Internal Audit Findings and the Registrar

Marc

Fully vaccinated are you?
Staff member
Admin
#1
Subject: Re: Internal Audit Findings and the Registrar /Maroney-Benassi/Naish
Date: Tue, 28 Sep 1999 15:54:20 -0600
From: ISO Standards Discussion <[email protected]>

From: [email protected]
Subject: RE: Internal Audit Findings and the Registrar /Maroney-Benassi/Naish

Patricia,

My experience with the auditors from the registrar include the following:

1) They check to make sure the audits are adequately documented.

A. Are the forms completed as per the procedure.

B. Does the record include both comforming and non conforming audits.

C. Can you see independence of the auditor from the area being audited.

D. Is there an adequate description of any discrepancies either on the audit form or a corrective action form.

2) They check to see if you are following your schedule or plan within the criteria you set for doing so.

A. If you say you do all sections in a year in all areas of the company can you show you have tracked all sections and all areas.

B. If you say you have to o the audit within a given month are you doing them within a given month.

C. If you say managers are given X notice can you show the managers were notified in advance.

3) Are the audits effective.

A. If they see obvious non conformaces or discrepancies they want to see if the internal audits 1: looked at that area of the company and 2: Did the auditor(s) see what the registrar is seeing. I had one auditor make an observation that the audits were not effective since there were a number of minor non conformances he observed and the audits performed the previous two months for the same areas did not identify the discrepancies.

B. They have asked if the ISO Rep thought there were enough audits being performed to fully evaluate the whole system in some of the larger companies who had only one audit per area in a one year period.

C. If there are checklists used, do the checklists cover all of the specific section(s) of the standard being audited for an area. In other words is the whole system really being evaluated in the audits or are some subsections of the standard or some group(s) of people being omitted that should be audited.

4) Are the auditors trained.

A. Do you have training records.

B. How much training do the auditors get.

C. Does at least part of the training include a review and understanding of the ISO standard.

Hope that helps you.

Phyllis
 
Elsmar Forum Sponsor

Marc

Fully vaccinated are you?
Staff member
Admin
#2
Subject: Re: Internal Audit Findings and the Registrar/Maroney-Benassi/Kohn
Date: Thu, 30 Sep 1999 16:13:32 -0600
From: ISO Standards Discussion <[email protected]>

From: Brian Charles Kohn [email protected]
Subject: RE: Internal Audit Findings and the Registrar/Maroney-Benassi/Kohn

>From: "Maroney-Benassi, Patricia" [email protected]

>ISO 9001:1994 section 4.17 requires procedures for internal audits and sets
>some specifications for the manner in which the audits are conducted and the
>records are used. Once an internal audit process is established and
>functioning, does the registrar generally review the actual audit findings?

Without a doubt. The third-party system is structured to allow only a very superficial audit vis a vis the size of the organization being audited. The reason why the system has integrity is because it is really a cross-check, a cross-check on the conclusions already reached through the internal audit process. The only way I, as a third-party auditor, can say that an organization is compliant, is based on the evidence presented to me by the client in that regard. I only audit them to make sure they're not fabricating internal audit, corrective action, management review and other critical records.

If the internal audit system says there's a problem, then there is a problem. For sure. Now, as a matter of practice, I often didn't cite minor nonconformances when they were apparently properly logged and being expediently worked through the internal audit system. Practically speaking, in the case of minor nonconformances, all that would happen is that the client would work the issue and then I'd have to spend time making sure they did so during my next visit. Since I must sample their internal audit findings for timely and effective corrective action anyway (during each visit), I need to be judicious in citing minor nonconformances of this sort; otherwise I'd be spending an inappropriate amount of surveillance time looking at internal audit and corrective action, and therefore an inadequate amount of time looking at the rest of the system.

Major nonconformances are another story, however. My typical follow-up would be in the short-term; i.e., a special visit within 2-3 months. That cannot nor should not be short-circuited based on any reliance on the client's internal audit and corrective action systems.

