Internal Audits in a Small Company

C

Connie

Internal Audits

ALSO BEING IN A SMALL COMPANY AND HAVING A DIFFICULT TIME GETTING AUDITS DONE BY PEOPLE WHO DO NOT HAVE SOMETHING TO DO WITH A PARTICULAR DEPT, I WAS WONDERING IS THERE A WAY AROUND INTERNAL AUDITS AND HOW TO GET THEM DONE WHEN THERE IS A CONFLICT OF DEPARTMENT PERSONAL INVOLVEMENT.

hEY IT'S GOOD TO BE BACK!!!!
 
A

Al Dyer

How about hiring an external auditor to do your internal audits! perfectly acceptable and more than likely very cost effective!

Al...
 

howste

Thaumaturge
Trusted Information Resource
I agree with Al - that's one way to do it. You're sure to get an impartial look at the system, and avoid having auditors auditing their own work. You also don't have to worry about internal auditor training.
 
Hi Connie,

Maybe you have the opportunity to trade auditors with a neighbour company or something?

Could you expand a bit on the "DIFFICULT TIME GETTING AUDITS DONE BY PEOPLE WHO DO NOT HAVE SOMETHING TO DO WITH A PARTICULAR DEPT" bit?

/Claes
 
G

Greg B

Re: Internal Audits

Originally posted by Connie
ALSO BEING IN A SMALL COMPANY AND HAVING A DIFFICULT TIME GETTING AUDITS DONE BY PEOPLE WHO DO NOT HAVE SOMETHING TO DO WITH A PARTICULAR DEPT, I WAS WONDERING IS THERE A WAY AROUND INTERNAL AUDITS AND HOW TO GET THEM DONE WHEN THERE IS A CONFLICT OF DEPARTMENT PERSONAL INVOLVEMENT.

hEY IT'S GOOD TO BE BACK!!!!

Connie,

My company understands the reasons behind the QMS and auditing - from Management down. We have always had a number of 'registered auditors' but now we are progressing with audit teams. One department audits another. The guys get some training from me and I often act as lead. They have no outside training and I don't think they need it. They get a greater insight into other parts of the company and they network with their peers. It is in its infancy but the operators like it and their observations are not preconceived - they are usually black and white. We are also combining Safety and Environemental audits in the same basket. So these guys do the whole thing in one. Management likes it because it is saving money and time and for the other reasons I mentioned. At an operational level we are a small company with 4 to 6 man crews but we understand the value of this so people are seconded to audit teams the same as they are for scheduled training. It is another resouce that we need to manage.
You really need to sit down with senior management and explain it to them. Show them the clause and the requirement about conflict of interest. Maybe get them to view these threads it might open their eyes.
Jim Wade had some good thoughts on this but I cannot remember the thread. Do a search of 'Auditing'.
Stick with it it is not always easy

Greg B
 
Last edited by a moderator:

gpainter

Quite Involved in Discussions
Connie the 00 standard has helped to some extent by saying that "Auditors shall not audit their own work." Most are saying you can audit your department but you can not audit something you are doing. You can hire an outsider, which is becoming popular or you could auditor share with a local company, which is a benefit to both companies.
 
A

Al Dyer

I really believe that switching auditors with another company is very beneficial, and not only from the audit standpoint. A deal with another company will give a fresh view and differing methodologies that can be learned. Possibly a very important benefit would be benchmarking activities.

And why stop at just one company, how about a group of companies??

Al...
 
M

MrPhish

Is This Possible??

gpainter is correct. The new 00 standard has helped a bit with the "can't audit your own work" clause. However, in trying to accomplish internal audits without a lot of resources (only those needed to add value) I've been wondering does this scenario work"

1. Management Rep can audit entire system except for the work he/she directly performs.
2. most actions of the MR are audited by the third party auditor every surveillance audit as SOP.
3. 8.2.2 says, "an audit programme shall be planned, taking into consideration the status and importance of the processes and areas to be audited, as well as the results of pervious audits." I read this to include surveillance audits (by not excluding them).
4. Hypothesis: the direct actions of the MR are audited by the third party auditor as noted above. Providing the pervious surveillance results are mostly favorable, why does the activity of the MR need to be reviewed during every internal audit by another party/department/subcontractor? By using the previous surveillance audit results (favorable) the MR will be able to avoid auditing their own work, and should still be able to answer the question whether or not the MR functions are being performed properly by using the data obtained during the last surveillance audit.

Not trying to "legal weasel" the standard, but am trying to get the most out of limited resources. Have I missed something from 8.2.2 that does not permit this to occur?

Just trying to be creative and add value, and reduce cost (if that's possible).
 

howste

Thaumaturge
Trusted Information Resource
Well, I have to admit that it is creative. :rolleyes: It still doesn't get around the requirements of 8.2.2 though. It requires that internal audits be used to determine a) if requirements have been met, and b) if the QMS has been effectively implemented. For any part of the system that you don't audit, you have not determined either of these. I could extend your logic to say that as long as there are acceptable external audits, I have no need to do internal audits at all! :D
 
Last edited:
M

MrPhish

Thanks for the reply howste.

I totally agree that internal audits are used to a)determine if requirements have been met and b) if the QMS is effectively implemented. I fail to see your point. Let me clarify mine.

1. Just because someone internal to my company has not audited a certain process, (process X) but someone external to my company has audited process X and reported their findings in writing, why can I not make a determination of meeting requirements based on the findings at hand? Data is data. Based on the previous replies to this thread how come subcontracted auditors fit this bill (i.e. external auditor who reviews process X and writes a report), yet the results of the registrar (who by the way is a subcontracted auditor) can not be used in the same exact manner. Remember ... where in the standard does it say this is not allowed?

2. I think the same is true for point b). It is the data/audit findings that are being used to help make the determination if the QMS has been effectivly implemented. Where does it say in the standard that only data from internal audits can be used to make this determination? I don't see it (that's why I'm looking for help here on the Cove).

Now before a Sea Lawyer gets a hold of this, let me further clarify my interpretation by saying I 100% agree that you can not use the results of any surveillance audit to "take the place" of conducting any internal audits at all, as required by 8.2.2. Internal audits are needed as a value added function ... no disagreement there. My point is since by the standard I am allowed to "take into consideration status, importance, and previous audit results" (reguardless of where the audit results come from) when selecting those areas or process I want to audit, why can I NOT select to audit those functions of the MR since previous audit data tells me those functions are OK?

I would agree at a minimum, I would need to have the MR functions that can not be audited by the MR (i.e. can't audit his/her own work) reviewed during an internal audit at least ONCE during the life of the certificate, but not every time an internal audit is conducted. Again, not looking for minimums or weasel methods ... just asking who sees it this way as a possible method to save resources and still add value to the QMS and the business process.
 
Top Bottom