First Time Internal Auditor - Advice and Tips, please

#71
I'm not sure you're fully reading my posts. Of course there's a nc against ISO 9001, they aren't implementing the document control procedure! If the internal auditor(s) report that to the audit manager, does it take a huge leap of rocket science to determine that the organization isn't in compliance to ISO 9001?

The key here is, the auditors didn't have to know chapter and verse on the standard - apart from anything else because, apparently, you and I have a total disagreement over what just 1 requirement says in 8.2.2, and we're supposed to be more experienced than the newbie auditors!

Do you really want your internal auditors to get into this kind of debate? I rest my case....
 
Last edited:
Elsmar Forum Sponsor

Jim Wynne

Staff member
Admin
#72
If the Standard is not part of the internal audit process, whose job is it to audit the QMS to the Standard? Certantly the external auditor will do it, however its not the external auditors job to make sure you comply. Their job is to see if your in compliance. If you rely on the external auditor you are missing a key part of your internal audit process. You didn't validate your QMS to the Standard. :cool:
The organization's requirements should be documented such that they satisfy the requirements of the standard. If that's the case, you can put the standard away and let external auditors worry about it. If your processes comply with your company's requirements, they also comply with the standard. There should never be a need to reference the standard in internal audits.
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#73
The organization's requirements should be documented such that they satisfy the requirements of the standard. If that's the case, you can put the standard away and let external auditors worry about it. If your processes comply with your company's requirements, they also comply with the standard. There should never be a need to reference the standard in internal audits.
One of those rare times I will disagree with Jim. Let's look at the example of an organization with a simple product; they take a minimalist approach to documenting their processes and have a few more documented procedures than the "minimum 6 required". No documented procedure exists for the product design development process. An internal auditor would have to rely on the ISO 9001 standard to verify if the organization product design process satisfies, or not, the applicable parts of the standard.

An internal audit is a critical component of the necessary self assessment against the standard. I agree with Andy that there is a difference in approach between internal and external auditors, but direct or indirectly, internal auditors must have a way to verify if their processes are in conformance with the standard. Certification should never be a measure of adequacy of the QMS documentation against a standard for the simple fact that certification is not mandatory.
 
#74
Sidney, a good example. I think you are looking at it too narrowly, from the point of reasoning why audits exist. Lets, as you say, remove certification and CB auditors, for now.

In a minimally documented process, the internal auditor would interview the process owner. They might be given some kind of 'cheat sheet' in company language by the MR (who is supposed to be the fount of knowledge in all things 'ISO').

The auditor could then verify what the process owner tells them, based on the 'cheat sheet' - compliance or nay, WITHOUT ever seeing the standard or getting wrapped around the wheel in terms of jargon from the standard! If they are not compliant in some way, the report goes back to the MR and at that point nc with the ISO 7.3 requirements is determined.

The auditor could, then (and from their notes) go an verify from interviews with others who participate in the process, what their 'version' is!

Added to that, the auditor can be directed - if not yet completely competent to use their own initiatives - to see where issues might be caused in, let's say manufacturing. Again, they don't have to get embroiled in learning chapter and verse 7.5, for example.
 

Jim Wynne

Staff member
Admin
#75
One of those rare times I will disagree with Jim. Let's look at the example of an organization with a simple product; they take a minimalist approach to documenting their processes and have a few more documented procedures than the "minimum 6 required". No documented procedure exists for the product design development process. An internal auditor would have to rely on the ISO 9001 standard to verify if the organization product design process satisfies, or not, the applicable parts of the standard.
The simple answer is that if no documentation exists to address design and development, write some. My whole point is that regardless of the size of the organization, the documentation should be written such that the requirements of the standard are addressed.

An internal audit is a critical component of the necessary self assessment against the standard. I agree with Andy that there is a difference in approach between internal and external auditors, but direct or indirectly, internal auditors must have a way to verify if their processes are in conformance with the standard. Certification should never be a measure of adequacy of the QMS documentation against a standard for the simple fact that certification is not mandatory.
"Directly or indirectly" is exactly right. I choose indirectly because the direct route has a tendency to inhibit process auditing and also promotes the dreaded "ISO says so" syndrome. The less emphasis there is on the standard, the better.
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#76
The simple answer is that if no documentation exists to address design and development, write some. My whole point is that regardless of the size of the organization, the documentation should be written such that the requirements of the standard are addressed.
That would go against the "wisdom" of TC176 who decided to reduce the amount of required documentation supporting an ISO 9001-compliant QMS.

