SBS - The best value in QMS software

Internal Auditing Independence Rule - Can someone provide a good interpretation

M

mlthompson

#1
Can someone provide a good interpretation of the independence rule for internal auditing in the ISO-9001:2000 system? I realize the previous revision of ISO-9001 required that an auditor could not audit an area they were "responsible" for. The new standard says an auditor cannot audit their own "work". My understanding for this verbage change was to allow QA folks to audit QA systems/processes. As a Quality Manager, am I allowed to audit any system/process within my department even though I do not personally do the assigned "work"?

:confused:
 
Elsmar Forum Sponsor
#2
Actually, I believe it was more for smaller companies to be able to address what had become a challenge of 'independence', since this was generally considered to be 'from another department'. As a result of this (too) literal translation, some smaller (head count) businesses found it difficult to show this - when they don't have departments. So, we have 'ya can't audit your own stuff'. Someone else can, as long as they are impartial about it........

Think of the first Americans, at the time of the Revolutionary War............:lmao:
Andy
 

Randy

Super Moderator
#3
Here's what 8.2.2 says. How do you interpret it?

...Selection of auditors and conduct of audits shall ensure objectivity and impartiality of the audit process. Auditors shall not audit their own work.

Technically if it ain't "yours" it's fair game.
 
M

mlthompson

#4
Thanks much! I think I'm getting the idea. "My own work" includes not only the tasks that I personally perform but also the tasks I am responsible for even though they are performed by other people in my department. It was explained to me by my previous ISO auditor and Corp QA Director (at a previous company) there was a difference between "work responsible for" and "work actually performed by". It was explained to me previously that I, as the QA Mgr, could audit a function within my own department as long a I did not perform the actual task/function. This approach was considered OK providing the results of the audit didn't indicate biasness.

If the concern is undue bias, then what about the issue of the Quality Manager being considered the Lead Auditor in the company? Is there not an opportunity for that person to be unbias in that role if they chose to be?
 

Coury Ferguson

Moderator here to help
Staff member
Super Moderator
#5
Randy said:
Here's what 8.2.2 says. How do you interpret it?

...Selection of auditors and conduct of audits shall ensure objectivity and impartiality of the audit process. Auditors shall not audit their own work.

Technically if it ain't "yours" it's fair game.
To reiterate Randy's great definition, for example: It you are the only Internal Auditor, you would not be able to audit the Internal Audit System.
 

Coury Ferguson

Moderator here to help
Staff member
Super Moderator
#6
mlthompson said:
Thanks much! I think I'm getting the idea. "My own work" includes not only the tasks that I personally perform but also the tasks I am responsible for even though they are performed by other people in my department. It was explained to me by my previous ISO auditor and Corp QA Director (at a previous company) there was a difference between "work responsible for" and "work actually performed by". It was explained to me previously that I, as the QA Mgr, could audit a function within my own department as long a I did not perform the actual task/function. This approach was considered OK providing the results of the audit didn't indicate biasness.

If the concern is undue bias, then what about the issue of the Quality Manager being considered the Lead Auditor in the company? Is there not an opportunity for that person to be unbias in that role if they chose to be?

That would be the same thing that Randy identified. If it is not your work, it is fair game.

In my opinion I really don't agree with the requirement as specified in ISO9001. I feel that any experienced internal auditor (at least in my case) would be able to be independent and review and validate the entire QMS and be unbiased in my review. I look at the Internal Audit System to be a tool to better the overall business and even specific departments. If my work does not meet the requirements, I would document it myself.
 
M

mlthompson

#7
My stance has been is that if our audit system doesn't find the noncompliances in our system, the ISO auditor will. So I am compelled by the accountability that a third party auditor provides to perform audits that are thorough and are performed with the utmost integrity. This accountablity helps ensure that audits are objective and impartial. If I was dishonest enough to hide things during an audit, I would also be dishonest enough to pencil whip the paperwork and make the system look absolutely perfect. Believe me it would be much easier to create the "window dressing", but I won't do that.

My quandary is around me auditing functions in my own department like inspection and calibration. I don't personally perform these tasks, but I do have ultimate responsibility to make sure these tasks are performed. I do have one person (sales) that audits internal audits for me.

If I may ask one more time for clarity, does this violate the independence rule?
 

Coury Ferguson

Moderator here to help
Staff member
Super Moderator
#8
mlthompson said:
My stance has been is that if our audit system doesn't find the noncompliances in our system, the ISO auditor will. So I am compelled by the accountability that a third party auditor provides to perform audits that are thorough and are performed with the utmost integrity. This accountablity helps ensure that audits are objective and impartial. If I was dishonest enough to hide things during an audit, I would also be dishonest enough to pencil whip the paperwork and make the system look absolutely perfect. Believe me it would be much easier to create the "window dressing", but I won't do that.

My quandary is around me auditing functions in my own department like inspection and calibration. I don't personally perform these tasks, but I do have ultimate responsibility to make sure these tasks are performed. I do have one person (sales) that audits internal audits for me.

If I may ask one more time for clarity, does this violate the independence rule?
The key word here is: Audit your own work

If you are not performing these functions, then in my opinion it would not violate the requirement.

Maybe Randy, Laura, or Sidney, could better cover that requirement from an Third Party Registrar or Auditor's interpretation.
 
Last edited:

Al Rosen

Staff member
Super Moderator
#9
mlthompson said:
My stance has been is that if our audit system doesn't find the noncompliances in our system, the ISO auditor will. So I am compelled by the accountability that a third party auditor provides to perform audits that are thorough and are performed with the utmost integrity. This accountablity helps ensure that audits are objective and impartial. If I was dishonest enough to hide things during an audit, I would also be dishonest enough to pencil whip the paperwork and make the system look absolutely perfect. Believe me it would be much easier to create the "window dressing", but I won't do that.

