Internal Audit - Grading Scheme?

E Wall

Just Me!
Super Moderator
#1
Currently we hold internal audits and report results (good and bad) then take corrective action against the nonconformities and leave the (preventive action and continuous improvement) seeds we planted for process or systems management with the managers to discuss at mgmt review.
I have heard of others using a grading scheme, but do not like the idea of them being based on the number of nonconformities. Does anyone that has a grading system (not exclusively based on nonconformities) in place feel like sharing an outline of the system along with some of the pros/cons (regarding using a grading scheme)?

Grateful for a bit of help :)
Eileen
 
Elsmar Forum Sponsor
A

Al Dyer

#2
Eileen,

I'm not a fan of grading systems for internal audit. They seem to be too subjective in defining what result get what score and brings in too many variables. A pass/fail system works well and leaves very little room for the interpretation of scores and is simple to maintain.

Has anybody else had good results with a grading system?

ASD...
 
G

goose

#3
I had to deal with a rating scheme in a former life until I could change it.

My experience was that there was more emphasis on the "score" than there was on addressing the nonconformance.
 
I

ISO Chick

#4
Totally agree with what you are all saying about grading Internal Audits, management tends to get hung up on the numbers and reducing them without actually analysing exactly what the problems are and dealing with them..... bad idea
 

E Wall

Just Me!
Super Moderator
#5
Thanks gang!
I'm printing this out so if it comes up - I can show them objective comments from other professionals.
 

Marc

Hunkered Down for the Duration
Staff member
Admin
#6
I've never seen a grading system. Maybe I'll have to consider addressing it in the Guide ( http://Elsmar.com/Audit/ ).

Will someone describe a grading scheme for me? I'm hearing the Cons. Any 'Pro's?
 

E Wall

Just Me!
Super Moderator
#7
Thanks Alf. Something we changed might help you...
We too had numerous delays in addressing C/PARs because when found they were addressed to the area supervisor - who might not be the best person to resolve the problem. So while combining what used to be separate CARs and PARs into CPARS we also set up a timeline for responses based on the quality impact (which must be determined by the QA Manager) and designating who the C/PAR goes to is up to the Plant and/or QA Manager (both if available).
The time lines we use are:
* Low Impact - within 4 weeks
* Moderate - within 3 weeks
* High - within 2 week
The Short term solution must be defined immediately.
The Root Cause and Long Term Action Plan must be turned in by the timeline above which is reviewed by the originator (usually an internal auditor, myself or the QA Manager).
If accepted, then the follow-up is scheduled from the datae of receipt (again using the same timeline).

Weekly open reports go to the QA Manager and copies to anyone associated with open C/PARs.
 
A

Alf Gulford

#8
Eileen-
If you’re looking for ammunition, try this. I have to report major/minor/pass counts for each production supervisor each month and the results are generally inaccurate as well as skewed:

1. Everyone has a different idea about when the month ends for reporting purposes. Some of the count gets lost between the cracks.

2. Sometimes I find that I have to re-issue a non-compliance to another supervisor so the count for the previous month is (was?) wrong on two counts. The fewer N/Cs I write, the greater effect this has on their percentages.

3. A minor non-compliance for a very small issue is counted the same as a minor non-compliance for a larger issue.

4. There’s no recognition for supervisors that take quick, effective corrective action and even preventive action as a result (as opposed to those that are dragged kicking and screaming into compliance).

On the plus side…, well, I’ll have to get back to you on that one.

Alf



[This message has been edited by Alf Gulford (edited 26 June 2001).]
 

Marc

Hunkered Down for the Duration
Staff member
Admin
#9
Some thoughts from the ISO ListServe:

****************

From: Nancy Jennejohn <[email protected]>
Date: Tue, 24 Jul 2001 14:44:29 -0500
Subject: Re: Internal Audit Reporting /VanDorp/Antonov

From: Boncho

Darryl asked:
> I am interested in determining what a common practice is for
> internal audit reporting. (apart from nonconformances or observations
> or findings) i.e. do internal auditors in general, create a
> formal "report" or is the output of their process just the
> observations/findings/nonconpliances?

Hi, Darryl,

I usually recommend the audit team to prepare official report. The report is addressed to the top management, Quality Manager, Head of the audited department and other interested internal parties/persons.

The report usually include:
- audit identification part (date, number, auditors, goals, audited
departments, other);
- the statement of the team - is the audit goals achieved;
- overall conclusion for the level of conformance of the audit area;
- brief description of NC detected and related CA prescriptions;
- other observations and remarques related to the audit performed, which are
not NC, but should be considered for the improvements in the affected area.

The report may include copies of NC notes as attachments.

As document the report usually should be written "in the language of management" - i.e. short and clear statements, clear suggestions and proposals, conclusions - they shell direct management for making appropriate decisions.

