I believe Hanr3 is trying to make some valid points here, but points that are intermingled with some misguided views. Whilst I'm with Randy in that the second question in an audit can never be truly determined until the first is answered, I can see what Hanr3 has attempted to do with his '5 questions' (even though I vehemently disagree with asking employees to quote the quality policy and 'quality objectives', and the asking of such open-ended questions in an internal audit).
The key differences I would expect to see between internal and external audits have been previously quoted, in that, as Andy said, the internal auditor should have higher levels of access to the QMS specifics, leading to a greater insight during the audit which should predicate getting to the bottom of issues. However, an astute CB auditor (especially one who has made numerous visits to the organisation) may build up an increased level of insight over time anyway. But I don't see any reason why an internal auditor shouldn't delve into training issues (or any other 'wider-reaching' issues) if the audit suggests it to be necessary (i.e. if any issues or complaints reviewed suggest training issues to be a potential root cause of problems, especially within the process/area being audited)? The CB auditor (or the worthwhile ones I've encountered) are building up a picture of an organisation as a whole as they're going along, or certainly an area of scope much more significant than the average internal audit, but that doesn't mean to say that the 2 aren't connected in any way or should be worlds apart in how they are carried out?
I would suggest that, whilst it isn't the internal auditor's main objective to ensure the company complies to ISO 9001, it is something they should be aware of and bear in mind during internal audit, especially if that is the standard the organisation is certified to. We have a system here that includes 2 levels of document to be audited (after the quality manual that is). The 'level 2' documents generally contain procedures relating to departmental-wide issues (training/employee reviews, document control, non-conformities, customer complaints etc) and relate more to some of the specific requirements of ISO 9001, whilst the 'level 3' documents are more section/process specific, consisting of more specific procedures or work instructions. The level 3 documents are much more numerous and, as such, form much of the internal audit programme. However, there are occasions when the audits of level 3 documents also need to consider the issues contained within the level 2 info. And the actual text within 9001, to my mind, states that internal audit should also consider whether or not the requirements of the standard are being met:
8.2.2
The organisation shall conduct internal audits at planned intervals to determine whether the quality management system
a) conforms to the planned arrangements (see 7.1), to the requirements of this International Standard and to the quality management system requirements established by the organization, and
b) is effectively implemented and maintained.
This thread has made me question some of my understanding of the internal and external audit process. I believe the above to be true but I'm willing to stand corrected if someone can offer a truly definitive view of the differences of expectations from internal and external audit? I don't believe it to be as cut and dried as some of the posts here have suggested.
Regards,
Mick