Internal Auditor auditing Internal Audit Procedure (AS9100)

[Rocket27]

Hi,

In our company's policy, we have an Internal Auditing Procedure. Now, the custodian of this procedure is the Management Representative. So is it acceptable to have an internal auditor audit the Management Representative, even though it's still an internal auditor auditing Internal Audits? I know that all sounds confusing, but we were told Internal Auditors cant audit Internal Auditing, but how would go about that then? Or is it acceptable given that the owner of the procedure is the Management Representative and he is not auditing himself?


Thanks for any help you can give!

 

[howste]

Re: Internal Auditor auditing Internal Audit Procedure

What standard(s) are you auditing? Nothing says that an internal auditor can't audit internal audits. They can audit other auditors' work, but shouldn't audit their own work.

 

[markl368]

Re: Internal Auditor auditing Internal Audit Procedure

Ran into this with our registrar, too! As Hoste says, we made sure that the internal auditor checking our Internal Audit procedures specifically looked at audits where they had not been part of the audit team. If you're a small part of a larger company, have an internal auditor from a sister company audit your internal audit process.

 

[Rocket27]

Re: Internal Auditor auditing Internal Audit Procedure

We are AS9100C going to Rev. D.

Our Instructor for AS9100 Rev. D had mentioned not having an internal auditor auditing internal audits.

 

[howste]

Re: Internal Auditor auditing Internal Audit Procedure

We are AS9100C going to Rev. D.

Our Instructor for AS9100 Rev. D had mentioned not having an internal auditor auditing internal audits.

AS9100 says:

The organization shall... select auditors and conduct audits to ensure objectivity and the impartiality of the audit process...

Rev C also said:

Auditors shall not audit their own work.

But this has been removed in Rev D.

It was acceptable for internal auditors in AS9100 Rev C to audit internal audits, and it still is acceptable in Rev D.

 

[Rocket27]

Re: Internal Auditor auditing Internal Audit Procedure

AS9100 says:

Rev C also said:

But this has been removed in Rev D.

It was acceptable for internal audits in AS9100 Rev C to audit internal audits, and it still is acceptable in Rev D.

Thank you so much for your help and your quick reply!!

 

[Mike S.]

We were told by our AS9100 registrar auditor - and it was backed-up by a TC176 member I asked -- that we have to have one internal auditor whose only audit is the Internal Audit Program.

I argued strongly against this but was overruled.

YMMV

 

[howste]

We were told by our AS9100 registrar auditor - and it was backed-up by a TC176 member I asked -- that we have to have one internal auditor whose only audit is the Internal Audit Program.

I argued strongly against this but was overruled.

YMMV

I agree with you that this is ludicrous. If the authors of the standard wanted one auditor whose only job is to audit the internal audits it would have been very easy for them to plainly state that in the standard. I taught accredited AS9100 lead auditor courses for 10 years without ever teaching that, and conducted ICOP AS9100 audits for longer than that without ever interpreting it that way. If I was wrong I would hope that someone would have corrected me.

 

[Big Jim]

Sometimes it just takes a while for people to really catch on to changes. They just won't let go.

Keep in mind that you still need to ensure that you "select auditors and conduct audits to ensure objectivity and the impartiality of the audit process" (9.2.2c)

Being able to audit your own work and still stay objective and impartial would require a high level of integrity of the auditor as well as the culture of the organization. It can't be done in some organizations and could be in others. At least that's my perspective. I would think that an auditor would need more than just quoting 9.2.2c to call it a nonconformance.

To get around the problem of who can audit the internal audit in the past, I have seen a checklist developed and a member of top management trained on how to use it. There is no reason that you could not continue to do the same.

 

[QualityPolice]

Hello, first time posting on here. We were also told in our company that the person responsible for performing the internal audit should be independent of regular quality functions. In our case this is a former member of the "quality team" (comprised currently of ICAR specialist, quality manager, 2 quality engineers, and general product auditors) she is now employed in program management/ customer relations but receives the same training on the standards as the rest of us and is not part of any other audits during the year except the internal audit. We are currently AS9100 AND ISO 13485 certified.