The Minimum Number of Internal Auditors Required in an Organization

Randy

Super Moderator
#21
Yeah, but these folks are going to be doing nothing but internal auditing....it's an onsite for a single corporation and any of the Lead auditor courses can be used by folks who are going to need to establish audit programs and/or manage the audit process either internally or externally.

Audit programs are audit programs and auditing is auditing.
 
Elsmar Forum Sponsor
#22
Yeah, but these folks are going to be doing nothing but internal auditing....it's an onsite for a single corporation and any of the Lead auditor courses can be used by folks who are going to need to establish audit programs and/or manage the audit process either internally or externally.

Audit programs are audit programs and auditing is auditing.
Not! How can a person with your experience say that? One of the fundamental reasons for poor internal audits is because people get taught to use external audit techniques and then apply them in their internal audits. As I've posted here many times, it doesn't work to do that. Yes, I agree the RABQSA requirements dictate what you have to teach - if you run accredited courses, but there's no way that a lead auditor course teaches effective internal auditing. Every time I run a class or do an audit at a clients I see the pitiful results of following an external audit process, internally........

How can an internal audit program be the same as an external one? The objectives are totally different.

You and I know that although the principles of auditing might be similar, the practices should be quite different.......
 

Randy

Super Moderator
#26
How can an internal audit program be the same as an external one? The objectives are totally different.

You and I know that although the principles of auditing might be similar, the practices should be quite different.......
:bonk::bonk:OK, here I go:soap::2cents:

I don't know where you learned or who tought you but you're way off base.

1st, where most internal audits and internal audit programs go wrong is that they never get past asking people if they have a procedure and if they know the policy. This happens because many of the folks charged with the responsibility to establish so called internal audit programs and conduct audits don't know $hit-from-shinloa about what they are doing and/or the reason why. This starts with thinking that all we need is an auditor training class and ends at the failure to develop a sound competency process.


2nd, regardless of the type of audit be they internal, external, or whatever the purpose of every management system audit is exactly the same and that's to verify conformance...just look in 9001, 14001, 13485, 9100, 18001, 16949, 22000, or whatever and you'll see it very clearly written and never paid any attention to.

Do you really think that I, a 3rd party auditor, look at special stuff for 3rd party auditors only? I look at the same stuff, I interview the same people, I observe the same activities as the internal guys, unless of course the internal guys are just going through the motions, following some bogus, bull$4it, pre-printed checklist that is used time and time again with no deviation or change from audit to tired useless and wasted time audit.

There are hundreds of books published by "audit guru's" and "experts" and "I know more than you, blah, blah, blah's" about how to do internal audits and how to set up programs and all that other horsehockey:horse: that contain no more real substance than good old, in need of revision ISO 19011 when all of the fluff is removed and it provides guidance for to begin with.

The weakness and failure rests with a poorly planned process (and most don't know the process approach to establishing audit programs, planning for and conducting audits, developing and evaluating auditor competence, monitoring and measuring the program and seeking improvement).

I have to get off my soapbox because I've been hammering this home to a great group of people that last 3 days and I think it is starting to click, so forgive me for my passion and the flow of adrenaline in my system.
 
Last edited:
#27
I don't know where you learned or who tought you but you're way off base.

1st, where most internal audits and internal audit programs go wrong is that they never get past asking people if they have a procedure and if they know the policy. This happens because many of the folks charged with the responsibility to establish so called internal audit programs and conduct audits don't know $hit-from-shinloa about what they are doing and/or the reason why. This starts with thinking that all we need is an auditor training class and ends at the failure to develop a sound competency process.


2nd, regardless of the type of audit be they internal, external, or whatever the purpose of every management system audit is exactly the same and that's to verify conformance...just look in 9001, 14001, 13485, 9100, 18001, 16949, 22000, or whatever and you'll see it very clearly written and never paid any attention to.

Do you really think that I, a 3rd party auditor, look at special stuff for 3rd party auditors only? I look at the same stuff, I interview the same people, I observe the same activities as the internal guys, unless of course the internal guys are just going through the motions, following some bogus, bull$4it, pre-printed checklist that is used time and time again with no deviation or change from audit to tired useless and wasted time audit.

There are hundreds of books published by "audit guru's" and "experts" and "I know more than you, blah, blah, blah's" about how to do internal audits and how to set up programs and all that other horsehockey:horse: that contain no more real substance than good old, in need of revision ISO 19011 when all of the fluff is removed and it provides guidance for to begin with.

