First Time Internal Auditor - Advice and Tips, please

M

Migre

#61
My point of view has been that internal audits are conducted to determine if the ISO requirements are met...but that doesn't mean the auditor must use ISO 9001 as audit criteria...

I personally believe that this often comes from the biased view and stories that are 'spread' by the current internal/lead auditor training courses. Too much emphasis is placed on making the auditors 'expert' in interpreting ISO requirements! Bizarre!
When I started here 2 years ago the managers here were so fixed on complying to ISO 9001 is was untrue. They simply didn't realise that we, as an organisation, had the flexibility and scope to implement a system that was primarily beneficial to the organisation and, secondly, met ISO 9001 requirements. I shared my own views with them on ISO 9001 (that is is basically a system based around commonly accepted good business practices, though not without it's flaws), whilst trying to stress that it isn't the primary concern in all of this.

And I attended a 5-day lead-auditor course around 3 years ago. Run by one of the UK's leading certification bodies (I won't say which one...), it wasn't quite as bad as the picture you paint above but was quite heavily centred around ISO 9001 (unsurprising really as the fictitious organisation being audited used ISO 9001 as audit criteria...).
 
Elsmar Forum Sponsor
#62
:topic:

As has been mentioned in other posts - the IRCA and RABQSA requirements for accredited auditor courses haven't changed substantially since the early days of BS 5750 training! This is also part of the challenge of getting internal auditors to think and act differently....
 
M

Migre

#63
I wasn't aware of that and don't know of the exact requirements/content (I'll have to search for them) but, given what you've said, I can kind of guess...
 
H

Hanr3

#64
Why do you have to audit to the standard to know if you comply? The standard doesn't say you have to audit to the standard!
Yes the Standard does say you must Audit to the Standard, not in those words.
4.1 The organization shall establish, document, implement, and maintain a QMS and continually improve its effectiveness in accordance with the requirements of this Internatinoal Standard.

After a-f, the next line reads.
These processes shall be managed by the organization in accordance with the requirements of this International Standard.
 
H

Hanr3

#65
It is usually the responsibility of the MR or designate to conduct a system audit for compliance.


Chrissie x
You are conducting an internal audit to ensure your QMS complies to the Standard. Some do it as a stand alone audit, others role it into the process audits. :applause:
 
H

Hanr3

#66
8.2.2
The organisation shall conduct internal audits at planned intervals to determine whether the quality management system

a) conforms to the planned arrangements (see 7.1), to the requirements of this International Standard and to the quality management system requirements established by the organization, and

b) is effectively implemented and maintained.

This thread has made me question some of my understanding of the internal and external audit process. I believe the above to be true but I'm willing to stand corrected if someone can offer a truly definitive view of the differences of expectations from internal and external audit? I don't believe it to be as cut and dried as some of the posts here have suggested.

Regards,

Mick


Exactly, the only difference between the internal and external audit is the auditor. The external auditor is brought in as a neutral party, a 3rd party, to Certify your QMS does in fact comply to the Standard.

I'll check in later, I have a ISO MR meting to run in 15min.
 
#67
Yes the Standard does say you must Audit to the Standard, not in those words.
4.1 The organization shall establish, document, implement, and maintain a QMS and continually improve its effectiveness in accordance with the requirements of this International Standard.

After a-f, the next line reads.
These processes shall be managed by the organization in accordance with the requirements of this International Standard.
I don't believe that it says that, in exact words or not! Neither does it mean that!

If it did mean that, it would say 'the organization shall perform audits using this International standard as audit criteria' or something pretty close...

If you consider that ISO 9001 is like a design code of practice - building regs, for example, so what use is it to go to a building, after it has been designed and built, and start inspecting and questioning the building regs? Too late! Not the responsibility of the dweller, but you're leaving them with the responsibility to take action!

Imagine if it happened to you - someone turns up and says - 'You can't live here' the regs weren't included in the architect's design! You - he house owner, now have to take corrective action on regs you've never read, don't have a clue what they mean (without expert assistance) but you've got to come up with corrective action? Oh yea...

That's exactly what you're proposing should happen during audits of your qms to ISO 9001!
 
H

Hanr3

#68
I don't believe that it says that, in exact words or not! Neither does it mean that!

