Internal Auditing without Internal Auditor Training

M

METerry

#21
Thanks again, Andy, and I think you're correct. I'm in good hands.
You may be interested to know that part of our efforts to streamline our systems has been to do any with what I refer to as 'ISO speak' in favor of words we regularly use. It's been remarkable to see the buy-in we get when we use terms that we intuitively understand, the "we" being everyone from the top to the bottom. Like keeping IAs focused, we have to keep ourselves focused on activities that add value.
I'm very interested in any other thoughts / suggestions / comments you or other may have.
 
Elsmar Forum Sponsor

Helmut Jilling

Auditor / Consultant
#22
Thanks again, Andy, and I think you're correct. I'm in good hands.
You may be interested to know that part of our efforts to streamline our systems has been to do any with what I refer to as 'ISO speak' in favor of words we regularly use. It's been remarkable to see the buy-in we get when we use terms that we intuitively understand, the "we" being everyone from the top to the bottom. Like keeping IAs focused, we have to keep ourselves focused on activities that add value.
I'm very interested in any other thoughts / suggestions / comments you or other may have.
As you embark on developing some materials and audit tools, I'll offer a couple thoughts.

"Training" is not required for internal auditors, per se, except perhaps for the Ford TS specific requirements, however, competency is required.

Good training is beneficial and a good quick means to get to that required competency. So, your auditor was not completely wrong to look for training, but it is not the only means.

If you want to build some audit tools, I would recommend following the model I developed for my internal auditor trainings:

Review Process Criteria and Metrics,
Inputs and Outputs
Previous audit findings and issues (CARs, etc.)
Customer Issues
Procedures, documents, instructions, flowcharts, turtles, etc.
Training, skills
audit the actual process
audit the links to other related processes

I have developed a system that leads people through that sequence, but you can do the same.

It also helps to develop a few key questions for each process, but do not allow auditors to just use those few questions. You need to do all these things to do a proper audit.
 
M

METerry

#23
Thanks for your thoughts and input.
I have no problem with having some or all of our people (or ones who may lead or participate in Internal Audits) experience good IA training. I qualify the type of training since it is possible to sign up for on-line IA training which upon completion gains a 'certificate' but, in my opinion may not be as effective as some others.
We had two people complete a five day program from a well known registrar with one passing the exams. The person who did not pass lead most of our Internal Audits - the third party auditor never asked if they passed.
The issue in this situation was our use of a consultant who couldn't document training specific to internal auditing for the current standard. This gentleman has worked at (ISO registered) companies and built and managed quality systems and has worked as a consultant with several others, including ours, to create ISO complaint systems. Recently he shared with me an audit report from one of his clients which complimented a "aggressive and effective Internal Auditing program".
One would think that the previous audits including the methodology and the same auditors determination that the audits were effective would have been reasonably enough to determine competency....
My frustration is that using a lead internal auditor who didn't pass the exam was better, according to our 3rd party auditor, than one who clearly demonstrated competency (in my opinion) but had not 'experienced' formal training specific to the standard. It occurs to me that this is one of the sorts of situations that allows an organization to satisfy the 3rd party auditor at some risk of compromising the qms.
We are planning to have people trained for Internal Auditing 'specific to the standard' and will probably include our consultant, if for no other reason, to make sure this isn't an issue in the future.
 
J

JaneB

#24
I have run into the realism that there is nothing to spare us the agony and pain of developing our own system that works for us including determining our requirements for IA, in this case, as well as methods for determining competency and pushing back, to the extent neccesary, against the EA.
Ah yes, you've got it. There is no simple cookbook, nor a 'one size fits all magic box' - you do have to create it. But I urge you not to think of it as all 'agony and pain' - the process of getting there is important - I'd say almost as important as the actual being there. Because that's one of the things that strengthens you as an organisation.

part of our efforts to streamline our systems has been to do any with what I refer to as 'ISO speak' in favor of words we regularly use. It's been remarkable to see the buy-in we get when we use terms that we intuitively understand, the "we" being everyone from the top to the bottom. Like keeping IAs focused, we have to keep ourselves focused on activities that add value.
Again yes! As you've already noticed, the more it's your system, the better, and the less you indulge in ISO speak, the better. It has to make sense to the people who do it every day, not just be written for the 2 days a year (or however many) that it's audited. A competent auditor should - indeed will - not have any trouble translating your company's language into 'ISO speak' where need be. Yes, you (or a few people) need to understand it too, obviously, but not everyone has to be beaten over thehead with it.

