Review on Internal Audit Findings

[Coury Ferguson]

A. maincontract is between the project and client is available but however the project has to do manpower supply with work release only

B. nothing says like that but without any agreed date of delivery, how come the project shall do their calibration planning?

With this added information, and in my opinion, I would say that "A" could be documented as a nonconformance. Not meeting Customer requirements (Contractual) and needs.

Now "B" is a different story, and in my opinion, it is not a nonconformance.

 

[eternal_atlas]

I would like to add to what Steel has said:

A. This would be defined as Risk by the company. Unless there is a specific Contract clause that prohibits you from adding manpower without prior authorization.

B. Was this "Verbal" agreement documented some how (call log, or something)? Again as stated in A above, it was a Risk that the company chose and unless there is some kind of Contract clause that doesn't allow it.

Could you please provide some more details? Like type of organization, product or service, etc.

My statements are my opinion.

for A.

contract clause is addressing the necessity of work release which is a source document for invoicing to the client by the projects. this work release is approved by the client before and after completion of the work

for B.
No tracking log is being maintained by the proejcts

type of organisation : electromechanical contractors
client : oil and gas refinery
service : manpower supply, equipment rental,calirbation service

 

[Coury Ferguson]

for A.

contract clause is addressing the necessity of work release which is a source document for invoicing to the client by the projects. this work release is approved by the client before and after completion of the work

for B.
No tracking log is being maintained by the proejcts

type of organisation : electromechanical contractors
client : oil and gas refinery
service : manpower supply, equipment rental,calirbation service

See post # 11 above. Thanks for the added information.

 

[D.Scott]

for A.

contract clause is addressing the necessity of work release which is a source document for invoicing to the client by the projects. this work release is approved by the client before and after completion of the work

for B.
No tracking log is being maintained by the proejcts

type of organisation : electromechanical contractors
client : oil and gas refinery
service : manpower supply, equipment rental,calirbation service

Please consider this:

You stated this is an internal audit. The internal auditor is working for the same team you are. There may or may not be specific requirements for the issues the auditor pointed out but the question will still remain -

Has the auditor helped the department identify a problem in your system? Even if it isn't a big deal, is it something you should look at and consider? Is it something that isn't directly addressed but maybe should be?

My question gets back to why would you dispute an internal finding? Wasn't it discussed at the time of the audit? Is there nothing that can be learned from the finding?

I guess I am on a soapbox here but I wonder why we battle with our internal auditors. We ask them to do a task that is supposed to add an extra set of eyes to help us. They do their best, not to show up the department but to add value to our system. Why ask them for their opinion then argue with them when they give it. Even if the auditor is flat wrong in his/her observation, can't we at least accept it as an opinion and deal with it? Consideration of another point of view might allow us to see what the auditor was talking about.

I don't like to restrict my internal auditors to "the Standard". I don't want them to spell out which clause or "shall" they think they found. I expect my auditors to go into a department/process and look at the procedures and work instructions that apply to what they are auditing. I also expect them to use their heads while they are there. If they see something they think is strange or out of place, I want them to question it. I don't really care if it isn't covered by a procedure. Maybe it should be. I wish we could all recognize that auditing goes past "the book" definition. Why not allow auditing to work for us any way we can. If our internal auditors point something out, consider it. The auditor is there not to find fault with you, he/she is there to help make the system better. Don't fight over whether it is a nonconformity or not. Determine if the information might be useful.

Sorry to go on so long - I need a coffee. You can have your soapbox back now.

Dave

 

[AndyN]

I tend to agree with Dave, but.........

Just because the auditor can find something in 'ISO' to 'pin' their audit finding to, doesn't make it a non-conformance!

It may be accurate to report what they found, but (frankly) how do we know what the organization's management say should happen under these circumstances? We're talking about the documented system and I can't see any references to what that says about such situations, or anything about the effects of not doing what was reported.

We can debate for ever about 'value-added' auditing, but the fact remains that we can't tell what the impact of these situations is! Did it affect customers? Is there a (potential or actual) loss or waste resulting?

I would venture to suggest that the auditor has been trained to audit to the ISO standard, wasn't given any other (internal) criteria and, having found an 'issue', is hoping to find a reason in the standard to make it an nc. I'd be fighting it too........

 

[eternal_atlas]

Please consider this:

You stated this is an internal audit. The internal auditor is working for the same team you are. There may or may not be specific requirements for the issues the auditor pointed out but the question will still remain -

Has the auditor helped the department identify a problem in your system? Even if it isn't a big deal, is it something you should look at and consider? Is it something that isn't directly addressed but maybe should be?

My question gets back to why would you dispute an internal finding? Wasn't it discussed at the time of the audit? Is there nothing that can be learned from the finding?

I guess I am on a soapbox here but I wonder why we battle with our internal auditors. We ask them to do a task that is supposed to add an extra set of eyes to help us. They do their best, not to show up the department but to add value to our system. Why ask them for their opinion then argue with them when they give it. Even if the auditor is flat wrong in his/her observation, can't we at least accept it as an opinion and deal with it? Consideration of another point of view might allow us to see what the auditor was talking about.

I don't like to restrict my internal auditors to "the Standard". I don't want them to spell out which clause or "shall" they think they found. I expect my auditors to go into a department/process and look at the procedures and work instructions that apply to what they are auditing. I also expect them to use their heads while they are there. If they see something they think is strange or out of place, I want them to question it. I don't really care if it isn't covered by a procedure. Maybe it should be. I wish we could all recognize that auditing goes past "the book" definition. Why not allow auditing to work for us any way we can. If our internal auditors point something out, consider it. The auditor is there not to find fault with you, he/she is there to help make the system better. Don't fight over whether it is a nonconformity or not. Determine if the information might be useful.