If it did mean that, it would say 'the organization shall perform audits using this International standard as audit criteria' or something pretty close...

If you consider that ISO 9001 is like a design code of practice - building regs, for example, so what use is it to go to a building, after it has been designed and built, and start inspecting and questioning the building regs? Too late! Not the responsibility of the dweller, but you're leaving them with the responsibility to take action!

Imagine if it happened to you - someone turns up and says - 'You can't live here' the regs weren't included in the architect's design! You - he house owner, now have to take corrective action on regs you've never read, don't have a clue what they mean (without expert assistance) but you've got to come up with corrective action? Oh yea...

That's exactly what you're proposing should happen during audits of your qms to ISO 9001!
Reread 8.2.2a , it is posted a couple up. It does specifically state you must audit to the standard. The organization shall conduct internal audits at planned intervals to determine whether the QMS, a) conforms...to the requirements of this international standard...
 
#69
Reread 8.2.2a , it is posted a couple up. It does specifically state you must audit to the standard. The organization shall conduct internal audits at planned intervals to determine whether the QMS, a) conforms...to the requirements of this international standard...
No, it doesn't say you must audit to the standard! And not only that, but CB auditors, having determined that your system meets all the ISO 9001 requirements (or whatever is the criterion) then audit to the qms, not the standard!

You can determine if it meets the requirement without using the standard as audit criteria...

For example; ISO says you have to have a documented procedure for control of documentation, including changes. So, a procedure is written, including how to deal with changes. Let's say, after a few years of implementation, people start to make changes but don't use the method described in the procedure and this is found during an internal audit. Non-conformity! The situation is non-conforming to the organization's own documented procedure and, hence, ISO 9001. But we didn't need to go out and use ISO to find it or write it as an nc against the standard...
 
Last edited:
H

Hanr3

#70
No, it doesn't say you must audit to the standard!

8.2.2
The organization shall conduct internal audits at planned intervals to determine whether the quality management system

a) conforms to the requirements of this International Standard.
It would appear to me that is exactly what the Standard states.


You can determine if it meets the requirement without using the standard as audit criteria...

For example; ISO says you have to have a documented procedure for control of documentation, including changes. So, a procedure is written, including how to deal with changes. Let's say, after a few years of implementation, people start to make changes but don't use the method described in the procedure and this is found during an internal audit. Non-conformity! The situation is non-conforming to the organization's own documented procedure and, hence, ISO 9001. But we didn't need to go out and use ISO to find it or write it as an nc against the standard...
Lets use your example of changes to the Control of document procedure. People made those changes to documents without following the procedure, are you sure there isn't also a non-conformity to the standard? Careful, this is a loaded question!

4.2.3c to ensure that changes and the current revision status of documents are identified.

How do you know if there is a non-conformance to the standard unless you audit to the standard too. If they didn't update the revision status according to thier procedure, they also have a non-conformity to the standard. And if they change their process to exclude revision changes, they are no longer in complaince and it will be a finding.

You need to audit to the QMS, to the planned processes, and to the Standard. Assuming you comply with the Standard because you passed your certification audit is a noncompliance finding. You must show evidence that you audited the QMS to the Standard.
 
