What do you do when an auditee says "No thank you"

Wes Bucey

Quite Involved in Discussions
#11
<SNIP>

My main concern with this situation is if this represents a culture of belittling internal audits. While you always going to have whacky people to deal with, an auditee who believes they can determine when the audit should be over might represent a deeper problem in terms of understanding the need for and value of internal audits.
Yes - the real worry is whether this is an isolated kook or a symptom of a deeper systemic problem within the organization.
 
Elsmar Forum Sponsor
#12
What do these questions have to do with control of documentation? That's why internal audits should never be too informal. There is always a need to balance formality and control. I don't know if it is the case here, but, had the auditee been provided with an agenda for the audit, he would be aware of the time and scope of the audit.
My thoughts, too, Sidney, on the first comment!

One aspect of internal audits which is often modeled too closely on external audit techniques, is that of planning and preparation. Rarely, (except with the relatively recent stage 1 audit) does a CB auditor get to meet, face to face with the client/auditee and solicit their support through the planning and preparation of the audit - to enable a greater buy, through focusing on the validation of process/compliance etc.

I'd going out on a limb by suggesting that, if such 'resistance' had been encountered in a face to face situation, the issue might have been headed off - or at least brought to someone's attention for input on the purpose of the audit etc.

Perhaps agendas and scope notification are part of a good audit process, but they don't encourage management support! I believe there's a world of difference between formality and control, through such devices, and auditors' behaviours which engender understanding, support and active participation.

Another feature which is sad, but never-the-less true, is that management don't get excited about document control, as much as some of us know it's important to cover, during an audit. It doesn't push the right buttons for them! Unless this was an imperative for some reason, I'd shrug it off for another day!
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#13
Jennifer, if I understand correctly aren't you the owner of the audit process? Correct me, please, if I'm wrong. I may have formed an incorrect perception.

Of course, we don't know this character etc. I'm willing to guess, he's got a skewed idea of what the audit is about. You could report a lack of co-operation in the audit but, frankly (and especially if you are the audit process owner) what does it achieve? Is a peer or higher going to question/counsel him? Talk to him like a 'Dutch Uncle'? Will it appear in some Management Review records? How will the audit be concluded, if as Sidney suggests, the audit isn't over?

I'd be thinking how to approach the next audit on his patch and how to avoid him doing it again...
You are correct. I am an assist/coach for a guest auditor to a corporate group that has only recently recognized it must be subject to TS audits and certification.

As I go along I see a pattern: This site doesn't realize its responsibilities to all the downstream sites or to the standard. It has no strong manager to clarify they really need to play along.

I really appreciate the great responses. I will try to elevate the issue, as it is important for everyone to understand their responsibilities. I have no authority however, so this is a chance to either sink myself or establish myself. I'll find out which after it happens.

If all else fails I can only document in order to show the audit was not ineffective. I sure appreciate the validation. :applause: My people here are a great source of support and comfort. :thanks:
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#14
Jennifer, I'm curious...how did he know what you were supposed to ask yesterday, and that it was enough?

:)
This is a great question. :applause: He did not, though my partner and I asked if the documentation was controlled and how. Later, we tried to access his group's internal document control process spec and found its access settings blocked us out. We had to ask for a copy, which he provided.

I started the original questions by asking "So what does your group do to support the sites?" He said they roll out enterprise software and I based half my audit questions about the effectiveness of that rollout (which I know my site has experienced problems with due to lack of testing for various effects/inadequate time to do our own testing on site) and the structure of backups: how we arranges people's records on various data groups to ensure this thing got 5-year retention while that thing got 20 year retention. These questions were unexpected. He believed the extent of our need-to-know was the infrustructure and process of the data backups his group performs, plus the systems redundancy set up to ensure data security for my nearby manufacturing site.

The documentation issue is a legacy issue. The group has progressed thus far from nothing to a set of documents it insists on managing internally, completely separate from the corporate system. That's allowed but it needs to conform to the standard. My audit partner and I both do document control for our respective sites, so one could argue "the deck is stacked" here - we thoroughly understand the subject and the auditee may have anticipated pressure to join the corporate system.
 
J

JaneB

#15
I would ask them to answer just two or three more questions then I would leave them alone.
  1. What is the corporate quality policy?
  2. How do they support the corporate quality policy?
  3. How do they help the company keep their registration(s) / certification(s)?
At this point, I would expect to see a lightbulb go off...
Hmm.
I would not ever ask, as an auditor, these first two questions of someone who is highly placed in an organisation, as Jennifer says. If I did, it is not a lightbulb that I would expect to see going off. Something (someone) else, but not a lightbulb!

