IATF 16949: Is "Certified" Internal Auditor mandatory?

[sistoiv]

Goodmorning everyone.
Usual hot discussion for IATF 16949 certification: is it mandatory for the internal auditor (system audit) to carry out a training course (qualification) provided by a certification body or training institution, accredited IATF 16949? Neither standard nor sanctioned interpretations provide for this requirement, but third-party auditors claim this in practice (especially by voice). Maybe (!) because they sell these courses.
Can you make reservations? Have any of you done it?

 

[Golfman25]

It's not mandatory. However, the internal auditor requirements are pretty specific and would be hard to meet without some type of advanced training.

 

[UncleFester]

It's not mandatory within Clause 7.2.3, but you do have to determine competence requirements. Sanctioned interpretation no.4 clarifies the requirements for system auditors in that items a to e in 7.2.3 all apply to system auditors.

So your own competence requirements - and evidence - need to support this. If you determine that your system auditors need to undergo a training course then that's up to you. Your customers may have their own requirements which you must consider.

You should also consider the requirements in 7.2.4 if your system auditors (or anyone else) is conducting 2nd party audits. VW have a CSR relating to this, as auditors are required to be VDA 6.3 certified.

 

[Marc]

Your customers may have their own requirements which you must consider.

Excellent point.

 

[sistoiv]

Thanks to all.
I know that competence requirements (system, process, product auditor) have to be defined and documentated by organization. These competence requirments are: skill/experience, time, training tests, eventual applicable CSR and so on. Furthermore, requirements on any internal staff who have provided training must also be included.
So far, all clear and all OK.
The issue is on "certified" auditor (internal or consultant): if you and me are right about standard/SI requirements, what should I do with certification bodies that ask instead for the auditor to take "recognized" courses?
Why does IATF not clarify this point in SI?

 

[UncleFester]

Certification bodies should not be asking you or your organisation to take 'recognised' courses - unless in your own competence requirements for internal auditors you have stated that internal auditors must take a recognised course!

I would be challenging any certification body auditor by asking whereabouts in the standard can they show me this requirement. There is no nonconformity here. They could raise an observation, but nothing more. If they're advising you to do this, then this I would class as consultancy which is not what the auditor is there for.

 

[sistoiv]

by asking whereabouts in the standard can they show me this requirement.

Done!
Auditor's response "it is the practice, we must keep the level high and in any case my body imposes it on me".
My answer: do as you believe but if you give us nonconformity I'm going to include objection in audit report and then we will recuse you. If you give observation then OK.

 

[Golfman25]

That's about all you can do. However, don't be surprised since his "body imposes it on" him. I had a similar situation where the CB had their own expectations as to what equaled compliance and what would not. It was like pounding your head against a wall.

 

[Marc]

I had a similar situation where the CB had their own expectations

This type of situation seems to come up quite often.

 

[sistoiv]

CB are service suppliers and we are customers who pay their invoices. You CB must give me even 100 NC if any but you don't have to cook up standard requirements, you are not standardization body.