My quandary is around me auditing functions in my own department like inspection and calibration. I don't personally perform these tasks, but I do have ultimate responsibility to make sure these tasks are performed. I do have one person (sales) that audits internal audits for me.

If I may ask one more time for clarity, does this violate the independence rule?
I don't think it would violate the rule of not auditing your own work, but more importantly would you feel comfortable enough that it was an independent audit?

:2cents:Personally, I won't audit a process that I have any involvement in so their can be no question as to my objectivity.
 
M

mlthompson

#10
Good word Al. For me, I am comfortable with the independence because of the integrity I personally strive to live for in my personal life. Granted someone who doesn't have the same ethics could abuse the rule. Again, if I was to cheat the system, there are other more easier ways to do it than overlooking system nonconformances due to being bias. Again, the 3rd party auditors provides a check and balance to keep me honest.

Also, as a Mgr, I need to monitor my employees performance, to me, internal audits are a way for me to stay in touch with making sure they are doing their jobs.
 
Thread starter Similar threads Forum Replies Date
R On Auditing Internal Audit Process - How Independence can be Established Internal Auditing 4
Raffy Internal Auditing - Showing independence of process being audited Internal Auditing 4
S ISO 9001:2015 Internal Auditing Internal Auditing 8
A What are the pros and cons of using an audit software for internal auditing? General Auditing Discussions 7
S Risk based internal auditing Internal Auditing 6
F AS9100D Internal auditing requirements Internal Auditing 11
R Does any here use an internal auditing tool that works on different platforms? Internal Auditing 3
W Does anyone have an API Q2 checklist for internal auditing? Oil and Gas Industry Standards and Regulations 1
blackholequasar Internal Auditing Inspiration - Getting volunteers to perform internal audits. Internal Auditing 22
W Internal Auditing carried out by a 3rd party - Review of previous audits AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
S Internal Auditing for API Spec Q1 - auditor qualification requirements Oil and Gas Industry Standards and Regulations 6
E Informational Internal Audits - Wear multiple hats what can and can't I audit (so I'm not auditing my own work) Internal Auditing 149
N Online Internal Auditing Course for ISO 13485 - Suggestions ISO 13485:2016 - Medical Device Quality Management Systems 8
U Internal auditing - Company employees or contract second party Internal Auditing 10
K Internal Auditing - Umbrella QMS and Multiple Standards Oil and Gas Industry Standards and Regulations 4
D Auditing Our Outsourced 2nd-3rd Party Internal Audit Company ISO 13485:2016 - Medical Device Quality Management Systems 6
G AS9101 Rev F - Worksheets for internal auditing AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 11
S ISO 13485:2016 and MDSAP internal auditing ISO 13485:2016 - Medical Device Quality Management Systems 6
S ISO 9001:2015 - Internal Auditing - Audit to the Standard? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
R Internal Auditor auditing Internal Audit Procedure (AS9100) Internal Auditing 18
M Is Automated Internal Auditing Possible? Internal Auditing 13
C Internal Auditing Requirements (ISO 9001:2008) Internal Auditing 3
L Auditing Design and Development in ISO 9001 (Internal Audit) Internal Auditing 1
sswaim Auditing Internal Laboratory Personnel for Competence General Auditing Discussions 4
K Internal Auditing a previous Nonconformance? Internal Auditing 19
P Recommended books on ISO 27001:2013 Implementation and Internal Auditing IEC 27001 - Information Security Management Systems (ISMS) 4
M Are auditing checklists required for Internal Audits? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
B ISO/TS16949 Internal Auditing - How many auditors? Internal Auditing 4
B PFMEA, Internal Auditing, Corrective Action Training In Native Language (China) Training - Internal, External, Online and Distance Learning 1
Gman2 Internal Auditing Requirements before ISO 9001 Registration ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
S Auditing TS 16949 Cl. 7.6.3.1 - Internal Calibration Laboratory Requirements IATF 16949 - Automotive Quality Systems Standard 8
T ISO 9001 Internal Auditing Auditor Training in Amsterdam Training - Internal, External, Online and Distance Learning 1
S In an internal auditing desert and I'm the only one here.... AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 15
G Internal Auditing in a Multi-Site Environment ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 17
B Internal Auditing of MDD and CMDR Requirements Other Medical Device Related Standards 5
O Internal Auditing in small Engineering company ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
T Looking for a webinar on Internal Auditing General Auditing Discussions 3
D Auditing Abroad - Internal Audits of our European Sister Companies ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 16
R Auditing a process outside the realm of the formal Internal Audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
G New to Internal Auditing - Best questions to ask? Internal Auditing 17
M Auditing the Internal Audit Process - 8.2.2 General Auditing Discussions 2
J Auditing the Internal Auditing Process - Audit Nonconformance General Auditing Discussions 3
S Internal Auditing related to RISK Internal Auditing 9
W Internal Auditing - Observational Checklist for a Behavior Based System Internal Auditing 3
R Internal Auditing Checklist - Major NCR because the Checklist was not Completed Internal Auditing 17
V Depth of Internal Auditing and Training aspects in Research & Development (R & D) Internal Auditing 4
N Good Internal Auditing Training Courses Training - Internal, External, Online and Distance Learning 13
L Internal Auditing Reports / Documents - Design and Content Document Control Systems, Procedures, Forms and Templates 1
N Recommend internal auditing training 101 please (Tucson or Phoenix, AZ) Training - Internal, External, Online and Distance Learning 1
L Internal Auditing - How can I audit my QMS independently? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12

Similar threads

Top Bottom