First Time Internal Auditor - Advice and Tips, please

C

ChrissieO

#51
It's not the auditor's job to solve the companies problems. It's the auditor's job to ensure the QMS as adopted by the company complies with the standard, and that the QMS reflects reality on the production floor. IF the company is utilizing the QMS as intended, the nonconformities will surface. Then following the QMS, the company will resolve those issues, thus improving the quality of their process/product. The purpose of the audit is to ensure the company IS following the QMS, and the QMS follows the Standard.
:nope:It is the internal auditors job to audit processes and if necessary identify possible weaknesses or breaks in the process, not to ensure that the company complies to 9001.

If the MS is in place and is working it will usually follow that it will conform to 9001. This may be a little different if you are going for first time certification.

If you are already certified to 9001 you are past the stage of compliance, and very unlikely to lose registration unless you have major external complaints about your company or the CB auditor finds something drastic. You are now within the realms of continuous improvement and how can you improve if all your internal auditors do is look for compliance and not look at the processes and opportunities for improvement of processes adding value to the audit.

Chrissie x
 
Last edited by a moderator:
Elsmar Forum Sponsor
H

Hanr3

#52
Would you ask every person during the audit if he new the QP and Quality Objectives?
Yes, especially if I was auditing section 5! 5.3d Quality Policy is communicated and understood within the organization
Why would "Joe Bloggs" picking boxes in a warehouse be vagualy interested in what the company quality objectives are?

6.2.2d ensure that its personnel are aware of the relevance and importance of thier activities and how they contribute to the achievement of the quality objectives.

If objectives are set correctly they will be dissmenated from the policy to all levels of the operation,
policy and goals are loosely tied together. Quality policy is a generic statement of the companies over all goal. While objectives are typically set to address a specific process, or aspect of the process. How do you know if they are disemenated if you dont audit them?

differing dependant on the job/function but "Joe Bloggs" may not even realise that his set job function targets objectives are part of the bigger picture, he is only interested in what he can effect.

i.e. why would "JB" have any interest that one of the Quality Objectives is to reduce the number of stock numbers. He can't have any effect on it, does not have any knowledge of in deth demand planning nor does he really care. All he needs to know that how his function can effect the customer experience.

When employees are engaged they perform better. When employees know the company goals, objectives tehy will watch for opportunities to improve. If your not training all employees on all aspects of the QMS your missing the boat. Every employee needs to understand every aspect of the QMS, some need to know it in more detail than others. For example every employee needs to know there is a process for ordering materials, however only hte employees who actually order the material need to know the procedures.

You may be better to ask "JB" what are the objectives and targets of his own job functon. then follow them up the functions to management to see if they all eventually feed into the quality policy.
I assume your saying ask JB about his departments quality objectives and not "his" goals/objectives. Teh difference being the department goals relate to the department and the departments goals are auditable. His individual performance is not auditable. His job performance is between the company and himself. Employee job performance, or lack there of, is strickly a confidential issue.
Every department should have quality goals/objectives, and those goals/objectives should tie into the company quality objectives. Everybody has a stake in the companies performance. IF the company loses clients due to poor quality it wont need employees. JB wants to keep his job, he has a stake in the company. Those employees who dont care, wont be around long. Either they will find another job, or they will be terminated.


Chrissie
Message too short, please enter 8 characters.
See above in red. :biglaugh:
 
#53
Why would there be a difference between external and internal audits?
It's not the auditor's job to solve the companies problems. It's the auditor's job to ensure the QMS as adopted by the company complies with the standard, and that the QMS reflects reality on the production floor.

The purpose of the audit is to ensure the company IS following the QMS, and the QMS follows the Standard.

The question the auditor must answer is this: does the QMS match what the employee is doing, and does the QMS comply with the Standard.

However if the internal auditor isn't auditing the QMS to the standard, they will have findings every time.
In the initial stages of implementation, I think this might be somewhat correct. However, as Chrissie points out, you're past that.

Of course the internal audit is different to a CB audit:- The people who do them have quite different experiences. One visits once or twice a year, the other works there every day, knows the people, customers, geography, products, problems, changes, culture etc.

