Internal Auditors shall not audit their own work?

T

Tara Monson

#11
Our internal audit team consists of members from different departments. The ones from outside QA are used to audit QA activities. :)

It's not a perfect system, since they are not quite as prepared...being this is just part of their job, not their entire function. But it works for us, and you'd be surprised how many things an outside eye can find!

It works very well for us and it does not cost money. We also do an internal training of our auditors.
 
Elsmar Forum Sponsor

Marc

Hunkered Down for the Duration with a Mask on...
Staff member
Admin
#12
If you touched it, you can't audit it. If others also do calibrations, then it would make sense for you to do the audit to see if they followed the process (because you should know what you are looking for) and as long as you remain unbiased...
I'll go along with that to some degree. If (per your calibration example) you are auditing the calibration system and/or its processes and you are involved in that system/process, you can not audit it. If you only audit the other people in the system/process, someone still has to audit you. It would be a bit of a stretch to say "I audited the calibration procedure by auditing 4 out of 10 people who do that. I left myself out as auditing is taking a sample." What are your thoughts on that?

I stand by
<snip> Essence: You can not audit what you do. <snip>
 

insect warfare

QA=Question Authority
Trusted Information Resource
#13
I'll go along with that to some degree. If (per your calibration example) you are auditing the calibration system and/or its processes and you are involved in that system/process, you can not audit it. If you only audit the other people in the system/process, someone still has to audit you. It would be a bit of a stretch to say "I audited the calibration procedure by auditing 4 out of 10 people who do that. I left myself out as auditing is taking a sample." What are your thoughts on that?
I would like to add that I believe the act of auditing has been (and will continue to be) a sampling activity that, if done right, will produce reasonable conclusions most of the time. And it is not just people that are to be sampled - inputs, outputs and all existing resources that support the process are all subject to sampling, in order to paint the picture of effectivity. The balancing act (which can be difficult for some to comprehend) is to remain impartial and to not damage the credibility of the audit program itself.

Brian :rolleyes:
 

Marc

Hunkered Down for the Duration with a Mask on...
Staff member
Admin
#14
I surely won't argue that, but after over 20 years of dealing with auditors what they will allow (how they will interpret something) I have seen ma lot of "discussions" over that.

And I fully understand, and agree with, the sampling aspect. But then again - Ask any auditor for a rational (based in statistics) for their sample size and my bet is you'll get a blank stare while they think about it. Take purchase orders. Let's say a company has 5,000 purchase orders. How does the auditor determine what is a *statistically correct* sample size?
 
T

TigerLilie

#15
From what I have seen sampling can be regimented, as in mathematically based, or more lax. For example, our ISO-9001 auditor does not really delve into how we sample for audits. However when we had to write a Government Property procedure and get it approved, the DCMA rep was very specific in what he considered appropriate sampling procedures. In certain instances he wanted us to use a double sampling plan. So if the lot range was 19-50 the sample size would be 18. If there was one defect, we would need another sample and so on. To get these samples, we'd have to use randomizer.com, to ensure they were truly random. I won't even get into judgment sampling and purposeful sampling!
 

John Broomfield

Staff member
Super Moderator
#16
Marc,

My sample of your 5,000 purchase orders (since the last audit) would be 30 for a variety of quality critical items and from a variety of different originators (excluding mine of course!).

I recommend these rules of thumb:

  • Small population = sample 3
  • Medium population = sample 10
  • Large population = sample 30
Use your judgment on magnitude of population.

I have found auditees are confident enough to accept any findings from such a sampling plan. But as an auditor you can always ask them if they'd like a larger sample.

John
 

insect warfare

QA=Question Authority
Trusted Information Resource
#17
I surely won't argue that, but after over 20 years of dealing with auditors what they will allow (how they will interpret something) I have seen ma lot of "discussions" over that.

And I fully understand, and agree with, the sampling aspect. But then again - Ask any auditor for a rational (based in statistics) for their sample size and my bet is you'll get a blank stare while they think about it. Take purchase orders. Let's say a company has 5,000 purchase orders. How does the auditor determine what is a *statistically correct* sample size?
I guess I would answer that as "the rationale used typically depends on a combination of the auditor itself and the industry in which they operate". For those who could get away with more relaxed procedures in a lower-risk industry, the concept of representative sampling (a random sample that is a good indicator of the accuracy of items in a given process) would be appropriate. But the more gradually an industry's audit practices rely on statistical significance to produce reasonable conclusions, the rationale obviously has to change for it to avoid as much scrutiny as possible.

