Informational Scaling back internal audits due to corona virus while avoiding a NC

outdoorsNW

Quite Involved in Discussions
#1
In light of the corona virus, and since AS9100 required use of risk based thinking, it seems like our company should scale back internal audits that require in person contact. We are nearly done with the first round of audits, which at this point it seems like we should finish. (Most of the interviews and in person process observations are done.)

But for the remaining audits this year, I think we should scale back or cancel many internal audits. If the audit can be done as an online records review or by email and phone, it should continue. If the audit is a follow-up to a 3rd party audit finding last year, it should continue. If there is another reason to consider the audit critical, it should continue.

Audits that were scheduled primarily because the area had not been audited in a few years seem to not be worth the risk. We have a few audits required by our customers annually that I think we should basically tell the customer we are not doing any in person interviewing this year, only records review. If we followed my proposal, I am guessing we will complete 40-60% of planned audits for the year, some of which will be partial audits.

This year is our every 3 year recert audit, and both auditors will be new.

My concern is come our annual AS9100 audit, we may not have covered all areas of the standard in 2020. I don’t see anything in 9.2 that requires performing internal audits on every AS9100 section every year, but experience shows many auditors expect that.

How do I push back and say our program meets the standard?
 
Elsmar Forum Sponsor

Mark Meer

Trusted Information Resource
#2
...I don’t see anything in 9.2 that requires performing internal audits on every AS9100 section every year, but experience shows many auditors expect that....How do I push back and say our program meets the standard?
If it's not in the standard, then what "auditors expect" shouldn't matter.
That being said, I understand (having dealt with my fair share of auditor stuck in their ways) that, unfortunately, sometimes it does seem to matter.

I'd suggest documenting how you're prioritizing the 40-60% that will get done, and have a risk-based justification for the rest (e.g. based on previous audit findings, QMS history, resources, outputs, etc.), and have a schedule in place for doing them in a reasonable time.

Also bear in mind that everyone in the industry (including certification bodies), are probably in the same boat with respect to making contingency plans, so there should hopefully be some charitable understanding when it comes to assessing your rationales... ;)
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#4
Also bear in mind that everyone in the industry (including certification bodies), are probably in the same boat with respect to making contingency plans, so there should hopefully be some charitable understanding when it comes to assessing your rationales... ;)
:applause:

If external auditors do not demonstrate awareness of context, they are just proving to be really incompetent. And, I believe, the business and commercial implications of the pandemic crisis are WAAAAAAAAYYYYYYYY more impactful than missing some internal audits.
 

outdoorsNW

Quite Involved in Discussions
#5
In my experience there are auditors who say they audit to their interpretation of letter of the standard regardless of context or alternate interpretations (including what 9 out of 10 other auditors would think). We had one of those last year. The auditor insisted on a bunch of things that most people on this board would disagree with and most professional auditors on this board would disagree with. The auditors evidence was flimsy, nonspecific, and vague for 4 of the 6 findings. I wanted to appeal some to all of those 4 but was overruled by my manager. Possibly there was a 3rd valid finding if the auditor grouped the evidence differently.

And while I agree with what Sidney is saying, the realty is we could have a bad auditor this year and I want to be prepared.
 

Randy

Super Moderator
#6
Right now you've got to scale back and maybe do not much more than records verification and whatever else doesn't require close personal proximity...phone interview, possibly visual through a camera (most likely not possible for security), Skype and information sharing (doing one later this morning). Maybe just the high risk stuff.

Be creative....It's called Management of Change
 

Al Rosen

Holed-up in a Hotel in South Florida
Staff member
Super Moderator
#7
In my experience there are auditors who say they audit to their interpretation of letter of the standard regardless of context or alternate interpretations (including what 9 out of 10 other auditors would think). We had one of those last year. The auditor insisted on a bunch of things that most people on this board would disagree with and most professional auditors on this board would disagree with. The auditors evidence was flimsy, nonspecific, and vague for 4 of the 6 findings. I wanted to appeal some to all of those 4 but was overruled by my manager. Possibly there was a 3rd valid finding if the auditor grouped the evidence differently.

And while I agree with what Sidney is saying, the realty is we could have a bad auditor this year and I want to be prepared.
Fire the auditor. I did once. He had his own interpretation. I appealed to the CB and asked that they assign someone else.
 

outdoorsNW

Quite Involved in Discussions
#8
The worst auditor is not coming back. But 2 of our last 4 have been bad, one was not a very good auditor, but no bogus findings, and one was mostly a good auditor but he had the you are required to internal audit all sections of the standard every year view.

My plan is when we get closer to this year's audit, to talk with my boss, ask a few questions elsmar, and have a plan for when will appeal. I think last year's experience will change minds.

