Internal Audits viewed by Third Parties

R

Rob Nix

#1
Some time ago I consulted for a company that performed TWO internal audits! One audit they did as window dressing for their third party auditor. They included in it only NCs that were for concerns they were already addressing. They did not want to "air their dirty laundry" to the registrar, where he might potentially be influenced to look for problems in the areas identified as "weak".

So they performed another, "functional", audit (unseen by their registrar) to address the big problems they found or were very familiar with; you know, those chronic management problems we hope the 3rd party auditor doesn't pick up on! :rolleyes:

Has anyone else experienced something similar, or would you like to comment on this subject? :bonk:
 
Elsmar Forum Sponsor

Tom W

Living the Dream...
#2
Rob Nix said:
Some time ago I consulted for a company that performed TWO internal audits! One audit they did as window dressing for their third party auditor. They included in it only NCs that were for concerns they were already addressing. They did not want to "air their dirty laundry" to the registrar, where he might potentially be influenced to look for problems in the areas identified as "weak".

So they performed another, "functional", audit (unseen by their registrar) to address the big problems they found or were very familiar with; you know, those chronic management problems we hope the 3rd party auditor doesn't pick up on! :rolleyes:

Has anyone else experienced something similar, or would you like to comment on this subject? :bonk:
Wow! That would be my first comment. This makes no sense to me. The point of a thrid party registrar is to help you as an organization improve, to actually help you find the weak points. I would be embarrassed to be involved with a scam like that at a company. That shows little to no management committment to improvements. That just does not make any sense to me. Sorry - I don't see the benefit in covert operations like that within a company - especially if the company is interested in actually improving its business. WOW!!! :bonk:
 
C

Craig H.

#3
Rob:

This is scary. The one time our external auditor found a major (customer supplied packaging was not covered in our system) I was able to show that we had found it in our last internal audit and were addressing it.

If not for that nonconformance we had already found and documented, the external auditor was ready to end the audit. So that documented N/C saved my rear.

Window dressing for window dressing?

Craig
 
R

Rob Nix

#4
Well here is the "rest of the story".

They had two things going against them. 1) Their management was indeed NOT COMMITTED to an effective QMS. Their whole reason for having a MR at all was simply, and I quote, "to pass audits". 2) Their previous registrar auditor did actually use their past internal audit to probe deeper into a problem they addressed and found further problems, which he wrote up as majors! Management's contention: he wouldn't have found it if we hadn't pointed it out!

So, yes indeed, they missed the whole purpose of registration!

I put together a robust internal audit system, did training, and explained that their addressing all internal issues, as Craig states, is a protection for them in that it shows they have a handle on their system - just like with SPC, a point is not out of control if you have identified the cause and can do something about it.
 
L

Laura M

#5
If the deeper probe proved they didn't fix an internal audit finding without "undue delay" then it probably is a registration N/C. If the deeper probe revealed that the organization didn't assess "root cause" then it probably is a registration N/C.

If the deeper probe revealed similar instances, but the organization was sincerely addressing the problem, then the auditor should be looking elsewhere.

But I do think 2 audits is deceiving, and they should clean up their problems so the internal audits becoming helpful. But I've seen organizations that I can imagine that going on in. I have been asked "not to write" n/c's for a similar reason but its never happened.
 

howste

Thaumaturge
Super Moderator
#6
I've never heard of this one either. Talk about a waste of time! More than likely anything found in an internal audit will also be found in an external audit eventually, so why not do it right the first time? It sounds like what happened before (investigating a previously identified nonconformity) showed a deficiency in the corrective action system.

Craig's comment above is important. If something is found in an external audit and you can show that corrective action is already in the works, it's not in anybody's best interest to write it up again.
 
G

Greg B

#7
Guys,

Do you think that sometimes non QA people sometimes think that if a QMS is not 100% correct at the time of the audit then they may suffer so they tend to panic and try to sweep things under the carpet or generally mislead the auditor for fear of failure?

I have had managers (and people I have audited) that have been extremely worried that part of the system is not up to scratch and I tell them that it does not have to be as long as we understand that:
a.) It is a problem, and
b.) We have or will put a plan in place to remedy it.

Example: Many of our current procedures are out of date and urgently need review due to changes ion Production, Authority etc. We have identified this in our internal audits, management meetings and individuals have placed requests in the system for change. I will show our Registrar this in a few weeks during our annual audit and I'm sure he will note it but that is about as far as it will go. He may place a minor on us but we won't worry because we aim to fix it within the next few months anyway. There will always be a part of the system that is not current. There has to be gaps (IMHO) at least in larger compnaies.

Greg B
 
L

Laura M

#8
Greg,

I think you are accurate in stating that people think it HAS to be 100% at THE AUDIT!!!!!!!!!! Not any other time!!!!

If I find people that recognize it'll never be 100%, but know the system and aim to comply, I'm very happy. It's those that run one system the other 362 days/year then panic and want to know "the answers for the audit" that are the problem.

I'm sure most auditors start to recognize when an employee is just talking and explaining like its second nature, vs trying to remember what the process is suppsed to be.
 
G

Greg B

#9
Laura M said:
Greg,

I think you are accurate in stating that people think it HAS to be 100% at THE AUDIT!!!!!!!!!! Not any other time!!!!

If I find people that recognize it'll never be 100%, but know the system and aim to comply, I'm very happy. It's those that run one system the other 362 days/year then panic and want to know "the answers for the audit" that are the problem.

