Scheduling Internal Audits - What is meant by 'based on status and importance'?

L

love02eat

Involved In Discussions
Re: Scheduling Internal Audits - HELP HELP

I work for a company that is ISO13485 they have a QMS setup and they also have a QMS procedure for internal quality audits and there schedule with assigned employees. Now my question is #3 was purchasing ,Receiving, Suppliers by OMAR Ortiz. Well he never completed the audit for 2013 but he did one in may 2014. How can I complete a final report for all the audit depts./ activities for the year be done where his 2014 audit report does reflect anything from 2013 is this a issue for us. I do I handle a area that should have been completed. The ball was dropped and no one pressed it to be done when it should have. Also this person no longer works here either. Is there a way for me to use creative jargon since 4.2.3 and 4.2.4 was covered in other audited areas and 6.2
 

Attachments

  • Scheduling Internal Audits - What is meant by 'based on status and importance'?
    audit schedule.JPG
    57.5 KB · Views: 554
A

AndyN

Moved On
Re: Scheduling Internal Audits - HELP HELP

love02eat said:
I work for a company that is ISO13485 they have a QMS setup and they also have a QMS procedure for internal quality audits and there schedule with assigned employees. Now my question is #3 was purchasing ,Receiving, Suppliers by OMAR Ortiz. Well he never completed the audit for 2013 but he did one in may 2014. How can I complete a final report for all the audit depts./ activities for the year be done where his 2014 audit report does reflect anything from 2013 is this a issue for us. I do I handle a area that should have been completed. The ball was dropped and no one pressed it to be done when it should have. Also this person no longer works here either. Is there a way for me to use creative jargon since 4.2.3 and 4.2.4 was covered in other audited areas and 6.2
Click to expand...

You have encountered a problem with doing audit scheduling like this! It's NOT required to have this type of calendar even though your CB auditor has likely never made an issue of it. If you can say, hand on heart, that there was no reason to audit those things, because nothing had changed, there were no problems created in those processes etc. then you MIGHT get away, based on "status and importance" of the activity. You can try!

I'm not sure what you mean about completing a final audit report. Each audit should have a final audit report. Each is a separate process, and needs reporting as such. Don't wait until the whole calendar is complete for a "final report" - you're making more work for yourself.

Now, if you have had issues with those processes which weren't done, then you need to get auditing, plea a "mea culpa" and see what happens...
 
L

love02eat

Involved In Discussions
Re: Scheduling Internal Audits - HELP HELP

Well Andy my problem is he didn't do his summary for his 2014 audit for purchasing with clauses 4.2.3. 4.2.4 so with trying to take all his info there's also the spot where you refer to last time audited and again he didn't do it in 2013 at all. So what do I do for that section I cant leave it blank.
 
A

AndyN

Moved On
Re: Scheduling Internal Audits - HELP HELP

love02eat said:
Well Andy my problem is he didn't do his summary for his 2014 audit for purchasing with clauses 4.2.3. 4.2.4 so with trying to take all his info there's also the spot where you refer to last time audited and again he didn't do it in 2013 at all. So what do I do for that section I cant leave it blank.
Click to expand...

At this point in time, there's nothing to do. I'm guessing you are worried what a CB auditor is going to say? Didn't they ask back in 2014? Or even 2013? Frankly, I'm thinking whatever he wrote isn't worth bothering with! An audit of purchasing with clauses 4.2.3 and 4.2.4 isn't going to be much use, is it? Purchasing isn't audited by looking at those things. Well, not if the actual results of the process are going to be considered.

If the audit schedule was completed in 2014, then I'd wait until the CB auditor asks - they may not, after all. It's a long time ago and there's little/no point in issuing an NC, is there? I'd make some excuses and suggest that you say you've done some research (I've written lots in the way of articles/books etc about scheduling audits to be of more value) and say you've identified an improvement in this area...that may buy you the time you need to fix a poor internal audit program...
 
Jen Kirley

Jen Kirley

Quality and Auditing Expert
Leader
Admin
Re: Scheduling Internal Audits - HELP HELP

love02eat said:
Well Andy my problem is he didn't do his summary for his 2014 audit for purchasing with clauses 4.2.3. 4.2.4 so with trying to take all his info there's also the spot where you refer to last time audited and again he didn't do it in 2013 at all. So what do I do for that section I cant leave it blank.
Click to expand...
Do your auditors look at procedures while in production areas? How about records? Is there documentation or records associated with infrastructure, maintenance, calibration, training, purchasing and so on? Your schedule implies only 7.5.1 and 7.5.1.1 are audited in production areas - but if your auditor is checking to ensure procedures are at the current revision, you can in fact point to that sampling as a portion of the document control and records control process effectiveness. I haven't seen your audit records, but I hope they indicate your audits are looking at associated procedures, records, training, needed infrastructure and maintenance if needed, calibration if it's involved, targets and monitoring process effectiveness, and of course preventive action and continuous improvement. If your people are looking for this, your audit plan could show it. A search for "audit plan" in our Post Attachments List (see the green button in the header) returned this list of examples you could look at.

Also, there is no requirement in the standard to audit every process every year, or even every two years. Very often people stick to that myth, but indeed the standard invites us to not audit everything every year. "Status and importance of processes" means some processes are more stable than others, and some are more critical than others. If you have issues with a process or there has been a substantial change, or if it is a production process with enough value and complexity to justify more attention, schedule the process more often. Processes that have not changed, have had no issues for a period of time and are less critical can be audited less frequently.

I hope this helps!
 
Last edited:
Richard Regalado

Richard Regalado

Trusted Information Resource
Re: Scheduling Internal Audits - HELP HELP

I would like to answer the question from the perspective of ISO 27001 ISMS and ISO 22301 BCMS. Business impact analysis or BIA for ISO 22301 BCMS helps determine the consequences if processes are disrupted for whatever reason. In essence, the importance of the processes are based on the detrimental impacts to the organization i.e., impacts to financials, impacts to health and safety of interested parties, and other criteria.

The same is true for ISO/IEC 27001 ISMS. A risk assessment process is required to be performed to determine losses to confidentiality, integrity and availability (CIA). The RA process tells the organization which processes or information assets are more important than others.
 
You must log in or register to reply here.

Similar threads

Crusader
AS9100 Internal Audit Frequency - Audit all AS9100 elements within a specific timeframe?
2 3 4
Replies
30
Views
1K
4theindustry
4
Crusader
Internal Audit AS9100 - all elements within a 3 year cycle…required or not?
2
Replies
11
Views
2K
Randy
Randy
D
Opinions on internal audit schedule adjustment
2 3 4
Replies
34
Views
3K
Steve Prevette
Steve Prevette
Cats Clause
ISO9001:2015 Clause 9.2 How to audit internal audits.
2
Replies
17
Views
1K
FRA 2 FDA
FRA 2 FDA
T
ISO 13485:2016 Internal Audits method
2
Replies
18
Views
1K
QCBOB
QCBOB
Top Bottom