>If so, are they reviewing only to establish that the internal audit system
>functions (i.e. trace an observation through corrective action, resolution,
>and tie in to 4.1.3)? Or do they actually use the internal audit findings to
>measure the health of your quality system (i.e. find out what problems we've
>been having)?

It bears repeating: The third-party auditor is reviewing the internal audit system records primarily to see that you have assured that you are indeed in compliance.

- It is *NOT* to see where your problems are so they can focus in on those areas.

- It is not *only* to verify that the internal audit process itself has integrity (although that *is* one intent.)

Brian Charles Kohn
 

Marc

Fully vaccinated are you?
Staff member
Admin
#3
Subject: Re: Internal Audit Find. and the Reg. /Maroney-Benassi/Pfrang
Date: Fri, 1 Oct 1999 13:59:14 -0600
From: ISO Standards Discussion <[email protected]>

From: [email protected] (Doug Pfrang)
Subject: RE: Internal Audit Find. and the Reg. /Maroney-Benassi/Pfrang

>From: "Maroney-Benassi, Patricia" <[email protected]>
>Subject: Q: Internal Audit Findings and the Registrar /Maroney-Benassi
>
>ISO 9001:1994 section 4.17 requires procedures for internal audits and sets
>some specifications for the manner in which the audits are conducted and the
>records are used. Once an internal audit process is established and
>functioning, does the registrar generally review the actual audit findings?

Yes, the registrar does generally review the actual audit findings. In fact, I know of one that does this as a routine part of every surveillance audit. They begin every surveillance audit with several administrative activities, one of which is a review of the findings of all internal audits performed since the previous surveillance audit.

>If so, are they reviewing only to establish that the internal audit system
>functions (i.e. trace an observation through corrective action, resolution,
>and tie in to 4.1.3)? Or do they actually use the internal audit findings to
>measure the health of your quality system (i.e. find out what problems we've
>been having)?

Yes, the registrars review internal audit findings to establish that the internal audit system functions, and yes, they actually use the internal audit findings to measure the health of the quality system. For example, they will routinely follow-up any audit finding that occurs is in an area which they cover in their surveillance audit. They will also follow-up a random sampling of audit findings during their surveillance audit of the internal audit procedure, to confirm that the corrective action was taken and was effective.

>As a regulatory agency, we generally keep our nose out of a firm's internal
>audit findings so as not to "chill" their quality assurance efforts. We use
>complaint handling to measure the effectiveness of corrective action
>procedures. I was wondering if registrars take this same approach even
>though they have a customer/client relationship with a firm.

Yes, they use this approach as well, but much less often. Since they have access to internal audit findings, they can evaluate the corrective action procedure by simply reviewing the internal audit findings and ensuring that corrective action was taken; therefore, they do not need to rely on the other inputs to the corrective action procedure -- such as complaint handling -- to evaluate the corrective action procedure. Nevertheless, since complaint handling is another input to the corrective action procedure, they will occasionally confirm that it is also functioning, but only when the surveillance audit specifically covers the corrective action procedure.

-- Doug
 

barb butrym

Quite Involved in Discussions
#4
Registrars I am familiar with audit customer complaints every visit...and some audit CA/PA and internal audits every visit. If those are working, its a good indication of how the rest of the system is working......

phyllis is right on....exactly what we look for.
 
D

David Guffey

#6
I have learned that an aggressive and effective internal audit process is a great tool during a third party audit.

If my internal audit system has cited a finding and if other findings and corrective actions have been effective and timely, my registrar has not cited.

If, however, an area was recently audited internally and a finding was not noted (even recognizing it might not have been there at the time), the registrar will write, and rightfully so.

Expect your internal audit to receive quite a review at the initial assessment and at every surveillance thereafter. If it's up-to-snuff, it will be well rewarded.
 