The weakness and failure rests with a poorly planned process (and most don't know the process approach to establishing audit programs, planning for and conducting audits, developing and evaluating auditor competence, monitoring and measuring the program and seeking improvement).
Good points, Randy - kinda what I'm saying, really. Except the bit about the objectives. In practice, auditors often give up on the other thing you failed to mention - the effectiveness of the process. Anyone can read it here in other posts - "People don't follow procedure" - so what? What results are they getting? Did that ever factor in an audit report? Rarely!:nope:

See your own comments (highlighted) above. Indeed, you might cover these things in class, but I'd bet a pound to a pinch of that horse hockey that no 36/40 hour course can go into any depth to permit development of skills in these areas, so you get what you so amply describe, someone who thinks they know about audits, but are just plain dangerous.......no experience, ya see! :agree1:

Oh, BTW - you're also correct, you don't know who trained me or where I learned, but one things is for sure, I'm not off base. The model for teaching internal auditors is based, in the main, on external audit techniques. So, is ISO 19011 - as you said, it's in need of revision.:agree1:

Since we see eye to eye about these things, how about we approach RABQSA and the TC who wrote ISO 19011 and show them the error of their ways..........??:mg:
 

Randy

Super Moderator
#28
Since we see eye to eye about these things, how about we approach RABQSA and the TC who wrote ISO 19011 and show them the error of their ways..........??:mg:

Hey I can't Andy because I am represented already (sort of anyway), besides they wouldn't like me, I'm not too PC and I'd probably be a little too crude for the smooth hand crowd.

And you're so right...a 36/40 hour thing can only scratch the surface if at all.:agree1:
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#29
2nd, regardless of the type of audit be they internal, external, or whatever the purpose of every management system audit is exactly the same and that's to verify conformance...just look in 9001, 14001, 13485, 9100, 18001, 16949, 22000, or whatever and you'll see it very clearly written and never paid any attention to.
Far from me to get in the middle of a lively discussion like this:tg:, but it is common knowledge (for many) that there are differences associated with first, second and third party auditing. So much so that the US QEDS delegation decided that ISO 19011 had too much slant towards 3rd party auditing. As a result, a US version of the ISO 19011 document was created: ANSI/ISO/ASQ QE19011S-2004, Guidelines for quality and/or environmental management systems auditing – U.S. Version with supplemental guidance added.

That standard is the subject of a specific thread here at the Cove.
The Section of ISO 19011 that talks about audit objectives is paragraph 5.2.1. The supplementation of the American document states, as it relates to internal audits. The emphasis identified in color, bold text, is mine.
S5.2.1.1 First-party (internal) audits
First-party audits should be used by the organization to improve the management system, and may also be used as the basis for self-declaration of conformity and to satisfy requirements for third party registration. Internal audits should be closely aligned with the goals of the
organization. Some organizations may expand the objectives of their internal audit program to include the identification of business improvement opportunities, opportunities to enhance customer loyalty, and opportunities to minimize the organization’s environmental impact. Input on these opportunities can be gathered throughout the audit process and, where supported by objective evidence, reported as opportunities for improvement.
The first sentence of the quoted text gives me a glimpse of what many people believe should be the primary difference between first and third party audits. First party audits should focus first on system improvement, while verification of conformance (while still important) takes a back seat. Third party audits, on the other hand, need to focus on verification of conformance, while system improvement (although critical) is on the back burner.

We have been brain-washed and hard wired to think that audits must equate with verification of conformance. It will take a long time to overcome this paradigm.
 

Randy

Super Moderator
#30
Well my low karma may be failing me again I guess, but I'll still point out that when I look at the applicable specification or requirements documents (you know, the ones with the "shalls" in them) I see that the purpose of the audit (the internal one because thats the focus) state one way or another "the system conforms to planned arrangements, the standard, and is being effectively implemented and maintained". So in the end it really doesn't matter what a suggestion document (those guideline ones) say because unless an organization clearly and specifically states (or the "shall" document states) that the guidelines will be "the way and the only way" they don't count squat and the US whatever group can take those "should's" they created and chug on them.
 