Thread starter Similar threads Forum Replies Date
J IATF 16949 Internal Audit question - Auditor's responsibility Internal Auditing 6
V Internal Auditor Competency KPI IATF 16949 - Automotive Quality Systems Standard 14
B Internal Auditor Competency - Product Auditors Internal Auditing 9
U Internal Auditor not trained but done Audit for some process Nonconformance and Corrective Action 5
M Tips on preparing for IATF 16949 Internal Lead Auditor exam Manufacturing and Related Processes 1
S ISO 13485 Lead Auditor - Debate between our Quality Team and Regulatory Auditor - Internal Auditor Training ISO 13485:2016 - Medical Device Quality Management Systems 17
B Internal and external auditor competency to CSR's IATF 16949 - Automotive Quality Systems Standard 20
D Impartiality of Internal Auditor ISO 9001/13485 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
M IATF 16949 7.2.3 Internal Auditor Competency - Trainer's competency Internal Auditing 7
C Recommendations for UK-based ISO 13485 internal auditor training ISO 13485:2016 - Medical Device Quality Management Systems 1
A External Auditor issue with Internal Audits Internal Auditing 7
Q Internal Auditor competence for ISO 14001 ISO 14001:2015 Specific Discussions 11
S IATF 16949: Is "Certified" Internal Auditor mandatory? IATF 16949 - Automotive Quality Systems Standard 9
S Internal Auditing for API Spec Q1 - auditor qualification requirements Oil and Gas Industry Standards and Regulations 6
J Your opinion on the better training org for IATF16949 Internal auditor and Lead Auditor IATF 16949 - Automotive Quality Systems Standard 3
Q Internal Auditor Training requirements for ISO 14001:2015 ISO 14001:2015 Specific Discussions 5
E Informational I would like to get some Internal Auditor Training Internal Auditing 31
Q What is the difference between normal and licensed internal auditor? VDA Standards - Germany's Automotive Standards 9
J IATF 16949 CAR - Internal Auditor Requirements IATF 16949 - Automotive Quality Systems Standard 15
A ISO 13485 - Internal Auditor Independence and Process Owners ISO 13485:2016 - Medical Device Quality Management Systems 3
Q AS 9100D internal auditor training requirements Internal Auditing 16
A Other Discussion Boards - Internal Auditor Coffee Break and Water Cooler Discussions 5
E Online training for an internal auditor to AS9120B AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
Q Internal Auditor Trainer's Requirement Internal Auditing 4
D IATF 16949 - Internal Auditor Training/Certification Requirements Training - Internal, External, Online and Distance Learning 2
R Internal Auditor vs. Public Accountant - Accounting Student Needing Help Career and Occupation Discussions 4
C IATF 16949 Cl. - 7.2.3 Internal Auditor Competency IATF 16949 - Automotive Quality Systems Standard 1
C IATF 16949:2016 Cl. 7.2.3 Internal Auditor Competency Requirements IATF 16949 - Automotive Quality Systems Standard 39
Q IATF 16949 Cl. 7.2.3 - Internal Auditor Competency and Records IATF 16949 - Automotive Quality Systems Standard 5
R Internal Auditor auditing Internal Audit Procedure (AS9100) Internal Auditing 18
Q How can an Internal Auditor Trainer's Competency be Evaluated - IATF 16949 Cl. 7.2.3 IATF 16949 - Automotive Quality Systems Standard 10
H ISO/IATF Internal Auditor Recommendations For Manufacturer In California, USA Internal Auditing 3
Casana 2nd Party and Internal Auditor Qualifications & Training IATF 16949 - Automotive Quality Systems Standard 13
P Problem with IATF 16949 Clause 7.2.3 Requirements (Internal Auditor Competency) IATF 16949 - Automotive Quality Systems Standard 3
B Competency of Trainer for Internal Auditor Training (IATF 16949) IATF 16949 - Automotive Quality Systems Standard 11
C ISO 13485:2016 - Internal Auditor Training vs. Lead Auditor Training Training - Internal, External, Online and Distance Learning 4
J Dinged on Internal Audits for supervising an auditor I was training Internal Auditing 10
M Internal Auditor --> Licence needed? Internal Auditing 6
V Internal Auditor Training Documents and PPT Document Control Systems, Procedures, Forms and Templates 5
V Internal Auditor Training Documents and PPT Internal Auditing 3
V Certified Internal auditor is necessary? ISO 9001 requirement? Quality Management System (QMS) Manuals 4
D Can the Plant Manager be our ISO Representative and an Internal Auditor? Internal Auditing 26
M ISO 13485 Audit Questions - Internal Auditor Training and other Requirements ISO 13485:2016 - Medical Device Quality Management Systems 10
M Questions about AS9100 Internal Auditor Training AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 14
R Can a external auditor raise a finding that is already identified in Internal Audit ? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
P Can internal ISO 17025 Auditor conduct ISO 9001 Audit ISO 17025 related Discussions 7
P Internal Auditor Training - Audit exercises Internal Auditing 5
D Training Material for Internal Auditor Requirements Training - Internal, External, Online and Distance Learning 4
U TS16949 Internal Auditor Training - Is On-line training OK? Training - Internal, External, Online and Distance Learning 1
F Internal Audit quiz - Auditor Qualifications and Requirements Internal Auditing 34

Similar threads

Top Bottom