Re. competency, Andy's comment is a very astute one:
The concept and practicalities of how competency are demonstrated are often misunderstood by people. So, it's often easier for auditors to look for the simple things like training.
He is so right. But good auditors - really competent auditors! - know better. Stay focused on what the requirements actually ask for and what they actually say. The old version used to simply require 'training' (and didn't ask for evaluation of same, as I recall). Any auditor simply following that line is now very out of date.

One would think that the previous audits including the methodology and the same auditors determination that the audits were effective would have been reasonably enough to determine competency....
My frustration is that using a lead internal auditor who didn't pass the exam was better, according to our 3rd party auditor, than one who clearly demonstrated competency (in my opinion) but had not 'experienced' formal training specific to the standard. It occurs to me that this is one of the sorts of situations that allows an organization to satisfy the 3rd party auditor at some risk of compromising the qms.
We are planning to have people trained for Internal Auditing 'specific to the standard' and will probably include our consultant, if for no other reason, to make sure this isn't an issue in the future.
Do you need to have people trained 'specific to the Standard?' If the Standards' requirements are embedded into your system, perhaps you more need them to be trained in your system and auditing requirements... I don't know. But based on what you say, the auditor definitely sounds somewhat off-base. It could well be worthwhile asking for, and having a discussion with his technical manager/whatever they call the role - no need to challenge, more a 'hey, I'd like to understand if this is the generally accepted view of your organisation, because it seems a little off base to me' type of thing. Because I would argue strongly (with virtually every other auditor in the Cove, I think) that the intent - and the wording! - of ISO 9001 sure as hell is NOT to have someone accepted as "OK' simply because they have the training record but are NOT competent and that the Standard itself absolutely does NOT support that kinda erroneous conclusion.

Keep reminding yourself that it's your system and make it work for you. You may need to revisit how you've defined auditor competency.
 
Last edited by a moderator:

Helmut Jilling

Auditor / Consultant
#25
Thanks for your thoughts and input.
I have no problem with having some or all of our people (or ones who may lead or participate in Internal Audits) experience good IA training. I qualify the type of training since it is possible to sign up for on-line IA training which upon completion gains a 'certificate' but, in my opinion may not be as effective as some others.
We had two people complete a five day program from a well known registrar with one passing the exams. The person who did not pass lead most of our Internal Audits - the third party auditor never asked if they passed.
The issue in this situation was our use of a consultant who couldn't document training specific to internal auditing for the current standard. This gentleman has worked at (ISO registered) companies and built and managed quality systems and has worked as a consultant with several others, including ours, to create ISO complaint systems. Recently he shared with me an audit report from one of his clients which complimented a "aggressive and effective Internal Auditing program".
One would think that the previous audits including the methodology and the same auditors determination that the audits were effective would have been reasonably enough to determine competency....
My frustration is that using a lead internal auditor who didn't pass the exam was better, according to our 3rd party auditor, than one who clearly demonstrated competency (in my opinion) but had not 'experienced' formal training specific to the standard. It occurs to me that this is one of the sorts of situations that allows an organization to satisfy the 3rd party auditor at some risk of compromising the qms.
We are planning to have people trained for Internal Auditing 'specific to the standard' and will probably include our consultant, if for no other reason, to make sure this isn't an issue in the future.
The competency of internal auditors can be determined in a number of ways. Training is just one of them. The end product, the audit itself, is a much better test in my view.
 

Raffy

Quite Involved in Discussions
#26
Hi
This happen to me last year, during our Certification Audit, I don't have the formal training for TS16949, but I do have an ample experience working in an ISO/TS16949 Registered Company. Though I don't have the formal training, we were able to Passed the Certification. A BIG help on my end, is this Forum. Thanks to Marc, to all moderators and contributors in this forum sharing their knowledge and experiences, which had help me more knowledgeable in the Certification. Aside from this forum, I also outsourced reference book locally and in abroad.

Experience from a previous company will do, however there are some CB' that require traceability how do they acquire the skills for internal audit. Likewise, you have to create a system what are the requirements that will suit your requirements for internal auditor. You also need to document the experience and other informal training that you have, I think if you show competency and have satisfied the requirements of the standard, there's no way a findings will be raise.
best regards,
Raffy:cool:
 
J

JayWarner

#28
This thread is over 18 months old, but it reminded me again - don't answer the customer's direct request directly (linearly, by rote); figure out what the customer really needs first. It may save them a fair chunk of change.
 
