Informational What is the purpose of Internal Audits?

TPMB4

Quite Involved in Discussions
#1
Something came to mind today concerning internal auditing our quality system (certified to iso 9001: 2015). Is the purpose of internal audit to check we are working to our quality system or a combination of that and that it meets the requirements of the standard?

I think it's to check we're doing what we say we do. The external auditor is checking compliance to our system and the standard.

Of course prior to transition we did the check against meeting the requirements of the standard, making improvements to ensure that. However after that the standard doesn't change so you only need to repeat checks against standard for changes to your standard. With no changes does the internal auditor actually need the standard with them?

Am I over thinking this or stating the obvious?
 
Elsmar Forum Sponsor

Jean_B

Trusted Information Resource
#2
ISO 9001:2015 states its purpose for internal audit under section 9.2.1 items a) (especially) and b).

a.1. says you'll provide information through 'conformance' audits on whether the quality management system (usually read as your resources: your personnel, equipment facilities, records, documentation etc.) conforms to your own higher-level requirements for that system (e.g. underlying instruction to its procedure, procedures to policies).​
a.2. says you'll check your quality management system conforms to ISO 9001 through 'conformance' audits .​
b. on effective implementation and maintenance through 'adherence' audits (see the definitions to understand this)​
You can check for all points in the same audit, or have audits focus on any subpoint.

How much you cover each point for each audit item (process) should be risk based, taking into consideration at least importance of processes, prior audit results, changes (such as an upgrade or wholly new standard), etc. resulting in an audit programme which meets your needs: attention where you know little or expect conditions to have changed significantly, no waste of resources on predictable results (because of prior audits or monitoring (though you should still audit the monitoring system itself)).

E.g. if you've been passing external audits to ISO 9001 without any non-conformities or observations you should be able to only sparsely do a.2 type audits. If you have been having some observations, those might give you the areas to focus on in internal audits of type a.2 to pre-empt external audit non-conformities. etc.​
However, you could find some interference here from your certifying organization, who might expect you to do more of a.2 while this should be at your discretion (taking into account the noted considerations).

The political option is to write up b against a.1 if a.1 meets a.2, a.1 to a.2 if it doesn't.

e.g. if procedure is conforming requirements but there is evidence that people are not adhering to it cite your QMS procedure (an a level item that conforms); if one of your work instructions is not according to procedure/policy you write it up against the a.1 level QMS procedure (that does conform to ISO 9001 (level a.2). If your procedure (level a.1) is not conforming to an ISO 9001 clause you write up that a level procedure against ISO 9001, a level a.2 item). (I know this last bit is a mish-mash between example and theoretical labelling, apologies).​
 

Randy

Super Moderator
#3
The reason for internal audits is clearly explained in the 9K15 standard itself, it's to verify if your quality management system:

a) conforms to:
1) the organization’s own requirements for its quality management system;
2) the requirements of this International Standard;
b) is effectively implemented and maintained.


All the other information and help you're going to get is extra and maybe some fluff, but the reason "why" is up above.
 

smryan

Perspective.
#4
I have our IA process in 2 separate parts. The Lead Auditor (me) is responsible for making sure we maintain compliance (and a bunch of other duties). The IA Team process can be simplified as "Continual Improvement". They don't worry about ISO clauses. They look at their assigned processes and the associated documents with 3 basic questions in mind. 1) Do the documents accurately and adequately describe the process? 2) Are people following the process consistently? 3) Are their improvements that can be made to process, documents, or training?

Taking the "ISOese" language out of the IA process has removed a significant stress level for both the auditors and the folks they audit. It has been well received so far.
 

John Broomfield

Staff member
Super Moderator
#5
Every audit needs an objective which is also known as the question to be answered by the audit.

That objective comes from the entity paying for the audit which we may take as top management for internal audits.

So, are audit objectives discussed during management review for the internal audit program?

Does each internal audit contribute towards the fulfillment of those objectives?

Aimless audit (aka fishing expedition) is frustrating for auditees.
 
