Internal Audit Findings and the Registrar

Marc

Hunkered Down for the Duration
Staff member
Admin
#1
Subject: Re: Internal Audit Findings and the Registrar /Maroney-Benassi/Naish
Date: Tue, 28 Sep 1999 15:54:20 -0600
From: ISO Standards Discussion <[email protected]>

From: [email protected]
Subject: RE: Internal Audit Findings and the Registrar /Maroney-Benassi/Naish

Patricia,

My experience with the auditors from the registrar include the following:

1) They check to make sure the audits are adequately documented.

A. Are the forms completed as per the procedure.

B. Does the record include both comforming and non conforming audits.

C. Can you see independence of the auditor from the area being audited.

D. Is there an adequate description of any discrepancies either on the audit form or a corrective action form.

2) They check to see if you are following your schedule or plan within the criteria you set for doing so.

A. If you say you do all sections in a year in all areas of the company can you show you have tracked all sections and all areas.

B. If you say you have to o the audit within a given month are you doing them within a given month.

C. If you say managers are given X notice can you show the managers were notified in advance.

3) Are the audits effective.

A. If they see obvious non conformaces or discrepancies they want to see if the internal audits 1: looked at that area of the company and 2: Did the auditor(s) see what the registrar is seeing. I had one auditor make an observation that the audits were not effective since there were a number of minor non conformances he observed and the audits performed the previous two months for the same areas did not identify the discrepancies.

B. They have asked if the ISO Rep thought there were enough audits being performed to fully evaluate the whole system in some of the larger companies who had only one audit per area in a one year period.

C. If there are checklists used, do the checklists cover all of the specific section(s) of the standard being audited for an area. In other words is the whole system really being evaluated in the audits or are some subsections of the standard or some group(s) of people being omitted that should be audited.

4) Are the auditors trained.

A. Do you have training records.

B. How much training do the auditors get.

C. Does at least part of the training include a review and understanding of the ISO standard.

Hope that helps you.

Phyllis
 
Elsmar Forum Sponsor

Marc

Hunkered Down for the Duration
Staff member
Admin
#2
Subject: Re: Internal Audit Findings and the Registrar/Maroney-Benassi/Kohn
Date: Thu, 30 Sep 1999 16:13:32 -0600
From: ISO Standards Discussion <[email protected]>

From: Brian Charles Kohn [email protected]
Subject: RE: Internal Audit Findings and the Registrar/Maroney-Benassi/Kohn

>From: "Maroney-Benassi, Patricia" [email protected]

>ISO 9001:1994 section 4.17 requires procedures for internal audits and sets
>some specifications for the manner in which the audits are conducted and the
>records are used. Once an internal audit process is established and
>functioning, does the registrar generally review the actual audit findings?

Without a doubt. The third-party system is structured to allow only a very superficial audit vis a vis the size of the organization being audited. The reason why the system has integrity is because it is really a cross-check, a cross-check on the conclusions already reached through the internal audit process. The only way I, as a third-party auditor, can say that an organization is compliant, is based on the evidence presented to me by the client in that regard. I only audit them to make sure they're not fabricating internal audit, corrective action, management review and other critical records.

If the internal audit system says there's a problem, then there is a problem. For sure. Now, as a matter of practice, I often didn't cite minor nonconformances when they were apparently properly logged and being expediently worked through the internal audit system. Practically speaking, in the case of minor nonconformances, all that would happen is that the client would work the issue and then I'd have to spend time making sure they did so during my next visit. Since I must sample their internal audit findings for timely and effective corrective action anyway (during each visit), I need to be judicious in citing minor nonconformances of this sort; otherwise I'd be spending an inappropriate amount of surveillance time looking at internal audit and corrective action, and therefore an inadequate amount of time looking at the rest of the system.

Major nonconformances are another story, however. My typical follow-up would be in the short-term; i.e., a special visit within 2-3 months. That cannot nor should not be short-circuited based on any reliance on the client's internal audit and corrective action systems.

>If so, are they reviewing only to establish that the internal audit system
>functions (i.e. trace an observation through corrective action, resolution,
>and tie in to 4.1.3)? Or do they actually use the internal audit findings to
>measure the health of your quality system (i.e. find out what problems we've
>been having)?