Sorry to go on so long - I need a coffee. You can have your soapbox back now.

Dave

We never fought with internal or external auditor.. but as an auditee, I have to meet the standard and procedural requirements.. So far, we are getting the work release sometimes after the completion of work but we start the work with some verbal communication or through mail..

During such situations, we may order some equipment to be supplied to the client place.. once it reaches they may change their requirments and again we have to replace it with some other equipment with their amended specifications for which we are not charging anything ..

sometimes, we cant order the client to say unless u give me the work release ,i cant work.. it is not practical.. at the same time, from the auditor point of view it is a risk we are taking and the cost of rework is a loss which is an compromise to maintain the relationship with the client and extend the contract period..

with respect to value addition by the auditor, i wont totally agree with his bureaucratic nature but i need result oriented approach..

but auditor asks me to amend the procedure or contract requirements for which client wont agree..

i am forced to receive those as observation to our process area.. let me see what i can do better to convince the auditor..

anyway..thanks a lot for all who participated in this discussion

 

[joshua_sx1]

...but auditor asks me to amend the procedure or contract requirements for which client wont agree...

…first an auditor shouldn’t ask you to amend your procedures (whether internal or external)… his job is basically to perform an audit as per ISO requirements…

...i am forced to receive those as observation to our process area.. let me see what i can do better to convince the auditor...

…I’m not totally aware of your procedure regarding your internal audit, but based on my experience, an “observation” (if that was being forced to you) is not really required to have a corrective action… instead, you can make this as preventive if you ever found out that this “observation” has potential to become a major problem in the future…

...and, the only way to convince an auditor is to make him realize that he "misinterpret" something...

 

[AndyN]

…first an auditor shouldn’t ask you to amend your procedures (whether internal or external)… his job is basically to perform an audit as per ISO requirements…



…I’m not totally aware of your procedure regarding your internal audit, but based on my experience, an “observation” (if that was being forced to you) is not really required to have a corrective action… instead, you can make this as preventive if you ever found out that this “observation” has potential to become a major problem in the future…

...and, the only way to convince an auditor is to make him realize that he "misinterpret" something...

IMHO, Joshua, your first statement is incorrect - an internal auditor is not there to do audits to the 'ISO requirements' - That's why so many internal audit programs fail miserably!

It doesn't matter, either, what 'grade' an auditor sets on their findings - if the auditee doesn't see any value (like the OP in this case) then they aren't going to react favorably - they have to agree there's some value in the finding and that the actions necessary are value added. Once again, the OP clearly doesn't see either in their situation. The only way they might move on it is if they fear being found out by the CB auditor.........

You have as much hope of changing this auditor's mind as passing through the eye of a needle............

 

[JaneB]

So far, we are getting the work release sometimes after the completion of work but we start the work with some verbal communication or through mail..

During such situations, we may order some equipment to be supplied to the client place..

I don't see a problem with this unless your quality system (procedures/policy etc) forbids work to start without a work release. Consulting/project firms often start work before the formal stuff is signed off, because usually the client wants it to start yesterday if not the week before.

Email/verbal release etc is often enough to go ahead - it's a business decision whether to accept this or not. IF it's considered OK (ie, not explicitly banned in your system) I might want to check that there's some note of that in the system (eg, pending receipt of formal Work Release?)

once it reaches they may change their requirments and again we have to replace it with some other equipment with their amended specifications for which we are not charging anything ..

sometimes, we cant order the client to say unless u give me the work release ,i cant work.. it is not practical..

I understand the impracticality requirement. The auditor has a point I think - it's a risk, which he's highlighting. That's reasonable. It's a management consideration what to do about the highlighted issue, no? ie, you / management may consider the finding and decide it's a risk that's still worth taking, because the alternative is annoying the hell out of too many customers and losing work.
BUT you do have to have ways of ensuring that if requirements changed between 'go ahead' and the formal Work Release, that you can identify that and fix them so they are correct.

but auditor asks me to amend the procedure or contract requirements for which client wont agree..

Sounds like he's made a recommendation or a suggestion (that's what I'd treat them as, unless as I said, there's something specifically existing in your system that you are not doing/breaching). Recommendations are opportunities to think about what you're doing - his viewpoint is different. Fine. Up to you to consider and decide whether you accept it or not, and why.

 

[JaneB]

…first an auditor shouldn’t ask you to amend your procedures (whether internal or external)… his job is basically to perform an audit as per ISO requirements…

Joshua, I'm going to disagree with you very strongly. This is an internal audit, for a start. But whether external/internal, any audit needs to take into consideration any requirements set by the organisation itself, contractual requirements, etc. etc. To simply say 'per ISO' is not sound. And any internal audit which simply took a 'per ISO requirements' only view would be less than optimal. And as Andy points out, the auditee won't respond to such a 'finding', which means it isn't working as well as it should or could.

…..and, the only way to convince an auditor is to make him realize that he "misinterpret" something...

The 'only way'? In general, the more you argue with anyone (auditor or other) eg, that they've 'misinterpreted', the more likely they are to dig their heels in & stick like glue to that position. Sounds like a sure way to make sure they'll close their ears.

I would instead aim to provide good reasons, sound evidence, data etc. to support an alternative point of view, instead.