Process Owners signing Internal Audit Reports

K

kgott

#1
I've been reading this thread on reporting audit findings in which Wes states:

[FONT=&quot]"My experience has been that many internal auditors [and their bosses] believe the internal audit is a police action and so feel that they need to play "GOTCHA" and issue NC instead of making suggestions for mistake proofing a process.[/FONT]"

I take Wes's point and I would like to get away from the 'quality cop' image and move towards the 'helper' image. In previous organisations it has been common to use an audit report form which requires the owner of the process, or someone like that, to sign the audit report. I suspect this may exacerbate the problem Wes alludes to, so before doing things differently; I'd like to know if there are any reasons why its a good idea to get the process owner, or someone like that, to sign an internal audit report.

I know 9001 makes no mention of this so technically its not required.

thanks
 
Last edited by a moderator:
Elsmar Forum Sponsor

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#2
In my experience the intent has been to gain assurance that the process owner is aware of the audit report and its findings, and agrees to the findings.

It has also been my experience that such a move is not fully effective without first taking the concentrated effort to communicate in two-way fashion the exact nature, reason for and acceptance of the audit's findings. As a 3rd party auditor I never want to leave the site with my clients asking each other "What does she want??" as I have seen people complain about here. Since my report does also have a place for the Management Rep to sign acceptance of the action request, I use the time to sign as one to let him/her review what I have written. I want to make sure it is completely accurate, appropriate, understandable, and clearly written. A couple of times I have reworded the nonconformance and then gained its acceptance. I'm fine with that.

So to make a long answer short (as it should have been, sorry) I'd say the signing is meant to facilitate the mind-meeting process.
:2cents:
 

somashekar

Staff member
Super Moderator
#3
I've been reading this thread on reporting audit findings in which Wes states:

[FONT=&quot]"My experience has been that many internal auditors [and their bosses] believe the internal audit is a police action and so feel that they need to play "GOTCHA" and issue NC instead of making suggestions for mistake proofing a process.[/FONT]"

I take Wes's point and I would like to get away from the 'quality cop' image and move towards the 'helper' image. In previous organisations it has been common to use an audit report form which requires the owner of the process, or someone like that, to sign the audit report. I suspect this may exacerbate the problem Wes alludes to, so before doing things differently; I'd like to know if there are any reasons why its a good idea to get the process owner, or someone like that, to sign an internal audit report.

I know 9001 makes no mention of this so technically its not required.

thanks
Everything in business must move from suspicion to trust, from :ca: to being proactive.
Long before the document and records handling and management softwares came, paper was the means and signature was the authorization. It still is. It is the very reason why many of the computer generated documents and records have this line at the end .. "Computer system generated statement, needs no signature."
In the same thread mentioned above, it is also mentioned that the quality and depth of internal audits across industry is not so mature. While the requirement is the effective working towards finding the RC and applying a CA to a NC, it is worth looking at the NC jointly with the auditor, auditee and the MR + other responsible managers and agree upon it OR tweak it accordingly to reflect the exact NC situation, such that the purpose of RCA and CA is indeed fruitful to the business process.
Having done all this stuff, if signing by the process owner is a way of acknowledgment, so be it. It is neither taking a blame nor a red mark in a personal record. It is more an authorization that an effective RCA and CA is to follow that will improve the business process.
 
K

kgott

#4
Long before the document and records handling and management softwares came, paper was the means and signature was the authorization. It still is. It is the very reason why many of the computer generated documents and records have this line at the end .. "Computer system generated statement, needs no signature." .
Somashekar; that's the first I have ever heard of the '"Computer system generated statement, needs no signature." Its an interesting idea. Is it something you use, is it widely accepted?

thanks k
 
K

kgott

#5
In my experience the intent has been to gain assurance that the process owner is aware of the audit report and its findings, and agrees to the findings.
I agree with that Jennifer and by getting the auditee to sign it avoids trouble later in history, is the only two benefits I have known in getting the audit report signed. However, in both cases it also carries hints of cya.

I suppose the only other thing that can be done to make signing obsolete is say in the email something like: 'as has been agreed the following actions ....' and "if you have any queries please discuss with me."
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#6
I agree with that Jennifer and by getting the auditee to sign it avoids trouble later in history, is the only two benefits I have known in getting the audit report signed. However, in both cases it also carries hints of cya.

I suppose the only other thing that can be done to make signing obsolete is say in the email something like: 'as has been agreed the following actions ....' and "if you have any queries please discuss with me."
In my experience, the added facilitation has been very effective and takes place of the signature because the CA process also has an escalation feature. However, while I was an internal auditor my customers tended to really appreciate the coaching aspect of it all. It helped avoid going too far and turning the process into a Mousetrap game. It also helped avoid the Band-Aid approach some others tended to in order to just be rid of the matter.
 

Attachments

Mikishots

Trusted Information Resource
#7
I've been reading this thread on reporting audit findings in which Wes states:

[FONT=&quot]"My experience has been that many internal auditors [and their bosses] believe the internal audit is a police action and so feel that they need to play "GOTCHA" and issue NC instead of making suggestions for mistake proofing a process.[/FONT]"

I take Wes's point and I would like to get away from the 'quality cop' image and move towards the 'helper' image. In previous organisations it has been common to use an audit report form which requires the owner of the process, or someone like that, to sign the audit report. I suspect this may exacerbate the problem Wes alludes to, so before doing things differently; I'd like to know if there are any reasons why its a good idea to get the process owner, or someone like that, to sign an internal audit report.

I know 9001 makes no mention of this so technically its not required.

thanks
I haven't used a signature for my audit reports in the past and I don't intend to in the future. In lieu of this, I present the findings and gain agreement in the closing meeting.

