SBS - The best value in QMS software

External Auditor asking for other Audit Findings

Elsmar Forum Sponsor
#33
Perhaps we should have asked the OP earlier. We didn't, and we got what we got.
Sidney is correct, it is a ISO 13485 auditor. And Sidney is also correct, that an FDA or State auditor has only asked for if our management review and internal audits were conducted, and we did not give the findings, and that was acceptable. That's why I'm a little confused with the type of information I should provide an external auditor, whether it's FDA, State or ISO.

I'm happy for the discussion this has created, because I feel like our goal is still trying to get a better understanding of the relationship with external auditors. I personally believe internal audits should be given towards the end of the audit, because of the bias potential. We are all human, so it's hard disregard something that was seen. It's possible, but why take that risk.

FDA and State audits are usually asked for by our ISO auditor. Yes, it's part of our non-conformance/Corrective Action process. Are these audits considered a part of 8.5.1? We don't have any major findings in our internal, FDA, or State audits, but I would like our ISO auditor to find problems within our system independently than base any of his findings on other audits, which can potentially happen.

Bottom line is, I believe I need to show my internal audits, because they are part of the QMS according to 8.2.2., and the timing of when to show it is debatable. Other Audits like FDA or State, I am unsure if they are required to be shown to the ISO Auditor or not based on 8.5.1. This is where my confusion lie, and the debate has been good, but still hasn't given me a confident stance if I am required to provide FDA or State audits.
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#34
Other Audits like FDA or State, I am unsure if they are required to be shown to the ISO Auditor or not based on 8.5.1. This is where my confusion lie, and the debate has been good, but still hasn't given me a confident stance if I am required to provide FDA or State audits.
Remember that, according to ISO 9001 5.6.2.a), your management should be reviewing and taking action on audit results. So, the CB auditor might want to see if this is happening. Further, you should be implementing corrective actions if external audits report nonconformities.

In my opinion, a good auditor could have good reasons to request access to such data. On the other hand, a misguided auditor might ask to see such data to "focus" on problems already reported by others. If the latter happens, you should react accordingly and "fight back".
 
J

JaneB

#35
Remember that, according to ISO 9001 5.6.2.a), your management should be reviewing and taking action on audit results. So, the CB auditor might want to see if this is happening. Further, you should be implementing corrective actions if external audits report nonconformities.

In my opinion, a good auditor could have good reasons to request access to such data. On the other hand, a misguided auditor might ask to see such data to "focus" on problems already reported by others. If the latter happens, you should react accordingly and "fight back".
Excellent advice from Sidney, with which I agree entirely.

I empathise with you - there isn't a simple or plain answer in relation to this. I'm sure it is a bit confusing for you -

You say that "FDA and State audits are usually asked for by our ISO auditor" - as Sidney says, a good auditor (repeat good) could have good reasons for doing this. That would include seeing how your company has responded to their audit reports, and particularly if any issues required consideration or response, how your organisation responded, if you followed your own procedure, if action was effective, etc.

But a misguided (or lazy) auditor might do it for reasons including the one Sidney mentioned.

The tack I would try is to ask for their reasoning. And if you don't find it acceptable - or even if you feel otherwise, you could also request that they look at those audits at the very end of the audit and not early on, and explain that you (as client) would really like for the auditor to make their own independent judgement before seeing what other auditors have found. That's a hard stance for a good auditor to argue with! (And if they insist, take it up with their boss, explain your reasons - and if necessary or if you prefer, ask for them to assign you a different auditor. You can and they will.)

PS - I do empathise with you about the less than edifying diversions in the thread. As a regular poster, I know that the majority of us aim to focus firmly on your needs until the questions is reasonably answered. But alas, not everyone always adheres to that firmly, as in this instance. One of the downsides of a forum. :nope:
 
Last edited by a moderator:

Big Jim

Super Moderator
#36
Just as well nobody said that then, isn't it? :nope:
I certainly saw that flavor in your earlier post. If you feel that was not your intent, I'll certainly accept that.

