Internal Auditing related to RISK

S

Shannon

#1
Hi guys :bigwave:, I have a question about questions.....

When conducting audits/assessments "what questions would need to be asked during an audit/assessment" ( related to possible risk) of the organisation".

I have listed a couple questions I would ask but as I am a novice at the moment some help would be appreciated

Q) what controls are in place to accurately identify risks acossiated with the organisations management system?

Q) does your risk management plan have controls to determine the impact of the risk or associated hazard?


I work for an organisation complying to ISO17025(2005) if this helps.

Cheers
 
Last edited by a moderator:
Elsmar Forum Sponsor
C

Chance

#2
Follow what ISO 17025 requires. If there is an internal procedure that was developed as an element to comply with ISO 17025 standard then base your audit from the procedure, if it exist.
 

dickgent

Involved In Discussions
#3
In my experience with A2LA and laboratory accreditation when they talk about risk they are referring to the risk of measurement systems being out of calibration. Is this to what you are referring?:confused:
 
S

Shannon

#4
Thanks for the comments,

RISK as referred to in ISO 31000 (effect of uncertainty on objectives)

Should have clarified this earlier

Regards,
Shannon
 

John Broomfield

Staff member
Super Moderator
#7
Thanks for the comments,

RISK as referred to in ISO 31000 (effect of uncertainty on objectives)

Should have clarified this earlier

Regards,
Shannon
Shannon,

Before auditing for effective risk management (ISO 31000) you should first ensure this is a requirement from top management, customers or regulators. Auditors cannot impose requirements or their will beyond the audit criteria sufficient to fulfill the audit objective.

If left with ISO 17025 alone, instead of auditing broadly as implied by your two questions, why not ask more specific RM questions for when you are auditing the various planning processes such as may be sampled when investigating conformity to these clauses:

4.2.7
4.11.3
4.11.5
4.12.2
4. 14.1
4.15.1
5.4.3
5.4.5.3
5.5.6
5.7
5.9.1

You could apply your FMEA knowledge and ask questions to obtain evidence of plans taking account of what could go wrong with regard for its effect (magnitude) and frequency (probability). Failure to address risks in the plan will probably yield evidence of ineffective planning.

You may well find that planning inherently address risks even if not mentioned specifically so give the auditee a chance to demonstrate effective planning.

John
 
P

Penny Riordan

#8
Hi Shannon.

Maybe by changing the verbiage a bit -

1. How have you identified the risks associated with this particular procedure/process?

2. What controls have you implemented to reduce the likelihood - or impact - of those risks?

These would be my starting questions around the topic of risk management/reduction in an area.

Hope this helps -
 
S

Shannon

#10
Andy, thanks heaps the article you provided, I thought of risk management as a whole (organisation) Where in reality to determine the risks of the organisation I should determine the risks acossiated to processes/procedures within the organization. And a way of doing this during an internal audit would be to follow as Jhon has described. Thanks Heaps Jhon it is good to have people willing to teach others.

Penny thank you for your input, as my questions where based on my idea of risk management, the questions I will provide would be based on the area at hand, not as a broad question as I stated.