Either way you slice it, there will always be an element of subjectivity that can never be truly eliminated 100%. That, of course, is the human element.

Brian :rolleyes:
 
#18
Marc,

My sample of your 5,000 purchase orders (since the last audit) would be 30 for a variety of quality critical items and from a variety of different originators (excluding mine of course!).

I recommend these rules of thumb:

  • Small population = sample 3
  • Medium population = sample 10
  • Large population = sample 30
Use your judgment on magnitude of population.

I have found auditees are confident enough to accept any findings from such a sampling plan. But as an auditor you can always ask them if they'd like a larger sample.

John
I'd suggest that this is a typically external audit model when the audit criteria are "ISO 9001" and "Purchasing" and nothing else is provided. For an internal audit, it's not much help to management and doesn't take into consideration why management would want an audit of a process...

Before we can consider WHAT the auditor is going to look at you have to consider WHY they are doing the audit - which takes us back to "status and importance" and, then to "scope" and "criteria". These are points which are regularly overlooked in auditor training - since the model is frequently based on an external audit, where wide ranging scopes -"the QMS" and criteria "ISO" are used, instead of a more narrowly focused internal audit - something which possesses a "status" (risk) and "importance" (customer, regs or $$) impact. ONLY when these have been clearly defined can any internal auditor evaluate the process with any certainty of providing a result/report that management can address.
 
Last edited:

Marc

Hunkered Down for the Duration with a Mask on...
Staff member
Admin
#19
Marc,

My sample of your 5,000 purchase orders (since the last audit) would be 30 for a variety of quality critical items and from a variety of different originators (excluding mine of course!).

I recommend these rules of thumb:

  • Small population = sample 3
  • Medium population = sample 10
  • Large population = sample 30
Use your judgment on magnitude of population.

I have found auditees are confident enough to accept any findings from such a sampling plan. But as an auditor you can always ask them if they'd like a larger sample.

John
I guess I would answer that as "the rationale used typically depends on a combination of the auditor itself and the industry in which they operate". For those who could get away with more relaxed procedures in a lower-risk industry, the concept of representative sampling (a random sample that is a good indicator of the accuracy of items in a given process) would be appropriate. But the more gradually an industry's audit practices rely on statistical significance to produce reasonable conclusions, the rationale obviously has to change for it to avoid as much scrutiny as possible.

Either way you slice it, there will always be an element of subjectivity that can never be truly eliminated 100%. That, of course, is the human element.

Brian :rolleyes:
My sole point is sample size during audits are typically not based upon statistically defined sampling plans. "Rule of Thumb" is OK, but it doesn't mean it's statistically valid per a specific sampling plan.

As to situations like Government Property (government contract work in general, actually), that's a whole different ball game. I cut my teeth in quality in the 1980's working in a company doing DoD work in high reliability electronic systems for aerospace and naval equipment (with a bit of work in the manufacture of munitions). You could count on valid statistical sampling plans being a requirement.

Since we're WAY off the thread topic, for more discussion on Sampling and Sample Size in Audits, let's take that to this thread: Determination of Sample Sizes when Auditing
 

John Broomfield

Staff member
Super Moderator
#20
I'd suggest that this is a typically external audit model when the audit criteria are "ISO 9001" and "Purchasing" and nothing else is provided. For an internal audit, it's not much help to management and doesn't take into consideration why management would want an audit of a process...

Before we can consider WHAT the auditor is going to look at you have to consider WHY they are doing the audit - which takes us back to "status and importance" and, then to "scope" and "criteria". These are points which are regularly overlooked in auditor training - since the model is frequently based on an external audit, where wide ranging scopes -"the QMS" and criteria "ISO" are used, instead of a more narrowly focused internal audit - something which possesses a "status" (risk) and "importance" (customer, regs or $$) impact. ONLY when these have been clearly defined can any internal auditor evaluate the process with any certainty of providing a result/report that management can address.
Andy,

Agreed, choosing to sample anything is determined by the audit objective.

And the audit objective for an internal audit should come from top management.