The truth is internal auditors must have a working knowledge of the standard, in order to perform effective audits. Most of the time, they will audit against the internal requirements/command media, but sometimes, they will assess evidence directly against the ISO 9001 standard. At least, in my experience.
 

qusys

Trusted Information Resource
#77
Hi All,

I have been given the task at work to be the IA for the company as well as Quality Manager and Magement Rep.

Going to undertaking my first Internal Audits next week, in our four offices throughout the week, I would be grateful for any advice or tips anyone can give me.
Will you follow some specific projects?
If so, you should be familiar with Project management...
As a suggestion, you should have a premilinary review of the last management review to undestand the major issue and what it is on going...:bigwave:
 
C

ChrissieO

#78
You are conducting an internal audit to ensure your QMS complies to the Standard. Some do it as a stand alone audit, others role it into the process audits. :applause:
If you make compliance a key part of a process audit, it ceases to be a process audit but reverts to being a compliance audit and there is a danger that the actual process can be overlooked. Compliance auditing is easier than process auditing so it is easy for an auditor to slip back into this so by taking the emphasis off the standard away from the auditor it helps them to focus on the actual processes

The internal audtor should be auditing the company processes and procedures and once a year I ensure that the company processes and procedures conform to the standard leaving the audt schedule free for meaningful value added process audits.

e.g. our document control process is determned and documented to comply to the standard, if a NC is found related to document control it is a failure of one of our own processes.

Our management team couldn't give a monkey's what relates to what clause, and wouldn't know 4.2.3 if it slapped them on the face, and why should they. All they want to know is where there are breaks or improvement opportunities to our processes, they leave it to me to ensure that these processes conform to the standard to satisfy the CB.

Chrissie
 
Last edited by a moderator:
M

Migre

#79
Our management team couldn't give a monkey's what relates to what clause, and wouldn't know 4.2.3 if it slapped them on the face, and why should they. All they want to know is where there are breaks or improvement opportunities to our processes, they leave it to me to ensure that these processes conform to the standard to satisfy the CB.

Chrissie
I'm guessing that it's just the way the above reads but, whilst I agree with much of what you've said there, it isn't good business practice if the management team leave it to you to ensure that the processes conform to the standard to satisfy the CB. It should be left to you to determine if the processes conform to the standard but the responsibilty for actually making the processes conform should lie elsewhere within the organisation, surely? Given what you've previously stated, I'm sure that is the case?

I have that situation where I work. The management team don't know any actual clauses and I certainly don't care if that remains the case until the day I leave, but I want a hell of a lot more of the top and middle tiers of management taking more responsibility and ownership, certainly where some of the 8 management principles which underpin the standard are concerned.
 
Last edited by a moderator:
C

ChrissieO

#80
I have that situation where I work. The management team don't know any actual clauses and I certainly don't care if that remains the case until the day I leave, but I want a hell of a lot more of the top and middle tiers of management taking more responsibility and ownership, certainly where some of the 8 management principles which underpin the standard are concerned.

Thats the rub though, since we have come away from compliance auditing and concentrated on the processes the manaement team have taken far more ownership of the QMS, NCs etc. because now it means something to them and they see the benefit to the business.