Regards,
Shannon
 
Thread starter Similar threads Forum Replies Date
S Risk based internal auditing Internal Auditing 6
F AS9100D Internal auditing requirements Internal Auditing 3
R Does any here use an internal auditing tool that works on different platforms? Internal Auditing 3
W Does anyone have an API Q2 checklist for internal auditing? Oil and Gas Industry Standards and Regulations 1
blackholequasar Internal Auditing Inspiration - Getting volunteers to perform internal audits. Internal Auditing 22
W Internal Auditing carried out by a 3rd party - Review of previous audits AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 3
S Internal Auditing for API Spec Q1 - auditor qualification requirements Oil and Gas Industry Standards and Regulations 6
E Informational Internal Audits - Wear multiple hats what can and can't I audit (so I'm not auditing my own work) Internal Auditing 144
N Online Internal Auditing Course for ISO 13485 - Suggestions ISO 13485:2016 - Medical Device Quality Management Systems 8
U Internal auditing - Company employees or contract second party Internal Auditing 10
K Internal Auditing - Umbrella QMS and Multiple Standards Oil and Gas Industry Standards and Regulations 4
D Auditing Our Outsourced 2nd-3rd Party Internal Audit Company ISO 13485:2016 - Medical Device Quality Management Systems 6
G AS9101 Rev F - Worksheets for internal auditing AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 11
S ISO 13485:2016 and MDSAP internal auditing ISO 13485:2016 - Medical Device Quality Management Systems 6
S ISO 9001:2015 - Internal Auditing - Audit to the Standard? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
R Internal Auditor auditing Internal Audit Procedure (AS9100) Internal Auditing 18
M Is Automated Internal Auditing Possible? Internal Auditing 13
C Internal Auditing Requirements (ISO 9001:2008) Internal Auditing 3
L Auditing Design and Development in ISO 9001 (Internal Audit) Internal Auditing 1
sswaim Auditing Internal Laboratory Personnel for Competence General Auditing Discussions 4
K Internal Auditing a previous Nonconformance? Internal Auditing 19
P Recommended books on ISO 27001:2013 Implementation and Internal Auditing IEC 27001 - Information Security Management Systems (ISMS) 4
M Are auditing checklists required for Internal Audits? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
B ISO/TS16949 Internal Auditing - How many auditors? Internal Auditing 4
bgoers PFMEA, Internal Auditing, Corrective Action Training In Native Language (China) Training - Internal, External, Online and Distance Learning 1
Gman2 Internal Auditing Requirements before ISO 9001 Registration ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
S Auditing TS 16949 Cl. 7.6.3.1 - Internal Calibration Laboratory Requirements IATF 16949 - Automotive Quality Systems Standard 8
T ISO 9001 Internal Auditing Auditor Training in Amsterdam Training - Internal, External, Online and Distance Learning 1
S In an internal auditing desert and I'm the only one here.... AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 15
G Internal Auditing in a Multi-Site Environment ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 17
B Internal Auditing of MDD and CMDR Requirements Other Medical Device Related Standards 5
O Internal Auditing in small Engineering company ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
T Looking for a webinar on Internal Auditing General Auditing Discussions 3
R On Auditing Internal Audit Process - How Independence can be Established Internal Auditing 4
D Auditing Abroad - Internal Audits of our European Sister Companies ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 16
R Auditing a process outside the realm of the formal Internal Audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
G New to Internal Auditing - Best questions to ask? Internal Auditing 17
M Auditing the Internal Audit Process - 8.2.2 General Auditing Discussions 2
J Auditing the Internal Auditing Process - Audit Nonconformance General Auditing Discussions 3
W Internal Auditing - Observational Checklist for a Behavior Based System Internal Auditing 3
R Internal Auditing Checklist - Major NCR because the Checklist was not Completed Internal Auditing 17
V Depth of Internal Auditing and Training aspects in Research & Development (R & D) Internal Auditing 4
N Good Internal Auditing Training Courses Training - Internal, External, Online and Distance Learning 13
L Internal Auditing Reports / Documents - Design and Content Document Control Systems, Procedures, Forms and Templates 1
N Recommend internal auditing training 101 please (Tucson or Phoenix, AZ) Training - Internal, External, Online and Distance Learning 1
L Internal Auditing - How can I audit my QMS independently? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
C Internal Auditing - How to make it useful? Internal Auditing 36
K Sample Questions for Auditing Management Rep , Internal Audit and Reg. Compliance Internal Auditing 7
K More Positive Internal Auditing - Would This Work? Internal Auditing 8
M Internal Auditing of Area with Active Change Control Internal Auditing 14
Similar threads


















































Top Bottom