The third one... maybe. Possibly.
 
J

JaneB

#16
Jennifer,
Can I just clarify:
  • how much knowledge and understanding of the audit process does this person have? has he been audited before or was this his first audit?
  • was he provided with an agenda, which indicated what would be included, and an explanation of the purpose of the audit?
  • delicate question: you indicated some prior knowledge you had about difficulties caused by this area for your site - is it in any way possible that this influenced your objectivity in any way?
 
M

Markaich

#17
We have built into our arrangements that "auditees cooperate" with the implementation of the audit programme...given this, and in similar circumstances, I would write a non-conformance...particularly if many other ways had been tried to sort the problem

hope this helps
M
 

Wes Bucey

Quite Involved in Discussions
#18
We have built into our arrangements that "auditees cooperate" with the implementation of the audit programme...given this, and in similar circumstances, I would write a non-conformance...particularly if many other ways had been tried to sort the problem

hope this helps
M
This may be a "technically correct" course of action, but it smacks too much of a "Kwality Kop" mentality when most modern theories of internal auditing seem to reflect an attitude of "we're in this together, let's work out a solution that benefits the organization, NOT a power struggle between internal auditor and auditee."

The fact I am familiar with Jennifer's expertise on most things "quality" and has a good grounding in Deming's theory of a System of Profound Knowledge (SoPK) colors my comments here. Obviously, Jennifer is aware that a flat N/C in this case will escalate into a power struggle. The option of recording an "incomplete" is an imperfect, but politically correct, response because it avoids a direct confrontation, consigning the issue to an impersonal bureaucratic limbo.

Ideally, the bosses, the auditee, and Jennifer have a "friendly" meeting where Jennifer lays out, in a matter-of-fact way, the upstream and downstream supply chain ramifications of NOT "cheerfully" complying with documentation expectations of customers as well as of the Standard.

The real choke point Jennifer and others face in such a situation is the tractability or intractability of the auditee.

Complications enter the equation when Jennifer notes
As I go along I see a pattern: This site doesn't realize its responsibilities to all the downstream sites or to the standard. It has no strong manager to clarify they really need to play along.
Without a strong manager to say "my way or the highway" it all comes down to a matter of education and persuasion.

Even many experienced independent consultants can fail to complete the persuasion part of the meeting.
 
C

ChrissieO

#19
Following on from great responses from Wes, Andy, Jane & Sidney and the advise to document in the audit report and raise at the closing meeting (one reason to ensure that you have the right people at the closing meeting).

I rarely, if ever audit the document control process as a single element of an audit.:mg: So would not ask the question as such.

With all our internal audits, on our own site and other sites I audit for all five elements of my responsibility (9001, 18001.14001. 16949 & AEO).
We would audit the processes and as part of that, ask to see the relevent documentation for those processes. If a deviation was found in more than two or three documents I would then go down the route of the process for document control, authorisation and release, modification logs etc. If only one deviation was found I would just point this out and ensure it was checked during any further or follow up audits. If they were not in alignment to the documented process for document control I would then raise any finding. Over the period of perhaps a 12 month audit schedule you have more than enough opportunity to establish the conformance of doc control.

By doing it this way as part of the process and not a single element the audit will flow better and not seem like something seperate and extra taking up more of the audittees time.

Chrissie
 

John Broomfield

Staff member
Super Moderator
#20
I'm auditing a group who is not familiar with me - a different site than usual.

I have asked a process owner to show me how he controls his documentation, as this process group has decided to internally define and manage controls for their SOPs and policies. The response to my request to review his internal document control process, with examples, was a polite (paraphrased) "No thank you, we talked about enough already - you asked me all you are supposed to ask me yesterday; more, in fact."

Of course we must routinely audit control of internal documents, and I told him that, assuring him it was a normal part of almost every audit we do, and straightforward.

I'm rather amused, yet bemused at this outright refusal. Has anyone else experience with this? What did you do? He's highly placed in the organization.
Jennifer,

Three options:

  • Say, "I see you are too busy for me" and obtain the evidence you seek from another person;
  • Audit document control as an integrated part of auditing all of the other processes until you reach a conclusion; or
  • If true, say "you providing me with evidence of control is essential to fulfill the audit objective and your not providing me with this evidence will require me to stop the audit and report the reasons to the audit client";
Nothing really requires auditee's to provide time to the auditor. For the auditee to invest their time they need to share an interest in the audit objective.