Of course it IS the internal auditors job to assist in helping the company fix its problems...especially if you want to keep your job! Of course, you're not going to roll up your sleeves, in the middle of an audit and start changing things. However, by carefully identifying the issue in the process which is at risk. I'm haunted by the countless stories of auditors who have visited by companies going down the drain and nothing was ever reported...Arthur Anderson, anyone?

I'm thinking that too many internal auditors fill their heads with 'ISO', when, in fact, the MR can make the decision as to the status of compliance from the audit reports...
 
C

ChrissieO

#54
Message too short, please enter 8 characters.
See above in red. :biglaugh:
I have to disagree with some of you post but especially the last sentence. We have a large number of employees in the warehouse who don't care but have been here over 10 years. They care about what their function (i.e. team/group) objectives are but as long as they get paid at the end of the month they ain't really bothered about what the company goals an objectives are.

I would ask them what the output of their job is and how this is measured, steering clearly away from ISO speak as this is a turn off to many blue and white collar workers alike. I would then see if the their output measurements feed into the next level and so on until you reach the policy, as the objectives should be driven by the QP

Also why would you be auditing a clause?


Chrissie
 
H

Hanr3

#55
:nope:It is the internal auditors job to audit processes and if necessary identify possible weaknesses or breaks in the process, not to ensure that the company complies to 9001.

If the MS is in place and is working it will usually follow that it will conform to 9001. This may be a little different if you are going for first time certification.

If you are already certified to 9001 you are past the stage of compliance, and very unlikely to lose registration unless you have major external complaints about your company or the CB auditor finds something drastic. You are now within the realms of continuous improvement and how can you improve if all your internal auditors do is look for compliance and not look at the processes and opportunities for improvement of processes adding value to the audit.

Chrissie x
If the Standard is not part of the internal audit process, whose job is it to audit the QMS to the Standard? Certantly the external auditor will do it, however its not the external auditors job to make sure you comply. Their job is to see if your in compliance. If you rely on the external auditor you are missing a key part of your internal audit process. You didn't validate your QMS to the Standard. :cool:
 
#57
If the Standard is not part of the internal audit process, whose job is it to audit the QMS to the Standard? Certainly the external auditor will do it, however its not the external auditors job to make sure you comply. Their job is to see if your in compliance. If you rely on the external auditor you are missing a key part of your internal audit process. You didn't validate your QMS to the Standard. :cool:
Why do you have to audit to the standard to know if you comply? The standard doesn't say you have to audit to the standard!

Can't you infer that if you have a nonconformity in, let's say the document control process, that you must, therefore, be in non-conformity with ISO 9001? It's not required to have ISO 9001 as your audit criterion, to decide if you comply!
 
M

Migre

#58
I believe Hanr3 is trying to make some valid points here, but points that are intermingled with some misguided views. Whilst I'm with Randy in that the second question in an audit can never be truly determined until the first is answered, I can see what Hanr3 has attempted to do with his '5 questions' (even though I vehemently disagree with asking employees to quote the quality policy and 'quality objectives', and the asking of such open-ended questions in an internal audit).

The key differences I would expect to see between internal and external audits have been previously quoted, in that, as Andy said, the internal auditor should have higher levels of access to the QMS specifics, leading to a greater insight during the audit which should predicate getting to the bottom of issues. However, an astute CB auditor (especially one who has made numerous visits to the organisation) may build up an increased level of insight over time anyway. But I don't see any reason why an internal auditor shouldn't delve into training issues (or any other 'wider-reaching' issues) if the audit suggests it to be necessary (i.e. if any issues or complaints reviewed suggest training issues to be a potential root cause of problems, especially within the process/area being audited)? The CB auditor (or the worthwhile ones I've encountered) are building up a picture of an organisation as a whole as they're going along, or certainly an area of scope much more significant than the average internal audit, but that doesn't mean to say that the 2 aren't connected in any way or should be worlds apart in how they are carried out?