#6
The reason for internal audits is clearly explained in the 9K15 standard itself,
"Clearly"...:lmao:

Which is why so many people struggle with it and post countless questions about when and how and what etc to audit...

The bottom line to doing internal audits (which has no connection to Certification because meeting ISO 9001 and being certified are almost mutually exclusive) is that the audits provide (independent) validation of the results of the various processes of the organization. So, not JUST are we doing what we say we should. Of course, this validation is what management review is about. A review of the performance of the processes of the org, their ability to achieve the objectives, satisfy customers etc and that the QMS was being implemented to assist in that. Hence, the results are a) believable and b) can be improved.
 

RoxaneB

Change Agent and Data Storyteller
Super Moderator
#7
I have the "Start with Why" document posted at my desk. Everything I am asked to do - be it a presentation for results, training on a concept, or develop a new process - needs to start with Why. And I'll be quite blunt here - doing audits for reasons such as compliance, conformance, certification, etc. is completely, utterly, totally pointless. Doing audits for reasons such as compliance, conformance, certification, etc. does little to instill a culture of quality and, if anything, simply perpetuates the perception that our job is to catch people at violating some "rule."

The "Why" behind anything needs to resonate with people...make them nod in agreement and thing "Oh my gosh, that is so true! I can totally support that cause." The "Why" may also be personal - my "Why" behind audits may not be the same as yours, TPMB4...or Andy's or Randy's or John's.

You might find it a bit fluffy, perhaps even whimsical, but (and I am biased here) when I read the lines below, I see the value that can be gained by audits.

Why - We believe that everything we do, we do well and, yet, can still do better.
How - We celebrate our strengths and seize our opportunities.
What - We just happen do this through audits (against defined criteria).
 

Attachments

John Broomfield

Staff member
Super Moderator
#8
Roxane,

Completely agree.

The auditees love to know why you are there as an auditor.

That’s one of the reasons for sharing the audit plan (headed with the reason why) with the auditees the week before.
 

Ninja

Looking for Reality
Trusted Information Resource
#9
Pretty awesome answers up above.

Is the purpose of internal audit to check we are working to our quality system or a combination of that and that it meets the requirements of the standard?
Providing that "your quality system" is built to encompass all aspects and requirements of the standard...as it should be...these are not really separable. Auditing to "Your QMS" should handle the basic requirements of the standard too...if not, that's a great OFI.

In my words, which I certainly think includes what's up above...
Internal audits are to find all of the dead bodies you've been hiding, so they don't get found by the external auditors...(with the assumption that you then handle them properly instead of just hiding them better).
 

Mark Meer

Trusted Information Resource
#10
I have our IA process in 2 separate parts. The Lead Auditor (me) is responsible for making sure we maintain compliance (and a bunch of other duties). The IA Team process can be simplified as "Continual Improvement". They don't worry about ISO clauses. They look at their assigned processes and the associated documents with 3 basic questions in mind. 1) Do the documents accurately and adequately describe the process? 2) Are people following the process consistently? 3) Are their improvements that can be made to process, documents, or training?

Taking the "ISOese" language out of the IA process has removed a significant stress level for both the auditors and the folks they audit. It has been well received so far.
This is a great idea. It also allows you to separate qualification requirements such as impartiality (as discussed in this thread) and in-depth knowledge of standards & regulatory requirements (your internal auditors on the "continual improvement" front need only concern themselves with internal processes and requirements). I like it! (y)

...meeting ISO 9001 and being certified are almost mutually exclusive...
Ah, Andy... ever the cynic! :lol:
 
