Internal Auditing - More Overhead?

Marc

Marc

Fully vaccinated are you?
Leader
This from a listserve. Orwell was off by a couple of years. By the way, Charlie is typically somewhat grouchy... If they go to this length you will *definitely* come out cheaper by outsourcing your internal audits.

Here goes:

-> From: CHARLEY SCALIES Subject: Re:Internal Auditing/Scalies
->
-> Let's see if I can't stir the caludron a little. There
-> has been discussion concerning the scope of internal
-> audits (limited to ISO9000 or otherwise), and also
-> questions about just how much an internal auditor needs
-> to know about ISO9000. I say, there is no such thing as
-> an "Internal ISO9000 Audit", except that which you do
-> when you first verify your system against ISO9000 or one
-> of its revisions. Thereafter, they are all "Quality
-> System Audits". The RAB is proposing to "certify"
-> internal auditors and internal auditor training courses.
-> (Another racket: and not tennis, folks.) They propose,
-> among other silliness, that the "certified courses" spend
-> a great deal of time teaching the ISO9000 standards. Just
-> what the wprld needs more deftless, inbred auditors. Wake
-> up, McFly!. Internal audits are not the same as
-> registration audits. Their focus is different, They do
-> things for different reasons. They just happen to use
-> many of the same techniques. If the RAB ever learns that
-> lesson, they can apply to me for certification and
-> accreditation. Boy! What did I have for breakfast today
-> that made me so grouchy?
->
-> Charley...
 
P

Patricia MB

I will be responsible soon for setting up internal "lead" and "quality auditor" training for our fledgling ISO effort so Charlie's comments were of interest. Is the gist of it that internal auditors should not be reinterpreting the ISO standards, but instead examining the systems, their use, effectiveness and the organization's compliance?

What is the minimum level of ISO knowledge needed by an internal auditor? We are currently in a QC/QA culture (gov't regulator) that focuses on periodic end-product review for QA. QC is multiple layers of review and approval that is frankly slowing us down (although we won't get rid of all of it).
 
Marc

Marc

Fully vaccinated are you?
Leader
This is a hotbed of contention. It has been a hot-topic on the ISO list-serve. Personally I see no reason for internal auditors to know schnitz about ISO or QS. The original intent was for companies to have folks verifying their internal systems and documentation (with consideration to objective evidence of compliance). The trend has been for internal auditors to consider ISO or QS compliance as they go thru - and in fact QS sorta says so.

But - read the ISO documents, including 10011 and you get "...audits to verify whether quality activities and related results comply with planned arrangements and to determine the efectiveness of the quality system."

Nowhere does it say to check your system against ISO or QS compliance.

One school in this says compliance to the ISO or QS is verified by the registrar on a regular basis - Thus there is no need to continually verify this internally. This camp of folks also point out that the Quality Manager (or equivalent) should be knowledgable enough, and be tracking closely enough, any systems changes and evaluating for non-compliance to ISO or QS. I agree with this school of thought.

The other school insists Internal Audits should check against QS or ISO compliance - but for the life of me I really don't understand what they expect to gain from this. I'll see if I can find the thread and see what the rational (if any) is.

Part of the problem is when do you stop. The ASQC is behind a movement to train and 'certify' internal auditors. I see this as purely a profit oriented effort on the part of the ASQC. But then I see a lot of this as profit oriented - Look at the AIAG. It's really just an interpretations group adding another profit link in the chain.

I seriously question what would be gained by making companies 'certify' or 'register' internal auditors. But then - I advise my clients to out-source internal audits anyway.
 
D

Don Winton

Patricia,
Mark is exactly correct. ISO 900x states in 4.17 that the purpose of internal audits is "to verify whether activities and related results comply with planned arrangements and to determine the effectiveness of the quality system." It does not state this verification is to be against any standard (forget the QS stuff unless you are going for QS. My opinion of QS 9000 is too lenghthy to go into here). The quality system is the system you have established to be in compliance, not the standard you are in compliance with. I also agree that, when practical, internal audits should be outsourced. As far as the RAB "certifying" internal auditors, I think that is just some pick-pocket scam disguised as an evolution in the process. By the way, when I train internal auditors, I train them how to audit, not what to audit against. It has worked well so far.
All for now,
Don
 
You must log in or register to reply here.
Top Bottom