Internal Audits in a Small Company

N

noboxwine

#11
This works

Traditional auditing techniques are worthless, IMHO. Auditing is managements job. How can management audit the effectiveness of the QMS ? Tie all the important key measurables into-----Management Review. That is my Internal Audit Program. Not only does it conform to the standard, it adds values, eliminates paperwork and is never late. No cost, high return. Hum....
 
Elsmar Forum Sponsor
M

MrPhish

#12
Thanks noboxwine. This type of innovative, cost effective, value added, "Duh it doesn't take a rocket scientist" approach to solving a requirement is what I am talking about. Why are the traditional audit methods of going out and interviewing personnel the only acceptable method to accomplish the goals of 8.2.2?

Everyday of the Management Rep's life is an audit ... just document it. Every Management Review is an audit ... just document it.

Improvise ... overcome ... adapt
 

howste

Thaumaturge
Super Moderator
#13
I can see your point, but I'm still not comfortable with it. Playing the devil's advocate, I believe there is still one issue that needs to be addressed in your hypothetical scenario: If your Management Representative audits the entire QMS except management reviews, who will be auditing the internal audits? I really don't see any way around having at least two auditors involved in the process. I realize that you are trying to conserve resources. One of the auditors certainly doesn't have to spend much time at all auditing - just MR and IA at the frequency you specify.
 
M

MrPhish

#14
Actually ... I utilize the other senior managers who attend or participate in each MR as the "auditors" of the MR and the IA (since we discuss all IAs during every MR). They are not auditing their own work and they are already involved in the process so no additioonal resources are expended. I make each one of them document and rate the QMS for effectivity and base their ratings on data and information presented or available via reports or other documents ... No "out of thin air" ratings allowed.

Thanks for the devils look ... did I change your mind?
 

howste

Thaumaturge
Super Moderator
#15
That'll work!

The way you just described it, you are auditing all areas of your QMS. You've convinced me that it will work.

I don't think you changed my mind about the requirements, but you certainly changed my understanding of your situation. :bonk:
 
G

Greg B

#16
Re: Is This Possible??

Originally posted by MrPhish

3. 8.2.2 says, "an audit programme shall be planned, taking into consideration the status and importance of the processes and areas to be audited, as well as the results of previous audits." I read this to include surveillance audits (by not excluding them).
MrPhish

IMO 'Previous audits' can also mean internal audits you have carried out on a particluar area and are unhappy with the results, so when planning your next audit you include the area in the immediate audit cycle earlier rather than later. I agree that most of the areas that I cannot audit myself, because of confliction interest, are audited by the 3rd party auditor. This includes auditing.

PS I hate Audits :frust: JMO

Greg B
 
J

JodiB

#17
yes, but not quite

Mr. Phish,

While I agree that information from 3rd party certification audits can be used to help plan your internal audit program (by indicating to you that you should more closely watch an area that was found to have problems), they can't really help you exclude an area from your internal audit program.

Your internal audit program lies outside of the certification activities. Certification activities are stand alone. They are peeks into your QMS to determine if you are meeting the requirements for certification. They don't actively participate in your QMS.

Certification audits (surveillance or otherwise), can't take the place of your own look at each area of your QMS. And even if they indicate that there is an area that is OK, you can't use that as a basis for not performing your usual and customary audit of that area. Only perhaps a justification for why you didn't spend extra energy there.

IMHO.
 
M

MrPhish

#18
Lucinda,

I never said I EXCLUDE areas audited by the registrar in my internal audit program. My point is I base how much effort I expend in the MR area/process based on results from surveillance audits instead of only internal audit results. Also I never said I use surveillance audits to take the place of my internal system. I audit these MR areas/process at least once during the 3 year certificate period (required minimum) or more as audit results (anybodys) point me in that (or any) direction.

I also mentioned I use the information from the surveillance audits (providing it was favorable) to expend my limited resources in the proper areas ... not repeating to audit an area/process I already know to be functioning well based on my own findings and those of the registrar.
 

howste

Thaumaturge
Super Moderator
#19
MrPhish, I was thinking about the specified frequency you mentioned. I thought I'd see what rules the registrars are given. Here's what it says in the guidance document to ISO Guide 62:

...Guide 62 does not mention a specific period in which at least one complete internal audit and one management review of the supplier’s quality system shall take place. The certification / registration body may specify a period. Irrespective of whether the certification / registration body has chosen to specify a minimum frequency, measures shall be established by the certification / registration body to ensure the effectiveness of the supplier’s management review and internal audit processes.
This says that the registrar can specify a minimum frequency if they choose to. Most of the registrars I have run into have specified annually at a minimum. This probably comes from this statement later from the same document (talking about what the registrars themselves have to do for their system):

Complete internal audits followed by management reviews of the body’s quality system should be carried out at least once each year.
Just some food for thought - you should discuss this with your registrar to make sure they agree with what you're doing.
 
