Internal Audit of the Internal Audit System

J

Jaxsters

#51
CFR state:"
820.22 Quality Audit

  • Establish procedures for quality audits.
  • Conduct audits to assure compliance by individuals not having direct responsibility for areas audited.
  • Perform corrective action(s), including reaudit of deficiencies.
  • Generate a written report of audit results for management review."
ISO 13485:2003 states: "4.1 the organization shall establish, document, implement and maintain a Quality Management System and maintain its effectiveness in accordance with the requirements in this International Standard.
e) Monitor, measure and analyze these processes,"

So YES! Generally when the Quality audits are done, companies will hire a contractor to perform the audits. That is what I do.
 
Elsmar Forum Sponsor
J

Jason PCSwitches

#52
CFR state:"
820.22 Quality Audit

  • Establish procedures for quality audits.
  • Conduct audits to assure compliance by individuals not having direct responsibility for areas audited.
  • Perform corrective action(s), including reaudit of deficiencies.
  • Generate a written report of audit results for management review."
ISO 13485:2003 states: "4.1 the organization shall establish, document, implement and maintain a Quality Management System and maintain its effectiveness in accordance with the requirements in this International Standard.
e) Monitor, measure and analyze these processes,"

So YES! Generally when the Quality audits are done, companies will hire a contractor to perform the audits. That is what I do.
CFR820.22 does not apply to every organization, though it is a generalized "blanket" statement that most standards elude to.

Hiring a contractor can be good or bad. Personally, I think its bad. Unless you are a large organization that 1st can afford it and 2nd cannot dedicate the personnel the time to audit appropriately, it should be done by the organization itself.

IA's are not suppose to focus on getting a certificate (to a degree), they should be focused on the organizations processes. Auditing internal audits, as a process, is not brain surgery, treat it like any other audit and move forward. Again, most here are auditors and it would appear that there is a fear of being audited themselves. That's actually a good thing, remember that the next time you walk onto a production line and have someone shaking at the knees because of the common misconception of auditing. Use it to grow the mentality of those involved (yourself included) as well as the process.

The whole point of this game is not about a plaque on the wall its about producing quality products, continually.
 
Last edited by a moderator:
J

JaneB

#53
Re: Internal Audit of the Internal Audit Process ?

What an excellent post, Roxane.
Before you ask management what they see as the value of audits, might I suggest you ask yourself that same question. WHY is your organization doing audits? If the reason is to simply meet requirements of some standard or to keep a piece of paper on your wall, then you're right, things will not improve.
Could not agree more.
And what excellent advice you give. :applause:

you need to explain this value to management...and your auditors. It's not about simply writing down every single little fault with a document. It's about making a recommendation to overhaul the document control process and include the value/risk of such an activity. It's not about auditors not finishing their paperwork. It's about developing an audit process that is simple, user-friendly, understandable and transparent. Auditing can be a value-added activity that helps to bind your systems and processes even more tightly, integrating their tools and language....

I recall being part of an audit programme once that was like yours. It was a chore. No one saw the value. When it became my responsibility to oversee the programme, I gave it an overhaul. We added a section to findings, clearly showing the risk of being in nonconformance. We added a section to opportunities, showing the value of being implemented. We paired up our audit of the details with a view of the 'big picture'.
Excellent!

And how did we know that we had done the right thing?

Because during an external audit, the auditor said "Everything I would have found, you already found and have a plan to address. Unconditional approval."
And also, I hope, from a changed attitude internally and from management feedback on the value of such a program. It's not always 'management's fault' when they are given a crappy, low-value, audit by clauses/numbers approach and audit reports that simply provide a whole bunch of words but don't provide the kind of valuable information that yours did, vs just reams of unsorted data. Big difference.

all too often the audit process is given more responsibility than it should be given to fix or make sure issues are fixed. I feel that this responsibility best lies with management who has the responsibility for overseeing processes.
Entirely agree.
 
J

JaneB

#54
What normally happened is that the internal auditor does not audit their own work, they rather get a external auditor or get someone to come and audit their job so that gaps can be identified before the company get audited by certification company is so doing ready yourself before actual audit by the certification company to check the level of compliance to their requirements:)
And what would you say to the MD of a small company who queries why he should pay yet another party to audit their internal audits and what value he would receive from this? When he says but surely in paying the CB auditor, that's a service I am already paying for? And where the company concerned already pays someone to do their internal audits for them (as they lack the internal resources) and where the CB's external auditor has freqeuently commented favourably on the their internal audit program and reports and does not find any gaps in the audit program?

Because I can't see any in such circumstances. :nope:
 
A

Al Dyer

#55
I find it somewhat amusing that most of us on this site are auditors yet there seems to be a great consensus to not audit the audit process (devils advocate?). While it's not specifically outlined, the audit program is a process and should be audited to ensure the audit process is "effectively implemented and maintained". Also to ensure the process is adhering to planed arrangements, why not??
--------------------------------------------------------------------------------------------------

We all set up our "auditing systems" to take into account """specifically outlined""" requirements by our customers and so-called third party "auditing bodies". What else are we to do. The rules are set and we try to follow as well as possible with the knowledge that we are all individual corporate cultures and truely need to do things the way that benefits our bottom lines.

The eternal question,,,,,,,who audits the auditors? Well that would be the governing body that we sign up with.

At my last place we set up a group of trained employees that followed the paper trail left by the internal audit process and ensured it was in line with the internal audit procedure approved by those external entities.

Al...
 
J

jmartinez

#56
Yes you should. I wouldnt say your lead auditor is auditing there work or reports, to me its more verifying rather than auditing.
 
