Management & Internal Audits (Oil & Water?) Audits as a pass/fail test


Quite Involved in Discussions
I'm seeking some opinions here (I already formed mine and I hope the way my question is worded doesn't taint the opinions too much).

Question: Can Internal Audits be sucessful and/or useful if Management treats all audits (including internal) as a pass/fail test?
Elsmar Forum Sponsor

Aaron Lupo

Re: Management & Internal Audits (Oil & Water?)

RCW said:

I'm seeking some opinions here (I already formed mine and I hope the way my question is worded doesn't taint the opinions too much).

Question: Can Internal Audits be sucessful and/or useful if Management treats all audits (including internal) as a pass/fail test?
Question- Why does Management want audits to be pass/fail?

No matter. The audits can be a useful tool no matter how management looks at them pass/fail, scoring etc... What really matters is that they are looking at the results of those audits and making informed decisions on where to focus resources to improve the company. JMHO
I agree with Johnny Bravo: I cannot see a reason for a fail/pass mentality?:confused: Hmmmm... Oil and water? Well, oil floats on water...

The audits can still can be worth something of course, but successful? Surely nowhere near as successful as if they are regarded as conveyors of improvement potential. Still, as long as appropriate action is taken...

Now then: Jim Wade recently asked a crucial question: how do you measure the degree of success of an internal audit?
Have a look at: "Measuring the results of ISO 9001 internal audits"


Randy Stewart

Yes they Can

All I do is present an "Audit Summary" to the Exec Mgmt. Where the meat and potatoes (or beer & pizza) is at for IA's is working with the process owners for improvement. As internal auditors you can do consulting because think about it. Lets say process 1 is suppose to give me results "A" and it gives me "a", I've identified a nonconformance. Anything else is basically problem solving or consulting! Theres your pass/fail.
Now, as internal I can sit down with the process owners and look at how the failure came about. Better yet, I can help fix it! Do I care about the pass/fail criteria - NO. What I report is that 1 NC (or OFI) was found on/in process 1 and here is the Corrective Action.
I don't think it's a bad thing to be harder on yourself during internal audits, it protects you from failing externals. And there are more benefits in getting auditors involved in problem solving. They learn the processes better, they are viewed as resources instead of pains in the arses and they learn Root Cause Analysis.
Don't let Executive Management decide if the event was successful or not. The way I look at it is that if I can find something wrong and fix it, that's a success. If someone else points out the problem, I haven't done my job properly (in most cases).

Al Dyer

I believe that the pass/fail methodology is the best way to go.

A company is either doing what they say or not. All the "gray" areas of the system without P/F can only serve to undermine the integrity of the auditor and the continuity of the audit process. How many times can an internal auditor "overlook" a nonconformance before all respect is lost, for the auditor as well as the process!

That said, if there is a robust system of preventive action, continuous improvement, and corrective action the P/F works fine. The company needs to define the process for directing a nonconformance into one of the above 3 catagories. The more that are directed to continuous improvement the more an outside auditor will see a companies proactive approach to the use of internal audit.

I wonder if we're seeing the same meaning in the expression "pass/fail"?

RCW, I sense that you have a problem here? Could you give us a bit more background info?


Tom Harris

Originally posted by Al Dyer
I believe that the pass/fail methodology is the best way to go.

A company is either doing what they say or not.

Maybe that's a bit simplistic, Al?

I'd like to make two points:

1 Surely a company sometimes [often?] does what it says it will do only to some extent?

Examples: We say we put the component on the right way round, but from time to time we put it on the wrong way round. We say that our employees are our greatest assset but occasionally a rogue manager treats someone like shít. We say we adopt a PDCA philosophy but the second shift sometimes simply fixes the problem, again and again.

A pass/fail attitude to audits has its place, but only in connection with getting a certificate. For subsequent internal audits, it ain't helpful (except for that annoying new bit about conformity to the standard). IMHO.

2 The accent on "doing what they say or not" is a hangover from the bad old days: "say what u do, do what u say and prove it" those old-timers use to trot out, didn't they?

