Internal Auditor lack of Competence

John Broomfield

Staff member
Super Moderator
#51
Re: Internal Auditor lack of Competence.

We have to agree to disagree there. :nope: Internal Audit especially; is not Inspection; not even in its widest term of "Appraisal".

(Since you raised the subject :- Not that time served has any descriptive value; but I too have been Auditing since 79, am a licensed training provider to the German Society for Quality (and hence the European Organization for Quality) as well as for a number of other National & Tertiary organizations.) but as I said experience is overrated compared to current competence!

Whilst training, we make absolute and specific emphasis that Auditing is NOT Inspection as that approach is totally non-productive. I know of no Training (including IRCA and RAB) or other material that infers that it is.

The system of course MUST NOT depend on EXTERNAL Auditors, Thank God. :sarcasm:.

To use your model however, any potential weakness (not non-conformance) in the QMS must result from an inefficiency in the QMS and therefore must result in a non-conformance.

How can this be? when Internal Auditing is part of that very QMS and by inference is part of the improvement (prevention) Process?

Based on your comments, I assume you "never" make any comment other than comply or not comply. I know of not a single reputable CB who promotes that approach from its Auditors.:magic: but am always willing to learn from my peers.
Richard,

Audit is classified as an appraisal activity in quality costing just like inspection which is why I referred you to the British Standard (I am sorry for not knowing the Australian equivalent).

Agreed, audit is productive whereas sorting good products from bad is not.

The PDCA improvement cycle does not need audit. Much of what the internal auditor does is specified by the process monitoring requirement (clause 8.2.3). Process monitoring should be more frequent and happens a long time before internal audit. Occasionally the Management Rep can verify conformity of the system with the system standard to complete the 8.2.2 requirement.

Since you ask, my audit reports answer the question posed by each audit's objective. If the audit client wants advice then I document this in the audit objective so the auditee is fully aware. Before providing advice, and if I have the time, I investigate why the system did not make the improvement obvious to the auditee before the audit. Yes, my questions and my report (may be even a CAR) invoke action to strengthen the system. It also stops the auditees from relying on the auditors to rescue their system.

Do you see "with advice" documented in the audit objectives where the corresponding audit reports are full of OFI's (some instead of nonconformity reports!)?

Perhaps if the internal auditors documented "with advice" in the audit objectives of their audit plans they know their CB would pull their certification for a lack of impartiality, objectivity and independence (per the ISO 9000 definition of audit - a normative standard to ISO 9001).

Also if the CBs documented "with advice" in the audit objectives of their audit plans they know their accreditation agency would pull their accreditation.

Strictly speaking advising is not auditing (because of the unknown audit criteria - see below) and the audit clients have a right to get what they have paid for.

Advice comes from unknown audit criteria. Auditees need to know the audit criteria and these days auditors document the audit criteria in the audit plan delivered to the auditee before the audit.

I am sure you will agree that we must not go back to the old-days when auditors would wander around the auditee's facility offering their opinions (based on unknown audit criteria) rather like the seagulls from head office?

John
 
Elsmar Forum Sponsor
R

Richard Pike

#52
Re: Internal Auditor lack of Competence.

Richard,

Audit is classified as an appraisal activity in quality costing just like inspection which is why I referred you to the British Standard (I am sorry for not knowing the Australian equivalent).

Agreed, audit is productive whereas sorting good products from bad is not.

The PDCA improvement cycle does not need audit. Much of what the internal auditor does is specified by the process monitoring requirement (clause 8.2.3). Process monitoring should be more frequent and happens a long time before internal audit. Occasionally the Management Rep can verify conformity of the system with the system standard to complete the 8.2.2 requirement.

Since you ask, my audit reports answer the question posed by each audit's objective. If the audit client wants advice then I document this in the audit objective so the auditee is fully aware. Before providing advice, and if I have the time, I investigate why the system did not make the improvement obvious to the auditee before the audit. Yes, my questions and my report (may be even a CAR) invoke action to strengthen the system. It also stops the auditees from relying on the auditors to rescue their system.