M

MrPhish

#20
Good Info

Thanks for the Guide 62 info. Registrar rules become primary instead of those of the standard ... interesting. The Cove members comes through again.
 
Thread starter Similar threads Forum Replies Date
T Internal Audits in very small manufacturing operation. Internal Auditing 8
I Internal Audits - Auditing own work in a small shop Internal Auditing 17
lanley liao How to understand this words that the planning of internal audit shall take into consideration the results of previous audits? Oil and Gas Industry Standards and Regulations 10
M ISO13485:2016, MDSAP and Internal Audits ISO 13485:2016 - Medical Device Quality Management Systems 8
S Would this be a second site for the purposes of internal and third party audits? General Auditing Discussions 4
J ISMS - Internal Audits Internal Auditing 3
L Documented Information in Internal Audits Process (9.2) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
D CB and customer audits considered as internal audits? General Auditing Discussions 9
R IATF 16949 - Outsourcing of internal audits Internal Auditing 10
M Major vs. Minor for Internal Audits? Internal Auditing 10
C Internal Audits in a tiny Dx Company Internal Auditing 33
N Sampling Plan for Internal Audits - ISO 2859 or 3951 - Or Neither? Internal Auditing 6
O ISO13485 implementation - Are internal audits expected before stage 1 audit? Design and Development of Products and Processes 3
O Informational Scaling back internal audits due to corona virus while avoiding a NC Internal Auditing 7
G Internal Audits and Employee engagement Internal Auditing 16
S Internal audit discrepancy - We missed a few audits that were scheduled Internal Auditing 12
F ISO 17025 8.8 Internal Audits in a segmented company ISO 17025 related Discussions 5
qualprod Internal Audits - Categories of non conformances Internal Auditing 12
G Non Conformance During ISO 9001 Audit - Not All Internal Audits Completed General Auditing Discussions 19
K A way to monitor our Internal Audits as a KPI AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 7
blackholequasar Internal Auditing Inspiration - Getting volunteers to perform internal audits. Internal Auditing 22
A External Auditor issue with Internal Audits Internal Auditing 7
W Internal Auditing carried out by a 3rd party - Review of previous audits AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
E Informational Internal Audits - Wear multiple hats what can and can't I audit (so I'm not auditing my own work) Internal Auditing 149
Gman2 Quality Record Retention (Internal Audits, CA's) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
T Informational What is the purpose of Internal Audits? Internal Auditing 27
F API Spec Q1 9th Edition Surveillance Audit - Questions about internal audits. Oil and Gas Industry Standards and Regulations 22
Pmarszal ISO 19011:2018 - Risk Based Approach for planning, conducting and reporting of internal audits Internal Auditing 8
R ISO 13485:2016 Registration - NC on full cycle of internal audits ISO 13485:2016 - Medical Device Quality Management Systems 7
J Internal Audit clarification - How to perform the audits IATF 16949 - Automotive Quality Systems Standard 6
S Corrective Action from Internal Audits not performed ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 24
W FAA Advisory Circular (AC) Requirements (FAA AC 00-56) - Internal Audits AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
B Going into IATF 16949 transition without Internal Audits IATF 16949 - Automotive Quality Systems Standard 4
S Internal Audits performed by another local business ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 26
K No Internal Audits For Upcoming IATF Trans Audit IATF 16949 - Automotive Quality Systems Standard 5
J Supporting Processes - Internal Audits - Need help settling a debate IATF 16949 - Automotive Quality Systems Standard 4
K AS9100 Rev. D Transition - Internal Audits & Gap Analysis Requirements AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 14
J Internal Audits - Closing Audit Deficiency Reports (ISO 13485) Internal Auditing 4
S Is Audit Plan / Agenda required for Internal Audits? Internal Auditing 2
J ISO 9001:2008 - Can I still conduct Internal Audits in my company? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
F What is your favorite software for ISO 9001:2015 Internal Audits? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
C ISO 9001:2008 Surveillance Audit - No Internal Audits Internal Auditing 9
J Dinged on Internal Audits for supervising an auditor I was training Internal Auditing 10
Marc ISO 9001:2015 vs. 2008 - Internal Audits - What changes are you making? Internal Auditing 44
M Are auditing checklists required for Internal Audits? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
dubrizo Internal Audit Value - What is the point of conducting internal audits to a checklist Internal Auditing 40
D Using consultants for Internal Audits Internal Auditing 24
O New Job 1 Month from Recertification Audit - Missing Documents, no Internal Audits ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 25
R How do I conduct my API Q1, ISO compliant internal audits? Internal Auditing 1
F Is it good to outsource the Internal Audits? Quality Manager and Management Related Issues 16

Similar threads

Top Bottom