John
 
Thread starter Similar threads Forum Replies Date
GStough Auditing Against Criteria Unfamiliar to Auditee - Yea or Nay? General Auditing Discussions 11
K Tips for Auditee Training ISO 13485:2016 - Medical Device Quality Management Systems 4
S Experiences as a female auditor / auditee Career and Occupation Discussions 36
S Why auditee names are not mentioned in Audit Report? General Auditing Discussions 2
L How to deal with resistance from auditee(s) Internal Auditing 20
somashekar Internal Audit without a person as auditee Internal Auditing 6
S Internal Audit Findings Summary Rewrite by an Auditee ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
F How to Calm a Nervous Auditee Internal Auditing 14
K Sending Audit Questions to the Auditee in Advance Internal Auditing 20
Howard Atkins What you as an auditee should know about your CB (Certification Body) Registrars and Notified Bodies 0
P What to do when an Auditee Falsifies or Cheated on Records Internal Auditing 6
A What do you do if you have the feeling that your auditee could be lying? Internal Auditing 58
M What to do when Auditee refuses to sign Audit Report General Auditing Discussions 91
J Auditee offered help with anything in nonconformities Internal Auditing 16
P Internal Audit Finding - Root Cause Analysis: Auditor or an Auditee Responsibility? Internal Auditing 24
B Could ISO 22000 auditee hold Auditor Responsible for subsequent safety breaches? Food Safety - ISO 22000, HACCP (21 CFR 120) 16
V Can the Management Representative represent top management as the sole auditee? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 14
L Corrective action following a wrong answer of the auditee ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 19
B Providing Auditee with Checklist prior to Audit General Auditing Discussions 48
M Auditee Evaluation of Auditors Example, Form or Template General Auditing Discussions 6
E Being IQA Team Leader and auditee - Auditor Independence General Auditing Discussions 9
Claes Gefvenberg The Ideal Auditee General Auditing Discussions 22
J Can I issue a NCR if the auditee did not comply what he is suppose to do? General Auditing Discussions 6
Marc GM says no more tailpipe emissions by 2035, carbon neutrality by 2040 World News 45
T What does AS9100 mean when it says you must establish a process to do X? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 24
Marc NASA Says Oregon Company Metals Fraud Caused $700 Million Satellite Failure - 2019 World News 16
B Our NB says that IEC 62304 is an ISO 14971 Requirement ISO 14971 - Medical Device Risk Management 1
shimonv 21 CFR 820.20(d) says: Each manufacturer shall establish a Quality Plan 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
J jwmuola says Hello Coffee Break and Water Cooler Discussions 1
Marc FCC boss says he'll SHAME broadband firms for fibbing on speeds After Work and Weekend Discussion Topics 0
bobdoering Who says you can't calibrate a steel rule! Funny Stuff - Jokes and Humour 14
J Auditor says 5.6.3 should be discussed in Management Review Management Review Meetings and related Processes 62
Wes Bucey "Back Doors" to Encryption - NY times says NSA has them After Work and Weekend Discussion Topics 20
Wes Bucey A Headhunter says he has job hunt secrets Career and Occupation Discussions 7
O Is it an Assignable Cause only if the Control Chart says so? Statistical Analysis Tools, Techniques and SPC 16
S Auditor says a Minor Nonconformance will become a Major Nonconformance General Auditing Discussions 8
H 'You've got to find what you love,' Jobs says Career and Occupation Discussions 2
Marc Threat analyst says medical devices can be hacked remotely Other Medical Device and Orthopedic Related Topics 6
P Control of Monitoring and Measurement Devices - ISO 13485 Clause 7.6 says ... ISO 13485:2016 - Medical Device Quality Management Systems 3
J Quality Pros? Salaries on the Upswing, ASQ Salary Survey Says Career and Occupation Discussions 4
Stijloor IKEA US Says Thank You to All Its 12,400 Co-Workers World News 5
D Found Watch - Watch is "Element" and says "New York" Coffee Break and Water Cooler Discussions 16
G Dangerous Act - Auditor says major nonconformance for safety (risk) issue Occupational Health & Safety Management Standards 21
C Calibration Laboratory Location - GMP says in a secure bonded area General Measurement Device and Calibration Topics 5
Stijloor Ford Says It Made $2.7 Billion in 2009 World News 8
E FMEA Action Plan Threshold (RPN) - Auditor says Action Plan for an RPN > 84 IATF 16949 - Automotive Quality Systems Standard 21
J Modern man a wimp says anthropologist Coffee Break and Water Cooler Discussions 0
bobdoering Wheeler is back again! He says it is the last volley! Statistical Analysis Tools, Techniques and SPC 7
J Immortality only 20 years away says scientist Coffee Break and Water Cooler Discussions 20
P Attribute Control Chart in my Process - Black Belt says Not Appropriate Quality Tools, Improvement and Analysis 11

Similar threads

Top Bottom