Internal Audit Schedule – Who gets to set the schedule?

Naski

Registered
I was hoping for some clarification on this matter from people more experienced then myself.
We had a surveillance visit for our 9001 and 14001 IMS recently and some of the things the auditor ‘recommended’ we do strike me as just plain wrong.
He asked to see our internal audit schedule, which I gave him, and it showed that our schedule runs January to December and we had done a full system audit in June, two partial ones in September and October and there was another partial one due in December. He told me that I needed to change my audit schedule so that all our internal audits were completed between his visits (i.e. November to November) and that the internal audit we had scheduled in December counted as slippage as it was not completed for his visit.
Now, I am new to 9001 and 14001, but as far as I can see it does not state anywhere in either standard that the audits have to be scheduled like that. It just says you have to set and stick to a schedule, which I have done.
When I said as much to him and that the December audit can’t count as being missed as it hasn’t happened yet he was dismissive and insisted it meant 25% of our scheduled audits hadn’t been completed and would therefore be a non-conformance, so it had to be changed.
So, is there some clause that I am missing here or is he just trying to make me fit our IMS around him?
 

AliGuff

Starting to get Involved
I was hoping for some clarification on this matter from people more experienced then myself.
We had a surveillance visit for our 9001 and 14001 IMS recently and some of the things the auditor ‘recommended’ we do strike me as just plain wrong.
He asked to see our internal audit schedule, which I gave him, and it showed that our schedule runs January to December and we had done a full system audit in June, two partial ones in September and October and there was another partial one due in December. He told me that I needed to change my audit schedule so that all our internal audits were completed between his visits (i.e. November to November) and that the internal audit we had scheduled in December counted as slippage as it was not completed for his visit.
Now, I am new to 9001 and 14001, but as far as I can see it does not state anywhere in either standard that the audits have to be scheduled like that. It just says you have to set and stick to a schedule, which I have done.
When I said as much to him and that the December audit can’t count as being missed as it hasn’t happened yet he was dismissive and insisted it meant 25% of our scheduled audits hadn’t been completed and would therefore be a non-conformance, so it had to be changed.
So, is there some clause that I am missing here or is he just trying to make me fit our IMS around him?
 

AliGuff

Starting to get Involved
I agree your auditor is wrong.

Do you have a "procedure" outlining your audit process? In my previous role ours stated we had a 2 year rolling audit plan. In my new job it is a three year audit plan.

If your process states you complete all internal audits within a 12 month procedure, auditor may have a point but 9.2.1 states " . . conduct internal audits at planned intervals . . " It doesn't specify how long the planned intervals should be
 

Naski

Registered
Yes, we have a procedure and it states

"Internal Audits are carried out by the Company to monitor the various processes that make up the IMS. The internal audits are planned to ensure a full system audit is carried out within a 12-month period as a minimum. Critical areas or problem areas may be audited more frequently if required."

The full system audit had been completed, so the minimum requirement for our system had been fulfilled. But that is beside the point I think as he didn't even look at our procedure to make sure we were sticking to it. He just looked at the schedule and said change it.
By the end of December, all internal audits will have been completed in the scheduled 12-month period and the new schedule will start in January.
 

dwperron

Trusted Information Resource
If I understand this correctly. you did not complete your internal audit prior to the surveillance visit.
The auditor can only see what has already been accomplished, not what you have a plan for doing in the future.

You should have completed the internal audit prior to the surveillance. The nonconformance makes sense.
 

RSEGRIGGY

Involved In Discussions
If I understand this correctly. you did not complete your internal audit prior to the surveillance visit.
The auditor can only see what has already been accomplished, not what you have a plan for doing in the future.

You should have completed the internal audit prior to the surveillance. The nonconformance makes sense.
It looks like he had completed a full system audit in June, before the surveillance audit.

Did you have an audit scheduled/completed for the December before the surveillance audit?
 

Mikey324

Quite Involved in Discussions
I don't think there is a finding that can be backed up by a requirement. Even if he said he couldn't see the December audit, he could have seen the audit from the previous cycle, as i assume it would be available if you keep a similar, rolling, schedule.
 

Cari Spears

Super Moderator
Leader
Super Moderator
I have two processes that, based on previous audit results, we've extended to 18 month frequency. So there. :p
 

Tagin

Trusted Information Resource
I think the auditor is wrong. It is possible to have a 3-year internal audit plan for 9001 where (crudely speaking) each year roughly 1/3 of the processes are audited. Also, the fact that in additional to your partials you also had a full internal audit during the year makes his complaint laughable.
 
Top Bottom