" I, as a 3rd party auditor, retain the obligation to determine whether or not the process is "effective"... Discuss.

[AuditFan]

It has been asserted that it is not the 3rd Party Auditor's job to determine effectiveness. ISO 9001 - and other management systems standards - require (as part of being compliant to those requirements) the organization to demonstrate the effectiveness of the processes of their management system. The role of the 3rd Party auditor becomes, therefore, one of verification, through checks of implementation.

 

[ScottK]

Definition of a 3rd party audit per my training:
An external audit performed by an independent organization to provide
assurance of the effectiveness of the QMS (e.g., certification bodies)
Uses national or international standards as the audit criteria, such as ISO 9001

 

[Mike S.]

As I noted in the other thread, AS9100 is filled with requirements for effectiveness. Why would you not audit for effectiveness?

Further, AS9101 has to be followed by the 3rd party auditors and it specifically states:

This standard defines requirements for the preparation and execution of the audit process. In addition, it defines the content
and composition for the audit reporting of conformity and process effectiveness to the 9100-series standards, the
organization's QMS documentation, and customer and statutory/regulatory requirements.

And....

The audit team shall evaluate the effectiveness of each audited operational process (see 9100-series standards clause 8)
considering:

Ever hear of a PEAR?

 

[AuditFan]

There's a HUGE difference in auditing the organization - questioning them and seeking evidence of how THEY have determined that their processes and performance results, product conformity etc demonstrates they achieved what they planned to do, and the declaration made in the title.

It occurs to me that the original statement is a legacy from when ISO 9001 didn't require the effectiveness of processes to be measured/monitored against objectives etc. (that's the 87 and 94 version, BTW). There was no "performance" on conformance. We, as CB auditors, were (somewhat) required to determine effectiveness and it was really difficult. Partly because the Brits wrote ISO 9001 and based it on a military standard (Def Stan 05-21/05-24) it didn't include customer perception as something to measure/monitor. It didn't require demonstration of effective process controls. In fact, the meme about making cement lifejackets wasn't far from the truth!

Today, that's not the case. ISO 9001 requires (if we are to conform with those requirements) to demonstrate implementation and effectiveness. It's the Organization's job to demonstrate those NOT the auditor's job to determine. It's simply confirmation/verification.

The mission has changed, yet (some) auditors and also (some) auditor trainers are still back in the 20th century with their understanding - IMHO!

 

[RoxaneB]

Perhaps I'm missing something here, however, my takeaway from your blog here, Andy, is that the role of the auditor is to comment on the "effectiveness of the results." Granted, that was back in 2018...

 

[John Predmore]

NOT the auditor's job to determine

@AuditFan used the word determine. @Mike S. used the words assess and evaluate. There is a difference between those words. But in a practical world, an auditor can only assess based on a limited sample at a particular point in time. From that assessment, the CB makes a determination.