The more enlightened approach recognises that simply following the rules is sometimes [often?] more part of the problem than the solution. Hence, even ISO 9000 drops the 'document everything' requirements in favour of the 'improvement of a system of processes' approach. The internal audit must also adopt that approach. IMHO.

M Greenaway


Quite true to an extent, however auditing compliance to the standard is very useful because it will force you to ask the right questions of a process.

Also have you noticed that nowhere in ISO9001:2000 is there a requirement to work to your documented procedures, hence auditing for compliance to the standard will not drag you down the wasteful auditing for compliance to procedures.

As you (and a fella called Deming) say most problems are inherent in the system (or procedures if you wish), hence continued compliance ensures continued problems (or level of performance).

By auditing to the requirements of the standard we should not be blinkered by procedures, and should as important compliance questions like is there demonstrable continuous improvement, or are there objectives for this process, or is this process performance adequately measured, etc, etc, and all that other good ISO9001 compliance stuff.

Randy Stewart

Not Sure

Martin are you talking internal or external here?
If it's internal audits then I disagree. External, yes but internal audits should go deeper than what the standard requires.
You state:
auditing compliance to the standard is very useful
most problems are inherent in the system
Isn't the standard a "suggested" system outline?
If you are not "blinkered" by what my process maps or procedures are showing then how in the world are you going to know what we are trying to accomplish?? By knowing the standard? I think not.
How can an external auditor come in a tell me if my process is being adequately measured when they don't know what we are measuring. That calls for a lot of auditor personality, interpretation and background to come into play. Which is one reason why QS has failed so miserably.
Here's an example. ISO 14001 under 4.4.5 states the "The organization shall establish and maintain procedure for controlling all documents required by this standard. I had an auditor interpret this as every single piece of paper (MSDS sheets, etc.) that was referenced by our Environmental system, down to the crib requests for mineral spirits, was to be under doc control! NO F'ing WAY!!!!!!!!!! But that was being audited to their interpretation of the standard and not what our procedures, processes and Ops manual stated.
Maybe I'm taking what you said to literally here. But IMO auditing to only the standard is like doing only the maintenance called out by your cars owners manual. :bonk:

David Hartman

I must agree with M. Greenaway.

I just finished our first internal audit and performed it as a compliance to the standard audit.

The first questions I asked dealt with the presence, general understanding, and attainment of the quality policy and quality objectives. Along with verifying that customer satisfaction was another of the driving forces within the overall organization.

I then verified that these "driving force" issues were understood and witnessed how they impacted the processes of each individual organization. This was followed by witnessing how each individual organization monitored or measured the effectiveness of their processes, and ensuring that they were taking actions to improve those processes (corrective and/or preventive).

Verifying that senior management was monitoring the health of the QMS, and was participating in establishing priorities and removing roadblocks to improvement, completed my audit efforts.

I feel like this activity not only assures me of compliance, but also provides evidence that the organization is on the road to customer satisfaction and continuous improvement

I had little interest in documented procedures (although I did ensure that processes and their interactions had been defined), and I did ask for defined competencies and how they ensured that the individuals filling a position met (and continued to meet) those competencies (including an examination of training records).

