Informational Internal Audits - Wear multiple hats what can and can't I audit (so I'm not auditing my own work)

[AndyN]

if ISO 9000 says "...carried out by personnel not being responsible for the object audited"

And it doesn't state that, of course...(for clarity's sake)

 

[Eredhel]

I don't have a copy of ISO 9000, so I'm basing it off Sidney's quote from it on the first page of this conversation. Are you saying the quote from 9000 is inaccurate? I know ISO 9001 calls out 9000.

Edit: Section 3.13.1 of ISO 9000 is what I was quoting, according to the quote from the first page.

 

[AndyN]

Yes! I have it open currently - putting definitions into training course materials.

 

[Eredhel]

Yes! I have it open currently - putting definitions into training course materials. View attachment 25431

Gotcha, and does yours have "Note 1 to entry" below that text in the pic you've added? I'm looking on line and seeing note 1 and it has the language "...carried out by personnel not being responsible for the object audited"

 

[Ed Panek]

I work at a small company where I wear many hats. I'm new to quality and putting together an internal audit plan for the first time. I started off with our key processes(sales, D&D, purchasing/inventory, and production), and for each key process listed the process document(each key process has multiple process documents and process owners) and corresponding process owners. My problem is when I look at the four key processes and process owners my name is showing up as a process owner for one of the process documents in 3 of the 4 key processes. Does that mean I can't audit these areas?

To give a specific example I'd really like to audit production myself, I don't work in production but I am a process owner in that I'm responsible to define processes for RMAs and control of production services and provisions. I don't actually do the work myself, the people that do report to me. What are the requirements and recommendations given my current situation?

You may have implemented the processes but the records are what is being audited. Unless you are actually doing the work to place data into the record you are auditing I think its defendable to audit it as the owner.

 

[AndyN]

Gotcha, and does yours have "Note 1 to entry" below that text in the pic you've added? I'm looking on line and seeing note 1 and it has the language "...carried out by personnel not being responsible for the object audited"

As ever, it is a note, in a normative reference, which is distancing it from a requirement. It does, however, state in the 9.2.2 requirements (I remind readers) that "c) select auditors and conduct audits to ensure objectivity and the impartiality of the audit process." Still doesn't preclude an auditor auditing work they touched... There are (creative) ways to ensure impartiality. I'll be sure to include them in my next book.

 

[Sidney Vianna]

Gotcha, and does yours have "Note 1 to entry" below that text in the pic you've added? I'm looking on line and seeing note 1 and it has the language "...carried out by personnel not being responsible for the object audited"

One can go to the ISO OBP, search the definition of the term audit, filter under the TC176 and scroll down to see the whole entry:

​

 

[Coury Ferguson]

I am going to play the devil's advocate here.

Reading your pic, this is what I see: It identifies an object. This object, could be say, an Internal Audit performed on the Internal Audit System by another Internal Auditor. The objects that I looked at were not audited by me personally, however, it is still my responsibility as owner of that process. Would this be auditing my own work or responsibility, would this be a violation according to the requirements? I think not; which supports my previous responses. I was not the person who perform the last Internal Audit as to note 1 reference of "object." This is where the objectivity is based upon results. The impartiality part of this...yes I can be impartial and objective at the same time.

Maybe I am looking at this outside the box. Actually looking to see if the intent of the standard was met or not met.

 

[Yukon]

Why are so many of you trying to circumvent the requirements of the standard ?

 

[Yukon]

You may have implemented the processes but the records are what is being audited. Unless you are actually doing the work to place data into the record you are auditing I think its defendable to audit it as the owner.

Ed,
When you say small, how small ? I'm a CB auditor and have run into your situation more than once.