W

white95

#57
Does anyone have an example of their 8.2.2 Internal Audit Procedure they could share. Im in the process of reviewing ours and although I have taken a 3 day RABQSA 3 day Internal Auditing course I'm not confident writing a procedure.
 
B

baby12

#58
remember 8.2.2 is sub element of 8.2 which is monitoring and measurement of quality management system how the system is delivering to its mandate, you will only know if the system is effective and efficient through internal audit
 
B

baby12

#59
Internal procedure
1. introduction
2.internal audit itself
2.1 scope of the audit
2.2 audits service provider
3. audits plans
3.1 schedule
3.2pre-audit
3.3 on-side audit
3.4post-audit
4.corrective action forms
4.1 non-compliance
4.2 corrective action plan
 
W

white95

#60
Thanks Baby! Does anyone have another example with the outline AND procedure. Ihave looked through the attachments but didnt find a current one of ISO 9001:2008
 
Thread starter Similar threads Forum Replies Date
Q ISO 9001-2015 Internal audit finding Internal Auditing 12
lanley liao How to understand this words that the planning of internal audit shall take into consideration the results of previous audits? Oil and Gas Industry Standards and Regulations 10
A Add MDSAP to Internal Audit Schedule Medical Device Related Regulations 0
J IATF 16949 Internal Audit question - Auditor's responsibility Internal Auditing 6
S IATF 16949 Internal Audit Example IATF 16949 - Automotive Quality Systems Standard 7
R AS9100D internal audit checklist or ISO 9001 2015 to AS9100 D AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
M ISO 13485:2016 internal audit checklist Medical Device and FDA Regulations and Standards News 5
A Internal Audit Questions ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
salaheddine96 Internal audit planning Internal Auditing 2
M ISO 9001 Major Nonconformance Internal Audit Schedule/COVID-19 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
E MDR internal audit Internal Auditing 1
U Internal Auditor not trained but done Audit for some process Nonconformance and Corrective Action 5
B Looking for 10 Internal Audit Online Training Participants ISO 17025 related Discussions 2
H AS9100 Checklist for Internal Audit needed AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
A What are the pros and cons of using an audit software for internal auditing? General Auditing Discussions 7
F Internal Audit before Pre-Assessment ISO 17025 related Discussions 2
Q Internal audit plan template Internal Auditing 12
L Internal audit during COVID-19 restrictions ISO 13485:2016 - Medical Device Quality Management Systems 5
O ISO13485 implementation - Are internal audits expected before stage 1 audit? Design and Development of Products and Processes 3
B Using Unreleased Documents & Process Maps for Internal Audit purposes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
N Small Company - Internal audit process - Who does the audit? Internal Auditing 16
J Does anyone have an excel IATF 16949 Internal Audit checklist I could use? IATF 16949 - Automotive Quality Systems Standard 7
G Addressing Non-Conformances from an Internal Audit that are not product related ISO 13485:2016 - Medical Device Quality Management Systems 11
S Internal audit discrepancy - We missed a few audits that were scheduled Internal Auditing 12
Raffy ISO 14001 9.2.2 Internal Audit Programme Content Internal Auditing 10
N Internal Audit Schedule – Who gets to set the schedule? Internal Auditing 16
V IATF 16949 9.2.2.1 Internal Audit Program - "Process Changes" IATF 16949 - Automotive Quality Systems Standard 11
G Non Conformance During ISO 9001 Audit - Not All Internal Audits Completed General Auditing Discussions 19
B Using external FDA and ISO 13485 audit as internal audit Internal Auditing 6
T Internal Audit Schedule when Hiring Out Internal Auditing 7
D ISO 9001:2015 Internal Audit Training Advice Internal Auditing 10
M Internal audit consultant ISO 13485 (English speaker) Consultants and Consulting 3
S Implementing a 45001 Health & Safety standard - Internal audit plan wanted Internal Auditing 1
F Internal Audit - Procedure example Internal Auditing 5
C Internal Audit - Process Clause Matrix / Audit Checklist ISO 13485:2016 - Medical Device Quality Management Systems 7
CPhelan Internal audit - Combine similar nonconformities in one or keep separate? Internal Auditing 6
M Internal Audit Plan in Retail Internal Auditing 10
D Management of NC after internal system audit IATF 16949 - Automotive Quality Systems Standard 7
A Purchasing - Internal Audit Questions Internal Auditing 8
N Comprehensive Compliance Matrix for Internal Audit Checklist Other Medical Device Regulations World-Wide 1
W Where to begin with an ISO 9001:2015 internal audit Internal Auditing 13
D Internal audit forms or checklists for a medical/veterinary laboratory General Auditing Discussions 5
E Informational Internal Audits - Wear multiple hats what can and can't I audit (so I'm not auditing my own work) Internal Auditing 149
E ISO 9001:2015 - Internal Audit Plan Clauses General Auditing Discussions 8
S Internal Audit Checklist for Application/Software development IEC 27001 - Information Security Management Systems (ISMS) 1
S Internal Audit - Risk and Opportunity (ISO 9001:2015 ) Internal Auditing 1
F API Spec Q1 9th Edition Surveillance Audit - Questions about internal audits. Oil and Gas Industry Standards and Regulations 22
Ashland78 IATF 16949 Internal Audit Checklist Manufacturing and Related Processes 11
Ed Panek Root Cause CAPAs from internal audit ISO 13485:2016 - Medical Device Quality Management Systems 16
K Student wanting Case Study about Internal Audit Report Internal Auditing 1

Similar threads

Top Bottom