Informational Internal Audits - Wear multiple hats what can and can't I audit (so I'm not auditing my own work)

embedded · Mar 13, 2019

I work at a small company where I wear many hats. I'm new to quality and putting together an internal audit plan for the first time. I started off with our key processes(sales, D&D, purchasing/inventory, and production), and for each key process listed the process document(each key process has multiple process documents and process owners) and corresponding process owners. My problem is when I look at the four key processes and process owners my name is showing up as a process owner for one of the process documents in 3 of the 4 key processes. Does that mean I can't audit these areas?

To give a specific example I'd really like to audit production myself, I don't work in production but I am a process owner in that I'm responsible to define processes for RMAs and control of production services and provisions. I don't actually do the work myself, the people that do report to me. What are the requirements and recommendations given my current situation?

AndyN · Mar 13, 2019

Can you be objective and impartial? If you aren't touching what's being done, you're good. This issue of not auditing your own work, was removed to help small businesses. Choose something which was done a while ago, make a good plan to audit actual requirements and not ISO and keep good notes of what was sampled. Simples!

John Broomfield · Mar 13, 2019

You are not auditing your own work unless you are auditing work you have actually done. But who do you have to audit your internal audits?

Recommend that you select another person with the recommended attributes for training to become your second internal auditor.

That may also ease your concern for keeping your audits objective and impartial.

Randy · Mar 13, 2019

Nowhere does it say that you can't audit your own work.
Are you an honest person?
Do you have a good code of ethics you follow?
Are you trustworthy?
Could you find fault with something you've done and report it so that it could be corrected?

Knock yourself out and audit away.

somashekar · Mar 14, 2019

Clarity and Sincerity of the purpose .. Here the purpose is Internal audit.

Coury Ferguson · Mar 14, 2019

I agree with both Andy and Randy. If you are a trained and competent you can audit your own work/responsibilities. As they said, there is no requirement that states you can't audit your own work.

The previous QM of the company had that statement in the procedure. Guess what I am going to do...remove that statement from the procedure.

Mike S. · Mar 15, 2019

There are lots of "should" statements in the ISO 19011 auditing guidelines doc, but should is not shall.

I had a registrar auditor say 9.2.2.c (select auditors and conduct audits to ensure objectivity and the impartiality of the audit process) meant you could not audit your own work and we HAD to have an auditor who only audited the internal audit process. No amount of my arguing would change his mind. Management chose not to fight it. Each company must decide for themselves how to satisfy this requirement.

AndyN · Mar 15, 2019

Mike S. said:

Mission creep... and incompetent.

Sidney Vianna · Mar 15, 2019

embedded said:

The situation as you described is closer to the scenario described in the Can I audit processes I've established but do not implement or maintain? thread. Auditing a process that you are the owner is perfectly acceptable.

As for people auditing their own work, there is a requirement that prohibits it. It is in the definition of the term audit, contained in ISO 9000, a normative reference in ISO 9001. The definition and the first note to the entry are provided below:

Note that the word independent is used and note 1 clearly stipulates the aspect of "carried out by personnel not being responsible for the object audited.

So, in my view, if you "audit" your own work, you are not in compliance with the requirements of the standard. Nobody will be independent, objective and impartial auditing their own work.

ISO/TS 9002 gives explanation of what to do in cases where you have to "audit" your own work, due to special circumstances....so you can find some guidance there.

Coury Ferguson · Mar 15, 2019

Sidney Vianna said:

Sidney,

I agree to disagree. ISO 9000 is not a requirement nor is ISO 19011. They are both guidance documents.

ISO 9001:2015 is the requirement. ISO 9001:2015 paragraphs 9.2.1 (a1-a2, and b) and 9.2.2 a-f does not have that requirement that I see. As for the comment "Nobody will be independent, objective and impartial auditing their own work." might just be an overstatement. I perform audits of my own work, and if there is a noncompliance found, it is documented as such. I show no favoritism when performing an internal audit. I look at the requirements regardless if I am responsible or not.

So, that is why I agree to disagree.

Thread starter	Similar threads	Forum	Replies	Date
	Quality Record Retention (Internal Audits, CA's)	ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards	9	Mar 8, 2019
T	What is the purpose of Internal Audits?	Auditing Quality and Environmental Management Systems	27	Jan 31, 2019
F	API Spec Q1 9th Edition Surveillance Audit - Questions about internal audits.	Oil and Gas Industry Standards and Regulations	20	Jan 10, 2019
P	ISO 19011:2018 - Risk Based Approach for planning, conducting and reporting of internal audits	Internal Auditing	8	Nov 13, 2018
	ISO 13485:2016 Registration - NC on full cycle of internal audits	ISO 13485:2016 - Medical Device Quality Management Systems	7	May 16, 2018

Informational Internal Audits - Wear multiple hats what can and can't I audit (so I'm not auditing my own work)

embedded

Involved In Discussions

AndyN

Moved On

John Broomfield

Randy

somashekar

Coury Ferguson

Moderator here to help

Mike S.

An Early 'Cover'

AndyN

Moved On

Sidney Vianna

Post Responsibly

Coury Ferguson

Moderator here to help

Similar threads