Where is this requirement stipulated?
Looking for Some Help with ISO 9001:2015 - Internal Audit Frequency ??
- Thread starter ddddavidddd
- Start date
Elsmar Forum Sponsor
It ain't in AS9100, but my auditors insist it is our registrar's requirements and since I never go that long in the first place I don't fight them on it. There are enough more meaningful things I fight them on.
There is nothing wrong about choosing your battles. But if someone states a requirement exists and applies, s/he must present the source for this requirement. Tribal knowledge spread by verbal means is NOT A valid source for requirements.
Randy
Super Moderator
We know it's not, but this old wife's tale has been going around for years.
What is important is that your internal audit program needs to be effective. Who is the judge that it is effective? You are, unless there is strong evidence to the contrary. Evidence to the contrary could be lots of nonconformances found on the CB audit.
Personally, if I ran into a company that scheduled all of their internal auditing every three years, I would ask for an explanation as well as place a call to the certification body for their comments. It is highly unlikely that it is effective. Now if there were some processes that were very stable and caused little if any trouble, I would not be concerned with internal audits of them every three years.
Personally, if I ran into a company that scheduled all of their internal auditing every three years, I would ask for an explanation as well as place a call to the certification body for their comments. It is highly unlikely that it is effective. Now if there were some processes that were very stable and caused little if any trouble, I would not be concerned with internal audits of them every three years.
I will give you the source - this is not an excuse, just an explanation. Years ago I had a face-off with a 16949 CB auditor because some of our processes were on a 5-year internal audit cycle. The key words he pointed to were in the clause (in the wording that existed at the time):
9.2.1 The organization shall conduct internal audits at planned intervals to provide information on whether the quality management system: a) conforms to: 1) the organization’s own requirements for its quality management system; 2) the requirements of this International Standard; b) is effectively implemented and maintained.
Emphasis mine. His point was, during this registration cycle, how could we show the QMS conformed to requirements if we had not audited all of it? He at first said he was going to give us a nonconformity, but after I pushed for the shall it became an OFI in the end. We went ahead and changed the 5-year processes to 3-year frequency.
Anyway, there it is. Not a firm requirement, but an expectation that my CB also pushes but to my knowledge does not issue NCs for.
9.2.1 The organization shall conduct internal audits at planned intervals to provide information on whether the quality management system: a) conforms to: 1) the organization’s own requirements for its quality management system; 2) the requirements of this International Standard; b) is effectively implemented and maintained.
Emphasis mine. His point was, during this registration cycle, how could we show the QMS conformed to requirements if we had not audited all of it? He at first said he was going to give us a nonconformity, but after I pushed for the shall it became an OFI in the end. We went ahead and changed the 5-year processes to 3-year frequency.
Anyway, there it is. Not a firm requirement, but an expectation that my CB also pushes but to my knowledge does not issue NCs for.
All that sounds very familiar...
My latest implementation has the audit frequency based on a risk assessment of the operations under the scope of the registration. We chose to audit by function. Each function is given a risk rating based on number of documented processes in the function, number of headcount in the function, and past nonconformities. The higher that number the more frequent the internal auditing. Generally it works out to a two year cycle to cover every function (some up to 4 times in that 2 years) and the full standard.
Because I have told the story too many times?
No, same song, different singer.Similar threads
