Internal Auditor competence for ISO 14001

Q

QAQT

Hi, everyone! I have been a long time lurker of the Cove and while I used to have an account it was tied to a very old work e-mail address that I can no longer access. I have been browsing for a while on this topic and while several questions I had have already been answered I have one that I think needs individual attention.

I work in a medical device manufacturing company who is gearing up for ISO 14001 certification early next year. As I am the process owner for the internal audit process the EHS crew has come to me regarding finding someone to perform an internal audit against ISO 14001. Up until now myself and my team have been strictly QMS auditors, and while we can obtain training and be able to perform internal audits against ISO 14001 I have suggested they contract out the first EHS internal audit in order to give myself and my team time to get trained and figure out how we are going to demonstrate our proof of competency to ISO 14001. One team member has about 30 years of QMS auditing experience and I have about 15 years myself, so would a thorough training course with an exam at the end that issues a certificate be suitable enough to withstand the scrutiny of a 3rd party surveillance audit if we are able contract out our initial EHS internal audit? If not, then what sort of documentation (in your experience) has served to satisfy NB/CB auditors that the team is competent and capable? We have done well with presenting our ISO 13485 Lead Auditor certificates, but have struggled in the past with other regulations, such as CMDR, when we have done "read and understand" style training.

I appreciate the time you have taken to read my post, and your feedback!!! Thank you.
 

Randy

Super Moderator
I'm a 3rd party guy (and nothing else) and I couldn't care less about your level of environmental training as long as your audits and reporting demonstrate a good level of competency when it comes to planning & performance. There's no requirement that you be a regulatory expert, an environmental engineer or have attended some whiz bang ems auditing course. Can you determine requirements and identify objective evidence that they've been met?
 
Q

QAQT

Can you determine requirements and identify objective evidence that they've been met?
That is the issue we have recently been struggling with as a CB auditor issued a minor non-conformance regarding an experienced auditor who has read and demonstrated knowledge of a country specific regulation not having any objective evidence of what was determined to be proof of competency. The auditor had identified gaps in processes based on the written requirements of the regulation, however the 3rd party auditor wanted to call into question the validity of the entire internal audit process due to lack of proof of competency to regulations utilized as audit criteria.
 

kalehner

Involved - Posts
If your head count is under 200 my advice is to find a contractor to help with the internal audits. Find someone who also does contract audits for certification bodies that can track their accreditation up to International Accreditation Forum (IAF). These folks usually know what they are doing and you will likely get better audit(s). Larger organizations have more resources to invest in employee internal auditor competence. Smaller organizations do better to outsource.
 
Q

QAQT

Thanks, Kalehner. We are a larger organization, however the tight timeline we have in order to comply with the ISO 14001 certification does not allow adequate time for our internal people to be trained and demonstrate competency. Hench my suggestion of going ahead and contracting out the first internal audit, then we can carry out the rest on our own.
 

kalehner

Involved - Posts
I would just contract for the audit but make sure the contractor is competent to do it. You will likley waste more resources fooling around than if you just get it done.
 

Sidney Vianna

Post Responsibly
Leader
Admin
There's no requirement that you be a regulatory expert, an environmental engineer or have attended some whiz bang ems auditing course. Can you determine requirements and identify objective evidence that they've been met?
Between being an "expert" and knowing nothing, there is a huge gap. As we all know, many organizations suffer tremendously from ineffective internal audits. What makes an internal auditor competent is something that is highly subjective.

On the issue of knowledge of environmental regulations, I believe, just like in the quality discipline, internal auditors have to have SOME understanding of the regulations; not expert level knowledge, but SOME knowledge; otherwise, the system might have some massive holes and the internal auditor would NEVER be able to identify it.
 

Randy

Super Moderator
That is the issue we have recently been struggling with as a CB auditor issued a minor non-conformance regarding an experienced auditor who has read and demonstrated knowledge of a country specific regulation not having any objective evidence of what was determined to be proof of competency. The auditor had identified gaps in processes based on the written requirements of the regulation, however the 3rd party auditor wanted to call into question the validity of the entire internal audit process due to lack of proof of competency to regulations utilized as audit criteria.

OK very big question... Was the internal audit ,and from the sound of it your 3rd party audit, a regulatory compliance audit or was it a management system audit? 2 totally different worlds.