It bears repeating: The third-party auditor is reviewing the internal audit system records primarily to see that you have assured that you are indeed in compliance.

- It is *NOT* to see where your problems are so they can focus in on those areas.

- It is not *only* to verify that the internal audit process itself has integrity (although that *is* one intent.)

Brian Charles Kohn
 

Marc

Hunkered Down for the Duration
Staff member
Admin
#3
Subject: Re: Internal Audit Find. and the Reg. /Maroney-Benassi/Pfrang
Date: Fri, 1 Oct 1999 13:59:14 -0600
From: ISO Standards Discussion <[email protected]>

From: [email protected] (Doug Pfrang)
Subject: RE: Internal Audit Find. and the Reg. /Maroney-Benassi/Pfrang

>From: "Maroney-Benassi, Patricia" <[email protected]>
>Subject: Q: Internal Audit Findings and the Registrar /Maroney-Benassi
>
>ISO 9001:1994 section 4.17 requires procedures for internal audits and sets
>some specifications for the manner in which the audits are conducted and the
>records are used. Once an internal audit process is established and
>functioning, does the registrar generally review the actual audit findings?

Yes, the registrar does generally review the actual audit findings. In fact, I know of one that does this as a routine part of every surveillance audit. They begin every surveillance audit with several administrative activities, one of which is a review of the findings of all internal audits performed since the previous surveillance audit.

>If so, are they reviewing only to establish that the internal audit system
>functions (i.e. trace an observation through corrective action, resolution,
>and tie in to 4.1.3)? Or do they actually use the internal audit findings to
>measure the health of your quality system (i.e. find out what problems we've
>been having)?

Yes, the registrars review internal audit findings to establish that the internal audit system functions, and yes, they actually use the internal audit findings to measure the health of the quality system. For example, they will routinely follow-up any audit finding that occurs is in an area which they cover in their surveillance audit. They will also follow-up a random sampling of audit findings during their surveillance audit of the internal audit procedure, to confirm that the corrective action was taken and was effective.

>As a regulatory agency, we generally keep our nose out of a firm's internal
>audit findings so as not to "chill" their quality assurance efforts. We use
>complaint handling to measure the effectiveness of corrective action
>procedures. I was wondering if registrars take this same approach even
>though they have a customer/client relationship with a firm.

Yes, they use this approach as well, but much less often. Since they have access to internal audit findings, they can evaluate the corrective action procedure by simply reviewing the internal audit findings and ensuring that corrective action was taken; therefore, they do not need to rely on the other inputs to the corrective action procedure -- such as complaint handling -- to evaluate the corrective action procedure. Nevertheless, since complaint handling is another input to the corrective action procedure, they will occasionally confirm that it is also functioning, but only when the surveillance audit specifically covers the corrective action procedure.

-- Doug
 

barb butrym

Quite Involved in Discussions
#4
Registrars I am familiar with audit customer complaints every visit...and some audit CA/PA and internal audits every visit. If those are working, its a good indication of how the rest of the system is working......

phyllis is right on....exactly what we look for.
 
D

David Guffey

#6
I have learned that an aggressive and effective internal audit process is a great tool during a third party audit.

If my internal audit system has cited a finding and if other findings and corrective actions have been effective and timely, my registrar has not cited.

If, however, an area was recently audited internally and a finding was not noted (even recognizing it might not have been there at the time), the registrar will write, and rightfully so.

Expect your internal audit to receive quite a review at the initial assessment and at every surveillance thereafter. If it's up-to-snuff, it will be well rewarded.
 
