreement with the CB for the certification process and the attached confidentiality clauses that are stated.
During the process of the audit, if the auditor comes across, or is lead to, an other audit detail that has direct relevance to the scope being audited., you are required to disclose and co-operate with the audit proceedings.
It will be know by the auditor that internal audits are performed and questions about this will be asked as a part of ISO audit process. Therefore you better be open about the internal audit details.

 

[Paul Simpson]

Most of us seem to look at management review near the beginning of the audit. Why would you wait until the end to discover a weakness you should have probed earlier?

Please explain this concept about how looking at the performance of the QMS creates a bias. I don't see it. Instead I see an excuse for a lack of due dilligence.

If you're not going to me read my posts I'm not going to engage in debate.

Once again. Nobody has said you don't look at internal audits (and now management review) so your point about due diligence is misplaced. The original question I answered (for those that haven't lost the will to live) was about the potential for biasing an audit sample based on the results coming out of an internal audit programme.

Thanks to JaneB for the references. The field of psychology is cognitive bias.

 

[Sidney Vianna]

Our collective ability to digress is in top shape. Not always a bad thing. I still think that, at this time, we can only speculate on why the CB auditor wants to review other audit results. It can be for good or bad reasons. Any information an external auditor has access to can be misused, including customer complaints, product recalls, etc. As I mentioned in my previous post, the FDA protocol in the past was NOT to have their inspectors evaluating the internal audit results. They could only ask to see evidence that internal audits had been conducted, which in itself is a joke by the way.

 

[Big Jim]

Our collective ability to digress is in top shape. Not always a bad thing. I still think that, at this time, we can only speculate on why the CB auditor wants to review other audit results. It can be for good or bad reasons. Any information an external auditor has access to can be misused, including customer complaints, product recalls, etc. As I mentioned in my previous post, the FDA protocol in the past was NOT to have their inspectors evaluating the internal audit results. They could only ask to see evidence that internal audits had been conducted, which in itself is a joke by the way.

Interesting insight on how FDA auditors are instructed to not look at internal audits, only the results. It would be equally interesting to have an explanation from the FDA as to why not.

But let us not forget that the OP is asking about ISO audits. Which ISO audit wasn't disclosed, which could be helpful.

 

[Big Jim]

If you're not going to me read my posts I'm not going to engage in debate.

Once again. Nobody has said you don't look at internal audits (and now management review) so your point about due diligence is misplaced. The original question I answered (for those that haven't lost the will to live) was about the potential for biasing an audit sample based on the results coming out of an internal audit programme.

Thanks to JaneB for the references. The field of psychology is cognitive bias.

Auditors indeed need to be aware of the potential of bias as they are auditing, including the posibility of becoming biased from looking at other audits, but that should not keep them performing their duty, only to guard against bias.

 

[Big Jim]

If you're not going to me read my posts I'm not going to engage in debate.

Once again. Nobody has said you don't look at internal audits (and now management review) so your point about due diligence is misplaced. The original question I answered (for those that haven't lost the will to live) was about the potential for biasing an audit sample based on the results coming out of an internal audit programme.

Thanks to JaneB for the references. The field of psychology is cognitive bias.

As long as we are talking about the POTENTIAL for bias, we are in agreement. To declare that we cannot look at part of the QMS because we will become biased is just wrong.

 

[Sidney Vianna]

But let us not forget that the OP is asking about ISO audits.

Actually, the OP is asking if it is OK for the CB auditor (there is NO ISO auditor nor ISO audit) to have a look at

1. his internal audit results
2. state (?) audit results
3. federal (agency? FDA? FAA?) audit results

 

[Big Jim]

Actually, the OP is asking if it is OK for the CB auditor (there is NO ISO auditor nor ISO audit) to have a look at

1. his internal audit results
2. state (?) audit results
3. federal (agency? FDA? FAA?) audit results

Actually, I'm quoting the OP:

"My ISO auditor is asking for the findings of my internal audit, as well as my state and federal audit."

Most of us are likely assuming that he is refering to ISO 9001:2008 and in particular a CB auditor for ISO 9001:2008, but that's a detail that has been left out.

I used the term "ISO auditor" because that is what the OP used.

 

[Sidney Vianna]

Most of us are likely assuming that he is refering to ISO 9001:2008 and in particular a CB auditor for ISO 9001:2008, but that's a detail that has been left out.

Very likely, this would be an ISO 13485 audit(or).

I used the term "ISO auditor" because that is what the OP used.

That practice just perpetuates misnomers. Whenever I can, I try to use the proper terminology.