Thread starter Similar threads Forum Replies Date
A Internal Audit - Findings - Recent Internet Audit (Prior to Certification) IEC 27001 - Information Security Management Systems (ISMS) 7
dubrizo Are you documenting Internal Audit findings as NCRs? Internal Auditing 18
dubrizo Audit Findings: Writing against Internal an ISO Clause Internal Auditing 10
M Do all findings (nonconformities) in an internal audit require a corrective action? Quality Management System (QMS) Manuals 55
S Internal Audit Findings Summary Rewrite by an Auditee ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
M Help with Internal Audit Findings ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
M Internal Audit Findings and Issuance Problem Internal Auditing 4
I Types of Internal Audit findings based on ISO 9001 Clause 8.2.2 Quality Manager and Management Related Issues 10
D Management Review Analysis of Internal Audit Findings Quality Manager and Management Related Issues 8
A How to Address Internal Quality Audit Findings Internal Auditing 8
B Critical Action Limits (CAL) for All Internal and External Audit Findings General Auditing Discussions 17
X ISO 9001:2008 Internal Audit - Classification of Audit Findings Internal Auditing 5
S External Auditor Findings when an Internal Audit found a Nonconformance Yesterday Document Control Systems, Procedures, Forms and Templates 11
L Categorizing Internal Audit Findings Internal Auditing 10
Michael Malis For Internal Audit findings, would you open a CAPA for every observation? Internal Auditing 31
E Internal Audits - Presenting Audit Findings to Upper Management General Auditing Discussions 19
V Documenting the Root Causes for Internal Audit Non-Conformance Findings Problem Solving, Root Cause Fault and Failure Analysis 5
C Internal Audit Findings - Do I need to raise NC for amendments/revisions? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
eternal_atlas Review on Internal Audit Findings ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 20
eternal_atlas Internal Audit Findings in C&M works (HVAC, Firefighting, etc.) - Your Comments? General Auditing Discussions 6
R When and when not to write up minor internal audit findings? Internal Auditing 23
A Format for Reporting Internal Audit Findings General Auditing Discussions 17
J Nonconformance reports written only through internal audit findings? Nonconformance and Corrective Action 8
S How to Present Action Plans in Response to Internal Audit Findings? Preventive Action and Continuous Improvement 18
J Internal Audit Findings - Major vs. Minor Finding - Defining the differences Internal Auditing 14
B Internal audit checklist Internal Auditing 5
V Internal Audit Software IATF 16949 - Automotive Quality Systems Standard 5
J Internal Audit Schedule IATF Internal Auditing 3
C ISO 14001 Internal Audit - Opportunity for Improvement ISO 14001:2015 Specific Discussions 2
P Does FDA require certification for quality system internal audit for auditor? Qualification and Validation (including 21 CFR Part 11) 1
P Looking to outsource Internal Audit - MDSAP competent auditor needed Other Medical Device Regulations World-Wide 9
J Outsourced Internal Audit requirements for Aerospace Suppliers AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 21
D Number of people to be interviewed during an internal audit? Internal Auditing 10
Q Easy CARs for Internal Audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 14
A Internal audit plan and processes for ISO 14001:2015 ISO 14001:2015 Specific Discussions 3
C API Q1 internal audit report Internal Auditing 3
P Filled in F48/F49 for internal audit ISO 17025:2017 Internal Auditing 2
J Internal audit random sampling methodology Internal Auditing 2
G Organizing internal audit program for an Integrated QHSE Management System Internal Auditing 13
W How do you phrase your internal audit questions? Internal Auditing 3
M IATF - Internal Audit 3 year span Internal Auditing 4
Q ISO 9001-2015 Internal audit finding Internal Auditing 14
lanley liao How to understand this words that the planning of internal audit shall take into consideration the results of previous audits? Oil and Gas Industry Standards and Regulations 10
A Add MDSAP to Internal Audit Schedule Medical Device Related Regulations 0
J IATF 16949 Internal Audit question - Auditor's responsibility Internal Auditing 6
S IATF 16949 Internal Audit Example IATF 16949 - Automotive Quality Systems Standard 18
R AS9100D internal audit checklist or ISO 9001 2015 to AS9100 D AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
M ISO 13485:2016 internal audit checklist Medical Device and FDA Regulations and Standards News 8
A Internal Audit Questions ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
salaheddine96 Internal audit planning Internal Auditing 2

Similar threads

Top Bottom