J

JayWarner

#29
Thread starter Similar threads Forum Replies Date
S ISO 9001:2015 Internal Auditing Internal Auditing 8
A What are the pros and cons of using an audit software for internal auditing? General Auditing Discussions 7
S Risk based internal auditing Internal Auditing 6
F AS9100D Internal auditing requirements Internal Auditing 11
R Does any here use an internal auditing tool that works on different platforms? Internal Auditing 3
W Does anyone have an API Q2 checklist for internal auditing? Oil and Gas Industry Standards and Regulations 1
blackholequasar Internal Auditing Inspiration - Getting volunteers to perform internal audits. Internal Auditing 22
W Internal Auditing carried out by a 3rd party - Review of previous audits AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
S Internal Auditing for API Spec Q1 - auditor qualification requirements Oil and Gas Industry Standards and Regulations 6
E Informational Internal Audits - Wear multiple hats what can and can't I audit (so I'm not auditing my own work) Internal Auditing 149
N Online Internal Auditing Course for ISO 13485 - Suggestions ISO 13485:2016 - Medical Device Quality Management Systems 8
U Internal auditing - Company employees or contract second party Internal Auditing 10
K Internal Auditing - Umbrella QMS and Multiple Standards Oil and Gas Industry Standards and Regulations 4
D Auditing Our Outsourced 2nd-3rd Party Internal Audit Company ISO 13485:2016 - Medical Device Quality Management Systems 6
G AS9101 Rev F - Worksheets for internal auditing AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 11
S ISO 13485:2016 and MDSAP internal auditing ISO 13485:2016 - Medical Device Quality Management Systems 6
S ISO 9001:2015 - Internal Auditing - Audit to the Standard? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
R Internal Auditor auditing Internal Audit Procedure (AS9100) Internal Auditing 18
M Is Automated Internal Auditing Possible? Internal Auditing 13
C Internal Auditing Requirements (ISO 9001:2008) Internal Auditing 3
L Auditing Design and Development in ISO 9001 (Internal Audit) Internal Auditing 1
sswaim Auditing Internal Laboratory Personnel for Competence General Auditing Discussions 4
K Internal Auditing a previous Nonconformance? Internal Auditing 19
P Recommended books on ISO 27001:2013 Implementation and Internal Auditing IEC 27001 - Information Security Management Systems (ISMS) 4
M Are auditing checklists required for Internal Audits? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
B ISO/TS16949 Internal Auditing - How many auditors? Internal Auditing 4
B PFMEA, Internal Auditing, Corrective Action Training In Native Language (China) Training - Internal, External, Online and Distance Learning 1
Gman2 Internal Auditing Requirements before ISO 9001 Registration ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
S Auditing TS 16949 Cl. 7.6.3.1 - Internal Calibration Laboratory Requirements IATF 16949 - Automotive Quality Systems Standard 8
T ISO 9001 Internal Auditing Auditor Training in Amsterdam Training - Internal, External, Online and Distance Learning 1
S In an internal auditing desert and I'm the only one here.... AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 15
G Internal Auditing in a Multi-Site Environment ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 17
B Internal Auditing of MDD and CMDR Requirements Other Medical Device Related Standards 5
O Internal Auditing in small Engineering company ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
T Looking for a webinar on Internal Auditing General Auditing Discussions 3
R On Auditing Internal Audit Process - How Independence can be Established Internal Auditing 4
D Auditing Abroad - Internal Audits of our European Sister Companies ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 16
R Auditing a process outside the realm of the formal Internal Audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
G New to Internal Auditing - Best questions to ask? Internal Auditing 17
M Auditing the Internal Audit Process - 8.2.2 General Auditing Discussions 2
J Auditing the Internal Auditing Process - Audit Nonconformance General Auditing Discussions 3
S Internal Auditing related to RISK Internal Auditing 9
W Internal Auditing - Observational Checklist for a Behavior Based System Internal Auditing 3
R Internal Auditing Checklist - Major NCR because the Checklist was not Completed Internal Auditing 17
V Depth of Internal Auditing and Training aspects in Research & Development (R & D) Internal Auditing 4
N Good Internal Auditing Training Courses Training - Internal, External, Online and Distance Learning 13
L Internal Auditing Reports / Documents - Design and Content Document Control Systems, Procedures, Forms and Templates 1
N Recommend internal auditing training 101 please (Tucson or Phoenix, AZ) Training - Internal, External, Online and Distance Learning 1
L Internal Auditing - How can I audit my QMS independently? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
C Internal Auditing - How to make it useful? Internal Auditing 36

Similar threads

Top Bottom