John
 
Thread starter Similar threads Forum Replies Date
V The organization shall have internal auditors - 8.2.2.5 - Internal auditors IATF 16949 - Automotive Quality Systems Standard 6
B Internal Auditor Competency - Product Auditors Internal Auditing 9
I What direction do you provide your internal auditors on OFIs? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 38
M CB and Internal auditors most common nonconformities against AS9100D AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 16
C Selecting potential internal auditors Internal Auditing 3
J ISO 9001 Competency - Forklift License and Internal Auditors ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
S Is it a Finding if all Internal Auditors are from the Quality Department? Internal Auditing 18
B ISO/TS16949 Internal Auditing - How many auditors? Internal Auditing 4
D Number of Internal Auditors Best Practice Quality Manager and Management Related Issues 18
T Qualification System of Internal Auditors is not Effective General Auditing Discussions 5
J Wanting to Train our Internal Auditors Ourselves Internal Auditing 7
Q Qualified Internal Auditors for AS9100 AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 37
R Should internal auditors be compulsorily certified as internal auditors ? Internal Auditing 11
W Is formal training required for Internal Auditors? Internal Auditing 7
K Auditor Objects to List of Internal Auditors General Auditing Discussions 6
S Training Requirements for ISO 9001 Internal Auditors Internal Auditing 6
S Must I document qualification(s) or qualification process for Internal Auditors? IATF 16949 - Automotive Quality Systems Standard 10
kedarg6500 How to Motivate Internal Auditors General Auditing Discussions 50
Sidney Vianna Why are GOOD Internal Auditors so hard to find? Internal Auditing 35
A How to Audit an Internal Audit and Internal Auditors Internal Auditing 34
M Internal Auditing Problems that Auditors Face Internal Auditing 16
E Training Our Internal Auditors on the Core Tools Training - Internal, External, Online and Distance Learning 10
M Typical requirements for Internal Audit Lead Auditors Internal Auditing 5
A Auditing the Internal Auditors and Management Review Internal Auditing 5
V Quick ISO 9001 Presentation for Internal Quality Auditors team needed ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
A Who to decide and select Internal Auditors and what are the criteria? Internal Auditing 18
T Volkswagen Requirements for Internal Auditors Internal Auditing 3
S Motivation for IQA (Internal Quality Audit) Auditors ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 33
Howard Atkins Are we Training Internal Auditors Correctly Internal Auditing 22
C Objective Evidence of Internal Auditors having Audit Clause 4.1. ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 20
Z Should we recertify our internal auditors as we transitioned to ISO 9001:2008? Internal Auditing 1
E Internal audit checklist for beginner auditors Internal Auditing 3
A Internal auditors independence & integrity Internal Auditing 9
M Do Internal Auditors need to be Trained? Internal Auditing 10
S Internal Auditors required to be certified to VDA 6.3 by a 3rd party VDA Standards - Germany's Automotive Standards 21
Q Retraining Internal Auditors for ISO9001:2008 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
D Dedicated (full time) vs. non-dedicated QMS Internal Auditors General Auditing Discussions 14
J The 5 Core Tools Training for Internal Auditors IATF 16949 - Automotive Quality Systems Standard 16
I Can MR train Internal Auditors & any Training required for such a 'Trainer'? Training - Internal, External, Online and Distance Learning 8
B Internal Audit Training Material to Train Internal Auditors for ISO9001:2000 Internal Auditing 28
D Contracted Internal Auditors - Outsourcing Internal Audits Internal Auditing 14
H Internal / External Auditors from the same Field / Section / Group? Internal Auditing 2
M Auditor Certificates for Internal Auditors - Required? Internal Auditing 21
MarilynJ6354 Observed Audit Behavior - Internal auditors having lunch with the auditees Internal Auditing 32
M Internal Audit Exercises/Games to Engage Auditors in Experiential Learning ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 34
I Internal Auditors - How to Evaluate their Performance. General Auditing Discussions 5
A The Minimum Number of Internal Auditors Required in an Organization Internal Auditing 37
N What documents/forms to give to Third Party Internal Auditors General Auditing Discussions 39
W Who's off track, me or my internal auditors? Internal Auditing 12
GStough Do your internal auditors work in teams or individually? Internal Auditing 29

Similar threads

Top Bottom