Hope this answers your question.

Regards,
Boncho Antonov

Date: Tue, 24 Jul 2001 14:48:14 -0500
Subject: Re: Internal Audit Reporting /VanDorp/Naish

From: PNaish

Darryl,

I think the value in your internal audit process is what information you gain from it to make it better. Part of that is knowing not only what did not work right but also what is working well.

As a general rule the following items are the items we collect during an internal audit:

Person/people audited; area/dept.; auditor/s; date; documents audited such as section of QA manual, section or subsection of standard, procedure, work instruction or the like; quality records (normally being specific such as PO numbers), work order numbers, or date of receiving inspection report; equipment numbers where applicable; and what the findings were. Findings include that Karen has a good knowledge of the parts she purchases and follows the procedure exactly for steps 10 through 25 that I audited her on. Or Tom followed most of the steps but he skipped step 16 and 17 and said he did not know them. All the other people audited followed these steps exactly. Or Susy did not completely fill out PO 167825 and 167939 and photocopy and attach so the manager knows what she did not fill out. The other 15 I looked at were complete.

My feeling is that the more a manager or supervisor of an area know the more they have a better chance of determining what to fix. Since the other people followed the procedure and Tom did not, as a manager I can find out why Tom does not know and see if anyone besides the people audited did not know. If I simply say someone did not know as a manager I may never find out that it is Tom who did not know and I can not help him by getting him training.

For Susy I can see what part of the form was not completed. Then I can help Susy if she understands the importance of it or I may find it is not information needed any more and get the form changed.

I personally have seen a number of audits that did not specify the person or the steps in a process or the forms or the places on the form. By the time the manager went to fix the problem no one seemed to know exactly what the details were so the problem recurred due to incomplete problem solving information.

The other side of it is follow up. If I don't know who or what or where it is hard for me to ensure that particular situation was corrected. And per the examples not all of an area or all of the documents were incorrect so if I audit the ones that were correct before I will not be able to verify the non conformances have been corrected.

Phyllis

Date: Tue, 24 Jul 2001 14:51:01 -0500
Subject: Re: Internal Audit Reporting /VanDorp/Braaten

From: Scott

Darryl inquired:

> I am interested in determining what a common practice is for
> internal audit reporting. (apart from nonconformances or observations
> or findings) i.e. do internal auditors in general, create a
> formal "report" or is the output of their process just the
> observations/findings/nonconpliances?

I like to have each auditor record evidence of conformance. I review the evidence to ensure that the auditor understood the requirements and the intents of my checklist. I'll write a formal report including a summary of the sample taken, the nonconformances and observations, as well as percent conforming. The percent conforming can be more accurately calculated from the conforming evidence, discounting any requirements which the auditor determined to be "N/A" for the sample. If the conforming evidence is useful to the rest of the organization you can include it in the report, however most are too busy to go through 8 pages of "conformance" to see if they have any assignments.

The report and completed checklists are maintained as records of the audit, and I refer back to them when designing the next checklist for the same audit.

Hope this helps,
Scott

Date: Tue, 24 Jul 2001 14:52:29 -0500
Subject: Re: Internal Audit Reporting/VanDorp/Hoelker

From: Patricia

A report should be created stating the objective evidence used to arrive at the output of either positive observations, observations, minor or major noncompliance. The more detailed the report the easier it is for the process owner to know exactly what the issue is and to determine the correct actions to take.

Pat Hoelker

Date: Tue, 24 Jul 2001 14:56:01 -0500
Subject: Re: Internal Audit Reporting/VanDorp/Madden

From: Lori

Darryl,

We have an exit meeting after each internal audit which includes supervisors, VPs, President, and anyone else who wants to be there. In addition to presenting the findings, I write an Audit Report which includes the scope, the auditors, the findings, positive aspects and opportunities for improvement. Each attendee at the meeting gets a copy, and the report is also posted on our information bulletin board. If we just presented the findings alone, audits are perceived as all negative. But pointing out what people are doing right is a motivator.

Lori
 

Raffy

Quite Involved in Discussions
#10
Six Months ago, we had our surveillance audit and part of the recommendations coming from our Registrar, that we must do some grading scheme. Currently we are using a Rating System in one of our Checklist Form. And Here's how it works. During Our Internal Quality Audit. We use a Checklist Form (with three columns)wherein we list number of questions on the first column. Then, there answers on the second column. And on the third column, we list the rating. The Rating System is composed of numbers from 1-4. Each number has a corresponding equivalent.
1. - Element Fulfilled
2. - Element Partially Fulfilled
3. - Planning On stage
4. - Element Not Fulfilled.
But in our specs for Internal Quality Audit, we didn't mention on how to use this form. Our Registrar had said that we must develop this Rating System. I don't know if this could be the correct Rating System that we must used.
Raffy
[email protected]
 