Chrissie
 
Last edited by a moderator:
Thread starter Similar threads Forum Replies Date
J IATF 16949 Internal Audit question - Auditor's responsibility Internal Auditing 6
V Internal Auditor Competency KPI IATF 16949 - Automotive Quality Systems Standard 14
B Internal Auditor Competency - Product Auditors Internal Auditing 9
U Internal Auditor not trained but done Audit for some process Nonconformance and Corrective Action 5
M Tips on preparing for IATF 16949 Internal Lead Auditor exam Manufacturing and Related Processes 1
S ISO 13485 Lead Auditor - Debate between our Quality Team and Regulatory Auditor - Internal Auditor Training ISO 13485:2016 - Medical Device Quality Management Systems 17
B Internal and external auditor competency to CSR's IATF 16949 - Automotive Quality Systems Standard 20
D Impartiality of Internal Auditor ISO 9001/13485 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
M IATF 16949 7.2.3 Internal Auditor Competency - Trainer's competency Internal Auditing 7
C Recommendations for UK-based ISO 13485 internal auditor training ISO 13485:2016 - Medical Device Quality Management Systems 1
A External Auditor issue with Internal Audits Internal Auditing 7
Q Internal Auditor competence for ISO 14001 ISO 14001:2015 Specific Discussions 11
S IATF 16949: Is "Certified" Internal Auditor mandatory? IATF 16949 - Automotive Quality Systems Standard 9
S Internal Auditing for API Spec Q1 - auditor qualification requirements Oil and Gas Industry Standards and Regulations 6
J Your opinion on the better training org for IATF16949 Internal auditor and Lead Auditor IATF 16949 - Automotive Quality Systems Standard 3
Q Internal Auditor Training requirements for ISO 14001:2015 ISO 14001:2015 Specific Discussions 5
E Informational I would like to get some Internal Auditor Training Internal Auditing 31
Q What is the difference between normal and licensed internal auditor? VDA Standards - Germany's Automotive Standards 9
J IATF 16949 CAR - Internal Auditor Requirements IATF 16949 - Automotive Quality Systems Standard 15
A ISO 13485 - Internal Auditor Independence and Process Owners ISO 13485:2016 - Medical Device Quality Management Systems 3
Q AS 9100D internal auditor training requirements Internal Auditing 16
A Other Discussion Boards - Internal Auditor Coffee Break and Water Cooler Discussions 5
E Online training for an internal auditor to AS9120B AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
Q Internal Auditor Trainer's Requirement Internal Auditing 4
D IATF 16949 - Internal Auditor Training/Certification Requirements Training - Internal, External, Online and Distance Learning 2
R Internal Auditor vs. Public Accountant - Accounting Student Needing Help Career and Occupation Discussions 4
C IATF 16949 Cl. - 7.2.3 Internal Auditor Competency IATF 16949 - Automotive Quality Systems Standard 1
C IATF 16949:2016 Cl. 7.2.3 Internal Auditor Competency Requirements IATF 16949 - Automotive Quality Systems Standard 39
Q IATF 16949 Cl. 7.2.3 - Internal Auditor Competency and Records IATF 16949 - Automotive Quality Systems Standard 5
R Internal Auditor auditing Internal Audit Procedure (AS9100) Internal Auditing 18
Q How can an Internal Auditor Trainer's Competency be Evaluated - IATF 16949 Cl. 7.2.3 IATF 16949 - Automotive Quality Systems Standard 10
H ISO/IATF Internal Auditor Recommendations For Manufacturer In California, USA Internal Auditing 3
Casana 2nd Party and Internal Auditor Qualifications & Training IATF 16949 - Automotive Quality Systems Standard 13
P Problem with IATF 16949 Clause 7.2.3 Requirements (Internal Auditor Competency) IATF 16949 - Automotive Quality Systems Standard 3
B Competency of Trainer for Internal Auditor Training (IATF 16949) IATF 16949 - Automotive Quality Systems Standard 11
C ISO 13485:2016 - Internal Auditor Training vs. Lead Auditor Training Training - Internal, External, Online and Distance Learning 4
J Dinged on Internal Audits for supervising an auditor I was training Internal Auditing 10
M Internal Auditor --> Licence needed? Internal Auditing 6
V Internal Auditor Training Documents and PPT Document Control Systems, Procedures, Forms and Templates 5
V Internal Auditor Training Documents and PPT Internal Auditing 3
V Certified Internal auditor is necessary? ISO 9001 requirement? Quality Management System (QMS) Manuals 4
D Can the Plant Manager be our ISO Representative and an Internal Auditor? Internal Auditing 26
M ISO 13485 Audit Questions - Internal Auditor Training and other Requirements ISO 13485:2016 - Medical Device Quality Management Systems 10
M Questions about AS9100 Internal Auditor Training AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 14
R Can a external auditor raise a finding that is already identified in Internal Audit ? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
P Can internal ISO 17025 Auditor conduct ISO 9001 Audit ISO 17025 related Discussions 7
P Internal Auditor Training - Audit exercises Internal Auditing 5
D Training Material for Internal Auditor Requirements Training - Internal, External, Online and Distance Learning 4
U TS16949 Internal Auditor Training - Is On-line training OK? Training - Internal, External, Online and Distance Learning 1
F Internal Audit quiz - Auditor Qualifications and Requirements Internal Auditing 34

Similar threads

Top Bottom