Responding to a bad finding is difficult because there often is nothing specific to improve, not much you can judge your internal compliance against, and the actual root cause is different interpretations of the standard, but you have to come up with some other root cause.
 
Thread starter Similar threads Forum Replies Date
R Scaling a Gage R&R - 2 holding fixtures each with 10 nests Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 7
A Standards for Measuring Scaling and Pits & Voids in Metal Forging Processes Manufacturing and Related Processes 5
G Scaling down the certification scope - good idea? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
bobdoering Quick Overview of SPC Scaling Factors from Wheeler Statistical Analysis Tools, Techniques and SPC 0
Q FMEA Scaling - Both D and P FMEAs' in Electronics Manufacturing FMEA and Control Plans 2
Marc Multidimensional Scaling Statistical Analysis Tools, Techniques and SPC 0
R Monitor production quality - Internal KPIs Manufacturing and Related Processes 5
R IATF 16949 - Outsourcing of internal audits Internal Auditing 10
M Major vs. Minor for Internal Audits? Internal Auditing 10
T Internal Nonconformance procedure thoughts (AS9100) AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 6
M Tips on preparing for IATF 16949 Internal Lead Auditor exam Manufacturing and Related Processes 1
C Internal Audits in a tiny Dx Company Internal Auditing 33
H AS9100 Checklist for Internal Audit needed AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
A What are the pros and cons of using an audit software for internal auditing? General Auditing Discussions 4
F Internal Audit before Pre-Assessment ISO 17025 related Discussions 2
Q Internal audit plan template Internal Auditing 6
E PEMS Hazards - IEC 60601 Clause 14.6 - Internal data use - Pressure sensor IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
L Internal audit during COVID-19 restrictions ISO 13485:2016 - Medical Device Quality Management Systems 5
A QMS Overhaul - Reorganizing and Renaming Documents - Internal References Document Control Systems, Procedures, Forms and Templates 18
N Sampling Plan for Internal Audits - ISO 2859 or 3951 - Or Neither? Internal Auditing 6
O ISO13485 implementation - Are internal audits expected before stage 1 audit? Design and Development of Products and Processes 3
B Using Unreleased Documents & Process Maps for Internal Audit purposes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
M Help me improve the definition for internal PPM Manufacturing and Related Processes 3
S ISO 13485 Lead Auditor - Debate between our Quality Team and Regulatory Auditor - Internal Auditor Training ISO 13485:2016 - Medical Device Quality Management Systems 17
S Risk based internal auditing Internal Auditing 6
N Small Company - Internal audit process - Who does the audit? Internal Auditing 16
J Does anyone have an excel IATF 16949 Internal Audit checklist I could use? IATF 16949 - Automotive Quality Systems Standard 7
G Addressing Non-Conformances from an Internal Audit that are not product related ISO 13485:2016 - Medical Device Quality Management Systems 11
S Software for Supplier Charge back and internal PPM General Information Resources 2
G Internal Audits and Employee engagement Internal Auditing 16
I What direction do you provide your internal auditors on OFIs? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 38
S Internal calibrations - Part of an ISO 17025 accredited testing laboratory (Automotive) ISO 17025 related Discussions 3
F AS9100D Internal auditing requirements Internal Auditing 3
B Internal and external auditor competency to CSR's IATF 16949 - Automotive Quality Systems Standard 20
R Does any here use an internal auditing tool that works on different platforms? Internal Auditing 3
D Impartiality of Internal Auditor ISO 9001/13485 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
W Does anyone have an API Q2 checklist for internal auditing? Oil and Gas Industry Standards and Regulations 1
S Internal audit discrepancy - We missed a few audits that were scheduled Internal Auditing 12
Raffy ISO 14001 9.2.2 Internal Audit Programme Content Internal Auditing 9
N Internal Audit Schedule – Who gets to set the schedule? Internal Auditing 16
Ron Rompen Internal Quality Alert Program Document Control Systems, Procedures, Forms and Templates 0
V IATF 16949 9.2.2.1 Internal Audit Program - "Process Changes" IATF 16949 - Automotive Quality Systems Standard 11
F ISO 17025 8.8 Internal Audits in a segmented company ISO 17025 related Discussions 5
U Changes to Internal Processes and Risk Evaluation - Mitigations Risk Management Principles and Generic Guidelines 10
qualprod Internal Audits - Categories of non conformances Internal Auditing 12
G Non Conformance During ISO 9001 Audit - Not All Internal Audits Completed General Auditing Discussions 19
B Using external FDA and ISO 13485 audit as internal audit Internal Auditing 6
T Internal Audit Schedule when Hiring Out Internal Auditing 7
K A way to monitor our Internal Audits as a KPI AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 7
M IATF 16949 7.2.3 Internal Auditor Competency - Trainer's competency Internal Auditing 7

Similar threads

Top Bottom