I can certainly understand your concern about a lazy auditor basing his findings solely or even largely on the internal audit results, and I have seen that abuse. One CB auditor bluntly told the auditee that he expected to see such detail in the internal audit that he could do his entire audit simply by reviewing all that objective evidence. The auditor never left the conference room.

My read on your earlier post is that an auditor who chose to review the internal audit early in the audit was a lazy auditor, which I take exception to. It isn't necessarily so. It could instead be evidence of a thorough auditor.

Since you feel that it is inappropriate to look at the internal audit until late in the audit, we will simply need to agree to disagree on that point.
 

Paul Simpson

Trusted Information Resource
#37
Could someone explain the "they might be biased" thing to me please ? I've heard it before, too. Our school makes us do a "2nd party" audit at partner companies. The QM first refused to give us access to previous audit reports (made by previous students) as it would, indeed, influence us.<snip>
Think of it this way. If you read an audit report before going onto a factory floor (for example) and the report says: 'No work in progress identified and nobody aware of where there procedures are.' Human nature says that when you go out you'll be looking for identification and asking people where there procedures are. It is the lazy auditor's way of completing their audit.
<snip>
Not naive, no. Again the number of findings is not necessarily important but a biased sample is. If a 3rd party just copies internal audit findings then s/he has not sampled the process themselves and there may be many other findings that the internal audit did not raise but that might be more significant than those s/he has raised.

Similarly some CBs will not duplicate N/Cs (within reason) if they have been raised by internal audit and are being addressed - as there is no point.

3rd parties should do their own independent sample and make a judgement of an effective system on their sample. Part of this is to audit internal audit but that should be at the end of the programme (IMHO)
I certainly saw that flavor in your earlier post. If you feel that was not your intent, I'll certainly accept that.

I can certainly understand your concern about a lazy auditor basing his findings solely or even largely on the internal audit results, and I have seen that abuse. One CB auditor bluntly told the auditee that he expected to see such detail in the internal audit that he could do his entire audit simply by reviewing all that objective evidence. The auditor never left the conference room.

My read on your earlier post is that an auditor who chose to review the internal audit early in the audit was a lazy auditor, which I take exception to. It isn't necessarily so. It could instead be evidence of a thorough auditor.

Since you feel that it is inappropriate to look at the internal audit until late in the audit, we will simply need to agree to disagree on that point.
So just to wrap this up. I am happy to agree to disagree. :) Hopefully the above multi quote (edited for space) outlines the facts.

A recommendation to all Covers is you should try to manage your auditor and CB so that they do their job properly and carry out an effective sample audit without any undue bias. Once the CB has had a chance to audit your system they will be targetting areas based on the risk that they see and the results they have observed.

You have to be careful with auditors ... sometimes they read things into documents (posts) that aren't even there. :notme:

Perhaps someone can enlighten me about 13485 certification scheme rules. Is there a requirement for external auditors to review any external (e.g. FDA) audits?
 