Knowing CB auditors like I do and based on what I've seen over a long period of years, one of them questioning regulatory competence is almost funny and sad at the same time because a majority of them have no 1st hand experience managing environmental regulatory compliance. Historically auditors have come from the quality arena, they've taken an environmental lead course, they've been given or taken some "charm school" environmental courses and then wham, bam, through the processes defined by IAF & ANAB or whoever they're sprinkled with chicken blood or stump water and become Lead Auditors....I know because as some here can attest to, I taught those environmental lead auditor courses by the dozens on top of dozens and then some of the "charm school - gee whiz" environmental specific stuff that comes from the need to meet 40CFR and a dozen other environmental regulatory generators.

I've seen very good, in fact extremely well conducted EMS, OHS and QMS audits where the auditor wasn't any kind of SMO or even close to one, competency was demonstrated through performance and output of the individual.

A very serious problem with outsourcing (and I've done contracted internal audits) is that many of the persons that do them don't know the real distinction between a regulatory compliance audit and a management systems conformance audit, so system requirements wind up taking a back seat to the regulatory fu-fu, that when I come in wearing my big bad CB 3rd party auditor hat, the potential for me to have a field day is presented to me like a big bowl of juicy warm blackberry cobbler with ice cream...I'm gonna dig in....And I have!

The only real correct way to do anything is to figure out what works for you in meeting whatever obligations you need to meet, and if your CB dude says or indicates that he's not happy, show him the door because his happiness, wishes, dreams, and hopes are not part of equation that you're paying dearly for.
 

kalehner

Involved - Posts
when I come in wearing my big bad CB 3rd party auditor hat, the potential for me to have a field day is presented to me like a big bowl of juicy warm blackberry cobbler with ice cream...I'm gonna dig in....And I have!

One of the important competencies that auditors must poses are personal behaviors. Auditors displaying the behavior describe above should be sorted from the flock by the CB. That is why I recommend looking for someone actively contract auditing for an accredited CB.

Quoting ISO 19011:2018...

7.2.2 Personal behaviour
Auditors should possess the necessary attributes to enable them to act in accordance with the principles of auditing as described in Clause 4. Auditors should exhibit professional behaviour during the performance of audit activities. Desired professional behaviours include being:
a) ethical, i.e. fair, truthful, sincere, honest and discreet;
b) open-minded, i.e. willing to consider alternative ideas or points of view;
c) diplomatic, i.e. tactful in dealing with individuals;
d) observant, i.e. actively observing physical surroundings and activities;
e) perceptive, i.e. aware of and able to understand situations;
f) versatile, i.e. able to readily adapt to different situations
g) tenacious, i.e. persistent and focused on achieving objectives;
h) decisive, i.e. able to reach timely conclusions based on logical reasoning and analysis;
i) self-reliant, i.e. able to act and function independently while interacting effectively with others;
j) able to act with fortitude, i.e. able to act responsibly and ethically, even though these actions may not always be popular and may sometimes result in disagreement or confrontation;
k) open to improvement, i.e. willing to learn from situations;
l) culturally sensitive, i.e. observant and respectful to the culture of the auditee;
m) collaborative, i.e. effectively interacting with others, including audit team members and the auditee’s personnel
 

Randy

Super Moderator
One of the important competencies that auditors must poses are personal behaviors. Auditors displaying the behavior describe above should be sorted from the flock by the CB. That is why I recommend looking for someone actively contract auditing for an accredited CB.

Quoting ISO 19011:2018...

7.2.2 Personal behaviour
Auditors should possess the necessary attributes to enable them to act in accordance with the principles of auditing as described in Clause 4. Auditors should exhibit professional behaviour during the performance of audit activities. Desired professional behaviours include being:
a) ethical, i.e. fair, truthful, sincere, honest and discreet;
b) open-minded, i.e. willing to consider alternative ideas or points of view;
c) diplomatic, i.e. tactful in dealing with individuals;
d) observant, i.e. actively observing physical surroundings and activities;
e) perceptive, i.e. aware of and able to understand situations;
f) versatile, i.e. able to readily adapt to different situations
g) tenacious, i.e. persistent and focused on achieving objectives;
h) decisive, i.e. able to reach timely conclusions based on logical reasoning and analysis;
i) self-reliant, i.e. able to act and function independently while interacting effectively with others;
j) able to act with fortitude, i.e. able to act responsibly and ethically, even though these actions may not always be popular and may sometimes result in disagreement or confrontation;
k) open to improvement, i.e. willing to learn from situations;
l) culturally sensitive, i.e. observant and respectful to the culture of the auditee;
m) collaborative, i.e. effectively interacting with others, including audit team members and the auditee’s personnel

Yeah, but that's kinda like the "Pirates Code"....A guide and CB auditors fall under ISO 17021
 
Top Bottom