Jennifer:
I've been out walking the dog and giving this some serious thought! (No comments about Mad Englishmen and their dogs in the midday sun, please
)
What were the:-
* Scope
* Objectives &
* Criteria
of this audit? Reading your post #37 makes me wonder why he would say that training doesn't need to be audited. So, I have that question for you, why were you auditing training?
As much as we here recognize dysfunctionality of organizations, audit can still be used to take that objective and impartial look at the QMS in this guy's area of responsibility. While out walking, it also ran through my head that I wonder what any documentation might actually say is the responsibility of this support function and it's management?
If such things are clearly defined the audit should go more smoothly. If not (and ISO 19011 talks to this) maybe that aspect could have been sorted before the audit took place - I guess it depends on those three things above!
I've been out walking the dog and giving this some serious thought! (No comments about Mad Englishmen and their dogs in the midday sun, please
What were the:-
* Scope
* Objectives &
* Criteria
of this audit? Reading your post #37 makes me wonder why he would say that training doesn't need to be audited. So, I have that question for you, why were you auditing training?
As much as we here recognize dysfunctionality of organizations, audit can still be used to take that objective and impartial look at the QMS in this guy's area of responsibility. While out walking, it also ran through my head that I wonder what any documentation might actually say is the responsibility of this support function and it's management?
If such things are clearly defined the audit should go more smoothly. If not (and ISO 19011 talks to this) maybe that aspect could have been sorted before the audit took place - I guess it depends on those three things above!
Scope involved the controls, activities and records for the things this group did as support for the sites, specifically rolling out enterprise software applications. Objectives were to verify the activities and controls set out in their internal process documents. Criteria included downstream effects in the sites. We sought to understand how it all worked.
We didn't audit training, but pointed out to the auditee in our last meeting that, like control of documents, auditors may also ask about training for the process people - but that questions are limited to the extent of their responsibility. That means the majority of training questions are dealt with in the audit with HR & Training but that we may ask what competency means for these people, how it's achieved and how we know it's been achieved. If my auditees can't answer these questions it's my habit to work through it together and coach them on how to answer the question if a registrar asks it. No one comes from the egg knowing all this stuff.
The corporate Document Control system is the default for process documentation, but groups do have the right to manage their own documents as long as they do so in accordance with 4.2.3. In past audits this group was found to have no such controls, and developed the controls as a response to an audit finding. The documents having been established, my objective here was to verify that the defined controls were effective and that 4.2.3 were being followed. He simply didn't agree he should have to do so.