Thread starter Similar threads Forum Replies Date
H AS9100 Checklist for Internal Audit needed AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
A What are the pros and cons of using an audit software for internal auditing? General Auditing Discussions 4
F Internal Audit before Pre-Assessment ISO 17025 related Discussions 2
Q Internal audit plan template Internal Auditing 6
L Internal audit during COVID-19 restrictions ISO 13485:2016 - Medical Device Quality Management Systems 5
O ISO13485 implementation - Are internal audits expected before stage 1 audit? Design and Development of Products and Processes 3
B Using Unreleased Documents & Process Maps for Internal Audit purposes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
N Small Company - Internal audit process - Who does the audit? Internal Auditing 16
J Does anyone have an excel IATF 16949 Internal Audit checklist I could use? IATF 16949 - Automotive Quality Systems Standard 7
G Addressing Non-Conformances from an Internal Audit that are not product related ISO 13485:2016 - Medical Device Quality Management Systems 11
S Internal audit discrepancy - We missed a few audits that were scheduled Internal Auditing 12
Raffy ISO 14001 9.2.2 Internal Audit Programme Content Internal Auditing 9
N Internal Audit Schedule – Who gets to set the schedule? Internal Auditing 16
V IATF 16949 9.2.2.1 Internal Audit Program - "Process Changes" IATF 16949 - Automotive Quality Systems Standard 11
G Non Conformance During ISO 9001 Audit - Not All Internal Audits Completed General Auditing Discussions 19
B Using external FDA and ISO 13485 audit as internal audit Internal Auditing 6
T Internal Audit Schedule when Hiring Out Internal Auditing 7
D ISO 9001:2015 Internal Audit Training Advice Internal Auditing 10
M Internal audit consultant ISO 13485 (English speaker) Consultants and Consulting 3
S Implementing a 45001 Health & Safety standard - Internal audit plan wanted Internal Auditing 1
F Internal Audit - Procedure example Internal Auditing 5
C Internal Audit - Process Clause Matrix / Audit Checklist ISO 13485:2016 - Medical Device Quality Management Systems 7
CPhelan Internal audit - Combine similar nonconformities in one or keep separate? Internal Auditing 6
M Internal Audit Plan in Retail Internal Auditing 10
D Management of NC after internal system audit IATF 16949 - Automotive Quality Systems Standard 7
A Purchasing - Internal Audit Questions Internal Auditing 8
N Comprehensive Compliance Matrix for Internal Audit Checklist Other Medical Device Regulations World-Wide 1
W Where to begin with an ISO 9001:2015 internal audit Internal Auditing 13
D Internal audit forms or checklists for a medical/veterinary laboratory General Auditing Discussions 5
E Informational Internal Audits - Wear multiple hats what can and can't I audit (so I'm not auditing my own work) Internal Auditing 144
E ISO 9001:2015 - Internal Audit Plan Clauses General Auditing Discussions 8
S Internal Audit Checklist for Application/Software development IEC 27001 - Information Security Management Systems (ISMS) 1
S Internal Audit - Risk and Opportunity (ISO 9001:2015 ) Internal Auditing 1
F API Spec Q1 9th Edition Surveillance Audit - Questions about internal audits. Oil and Gas Industry Standards and Regulations 23
Ashland78 IATF 16949 Internal Audit Checklist Manufacturing and Related Processes 11
Ed Panek Root Cause CAPAs from internal audit ISO 13485:2016 - Medical Device Quality Management Systems 16
K Student wanting Case Study about Internal Audit Report Internal Auditing 1
R How far apart can you schedule separate areas or departments in your internal audit? Internal Auditing 4
D Auditing Our Outsourced 2nd-3rd Party Internal Audit Company ISO 13485:2016 - Medical Device Quality Management Systems 6
A API Spec Q1 9th Edition - 12 month Internal Audit Schedule Audit Nonconformance Oil and Gas Industry Standards and Regulations 10
J Microsoft Teams to manage Internal Audit System? Internal Auditing 3
tony s An organization's Internal Audit Office certified to ISO 9001:2015 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 28
Tagin Does ISO 9001:2015 require a full internal audit annually? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 21
S GM/VP softgrading internal audit finding - need feedback from an audit guru! General Auditing Discussions 11
M Internal Audit Assessment Criteria - ISO 13485:2016 Internal Auditing 21
V Process and Internal Audit Criteria matrix wanted Internal Auditing 8
S Internal Audit Completion Memorandum Internal Auditing 2
T Example wanted - Template for internal audit IATF 16949 IATF 16949 - Automotive Quality Systems Standard 1
a_bardi Is it possible to exclude internal audit from qms scope? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
P Quality objectives - must they include CAPA and internal audit topic? ISO 13485:2016 - Medical Device Quality Management Systems 28

Similar threads

Top Bottom