Incorrectly Performed ISO 9001:2008 Internal Audit

[QAMTY]

Hi everybody

Could you please share thoughs in my case.
I have ISO 9001 2008, and we are running internal audits.

Im in the position of General Director, recently I revised one of
audits report of an audit performed by one internal auditor.

I noticed that really was not a good audit,it has several faults

Nc´s were incorrectly documented, lacking of enough evidences,
wrong document identifications, findings that seemed more OFI, than
real nc´s,etc.

The auditee, a recent hired boy in the audited process, accepted the report
and now is working on the CAs/PAs.


My question is:

What can I do in this case, Can I cancel the audit and repeat it with a new auditor, or just ignore the audit report and make CA´s only in findings which I consider really apply?

How to manage this issue?

I read ISO 19011 and I dont see anything about it?

Thanks

 

[Claes Gefvenberg]

What can I do in this case, Can I cancel the audit and repeat it with a new auditor, or just ignore the audit report and make CA´s only in findings which I consider really apply?

Hi QAMTY,

Apart from making certain that coming audits are done properly, I suppose I would deal with the audit in question by going through the report and findings together with the auditee (helping him out, as he is a rookie), and set actions accordingly even if said findings are less than perfect. Of course, you may be forced to ask for more or better background data/evidence in the process, but that in itself is not uncommon. We all need clarification sometimes.

Obviously, judging from your description, some of the findings may or may not be dead ends, leading to "No further action". That should be ok, as long as you can explain how and why you reached that conclusion.

 

[Colin]

To add to Claes' answer, how will you stop this from happening again in the future? What is the process for ensuring that your internal auditors are competent?

 

[QAMTY]

Thanks Claes and Colin
Well, in the Audit process precedure I have included a survey which is filled up by the auditee every time an audit is carried out, where we evaluate the auditor performance on several points, at the end of year we gather all the surveys and take the needed actions to improve the audit process, but is done annually,
I wonder if its better to set it every 6 months and not to wait one year to take actions
Thanks

 

[Ajit Basrur]

Great points by Claes and Colin.

QAMTY, as part of your proposed action, you need to consider the following:

From your post, I could not figure how long ago did you identify the erroneous audit report? Is there any impact to process or product due to wrong categorization and/or actions taken subsequently?

How do you select your internal auditors and ensure their competence? I do not know your procedure but typically internal auditors get assigned to respective audits to ensure impartiality and that they have the required knowledge and skills to get the intended results.

You may also include a process to review the audit report before it is published.

 

[qualityfox]

I have found over the years that internal auditors and auditees do not have the thorough understanding of ISO that I do. Although they've been trained, ISO is not their full time job, so auditors make mistakes and auditees accept poorly written NCs because they assume the auditor knows what they're doing. To ensure effective reports I hold a review meeting with the auditor before they issue their report. I also sit in on the closing meeting to ensure everyone understands what is expected. Our ISO certificate is relatively new so I consider these reviews to be an opportunity to help all concerned better understand the requirements. When our system becomes more mature, this close attention should no longer be necessary.

 

[dsanabria]

Hi everybody

Could you please share thoughs in my case.
I have ISO 9001 2008, and we are running internal audits.

Im in the position of General Director, recently I revised one of
audits report of an audit performed by one internal auditor.

I noticed that really was not a good audit,it has several faults

Nc´s were incorrectly documented, lacking of enough evidences,
wrong document identifications, findings that seemed more OFI, than
real nc´s,etc.

The auditee, a recent hired boy in the audited process, accepted the report
and now is working on the CAs/PAs.


My question is:

What can I do in this case, Can I cancel the audit and repeat it with a new auditor, or just ignore the audit report and make CA´s only in findings which I consider really apply?

How to manage this issue?

I read ISO 19011 and I dont see anything about it?

Thanks

AHHH!

What you are describing is an opportunity for Improvement in the audit team.

The audit is done - in your schedule you could reschedule the areas you think require additional oversight.

Next - partner up with each auditor and with a teaching heart - find the strength and areas for improvement of each auditor and go with each point that you see - as it happens.

Review the NCR with the auditors and try to find out if they understand the process of writhing NCR and other options available in describing the event.

Finally, a group refresher training would be nice. Please don't single out an auditor in public - you will loose that auditor.

Remember to support them, positive feedback and teaching moments

 

[RoxaneB]

Thanks Claes and Colin
Well, in the Audit process precedure I have included a survey which is filled up by the auditee every time an audit is carried out, where we evaluate the auditor performance on several points, at the end of year we gather all the surveys and take the needed actions to improve the audit process, but is done annually,
I wonder if its better to set it every 6 months and not to wait one year to take actions
Thanks

People don't know what they don't know. In the case of the auditee, if he had limited or no knowledge of what to expect from the audit, how can he properly evaluate the process? And, let's be honest, it would not be a surprise to see auditees being "kind" in their survey responses in order to facilitate soft audits in the future.

If you wish to evaluate your audit process, you could...well...audit it. Or have someone on the team do spot checks on the reports and responses - in the medical field, we do spot audits on patient charts to assess the state of documentation from our clinical personnel.

It does sound like there could be an opportunity to refresh the knowledge of the auditors on the auditing process, including how to write a report, articulate findings, and work with auditees.