I'm sure most auditors start to recognize when an employee is just talking and explaining like its second nature, vs trying to remember what the process is suppsed to be.
Laura,

I could not have said it better myself. :bigwave:

Greg B
 
R

Rob Nix

#10
Thanks Greg and Laura. I think you folks have your finger on the pulse. I think it always has been our job to enlighten the powers that be that ISO does not require perfection, it requires an understanding and control of our processes.

It is like parenting. We have rules, and some of those rules the kids inevitably break. We then administer "corrective action". We keep aware of their subsequent activity (we "audit" them), and "tweak" them where needed (continual improvement). So we've done our job, not because no rules were ever broken, but because we deal with the situations intelligently in a controlled environment.

Hmm, I don't know if that was the best analogy, but I do sometimes think I', working with a bunch of kids. :biglaugh:
 
Thread starter Similar threads Forum Replies Date
C Internal Audits in a tiny Dx Company Internal Auditing 33
N Sampling Plan for Internal Audits - ISO 2859 or 3951 - Or Neither? Internal Auditing 6
O ISO13485 implementation - Are internal audits expected before stage 1 audit? Design and Development of Products and Processes 3
O Informational Scaling back internal audits due to corona virus while avoiding a NC Internal Auditing 7
G Internal Audits and Employee engagement Internal Auditing 16
S Internal audit discrepancy - We missed a few audits that were scheduled Internal Auditing 12
F ISO 17025 8.8 Internal Audits in a segmented company ISO 17025 related Discussions 5
qualprod Internal Audits - Categories of non conformances Internal Auditing 12
G Non Conformance During ISO 9001 Audit - Not All Internal Audits Completed General Auditing Discussions 19
K A way to monitor our Internal Audits as a KPI AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 7
blackholequasar Internal Auditing Inspiration - Getting volunteers to perform internal audits. Internal Auditing 22
A External Auditor issue with Internal Audits Internal Auditing 7
W Internal Auditing carried out by a 3rd party - Review of previous audits AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
E Informational Internal Audits - Wear multiple hats what can and can't I audit (so I'm not auditing my own work) Internal Auditing 144
Gman2 Quality Record Retention (Internal Audits, CA's) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
T Informational What is the purpose of Internal Audits? Internal Auditing 27
F API Spec Q1 9th Edition Surveillance Audit - Questions about internal audits. Oil and Gas Industry Standards and Regulations 23
Pmarszal ISO 19011:2018 - Risk Based Approach for planning, conducting and reporting of internal audits Internal Auditing 8
R ISO 13485:2016 Registration - NC on full cycle of internal audits ISO 13485:2016 - Medical Device Quality Management Systems 7
J Internal Audit clarification - How to perform the audits IATF 16949 - Automotive Quality Systems Standard 6
S Corrective Action from Internal Audits not performed ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 24
W FAA Advisory Circular (AC) Requirements (FAA AC 00-56) - Internal Audits AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
B Going into IATF 16949 transition without Internal Audits IATF 16949 - Automotive Quality Systems Standard 4
S Internal Audits performed by another local business ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 26
K No Internal Audits For Upcoming IATF Trans Audit IATF 16949 - Automotive Quality Systems Standard 5
J Supporting Processes - Internal Audits - Need help settling a debate IATF 16949 - Automotive Quality Systems Standard 4
K AS9100 Rev. D Transition - Internal Audits & Gap Analysis Requirements AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 14
J Internal Audits - Closing Audit Deficiency Reports (ISO 13485) Internal Auditing 4
S Is Audit Plan / Agenda required for Internal Audits? Internal Auditing 2
J ISO 9001:2008 - Can I still conduct Internal Audits in my company? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
F What is your favorite software for ISO 9001:2015 Internal Audits? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
C ISO 9001:2008 Surveillance Audit - No Internal Audits Internal Auditing 9
J Dinged on Internal Audits for supervising an auditor I was training Internal Auditing 10
Marc ISO 9001:2015 vs. 2008 - Internal Audits - What changes are you making? Internal Auditing 44
M Are auditing checklists required for Internal Audits? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
dubrizo Internal Audit Value - What is the point of conducting internal audits to a checklist Internal Auditing 40
D Using consultants for Internal Audits Internal Auditing 24
O New Job 1 Month from Recertification Audit - Missing Documents, no Internal Audits ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 25
R How do I conduct my API Q1, ISO compliant internal audits? Internal Auditing 1
F Is it good to outsource the Internal Audits? Quality Manager and Management Related Issues 16
S Advice for ISO17025 First Round of Internal Audits ISO 17025 related Discussions 10
S Engineering Audits - Internal Audits IATF 16949 - Automotive Quality Systems Standard 7
L Time Allocation for Internal Audits Internal Auditing 5
A A Guide to Effective Internal Management System Audits Book, Video, Blog and Web Site Reviews and Recommendations 2
M Utilizing ISO and Customer Audits for Internal Audits Internal Auditing 14
N Internal Process Audits - 7.1 Planning - How do YOU audit it? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
G Scope of External & Internal Audits General Auditing Discussions 10
S Internal Audits of QMS Corporate Basics at the Local Plant Level ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
S Internal Audits: Rabbit Holes or Marked Roads? Internal Auditing 13
Gman2 Frequency of Internal Audits per TS 16949 Requirements IATF 16949 - Automotive Quality Systems Standard 12

Similar threads

Top Bottom