Do you see "with advice" documented in the audit objectives where the corresponding audit reports are full of OFI's (some instead of nonconformity reports!)?

Perhaps if the internal auditors documented "with advice" in the audit objectives of their audit plans they know their CB would pull their certification for a lack of impartiality, objectivity and independence (per the ISO 9000 definition of audit - a normative standard to ISO 9001).

Also if the CBs documented "with advice" in the audit objectives of their audit plans they know their accreditation agency would pull their accreditation.

Strictly speaking advising is not auditing (because of the unknown audit criteria - see below) and the audit clients have a right to get what they have paid for.

Advice comes from unknown audit criteria. Auditees need to know the audit criteria and these days auditors document the audit criteria in the audit plan delivered to the auditee before the audit.

I am sure you will agree that we must not go back to the old-days when auditors would wander around the auditee's facility offering their opinions (based on unknown audit criteria) rather like the seagulls from head office?

John
Sorry -you have lost me! Nobody mentioned "advice". :mg: We are now going in a different direction as nobody here would accept auditors giving "advice".

I would find it very difficult to criticize an Organization for no prior discovery of a potential weakness that my audit emphasis (as per the audit scope & plan) discovered, especially on an Internal Audit.

Note_ a common scope for Internal Audits is precisely to evaluate for improvement.

If the system is effective and efficient under observed (or historical) conditions - end of story. The Auditor would be crazy (and unethical) to suggest a "better" way!

If however the Auditor suggests that under other (probable & realistic) conditions, the system may not hold up, then it is there duty to report this - as an opportunity for potential improvement.

Anyway we have to agree to differ - thanks for the discussion!
 

Jim Wynne

Staff member
Admin
#53
Re: Internal Auditor lack of Competence.

Corsair,

No part of the system should depend on the audit process for its effectiveness or conformity. This also applies to CBs. In no way are they meant to give their certification clients "a road map for compliance". That would make them partial and diminish the value of their certificate.

All auditors should report independently on the successes of the system and the problems in the processes that have been ignored or escaped monitoring (remember clause 8.2.3?) by operators and their supervisors, managers, directors, vice presidents and the president!

The auditees are meant to be the experts in their system and how its use and improvement fulfills requirements. They should not be relying on auditors to tell them what is wrong with their system.

From what you've posted above it seems that you expect the auditors to make up for the auditees made incompetent by their system.

Kindly explain why any organization should be relying on its auditors to solve "real quality issues with its customers". Instead of waiting for an auditor the organization should be using its system to address these issues if not proactively then reactively.

John
I think what might be the issue here (and the reason that you and Mr. Pike seem to be talking past one another) is that hypotheticals have degenerated into false dichotomies. The fact that an internal auditor might provide insight doesn't necessarily mean that someone is "...relying on auditors to tell them what is wrong with their system." Internal auditors are an integral part of the system; they don't exist outside of it.

As for CB auditors, the working hypothesis should be that the system is in compliance with the standard (which is the tacit assertion of the auditee). The objective of the audit should be to sample and assess objective evidence in support of the hypothesis, and determine whether or not the evidence does support the hypothesis. Nothing more, nothing less.

This whole murky idea of "adding value" is the result of competition between CBs. DNV, for example, offers something called "Risk Based Certification," which is nothing more than adding consulting to the standard CB audit:
We add value to the general approach offered through certification to international standards by inviting management to identify the issues of greatest concern. The identified focus areas receive specific attention during the next audit. In this way, we can tailor audits to focus on what is most important to your business while checking compliance with the elected standard.
It seems like "checking compliance" is an afterthought.

Not to be outdone, BSI jumps on the "adding value" bandwagon:
Improve your business performance, create value with sustainable practices and manage risk effectively through management systems assessment from one of the world's leading certification bodies.
Someone needs to explain to me how certification services that go beyond verification of compliance is not consulting. It seems to me that even the pretense of objectivity is lost in these marketing battles, and it doesn't seem to be a problem to the ABs.

