Incorrectly Performed ISO 9001:2008 Internal Audit

Q

QAMTY

#1
Hi everybody

Could you please share thoughs in my case.
I have ISO 9001 2008, and we are running internal audits.

Im in the position of General Director, recently I revised one of
audits report of an audit performed by one internal auditor.

I noticed that really was not a good audit,it has several faults

Nc´s were incorrectly documented, lacking of enough evidences,
wrong document identifications, findings that seemed more OFI, than
real nc´s,etc.

The auditee, a recent hired boy in the audited process, accepted the report
and now is working on the CAs/PAs.


My question is:

What can I do in this case, Can I cancel the audit and repeat it with a new auditor, or just ignore the audit report and make CA´s only in findings which I consider really apply?

How to manage this issue?

I read ISO 19011 and I dont see anything about it?

Thanks
 
Elsmar Forum Sponsor
#2
What can I do in this case, Can I cancel the audit and repeat it with a new auditor, or just ignore the audit report and make CA´s only in findings which I consider really apply?
Hi QAMTY,

Apart from making certain that coming audits are done properly, I suppose I would deal with the audit in question by going through the report and findings together with the auditee (helping him out, as he is a rookie), and set actions accordingly even if said findings are less than perfect. Of course, you may be forced to ask for more or better background data/evidence in the process, but that in itself is not uncommon. We all need clarification sometimes.

Obviously, judging from your description, some of the findings may or may not be dead ends, leading to "No further action". That should be ok, as long as you can explain how and why you reached that conclusion.
 
Q

QAMTY

#4
Thanks Claes and Colin
Well, in the Audit process precedure I have included a survey which is filled up by the auditee every time an audit is carried out, where we evaluate the auditor performance on several points, at the end of year we gather all the surveys and take the needed actions to improve the audit process, but is done annually,
I wonder if its better to set it every 6 months and not to wait one year to take actions
Thanks
 

Ajit Basrur

Staff member
Admin
#5
Great points by Claes and Colin.

QAMTY, as part of your proposed action, you need to consider the following:

From your post, I could not figure how long ago did you identify the erroneous audit report? Is there any impact to process or product due to wrong categorization and/or actions taken subsequently?

How do you select your internal auditors and ensure their competence? I do not know your procedure but typically internal auditors get assigned to respective audits to ensure impartiality and that they have the required knowledge and skills to get the intended results.

You may also include a process to review the audit report before it is published.
 

qualityfox

Involved In Discussions
#6
I have found over the years that internal auditors and auditees do not have the thorough understanding of ISO that I do. Although they've been trained, ISO is not their full time job, so auditors make mistakes and auditees accept poorly written NCs because they assume the auditor knows what they're doing. To ensure effective reports I hold a review meeting with the auditor before they issue their report. I also sit in on the closing meeting to ensure everyone understands what is expected. Our ISO certificate is relatively new so I consider these reviews to be an opportunity to help all concerned better understand the requirements. When our system becomes more mature, this close attention should no longer be necessary.
 

dsanabria

Quite Involved in Discussions
#7
Hi everybody

Could you please share thoughs in my case.
I have ISO 9001 2008, and we are running internal audits.

Im in the position of General Director, recently I revised one of
audits report of an audit performed by one internal auditor.

I noticed that really was not a good audit,it has several faults

Nc´s were incorrectly documented, lacking of enough evidences,
wrong document identifications, findings that seemed more OFI, than
real nc´s,etc.

The auditee, a recent hired boy in the audited process, accepted the report
and now is working on the CAs/PAs.


My question is:

What can I do in this case, Can I cancel the audit and repeat it with a new auditor, or just ignore the audit report and make CA´s only in findings which I consider really apply?

How to manage this issue?

I read ISO 19011 and I dont see anything about it?

Thanks
AHHH!

What you are describing is an opportunity for Improvement in the audit team.

The audit is done - in your schedule you could reschedule the areas you think require additional oversight.

Next - partner up with each auditor and with a teaching heart - find the strength and areas for improvement of each auditor and go with each point that you see - as it happens.

Review the NCR with the auditors and try to find out if they understand the process of writhing NCR and other options available in describing the event.

Finally, a group refresher training would be nice. Please don't single out an auditor in public - you will loose that auditor.

Remember to support them, positive feedback and teaching moments
 

RoxaneB

Super Moderator
Super Moderator
#8
Thanks Claes and Colin
Well, in the Audit process precedure I have included a survey which is filled up by the auditee every time an audit is carried out, where we evaluate the auditor performance on several points, at the end of year we gather all the surveys and take the needed actions to improve the audit process, but is done annually,
I wonder if its better to set it every 6 months and not to wait one year to take actions
Thanks
People don't know what they don't know. :cool: In the case of the auditee, if he had limited or no knowledge of what to expect from the audit, how can he properly evaluate the process? And, let's be honest, it would not be a surprise to see auditees being "kind" in their survey responses in order to facilitate soft audits in the future. :notme:

If you wish to evaluate your audit process, you could...well...audit it. Or have someone on the team do spot checks on the reports and responses - in the medical field, we do spot audits on patient charts to assess the state of documentation from our clinical personnel.

