OK - I admit it - this is mine from a listserve:
-------------snippo---------
From: ISO Standards Discussion
Date: Fri, 17 Dec 1999 11:49:45 -0600
Subject: Re: Internal Auditing Resources /../Kyllo/Russo/Smith
From: Marc Smith
--> C.W. Russ Russo...
I do 'contract' internal audits. To address Russ's issues:
--> From: "C.W. Russ Russo"
-->
--> You might want to reconsider this assumption. The first sentence in
--> element 4.17 requires the supplier to plan and implement the
--> internal audit program. It may be possible to hire an outside
--> auditor to conduct the audits, but the responsibility for the
--> program remains with the supplier.
I have yet to see a client without an audit plan / schedule. However, I see nothing in ISO9001:1994 (or the 'latest' ISO9001:2000) which says a company cannot outsource planning / scheduling as well as the internal audits if the company so chooses.
--> Moreover, I would advise folks considering this route to re-look at
--> Element 4.6, Purchasing, particularly the evaluation of
--> subcontractors based on "any quality assurance requirements." True,
--> ISO 10011 is not a "requirement." However, from my perspective, if a
I advise my clients that there are two issues here: I must be an approved supplier and there has to be defined criteria.
--> company really wants to abide by ISO 10011 they cannot absolve
--> themselves of active management and become a client. Such an
--> approach opens a fairly large can of wiggly worms.
I'm amazed you can say this. Just because a company outsources internal audits doesn't mean that management is trying to absolve its self of active management. If a company hires out design of a product (or prototyping or other SIGNIFICANT part of their product and/or business system) you don't hear people yelling:
"There must be serious problems if the company has to outsource that function. Heck, their management is trying to absolve its self of active management."
In fact, most companies hire out what they do not consider part of their 'core' business, yet is critical to their business. It seems so many people have the OPINION that internal audits must be a part of their core business. Businesses outsource their legal needs every day, as well as financial services, design and many other functions. My question is, what makes internal auditing such a sacred goat that it 'should' not be outsourced while other functions are outsourced every day (ever heard of Make-Buy decisions?)?
It seems that where ever the standard says "The company shall..." some folks immediately read to mean that the function cannot be outsourced. I do not agree with this interpretation at all.
Regards,
Marc T. Smith
-------------snippo---------
From: ISO Standards Discussion
Date: Fri, 17 Dec 1999 11:49:45 -0600
Subject: Re: Internal Auditing Resources /../Kyllo/Russo/Smith
From: Marc Smith
--> C.W. Russ Russo...
I do 'contract' internal audits. To address Russ's issues:
--> From: "C.W. Russ Russo"
-->
--> You might want to reconsider this assumption. The first sentence in
--> element 4.17 requires the supplier to plan and implement the
--> internal audit program. It may be possible to hire an outside
--> auditor to conduct the audits, but the responsibility for the
--> program remains with the supplier.
I have yet to see a client without an audit plan / schedule. However, I see nothing in ISO9001:1994 (or the 'latest' ISO9001:2000) which says a company cannot outsource planning / scheduling as well as the internal audits if the company so chooses.
--> Moreover, I would advise folks considering this route to re-look at
--> Element 4.6, Purchasing, particularly the evaluation of
--> subcontractors based on "any quality assurance requirements." True,
--> ISO 10011 is not a "requirement." However, from my perspective, if a
I advise my clients that there are two issues here: I must be an approved supplier and there has to be defined criteria.
--> company really wants to abide by ISO 10011 they cannot absolve
--> themselves of active management and become a client. Such an
--> approach opens a fairly large can of wiggly worms.
I'm amazed you can say this. Just because a company outsources internal audits doesn't mean that management is trying to absolve its self of active management. If a company hires out design of a product (or prototyping or other SIGNIFICANT part of their product and/or business system) you don't hear people yelling:
"There must be serious problems if the company has to outsource that function. Heck, their management is trying to absolve its self of active management."
In fact, most companies hire out what they do not consider part of their 'core' business, yet is critical to their business. It seems so many people have the OPINION that internal audits must be a part of their core business. Businesses outsource their legal needs every day, as well as financial services, design and many other functions. My question is, what makes internal auditing such a sacred goat that it 'should' not be outsourced while other functions are outsourced every day (ever heard of Make-Buy decisions?)?
It seems that where ever the standard says "The company shall..." some folks immediately read to mean that the function cannot be outsourced. I do not agree with this interpretation at all.
Regards,
Marc T. Smith