2 level internal audit
With many of my clients we use a 2 level internal audit process. These
folks are auto suppliers, 25 - 250 employees per site typically.
Top level= "systems" audit using the appropriate full standard (QS9000,
TS16949, ISO 9000)
Second level = "process" audit of an individual work instruction. Might be
a shop floor or office activity.
We teach a 1 day class to the general internal audit team focused only
on the second level. We use a generic audit checklist that verifies the
key items (process control, controlled documents in use, gages calibrated,
operator following the process...) The checklist has NO references to
the standard per se -- just the key concepts.
The vast majority of internal audit hours over the course of a year are spent
on level two process audits. We do 1 full system audit a year (QS9000
minimum. This is done by the Mgt Rep, QS9000 leader, or often by me
or a colleague (outside consultants). If Mgt Rep or QS9000 leader,
I have trained with OJT, or sent them to an outside class. (I am ISO 9000
LA course certified, former RAB QSLA)
For TS purposes so far I am relying on having the systems auditor use one
of the AIAG/Plexus courses as their qualification with a brief awareness
training for the rank and file IA's.
We used to teach the whole standard to all the internal audit team and
found it didn't seem to be added value. Too much preoccupation with
the jargon of the standard.
Our internal auditors don't know element numbers, but they know their
processes, and how to audit!
Best regards,
Brad