Thread starter Similar threads Forum Replies Date
A Internal Audit - Findings - Recent Internet Audit (Prior to Certification) IEC 27001 - Information Security Management Systems (ISMS) 7
dubrizo Are you documenting Internal Audit findings as NCRs? Internal Auditing 18
dubrizo Audit Findings: Writing against Internal an ISO Clause Internal Auditing 10
M Do all findings (nonconformities) in an internal audit require a corrective action? Quality Management System (QMS) Manuals 55
S Internal Audit Findings Summary Rewrite by an Auditee ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
M Help with Internal Audit Findings ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
M Internal Audit Findings and Issuance Problem Internal Auditing 4
I Types of Internal Audit findings based on ISO 9001 Clause 8.2.2 Quality Manager and Management Related Issues 10
D Management Review Analysis of Internal Audit Findings Quality Manager and Management Related Issues 8
A How to Address Internal Quality Audit Findings Internal Auditing 8
B Critical Action Limits (CAL) for All Internal and External Audit Findings General Auditing Discussions 17
X ISO 9001:2008 Internal Audit - Classification of Audit Findings Internal Auditing 5
S External Auditor Findings when an Internal Audit found a Nonconformance Yesterday Document Control Systems, Procedures, Forms and Templates 11
L Categorizing Internal Audit Findings Internal Auditing 10
Michael Malis For Internal Audit findings, would you open a CAPA for every observation? Internal Auditing 31
E Internal Audits - Presenting Audit Findings to Upper Management General Auditing Discussions 19
V Documenting the Root Causes for Internal Audit Non-Conformance Findings Problem Solving, Root Cause Fault and Failure Analysis 5
C Internal Audit Findings - Do I need to raise NC for amendments/revisions? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
eternal_atlas Review on Internal Audit Findings ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 20
eternal_atlas Internal Audit Findings in C&M works (HVAC, Firefighting, etc.) - Your Comments? General Auditing Discussions 6
R When and when not to write up minor internal audit findings? Internal Auditing 23
A Format for Reporting Internal Audit Findings General Auditing Discussions 17
J Nonconformance reports written only through internal audit findings? Nonconformance and Corrective Action 8
S How to Present Action Plans in Response to Internal Audit Findings? Preventive Action and Continuous Improvement 18
J Internal Audit Findings - Major vs. Minor Finding - Defining the differences Internal Auditing 14
H AS9100 Checklist for Internal Audit needed AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
A What are the pros and cons of using an audit software for internal auditing? General Auditing Discussions 4
F Internal Audit before Pre-Assessment ISO 17025 related Discussions 2
Q Internal audit plan template Internal Auditing 5
L Internal audit during COVID-19 restrictions ISO 13485:2016 - Medical Device Quality Management Systems 5
O ISO13485 implementation - Are internal audits expected before stage 1 audit? Design and Development of Products and Processes 3
B Using Unreleased Documents & Process Maps for Internal Audit purposes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
N Small Company - Internal audit process - Who does the audit? Internal Auditing 16
J Does anyone have an excel IATF 16949 Internal Audit checklist I could use? IATF 16949 - Automotive Quality Systems Standard 7
G Addressing Non-Conformances from an Internal Audit that are not product related ISO 13485:2016 - Medical Device Quality Management Systems 11
S Internal audit discrepancy - We missed a few audits that were scheduled Internal Auditing 12
Raffy ISO 14001 9.2.2 Internal Audit Programme Content Internal Auditing 5
N Internal Audit Schedule – Who gets to set the schedule? Internal Auditing 16
V IATF 16949 9.2.2.1 Internal Audit Program - "Process Changes" IATF 16949 - Automotive Quality Systems Standard 11
G Non Conformance During ISO 9001 Audit - Not All Internal Audits Completed General Auditing Discussions 19
B Using external FDA and ISO 13485 audit as internal audit Internal Auditing 6
T Internal Audit Schedule when Hiring Out Internal Auditing 7
D ISO 9001:2015 Internal Audit Training Advice Internal Auditing 10
M Internal audit consultant ISO 13485 (English speaker) Consultants and Consulting 3
S Implementing a 45001 Health & Safety standard - Internal audit plan wanted Internal Auditing 1
F Internal Audit - Procedure example Internal Auditing 5
C Internal Audit - Process Clause Matrix / Audit Checklist ISO 13485:2016 - Medical Device Quality Management Systems 7
CPhelan Internal audit - Combine similar nonconformities in one or keep separate? Internal Auditing 6
M Internal Audit Plan in Retail Internal Auditing 10
D Management of NC after internal system audit IATF 16949 - Automotive Quality Systems Standard 7

Similar threads

Top Bottom