I believe that the new standard is written in such a fashion that not only can we develop our QMS to ensure accomplishment of company objectives, customer satisfaction and continuous improvement; but it can be audited against for compliance to verify that we are indeed accomplishing those goals.
Thread starter Similar threads Forum Replies Date
A A Guide to Effective Internal Management System Audits Book, Video, Blog and Web Site Reviews and Recommendations 2
K Questioning Top Management on The Quality Policy during Internal Audits Internal Auditing 7
F Benefits of Internal Audits in supporting Safety and Quality Management Systems Internal Auditing 5
A MR (Management Representative) also doing Internal Audits? Internal Auditing 27
E Internal Audits - Presenting Audit Findings to Upper Management General Auditing Discussions 19
S Executive Management Participation in Internal Audits Internal Auditing 8
N Frequency of Management Review Meetings pre- and post- Internal & Surveillance Audits ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 38
A What gets reported about Internal Audits at Management Review? Management Review Meetings and related Processes 13
Antonio Vieira "Planned intervals" for Internal Audits and Management Review Management Review Meetings and related Processes 9
P Can the Management Representative Do Internal Audits? Internal Auditing 31
A Management Review and Internal Audits Before Registration Audit Management Review Meetings and related Processes 2
T Measuring Effectiveness of Internal Audits - Reporting in Management Review Meeting Management Review Meetings and related Processes 13
C Any ideas on getting mid to upper management involved in Internal Audits? Quality Manager and Management Related Issues 6
R I was told that the MR (Management Representative) shouldn't be doing internal audits Internal Auditing 19
G Upper Management wants a Time Limit on Internal Audits - Slice Audits? Quality Manager and Management Related Issues 14
G Organizing internal audit program for an Integrated QHSE Management System Internal Auditing 13
D Management of NC after internal system audit IATF 16949 - Automotive Quality Systems Standard 7
P Internal Audit Reports reviewed by management? 21 CFR 820.22 Interpretation 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 6
M Risk Management (ISO 14971:2007) Internal Audit Checklist ISO 14971 - Medical Device Risk Management 7
V Most Common Internal/External Audit Observations on Risk Management ISO 14971 - Medical Device Risk Management 4
C How should I present Internal Audit results to Management in Management Review Internal Auditing 18
K Sample Questions for Auditing Management Rep , Internal Audit and Reg. Compliance Internal Auditing 7
V Internal Audit of Integrated Management System Miscellaneous Environmental Standards and EMS Related Discussions 2
K Should Internal Audit Plan be Approved by Top Management? Internal Auditing 19
A Internal Audit for an Integrated Management System (IMS)? Internal Auditing 17
J How to Write the Planned Interval to Conduct Internal Audit, Management Review, etc.. ISO 13485:2016 - Medical Device Quality Management Systems 3
B Where do I start when I Internal Audit the Quality Management System? Internal Auditing 8
E Internal Audit for Project Management Team - Construction Industry Internal Auditing 8
D Management Review Analysis of Internal Audit Findings Quality Manager and Management Related Issues 8
H Quality Management Best Practices for Internal Auditing Internal Auditing 6
L Top Management - Internal Audit Questions to Ask Internal Auditing 17
M Internal Audit for ISO 14001 - Questions for Management Internal Auditing 12
G Questionnaire for Internal Audit of Top Management Internal Auditing 9
A Auditing the Internal Auditors and Management Review Internal Auditing 5
S Auditing the Top Management during the Opening Meeting of Internal Audit Internal Auditing 21
6 Management Review does not highlight Internal Audit Finding - Root Cause Analysis General Auditing Discussions 11
K Auditing the Internal Vendor (Supplier) Management Process Supplier Quality Assurance and other Supplier Issues 2
E Management Review - Internal Audit AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 6
F Internal Audit for Top Management / ISO 9001:2008 General Auditing Discussions 11
H Internal Audit for Management Representative ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 17
D Can The Internal Auditor Also Be The Management Representative? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 27
L Internal Auditing of Integrated Management Systems Internal Auditing 12
Raffy ISO22000:2005 Food Safety Management System - Applicable Internal Audit standard? General Auditing Discussions 7
C Integrated Management System Training - Internal and Lead Auditor training Training - Internal, External, Online and Distance Learning 14
B Management Commitment and Internal Communication ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
S Internal Quality Audit Management Software General Auditing Discussions 13
Q Internal Audit Questions - Does anyone have sample questions for Management Internal Auditing 16
H How internal audit benefit the management level? Internal Auditing 1
I What is the Difference between Management Review and Internal Audit? Management Review Meetings and related Processes 4
R Internal Audit and Management Review before Certification: Is it a required? Management Review Meetings and related Processes 3

Similar threads

Top Bottom