Seeking ISO 9001:2000 Internal Audit Matrix Examples

[tomjess]

Internal Audit Matrix

I am looking for an example of a matrix for Internal audits (9001:200). I am doing one but keeping stuck, I know it should be simple, but I suppose I'm the simple one.

Thanks

 

[Russ Kochis]

Tomjess,
This is what our registrar uses, hope it helps.
Russ

 

[Marc]

Remember.... For internal audits there are going to be company specific aspects which will differ company to company. That is part of audit planning.

Take a good look at your internal audit system and determine what type of audit you're going to do. Is it going to be primarily process focused or a strict ISO 10011-1-1994 “Guidelines for Auditing Quality Systems - Auditing” type of audit.

Russ Kochis said:

Tomjess,
This is what our registrar uses, hope it helps.

Russ, Thanks for the form! We all appreciate it!

 

[Sam]

Here is one that I use. You can add or delete whatever. I also use it for a scoring and tracking history.

 

[compliance - 2006]

19011

I have a question on which maybe you all can provide input.....Our company is about 300 people on site and about 500 total. Our internal auditor resides in our QA department. During our last registrar audit, we received a minor nonconformance because of a conflict of interest in our internal auditing program. Since the internal auditor audits all of the quality systems, hence her boss, our registrar indicated that we have a conflict of interest. 19011 is different from the old regulation because it includes "conflict of interest" in the section for internal audits. Of course there are mixed feelings about this throughout our organization, but our internal auditor agrees with the finding and her boss does not. What are your thoughts? If the audit program weren't in the QA department, where would it be?

 

[Claes Gefvenberg]

Our internal auditor resides in our QA department. During our last registrar audit, we received a minor nonconformance because of a conflict of interest in our internal auditing program.

That sounds reasonable. Being the sole auditor she would be forced to audit her own work (the audit program), which is no good when you look at ISO 9001:2000, clause 8.2.2. The NC seems solid imo. Clause 4d in ISO19011:2002 deals with the same thing

d) [font=Arial,Bold]Independence: [/font][font=Arial,Italic]the basis for the impartiality of the audit and objectivity of the audit conclusions[/font]

[font=Arial,Italic][/font]Auditors are independent of the activity being audited and are free from bias and conflict of interest. Auditors maintain an objective state of mind throughout the audit process to ensure that the audit findings and conclusions will be based only on the audit evidence.

... but you are not audited acc. to ISO19011.

our internal auditor agrees with the finding and her boss does not. What are your thoughts? If the audit program weren't in the QA department, where would it be?

Imo your auditor is correct, but the answer is not to move the audit program elswhere. What you need is someone who is not responsible for running it to audit it. Here we solve the problem by letting an auditor not working in the quality department audit it.

Besides, your auditor could probably need a bit of help anyway. One single auditor in a company with 500 people sounds very thin....

/Claes

 

[compliance - 2006]

Thanks for your input. We actually do have someone other than the auditor audit the internal audit program, but that's it. The finding was directly related to the auditor auditing the quality system and hence auditing her boss (for example, her boss could make her exclude some findings related to him or his system and ultimately, she would have to comply since he is her boss.) Their concern was that the auditor might not be able to audit without some enforced bias. The finding was not that the auditor herself was not independant from the areas she audits. Do you still feel the same? I still think it's a valid finding, but as I mentioned, others do not.

 

[Claes Gefvenberg]

Do you still feel the same? I still think it's a valid finding, but as I mentioned, others do not.

Oopsie.... That's a bit different, actually:

...Selection of auditors and conduct of audits shall ensure objectivity and impartiality of the audit process. Auditors shall not audit their own work.

Ok... Your auditor is not auditing her own work, so that's ok, and unless your registrar can point out reasonable cause for their concern for bias I'd say they are out on a very thin limb. "Might not be able to audit without enforced bias" is not enough imo. They have to prove their point. I agree that auditing your boss is obviously less than ideal, but there is nothing in the standard saying that you cannot do it.

/Claes