I want a CB auditor to verify compliance. If I feel the need for outside help in developing the system, I'll hire a consultant. I want internal auditors to (a) verify that processes are operated according to internal requirements (with the understanding that processes are designed to be compliant with the standard) and (b) actively seek out opportunities and help people to do a better job. This does not mean that I don't expect everyone else to actively participate in making things better.
 
C

Corsair

#54
Excellent obsevation Jim.

O.K John, I like the term "Customer Satisfaction" we all are in business because of that.

Management Review (regardless on how many times is review it) supposed to evaluate all the recommendations / findings etc, for the QMS that the organization put in place.

This will be in a perfect world,we all know that every organization is different.In the organization that I work for, the QMS is broken, part of the blame is because the internal audit is not efficient enough and lacks competence.

The real issue is that top management don't see it or don't want to see it. What I am trying to link here is the inefficiency of the system called top management or auditing.
 

John Broomfield

Staff member
Super Moderator
#56
Excellent obsevation Jim.

O.K John, I like the term "Customer Satisfaction" we all are in business because of that.

Management Review (regardless on how many times is review it) supposed to evaluate all the recommendations / findings etc, for the QMS that the organization put in place.

This will be in a perfect world,we all know that every organization is different.In the organization that I work for, the QMS is broken, part of the blame is because the internal audit is not efficient enough and lacks competence.

The real issue is that top management don't see it or don't want to see it. What I am trying to link here is the inefficiency of the system called top management or auditing.
Corsair,

I wish you well with removing the root causes of the leadership problems.

Some questions:

  1. Could you train one or more of your leaders to be internal auditors?
  2. Do the leaders value/respect their system because it helps everyone to add value quickly (while converting the needs into cash in the bank)?
  3. Do the leaders understand their system and explain its importance, obligations and benefits to the employees?
  4. Do the leaders take the blame when the system does not work?
...the answers may help way beyond fixing the audit process.

John
 
C

Corsair

#59
I have to add that the organization did not approach these problems in time. Now that we are under investigation by ANAB and under scrutiny by the FAA for lack of compliance believe me they are getting the message.

No need to go to these extremes.
 

John Broomfield

Staff member
Super Moderator
#60
I have to add that the organization did not approach these problems in time. Now that we are under investigation by ANAB and under scrutiny by the FAA for lack of compliance believe me they are getting the message.

No need to go to these extremes.
Corsair,

Agreed, also a wonderful opportunity to improve leadership of the system so it does not depend on its auditors.