It does sound like there could be an opportunity to refresh the knowledge of the auditors on the auditing process, including how to write a report, articulate findings, and work with auditees.
 
Thread starter Similar threads Forum Replies Date
S Work performed in Canada on US patients using US device Canada Medical Device Regulations 1
A We're currently looking for any studies performed on various PPE materials Qualification and Validation (including 21 CFR Part 11) 1
M Routine testing of medical electrical systems - What specific electrical safety tests should be performed? IEC 60601 - Medical Electrical Equipment Safety Standards Series 5
S 510(K) change analysis - At what point should a 510(K) change analysis be performed? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
S Corrective Action from Internal Audits not performed ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 24
S Internal Audits performed by another local business ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 26
D When should the OHSMS certification audit be performed? Occupational Health & Safety Management Standards 9
D Should Biocompatibility Tests be performed on Production Samples? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 9
Ajit Basrur Is Biocompatibility study performed on medical devices for possible contaminants? Other Medical Device Related Standards 4
S No Audit Schedule and Internal Audit not Performed ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 20
G Do Inspections need to be performed by QA/QC Personnel 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 5
B Should EMC (Electromagnetic Compatibility) Testing be performed In-House CE Marking (Conformité Européene) / CB Scheme 10
V Is the CQI-9 Heat Treat Assessment performed by a 3rd Party Auditor APQP and PPAP 1
V Do I need dimensionals performed for PPAP for every revision change? APQP and PPAP 2
M Program of Internal Audits aren?t performed fully - Is it nonconformance? General Auditing Discussions 20
I Medical, Vacuum Heat Treat or Not if Subsequent Finishing Operations are Performed Benchmarking 3
T Resolution Analysis - Has anyone ever performed a Resolution Analysis? General Measurement Device and Calibration Topics 1
E First external audit coming up, do I need to have performed Internal Audits already? Internal Auditing 15
A Internal Audits - What if performed by consultant Internal Auditing 9
S Internal Audits not performed - Useful data from internal audit schedule Internal Auditing 31
W Gage R&R study frequency - How often should a Gage R&R be performed? Capability, Accuracy and Stability - Processes, Machines, etc. 8
D Are FIR's performed per AS9102, either at Tier 2 or from Tier 3's? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
B SPC for any of the testing performed in a Metals Testing Laboratory... General Measurement Device and Calibration Topics 2
S TUV NCR No: 2 - Aseptic processing validation has not been performed ISO 13485:2016 - Medical Device Quality Management Systems 4
C Elevated work platforms - No evidence of inspection being performed - Clarification Various Other Specifications, Standards, and related Requirements 1
R Has anyone ever performed a MSA study on a profilometer? Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 1
H How often is Attribute Gage R&R required to be performed? Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 10
D Audits performed by Bosch ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
A ISO 11607-1: 2019 main changes Other Medical Device Related Standards 2
G National Structural Steel Specification 7th Edition - Do I now have to be audited against ISO 3843-3 as well as ISO 9001? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 0
J How much to charge for helping a startup company with initial ISO 13485 certification? Consultants and Consulting 3
J ISO 13485 System 'soft start' - How to best reflect this in initial audits, management review minutes and other records? ISO 13485:2016 - Medical Device Quality Management Systems 3
L How to understand the clause 6 Planning of ISO 9001:2015 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
D ISO 13485 - 7.3.6 Design and development verification - Do most folks create a separate SOP? ISO 13485:2016 - Medical Device Quality Management Systems 4
B ISO 8536-4 Contamination Index ISO 13485:2016 - Medical Device Quality Management Systems 0
S Practical Implementation of ISO 14971 ISO 14971 - Medical Device Risk Management 6
C ISO 13485 :2016 - CAPA - Does every CAPA need to be checked by regulations? ISO 13485:2016 - Medical Device Quality Management Systems 9
L Process changes and biocompatibility (ISO 10993-1) Other Medical Device Related Standards 1
J Recommendations for online ISO 19011 training? Training - Internal, External, Online and Distance Learning 6
D ISO 13485 8.2.1 and 8.2.2 - Customer Feedback and Customer Complaints ISO 13485:2016 - Medical Device Quality Management Systems 5
S Requirements to obtain ISO 50001 Certification ISO 14001:2015 Specific Discussions 2
A ISO 11135:2014, B.1.4, BI resistance x product bioburden ISO 13485:2016 - Medical Device Quality Management Systems 6
Sravan Manchikanti How to interpret '8.3 Control of nonconforming product' for SaMD device while implementing ISO 13485 & MDSAP ISO 13485:2016 - Medical Device Quality Management Systems 4
J Sister-company providing parts is only ISO 9001 registered IATF 16949 - Automotive Quality Systems Standard 7
M Getting started in ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 21
G Copy of withdrawn ISO 9001:1994 Quality Management Standard ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
P ISO 80369 and endoscope port/lumen Other ISO and International Standards and European Regulations 4
C ISO 639-1 Languages Other Medical Device Related Standards 0
B ISO 11607-2 "Critical Parameter" vs. "Process Parameter" Other Medical Device Related Standards 3
S ECG Cable Banana to Snap or Tab electrode Adapters -- ISO 10993 Requirement Other Medical Device Related Standards 0

Similar threads

Top Bottom