Thread starter Similar threads Forum Replies Date
B Internal and external auditor competency to CSR's IATF 16949 - Automotive Quality Systems Standard 20
A OHSAS 18001 external auditor finding personal interpretation? Occupational Health & Safety Management Standards 5
A External Auditor issue with Internal Audits Internal Auditing 7
S ISO9001:2015 Clause 9.1 - What the external auditor will look at? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
S Risk Approach doesn't address External Issues (Auditor's Comment) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 30
K EMS Manual - External auditor expectations Miscellaneous Environmental Standards and EMS Related Discussions 5
R Can a external auditor raise a finding that is already identified in Internal Audit ? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
W Hiring an External Auditor to perform our AS9100 Compliance Audits AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
N Corporate direction - External Auditor Influenced by Corporate Management ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
F VDA 6.3 Level C Certificate Requirements for External Auditor VDA Standards - Germany's Automotive Standards 3
E Help needed on the TS 16949 External Auditor Exam IATF 16949 - Automotive Quality Systems Standard 8
J Can An External Auditor Also Write The Same Non-Conformance As An Internal Auditor? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
J Changing External Auditor Service General Auditing Discussions 13
D Is our external auditor acting within the rules? General Auditing Discussions 9
K Can I join External or Online Internal Auditor Courses Apart from my Company...? Training - Internal, External, Online and Distance Learning 4
P How to Qualify as External Auditor in ISO Quality Systems General Auditing Discussions 2
J Repeat Visits By Same External Auditor for the Last 10 Years General Auditing Discussions 22
S External Auditor Findings when an Internal Audit found a Nonconformance Yesterday Document Control Systems, Procedures, Forms and Templates 11
B Incompetent External Auditor - Is the Auditor Liable or the CB? General Auditing Discussions 25
D Advised by external auditor to change all QMS?s procedures to Flow charts Document Control Systems, Procedures, Forms and Templates 16
Z Interviewing an External Auditor? Choose a Registrar for ISO 9001 Registration Registrars and Notified Bodies 30
B External Auditor Confidentiality Agreement General Auditing Discussions 8
J Verifying the Effectiveness of Corrective Action - Challenge with an external auditor Nonconformance and Corrective Action 16
P External Contract Auditor for Internal Quality Audit Internal Auditing 18
B Keeping an External Auditor on because he's "useless"... ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 55
H External Auditor asked that we Improve in 4 Areas - ISO9001 - help needed ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 20
W External Consultant as Internal Auditor - Can NC be issued by TS Auditor? Internal Auditing 18
D Can an external ISO Auditor view FDA inspection results General Auditing Discussions 9
W Conflict with External Auditor in ISO 9001- Number of Fire extinguishers General Auditing Discussions 48
B Internal Auditor Training - Shadowing external auditor? Internal Auditing 18
M Need input - Potential poor external auditor? My first ISO 14001 registration audit ISO 14001:2015 Specific Discussions 4
K 7.5.5 Identification of Stored Product - External auditor identified storage problem ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 16
L External auditor agenda General Auditing Discussions 17
J External third party audits Registrars and Notified Bodies 1
J Help settle a disagreement: Should external providers of preventive maintenance be on your ASL? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
J Requirement for Retention of Records of Withdrawn Documents of External Origin Document Control Systems, Procedures, Forms and Templates 3
M Calibration Certificate Result issued by an accredited external laboratory General Measurement Device and Calibration Topics 9
L IATF external audit virtual (remote) IATF 16949 - Automotive Quality Systems Standard 13
A IEC 62304 safety classification, External Controls and off-label use related risks IEC 62304 - Medical Device Software Life Cycle Processes 5
R External Audit and Certificate prorogation due to the pandemic General Auditing Discussions 10
N Audit non-compliance API Q1 - Use of External Documents 4.4.4 in Product Realization Oil and Gas Industry Standards and Regulations 8
J 510(k) for a control kit for an external IVD test kit 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
R Is it required to have an SOP for external audits? Medical Device and FDA Regulations and Standards News 7
Pmarszal External Standards and Regulations Management Process Document Control Systems, Procedures, Forms and Templates 10
I What kind of wine best complements the Friday that you close out your external audit findings? Opinions are welcome. Coffee Break and Water Cooler Discussions 12
B How to apply external voltage to SIP/SOP IEC 60601 - Medical Electrical Equipment Safety Standards Series 2
P Qualifying commercial off the shelf (COTS) external suppliers ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
N IATF 16949:2016 7.1.5.3.2 External Laboratory - How to approve the Testing Laboratory without accreditation scope IATF 16949 - Automotive Quality Systems Standard 2
L External power supplies: How close does the safety report have to match the end-use application? IEC 60601 - Medical Electrical Equipment Safety Standards Series 4
D Reduction of software class based on multiple external risk controls IEC 62304 - Medical Device Software Life Cycle Processes 5

Similar threads

Top Bottom