Thread starter Similar threads Forum Replies Date
K What is the Minimum number of internal auditors required? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
Marc Internal Audit Mandays - Is there a set, or minimum, number? Internal Auditing 4
J Minimum number of parts to do an attribute gage R&R Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 8
A Minimum Number of Parts for Attribute (Go / NoGo) Data Gage R&R Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 4
M Minimum number of samples to inspected for Pp & Ppk study ? Any statistical proof?? Capability, Accuracy and Stability - Processes, Machines, etc. 4
C Minimum number of procedures to satisfy ISO9001 requirements Document Control Systems, Procedures, Forms and Templates 14
D What is the minimum number of values to develop individual chart? Statistical Analysis Tools, Techniques and SPC 14
A Minimum Number of Documented Procedures for TS 16949 IATF 16949 - Automotive Quality Systems Standard 0
D Minimum number of Subgroups to assess Process Capability Statistical Analysis Tools, Techniques and SPC 3
P ISO 9001:2000 - Required Procedures or minimum required number? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 45
D LiPo battery minimum requirements IEC 60601 - Medical Electrical Equipment Safety Standards Series 2
P Search function minimum length Elsmar Cove Forum Suggestions, Complaints, Problems and Bug Reports 3
M Minimum sample size - Guidance and statistical rationale Inspection, Prints (Drawings), Testing, Sampling and Related Topics 3
Q Capability study with a minimum spec Statistical Analysis Tools, Techniques and SPC 8
L Significant Production Run - How 300 was determined to be the minimum quantity APQP and PPAP 2
Marco Bernardi MMC & LMC modifiers and CMM measuring techniques like diameter least squares and circularity or minimum/ maximum diameter Calibration and Metrology Software and Hardware 5
shimonv Minimum 60601 requirements for a clinical trial IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
J Minimum Supplier Certifications for Food Supplements Food Safety - ISO 22000, HACCP (21 CFR 120) 4
J What is the minimum standard for automotive component traceability? Manufacturing and Related Processes 2
M Applicability of IEC 60950-1 Table K2 - Minimum clearances between circuits Various Other Specifications, Standards, and related Requirements 0
M Characterization Testing - NO acceptance criteria, no minimum performance requirement Inspection, Prints (Drawings), Testing, Sampling and Related Topics 1
K Is minimum repair or replace guarantee period for medical devices in EU the same as consumer guarantee law of 2 years? EU Medical Device Regulations 5
S Designing the experiment with minimum run Statistical Analysis Tools, Techniques and SPC 0
S Designing the experiment with minimum run Statistical Analysis Tools, Techniques and SPC 0
JoshuaFroud Change Control - Minimum Requirements and Unhappy Staff ISO 13485:2016 - Medical Device Quality Management Systems 16
J IATF Minimum Automotive Quality Management System Requirements for Sub-Tier Suppliers IATF 16949 - Automotive Quality Systems Standard 12
N ETO Sterilisation Validation - EO Residual Minimum Sample Requirement ISO 13485:2016 - Medical Device Quality Management Systems 2
F Regulatory Compliant Quality Management System - Bare Minimum EU Medical Device Regulations 2
S What is the minimum pressure differential required for ISO Class 8 Clean Room? ISO 13485:2016 - Medical Device Quality Management Systems 3
somashekar ISO 13485 plus ISO 9001:2015 will now attract a minimum 2 day upgrade audit ISO 13485:2016 - Medical Device Quality Management Systems 9
J Minimum staff per 21 CFR Part 820 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
D What is the minimum Sample Size for Weibull Analysis Reliability Analysis - Predictions, Testing and Standards 12
S Is there a minimum industry standard for PpK ? Statistical Analysis Tools, Techniques and SPC 8
K What are the minimum requirements for Process Validation (Software)? ISO 13485:2016 - Medical Device Quality Management Systems 5
C Battery Powered Beauty Products minimum Legal Certifications Requirements CE Marking (Conformité Européene) / CB Scheme 7
B What is the minimum sample required for Performance Evaluation for IVD ? EU Medical Device Regulations 3
D Minimum requirements/experience/qualifications to be head of quality Career and Occupation Discussions 6
R Minimum Essential Receiving Inspection (M.E.R.I.) Inspection, Prints (Drawings), Testing, Sampling and Related Topics 3
S What is the minimum samples required for Customer Survey? Quality Manager and Management Related Issues 3
I Minimum and Maximum Validation Batch Size Requirements Qualification and Validation (including 21 CFR Part 11) 3
S Minimum documents required by AS9100 AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
N Minimum Design factor for CE Marking for machinery CE Marking (Conformité Européene) / CB Scheme 2
J Minitab Sample Size Calculation: 1 Sample t vs Minimum Sample Size for Means Using Minitab Software 3
G Why for a Shewhart chart the minimum feasible value for APL is 2401 units? Statistical Analysis Tools, Techniques and SPC 8
A Minimum Testing Requirements for a Clear Protective Equipment Barrier (Class II 510K) Other US Medical Device Regulations 1
V Critical Characteristics - Capability for a Minimum Specification APQP and PPAP 11
BradM What is the minimum size chamber for mapping? ISO 13485:2016 - Medical Device Quality Management Systems 2
Q Minimum Organization Structure to support TS16949 IATF 16949 - Automotive Quality Systems Standard 5
Q Minimum content required in a Quality Manual as per ISO 9001:2008 Quality Management System (QMS) Manuals 6
A ISO 13485 Supplier Monitoring Minimum Requirements Supplier Quality Assurance and other Supplier Issues 3

Similar threads

Top Bottom