Those attending are the managers of the auditees and those responsible for the processes that were within the scope (whenever possible). I also get a record of attendance. We agree on the findings and we agree on the timeframe for resolution before the meeting breaks. My motto is "speak now or forever hold your peace".

If I generated a PEAR (Sec. 7 applicable), the owner of that process signs it and gets a copy.

If there are any opinons that clash (and I would know about it beforehand because there are no surprises to "pop up" in a closing meeting), we discuss them and resolve them. If they can't be resolved during the meeting, I record this fact. We can agree to disagree. Nine times out of ten, if there is a disagreement it's because I have not presented my finding clearly enough.

If my audit objectives specified that I would make recommendations for improvement, I'd state them at the end of the closing meeting, but I'd also state that they are NOT binding. I'm careful about what I say because if an auditor says too much, he/she can become an unwitting owner of the solution, whether it's right or wrong.

So...sign an audit report? It's simply not necessary if the auditees know why you're performing the audit and understand the value it brings.
 
Thread starter Similar threads Forum Replies Date
A ISO 13485 - Internal Auditor Independence and Process Owners ISO 13485:2016 - Medical Device Quality Management Systems 3
F Can a Process have two owners? Companies merged ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
F Process Owners and Process Documentation which Affects Multiple Departments Document Control Systems, Procedures, Forms and Templates 6
J Need Help with FPY Data in Assembly Process Manufacturing and Related Processes 7
A When someone refuses to follow a process.... Misc. Quality Assurance and Business Systems Related Topics 21
E Software maintenance Process Software maintenance Process to IEC 6204? IEC 62304 - Medical Device Software Life Cycle Processes 3
R AS5553 Clause 3.1.7 f - "Implement a returns process....." AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
normhowe "The Problem with Quality Management: Process orientation, controllability and zero-defect processes as modern myths" Book, Video, Blog and Web Site Reviews and Recommendations 2
Judy Abbott General temperature used in the blasting process and laser process Manufacturing and Related Processes 2
B SOP for CNC turret punching machine for sheet metal process Manufacturing and Related Processes 0
A API Monogram audit review process Oil and Gas Industry Standards and Regulations 4
R AS9102 FAI Change in Material / Process Supplier AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
A Process mapping Process Maps, Process Mapping and Turtle Diagrams 1
R MDEL Process Canada Medical Device Regulations 4
optomist1 Rates Daily or Hourly Process Improvement Training Consultants and Consulting 2
S Manufacturing Process FDA FOIA Medical Device and FDA Regulations and Standards News 3
S Manufacturing Process FDA FOIA US Food and Drug Administration (FDA) 4
B Toyota PPAP Process - Three Questions APQP and PPAP 3
R Changes vs CMO - How can we simplify this process? Supplier Quality Assurance and other Supplier Issues 3
A Ethics Committee Review Process for IVD Products EU Medical Device Regulations 2
V Laser Welding Process - Impact on Electrical Properties Reliability Analysis - Predictions, Testing and Standards 4
Q Process: Knowledge Section 7.1.6 of ISO 9001:2015 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
L Documented Information in Internal Audits Process (9.2) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
A Sampling plan for in-process QC (medical devices) Inspection, Prints (Drawings), Testing, Sampling and Related Topics 13
R MRB (Material Review Board) Process using MS Sharepoint or MS Teams Manufacturing and Related Processes 2
M Clinical Benefit of device that only aids in a process for managing or treating disease EU Medical Device Regulations 2
C In-process inspection - Tooling and assembly lines for automotive companies AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 6
M Efficacy of an IT process after a cyber attack ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
N Sterilization Protocol Change in Validation Process and further impacts ISO 13485:2016 - Medical Device Quality Management Systems 1
N Riveting - special process Manufacturing and Related Processes 11
M Material incoming to the production process reflected in PFMEA FMEA and Control Plans 9
A API Spec Q1 Purchasing Process - Supplier Reevaluation based on Supplier Risks 5.6.1.4 Oil and Gas Industry Standards and Regulations 17
B Handling lower detection limits for SPC and process performance Statistical Analysis Tools, Techniques and SPC 1
D Measurables for Plastic Injection molding process Manufacturing and Related Processes 1
S Cleaning process center change ISO 13485:2016 - Medical Device Quality Management Systems 4
Z Rapid audit template for plastic parts manufacturing process Manufacturing and Related Processes 12
R Inspection and Work order process Inspection, Prints (Drawings), Testing, Sampling and Related Topics 9
T ISO 13485:2016 Clauses related to process matrix ISO 13485:2016 - Medical Device Quality Management Systems 3
A How to reduce the process SPC monitoring Capability, Accuracy and Stability - Processes, Machines, etc. 3
John Predmore Configuration Management as a process instead of a procedure AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 10
R PCBA process validation Qualification and Validation (including 21 CFR Part 11) 2
U Internal Auditor not trained but done Audit for some process Nonconformance and Corrective Action 5
B Two excellent examples of process capability analysis from Quality Magazine Capability, Accuracy and Stability - Processes, Machines, etc. 5
D ECO (Engineering Change Order) process questions ISO 13485:2016 - Medical Device Quality Management Systems 7
S Sterilization validation after changing sterilization process provider Qualification and Validation (including 21 CFR Part 11) 3
Pau Calvo Quality Management process is mandatory in ISO9001? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
Tagin Template or Checklist for Process Change Document Control Systems, Procedures, Forms and Templates 5
LostLouie Manufacturer divorced from Design process, is he justified in design process deficiencies? ISO 13485:2016 - Medical Device Quality Management Systems 9
J 1.11 Preliminary Identification of Special Product and Process Characteristics APQP and PPAP 4
D Question regarding customer feedback process ISO 13485:2016 - Medical Device Quality Management Systems 3

Similar threads

Top Bottom