I would suggest that, whilst it isn't the internal auditor's main objective to ensure the company complies to ISO 9001, it is something they should be aware of and bear in mind during internal audit, especially if that is the standard the organisation is certified to. We have a system here that includes 2 levels of document to be audited (after the quality manual that is). The 'level 2' documents generally contain procedures relating to departmental-wide issues (training/employee reviews, document control, non-conformities, customer complaints etc) and relate more to some of the specific requirements of ISO 9001, whilst the 'level 3' documents are more section/process specific, consisting of more specific procedures or work instructions. The level 3 documents are much more numerous and, as such, form much of the internal audit programme. However, there are occasions when the audits of level 3 documents also need to consider the issues contained within the level 2 info. And the actual text within 9001, to my mind, states that internal audit should also consider whether or not the requirements of the standard are being met:

8.2.2
The organisation shall conduct internal audits at planned intervals to determine whether the quality management system

a) conforms to the planned arrangements (see 7.1), to the requirements of this International Standard and to the quality management system requirements established by the organization, and

b) is effectively implemented and maintained.

This thread has made me question some of my understanding of the internal and external audit process. I believe the above to be true but I'm willing to stand corrected if someone can offer a truly definitive view of the differences of expectations from internal and external audit? I don't believe it to be as cut and dried as some of the posts here have suggested.

Regards,

Mick
 
Last edited by a moderator:
C

ChrissieO

#59
If the Standard is not part of the internal audit process, whose job is it to audit the QMS to the Standard? Certantly the external auditor will do it, however its not the external auditors job to make sure you comply. Their job is to see if your in compliance. If you rely on the external auditor you are missing a key part of your internal audit process. You didn't validate your QMS to the Standard. :cool:
It is usually the responsibility of the MR or designate to conduct a system audit for compliance. For the divisions of our company that are within our scope, I am the designate (AKA Division Quality Geek :notme:)

Once a year, I hide my self away for a few days and review the whole system, looking at relevant internal and external audit reports, NCs etc raised throughout the year. I conduct a gap anaylysis of the QMS to 9001 & 16949 (where applicable) and identify any nonconformances to the standards.

Auditing resource is tight but all our audit team were recently trained by an external trainer in "Process Auditing" they are all trained green belts and I see their experience and precious time better utilised looking at our actual processes than ticking boxes of compliance.

All our auditors are well conversant with 9001 and do bare this in mind while auditing but it certainly isn't a the fore front of their minds.

Our external CB have been highly complimentary of our approach

Chrissie x
 
Last edited by a moderator:
#60
Mick:

Excellent precis!

My point of view has been that internal audits are conducted to determine if the ISO requirements are met...but that doesn't mean the auditor must use ISO 9001 as audit criteria...

I personally believe that this often comes from the biased view and stories that are 'spread' by the current internal/lead auditor training courses. Too much emphasis is placed on making the auditors 'expert' in interpreting ISO requirements! Bizarre!
 
