Internal Audits performed by another local business

[yodon]

I don't want to be excessively picky, but the aspect of auditor competence goes beyond that...

Those are all fair questions. As you have no doubt seen here, there are a lot of small companies that don't have qualified resources to do an internal audit and don't have the funds to hire out (who wouldn't have the knowledge of context, either, likely). So it's *a* solution. Could it be better? Probably.

They are, indeed, volunteers (no quotes needed ) and often use their vacation / PTO to enable them to do the audits. Frequently, they do the audits over several years and in these cases do get an understanding of the context. They genuinely care about finding things to effect improvement (I'm sure some more than others). The feedback we have received from external auditors has been quite positive.

Again, not saying it's the *best* solution; only *a* solution.

 

[Shonver]

If it is at all possible, try to establish an audit team. There is no need for you to do the audit yourself - especially since (I gather) you have such widespread involvement in the day-to-day. But the latter comment is not my reason for the recommendation. There is an opportunity for staff to get to know the workings of the businesses on an intimate level, and also to undergo consequential self-development, almost automatically.

Sent from my LG-H870 using Tapatalk

 

[SpinDr99]

I've a question regarding auditing one's own work.

The 2015 revision states "select auditors and conduct audits to ensure objectivity and the impartiality of the audit process" in 9.2.2 (c). There's nothing which states you can't audit your own work. Granted, it doesn't look good, but if I can show objectivity and impartiality (by making findings against myself, for example), doesn't that satisfy the requirement?

 

[AndyN]

I've a question regarding auditing one's own work.

The 2015 revision states "select auditors and conduct audits to ensure objectivity and the impartiality of the audit process" in 9.2.2 (c). There's nothing which states you can't audit your own work. Granted, it doesn't look good, but if I can show objectivity and impartiality (by making findings against myself, for example), doesn't that satisfy the requirement?

I believe it does! If you ask yourself how many times you've looked at your own work, maybe after a hiatus of 6 months, and asked yourself "What was I thinking when I wrote/did that?", then you can be objective... SO the criteria may become not auditing recent stuff you did...

 

[hogheavenfarm]

While using another business to supply auditors (and you swapping out yours) sounds like an easy fix, there are difficulties putting it into practice. As mentioned, knowing scope and products means generally a similar company, and that brings possible proprietary items into play, especially in similar industries. We looked at this and decided it was a risk (document that) that we were not willing to take. Other practical matters also come into play, like having "uninsured spectators" walking about the shop who really don't work for the company in question (unless you are paying them directly), safety hazards and training, etc. It is a big liability in many ways. Even using ASQ volunteers can bring in these matters. In the end, I think it better to do them yourself, even if it is not the easy solution.

 

[Illek]

Outsourcing sounds like an option for small companies but I know it would not fly at my company. They are very careful about privacy of our customers and having an outside team finding out about our "issues" would be a tough sell. Sure there are NDA's but I still think the uppers wouldn't want contractors to know about any findings even minor ones.

 

[Sidney Vianna]

I've a question regarding auditing one's own work.

The 2015 revision states "select auditors and conduct audits to ensure objectivity and the impartiality of the audit process" in 9.2.2 (c). There's nothing which states you can't audit your own work. Granted, it doesn't look good, but if I can show objectivity and impartiality (by making findings against myself, for example), doesn't that satisfy the requirement?

This was part of the discussion on the ISO 9001:2015 vs. 2008 - Internal Audits - What changes are you making? thread. To me, it is very clear. By definition (from ISO 9000:2015), audits have to be independent. There is nothing wrong with self verification, but self verification is NOT the same thing as an audit. People verifying their work can not be credited as auditing.

ISO 9001 stipulates ISO 9000 as a normative reference. The definitions contained in ISO 9000 are crucial for the proper application of the ISO 9001 standard. If people elect to disregard ISO 9000 and start having their own definition of audits, corrective actions, management reviews, etc... the whole concept of standardization goes down the drain.

And, by the way, I am not going to debate the meaning and definition of independence. If anyone thinks that an auditor can be independent from him/herself, it becomes a non-starter.

 

[AndyN]

There are a number of dilemmas organizations face when considering internal audits:

The organization can be very small, and as such, how do they ensure that (when everyone has a hand in nearly everything) you don't audit your own work? (Why did TC 176 remove it? Feedback from mainly small organizations?)

With organizations which are new to Quality Management, even if they send someone to a course, how do they ensure effective audits out of the chute. Class simply makes new internal auditors "dangerous"...

Contracting internal audits can be an option, but the contractor might just do audits like a CB auditor (I've seen this soooo many times, it's scary) and bring little to no value.

When much of the available auditor training simply replicates the external audit model, which CB auditors love (because they usually ONLY see audits and requirements that way) the client doesn't get the deep dive on their Quality related/Operational issues which need bringing to the surface because the internal person is using the wrong tools...

Until the powers that be (ISO 19011 writers, IRCA, Exemplar Global etc) recognize that there's a HUGE difference between effective internal audits, vs external audits, this confusion will reign.

 

[John C. Abnet]

Good day @scottjoh1412,
As has been pointed out by others within this thread, there is no rule against utilizing competent resources "outside" of the organization to perform internal audits. Let's take a look at objective information specific to your question. Specifically, let's look at supplemental ISO document 9000:2015 (note this is 9000, which is "Fundamentals and Vocabulary") . Within that document, section 3.13.1 "Audit", Note 3...: Internal audits... are conducted by, or on behalf of the organization...".
Note the key words "...by or on behalf..."
The information I have provided here should support your decision to "share" or otherwise utilize an outside source. Hope this helps.
Be well.

 

[Randy]

Same old question rears its ugly head again...How can people in a 1, 2 or 3 person company be independent during an internal audit if they do it themselves?

Answer...Who cares? Being independent is no longer stipulated in the "globally harmonized standards"

All that's required now is "impartial and unbiased". So unless you're automatically going to assume that people in organizations are liars, cheats, untrustworthy and dishonest you'll get off this "who cares independent horse" and look at the audit process itself and the end results.

I've done a couple transitions already this year for some very small entities that for one reason or another have to have a quality system who for the 1st time have done their own audits and they were fine, in fact without fail they were harsher on themselves then the previous 3rd party "independent" auditors.....And they all saved $1000 or better which for a small company can mean a great deal at the end of the year.