John
 
Thread starter Similar threads Forum Replies Date
J IATF 16949 Internal Audit question - Auditor's responsibility Internal Auditing 6
V Internal Auditor Competency KPI IATF 16949 - Automotive Quality Systems Standard 14
B Internal Auditor Competency - Product Auditors Internal Auditing 9
U Internal Auditor not trained but done Audit for some process Nonconformance and Corrective Action 5
M Tips on preparing for IATF 16949 Internal Lead Auditor exam Manufacturing and Related Processes 1
S ISO 13485 Lead Auditor - Debate between our Quality Team and Regulatory Auditor - Internal Auditor Training ISO 13485:2016 - Medical Device Quality Management Systems 17
B Internal and external auditor competency to CSR's IATF 16949 - Automotive Quality Systems Standard 20
D Impartiality of Internal Auditor ISO 9001/13485 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
M IATF 16949 7.2.3 Internal Auditor Competency - Trainer's competency Internal Auditing 7
C Recommendations for UK-based ISO 13485 internal auditor training ISO 13485:2016 - Medical Device Quality Management Systems 1
A External Auditor issue with Internal Audits Internal Auditing 7
Q Internal Auditor competence for ISO 14001 ISO 14001:2015 Specific Discussions 11
S IATF 16949: Is "Certified" Internal Auditor mandatory? IATF 16949 - Automotive Quality Systems Standard 9
S Internal Auditing for API Spec Q1 - auditor qualification requirements Oil and Gas Industry Standards and Regulations 6
J Your opinion on the better training org for IATF16949 Internal auditor and Lead Auditor IATF 16949 - Automotive Quality Systems Standard 3
Q Internal Auditor Training requirements for ISO 14001:2015 ISO 14001:2015 Specific Discussions 5
E Informational I would like to get some Internal Auditor Training Internal Auditing 31
Q What is the difference between normal and licensed internal auditor? VDA Standards - Germany's Automotive Standards 9
J IATF 16949 CAR - Internal Auditor Requirements IATF 16949 - Automotive Quality Systems Standard 15
A ISO 13485 - Internal Auditor Independence and Process Owners ISO 13485:2016 - Medical Device Quality Management Systems 3
Q AS 9100D internal auditor training requirements Internal Auditing 16
A Other Discussion Boards - Internal Auditor Coffee Break and Water Cooler Discussions 5
E Online training for an internal auditor to AS9120B AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
Q Internal Auditor Trainer's Requirement Internal Auditing 4
D IATF 16949 - Internal Auditor Training/Certification Requirements Training - Internal, External, Online and Distance Learning 2
R Internal Auditor vs. Public Accountant - Accounting Student Needing Help Career and Occupation Discussions 4
C IATF 16949 Cl. - 7.2.3 Internal Auditor Competency IATF 16949 - Automotive Quality Systems Standard 1
C IATF 16949:2016 Cl. 7.2.3 Internal Auditor Competency Requirements IATF 16949 - Automotive Quality Systems Standard 39
Q IATF 16949 Cl. 7.2.3 - Internal Auditor Competency and Records IATF 16949 - Automotive Quality Systems Standard 5
R Internal Auditor auditing Internal Audit Procedure (AS9100) Internal Auditing 18
Q How can an Internal Auditor Trainer's Competency be Evaluated - IATF 16949 Cl. 7.2.3 IATF 16949 - Automotive Quality Systems Standard 10
H ISO/IATF Internal Auditor Recommendations For Manufacturer In California, USA Internal Auditing 3
Casana 2nd Party and Internal Auditor Qualifications & Training IATF 16949 - Automotive Quality Systems Standard 13
P Problem with IATF 16949 Clause 7.2.3 Requirements (Internal Auditor Competency) IATF 16949 - Automotive Quality Systems Standard 3
B Competency of Trainer for Internal Auditor Training (IATF 16949) IATF 16949 - Automotive Quality Systems Standard 11
C ISO 13485:2016 - Internal Auditor Training vs. Lead Auditor Training Training - Internal, External, Online and Distance Learning 4
J Dinged on Internal Audits for supervising an auditor I was training Internal Auditing 10
M Internal Auditor --> Licence needed? Internal Auditing 6
V Internal Auditor Training Documents and PPT Document Control Systems, Procedures, Forms and Templates 5
V Internal Auditor Training Documents and PPT Internal Auditing 3
V Certified Internal auditor is necessary? ISO 9001 requirement? Quality Management System (QMS) Manuals 4
D Can the Plant Manager be our ISO Representative and an Internal Auditor? Internal Auditing 26
M ISO 13485 Audit Questions - Internal Auditor Training and other Requirements ISO 13485:2016 - Medical Device Quality Management Systems 10
M Questions about AS9100 Internal Auditor Training AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 14
R Can a external auditor raise a finding that is already identified in Internal Audit ? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
P Can internal ISO 17025 Auditor conduct ISO 9001 Audit ISO 17025 related Discussions 7
P Internal Auditor Training - Audit exercises Internal Auditing 5
D Training Material for Internal Auditor Requirements Training - Internal, External, Online and Distance Learning 4
U TS16949 Internal Auditor Training - Is On-line training OK? Training - Internal, External, Online and Distance Learning 1
F Internal Audit quiz - Auditor Qualifications and Requirements Internal Auditing 34

Similar threads

Top Bottom