Thread starter Similar threads Forum Replies Date
J IATF 16949 Internal Audit question - Auditor's responsibility Internal Auditing 6
V Internal Auditor Competency KPI IATF 16949 - Automotive Quality Systems Standard 14
B Internal Auditor Competency - Product Auditors Internal Auditing 9
U Internal Auditor not trained but done Audit for some process Nonconformance and Corrective Action 5
M Tips on preparing for IATF 16949 Internal Lead Auditor exam Manufacturing and Related Processes 1
S ISO 13485 Lead Auditor - Debate between our Quality Team and Regulatory Auditor - Internal Auditor Training ISO 13485:2016 - Medical Device Quality Management Systems 17
B Internal and external auditor competency to CSR's IATF 16949 - Automotive Quality Systems Standard 20
D Impartiality of Internal Auditor ISO 9001/13485 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
M IATF 16949 7.2.3 Internal Auditor Competency - Trainer's competency Internal Auditing 7
C Recommendations for UK-based ISO 13485 internal auditor training ISO 13485:2016 - Medical Device Quality Management Systems 1
A External Auditor issue with Internal Audits Internal Auditing 7
Q Internal Auditor competence for ISO 14001 ISO 14001:2015 Specific Discussions 11
S IATF 16949: Is "Certified" Internal Auditor mandatory? IATF 16949 - Automotive Quality Systems Standard 9
S Internal Auditing for API Spec Q1 - auditor qualification requirements Oil and Gas Industry Standards and Regulations 6
J Your opinion on the better training org for IATF16949 Internal auditor and Lead Auditor IATF 16949 - Automotive Quality Systems Standard 3
Q Internal Auditor Training requirements for ISO 14001:2015 ISO 14001:2015 Specific Discussions 5
E Informational I would like to get some Internal Auditor Training Internal Auditing 31
Q What is the difference between normal and licensed internal auditor? VDA Standards - Germany's Automotive Standards 9
J IATF 16949 CAR - Internal Auditor Requirements IATF 16949 - Automotive Quality Systems Standard 15
A ISO 13485 - Internal Auditor Independence and Process Owners ISO 13485:2016 - Medical Device Quality Management Systems 3
Q AS 9100D internal auditor training requirements Internal Auditing 16
A Other Discussion Boards - Internal Auditor Coffee Break and Water Cooler Discussions 5
E Online training for an internal auditor to AS9120B AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
Q Internal Auditor Trainer's Requirement Internal Auditing 4
D IATF 16949 - Internal Auditor Training/Certification Requirements Training - Internal, External, Online and Distance Learning 2
R Internal Auditor vs. Public Accountant - Accounting Student Needing Help Career and Occupation Discussions 4
C IATF 16949 Cl. - 7.2.3 Internal Auditor Competency IATF 16949 - Automotive Quality Systems Standard 1
C IATF 16949:2016 Cl. 7.2.3 Internal Auditor Competency Requirements IATF 16949 - Automotive Quality Systems Standard 39
Q IATF 16949 Cl. 7.2.3 - Internal Auditor Competency and Records IATF 16949 - Automotive Quality Systems Standard 5
R Internal Auditor auditing Internal Audit Procedure (AS9100) Internal Auditing 18
Q How can an Internal Auditor Trainer's Competency be Evaluated - IATF 16949 Cl. 7.2.3 IATF 16949 - Automotive Quality Systems Standard 10
H ISO/IATF Internal Auditor Recommendations For Manufacturer In California, USA Internal Auditing 3
Casana 2nd Party and Internal Auditor Qualifications & Training IATF 16949 - Automotive Quality Systems Standard 13
P Problem with IATF 16949 Clause 7.2.3 Requirements (Internal Auditor Competency) IATF 16949 - Automotive Quality Systems Standard 3
B Competency of Trainer for Internal Auditor Training (IATF 16949) IATF 16949 - Automotive Quality Systems Standard 11
C ISO 13485:2016 - Internal Auditor Training vs. Lead Auditor Training Training - Internal, External, Online and Distance Learning 4
J Dinged on Internal Audits for supervising an auditor I was training Internal Auditing 10
M Internal Auditor --> Licence needed? Internal Auditing 6
V Internal Auditor Training Documents and PPT Document Control Systems, Procedures, Forms and Templates 5
V Internal Auditor Training Documents and PPT Internal Auditing 3
V Certified Internal auditor is necessary? ISO 9001 requirement? Quality Management System (QMS) Manuals 4
D Can the Plant Manager be our ISO Representative and an Internal Auditor? Internal Auditing 26
M ISO 13485 Audit Questions - Internal Auditor Training and other Requirements ISO 13485:2016 - Medical Device Quality Management Systems 10
M Questions about AS9100 Internal Auditor Training AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 14
R Can a external auditor raise a finding that is already identified in Internal Audit ? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
P Can internal ISO 17025 Auditor conduct ISO 9001 Audit ISO 17025 related Discussions 7
P Internal Auditor Training - Audit exercises Internal Auditing 5
D Training Material for Internal Auditor Requirements Training - Internal, External, Online and Distance Learning 4
U TS16949 Internal Auditor Training - Is On-line training OK? Training - Internal, External, Online and Distance Learning 1
F Internal Audit quiz - Auditor Qualifications and Requirements Internal Auditing 34

Similar threads

Top Bottom