Small Company - Internal audit process - Who does the audit?

N

NdumisoN

Starting to get Involved
Hello,

I work at a small company and we have our internal audit program and we conduct our audits as per the program but I was wondering if the internal audit process needs to be audited and if so who does the audit?
 
D

Draxter

Registered
Hi Basically, Internal audits are conducted to check if all the program/project related documents are in place. I guess your Project manger or Product manager are most eligible to conduct internal audit within the team. Else, your organisation might have an auditor.
 
John Broomfield

John Broomfield

Leader
Super Moderator
Yes.

A deputy could also be selected and trained to audit your organization as a system for its effectiveness.

That way the two competent internal auditors can also audit the effectiveness of the audit process by sampling the other auditor’s work.

And top management may be further assured that the audit program as well as the system is fulfilling their objectives so they know what it does well, less than well and where improvements are needed.

Of course audit is more than just looking to see if all the required documents are in place.
 
N

NdumisoN

Starting to get Involved
Thank you for the responses, so we can add an internal audit to be audited to our internal audit process?
 
M

malasuerte

It's not "can"; you "shall" have Internal Audit as a process that needs to be audited.

Couple of adds: the auditor needs to be 'qualified' to perform the audit, and they have to be independent of the program. A couple of ideas - do you have a financial or risk and controls auditor that could perform the audit? You could hire a consultant as well.
 
Randy

Randy

Super Moderator
malasuerte said:
It's not "can"; you "shall" have Internal Audit as a process that needs to be audited.

Couple of adds: the auditor needs to be 'qualified' to perform the audit, and they have to be independent of the program. A couple of ideas - do you have a financial or risk and controls auditor that could perform the audit? You could hire a consultant as well.
Click to expand...

Nope, the auditor doesn't need to be qualified, the auditor must be Competent. I'm a qualified A&P Mechanic but I'm no longer competent do do so unsupervised..........Qualified and Competent are 2 different animals.
 
M

malasuerte

Randy said:
Nope, the auditor doesn't need to be qualified, the auditor must be Competent. I'm a qualified A&P Mechanic but I'm no longer competent do do so unsupervised..........Qualified and Competent are 2 different animals.
Click to expand...

Ok...twist words! You clearly don't get what I was saying nor the intent of the clause! You can't be competent if you are not trained and qualified! The auditors are required to be trained and qualified!

Competence is then determined after that. And yes, if you lose that competence for some reason, you cannot audit! But you are not competent without being trained and qualified!

The organization shall have a documented process(es) to verify that internal auditors are competent, taking into account any customer-specific requirements. For additional guidance on auditor competencies, refer to ISO 190011. The organization shall maintain a list of qualified internal auditors.

...
Where training is provided to achieve competency, DOCUMENTED INFORMATION shall be retained to demonstrate the trainer's competency with the above requirements. Maintenance of and improvement in internal auditor competence shall be demonstrated through:f) executing a minimum number of audits per year, as defined by the organization; andg) maintaining knowledge of relevant requirements based on internal changes (e.g. process technology, product technology) and external changes (e.g. ISO 9001, IATF 16949, core tools, and customer specific requirements).
 
Randy

Randy

Super Moderator
malasuerte said:
Ok...twist words! You clearly don't get what I was saying nor the intent of the clause! You can't be competent if you are not trained and qualified! The auditors are required to be trained and qualified!

Competence is then determined after that. And yes, if you lose that competence for some reason, you cannot audit! But you are not competent without being trained and qualified!

The organization shall have a documented process(es) to verify that internal auditors are competent, taking into account any customer-specific requirements. For additional guidance on auditor competencies, refer to ISO 190011. The organization shall maintain a list of qualified internal auditors.

...
Where training is provided to achieve competency, DOCUMENTED INFORMATION shall be retained to demonstrate the trainer's competency with the above requirements. Maintenance of and improvement in internal auditor competence shall be demonstrated through:f) executing a minimum number of audits per year, as defined by the organization; andg) maintaining knowledge of relevant requirements based on internal changes (e.g. process technology, product technology) and external changes (e.g. ISO 9001, IATF 16949, core tools, and customer specific requirements).
Click to expand...

I've seen very good audits conducted by professionals that had no documented auditing training, well thought out, well planned, well delivered. Competence is nothing more than "demonstrated ability to apply knowledge and skill"

With 19011:2018 you're quoting a "Guidance" document which in not mandatory it's strictly "Guidance" and the piece "Where training is provided to achieve competency," indicates that training isn't required , also competency, the fulfillment of it and performance is solely the property of the organization...It's their business what makes them happy not yours or mine. From the 3rd Party CB perspective (which is all I do 100+ days a year) I can only say the process isn't good if I determine that it's not being effectively performed and not meeting the basic requirements of the MS in question and whatever their audit process/procedure/protocol is....

Oh yeah, don't be putting and "Shall's" in 19011, there are only "4" and they're all in the Forward.
 
Last edited:
M

malasuerte

Randy said:
I've seen very good audits conducted by professionals that had no documented auditing training, well thought out, well planned, well delivered. Competence is nothing more than "demonstrated ability to apply knowledge and skill"

With 19011:2018 you're quoting a "Guidance" document which in not mandatory it's strictly "Guidance" and the piece "Where training is provided to achieve competency," indicates that training isn't required , also competency, the fulfillment of it and performance is solely the property of the organization...It's their business what makes them happy not yours or mine. From the 3rd Party CB perspective (which is all I do 100+ days a year) I can only say the process isn't good if I determine that it's not being effectively performed and not meeting the basic requirements of the MS in question and whatever their audit process/procedure/protocol is....

Oh yeah, don't be putting and "Shall's" in 19011, there are only "4" and they're all in the Forward.
Click to expand...


Your argument was auditors do not need to be qualified. (scroll up). The standard states: The organization shall maintain a list of qualified internal auditors.

However, you choose to define that is your business. For my business, it requires extensive training to be deemed qualified and competent.

We can't all be perfect like you! So let's just end this - You are right and everyone else is wrong!!! Is that better for your ego?
 
You must log in or register to reply here.

Similar threads

A
Internal Audit-Clause 7.4
Replies
3
Views
342
SeanN
S
Crusader
AS9100 Internal Audit Frequency - Audit all AS9100 elements within a specific timeframe?
2 3
Replies
29
Views
808
outdoorsNW
O
Crusader
Internal Audit AS9100 - all elements within a 3 year cycle…required or not?
2
Replies
11
Views
2K
Randy
Randy
T
Internal or a lead auditor course?
Replies
5
Views
97
Randy
Randy
N
Findings from internal audits
Replies
2
Views
432
Quality-Nation
Q
Top Bottom