Thread starter Similar threads Forum Replies Date
A Auditor suggested company find a higher purpose for Internal Audits ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
B Nasal Saline Solution for Irrigation purpose classification EU Medical Device Regulations 0
A Intended Purpose on device label EU Medical Device Regulations 7
M ISO 13485 for general purpose disinfectants? ISO 13485:2016 - Medical Device Quality Management Systems 9
A Records required for ISO 9001 clause 7.1.5.1 - Fitness for purpose of the monitoring and measurement resources ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
A A purpose of a Stage 1 audit - Off site document review Registrars and Notified Bodies 3
A Audit purpose - case study - What is the role of SQE in such case? General Auditing Discussions 3
A True purpose of doing EST (Electrical Safety Test) on medical device Other Medical Device Related Standards 3
K QMS Improvement - Analyze the systemic weaknesses of the QMS for improvement purpose Quality Tools, Improvement and Analysis 6
K Difference between intended purpose and intended use of the device EU Medical Device Regulations 9
J Purpose of Reference Section in SOPs Document Control Systems, Procedures, Forms and Templates 6
SK13485 Can a literature alone be used for the purpose of Clinical Evaluation of a device? EU Medical Device Regulations 6
E IATF 16949 Cl. 7.1.5.1 - Documented information as evidence of fitness for purpose IATF 16949 - Automotive Quality Systems Standard 3
R Auditing Fitness of Purpose for Monitoring and Measuring Equipment ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
J Are dermal fillers & PDO sutures for aesthetic purpose under CE MDD? EU Medical Device Regulations 6
somashekar Electronic data Back-up procedure, for Medical device QMS and regulatory purpose. ISO 13485:2016 - Medical Device Quality Management Systems 4
P Purpose of calculating Ta, Tb & R Square in Linearity Study Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 1
P Purpose of calculating Uncertainty value in calibration study Measurement Uncertainty (MU) 5
Q IEC 60601 for Non-Medical Research Purpose Devices IEC 60601 - Medical Electrical Equipment Safety Standards Series 7
D UV Absorption Test - What is it's purpose and what specifically is it looking for? Other Medical Device Related Standards 9
A ISO/IEC 20000 Toolkit For Academic Purpose IT (Information Technology) Service Management 6
L What is, and the purpose of, ISO STATS recording ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
x-files Hardcopy and Electronic Forms for same purpose vs. Naming and Numbering System Document Control Systems, Procedures, Forms and Templates 1
N How to qualify (IQ, OQ, PQ) a multi-purpose equipment ? Imported Legacy Blogs 1
V The Purpose of Basic Dimensions on Prints APQP and PPAP 6
Q Beginner's Understanding - The Purpose and Applications of QMS/ISO Standards Philosophy, Gurus, Innovation and Evolution 12
J How to qualify (IQ, OQ, PQ) a multi-purpose equipment ? Qualification and Validation (including 21 CFR Part 11) 5
S Logo Marking for Marketing purpose - ISO 9001, ISO 14001 and OHSAS 18001 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
P What is the latest version of ISO 10021 used for Certification purpose? Other ISO and International Standards and European Regulations 3
N Export & Import of Unapproved Device in USA for Service Purpose Only 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
C Purpose of the Quality Manual for an Organisation Quality Management System (QMS) Manuals 4
M TS 16949 Clause 7.5.1.8 - Special-Purpose Tools or Measurement Equipment IATF 16949 - Automotive Quality Systems Standard 2
A FDA: Label Requirements for General Purpose Reagents IVD 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 5
A What is the purpose of using AQL (Acceptable Quality Level) for Sampling? AQL - Acceptable Quality Level 3
S What is the purpose of ON HOLD Labels Food Safety - ISO 22000, HACCP (21 CFR 120) 5
Q How to write Statement of Purpose for a Law School Admission Career and Occupation Discussions 9
C FDA Approval Process for Device that can also be used for Veterinary Purpose 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 6
R Can some one share JIS B7502/7507 or DIN862 with me for study purpose? General Measurement Device and Calibration Topics 2
C What is the Purpose of or Requirement for having a Gage Glossary? IATF 16949 - Automotive Quality Systems Standard 2
P What is the purpose and use of Chart Stickers Labels? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
C Purpose of using different Distributions to solve Reliability Problems? Reliability Analysis - Predictions, Testing and Standards 2
Z CMM Measuring Instruction - Example needed for translation purpose Document Control Systems, Procedures, Forms and Templates 17
L Please share some practical SPC exercises for training purpose Statistical Analysis Tools, Techniques and SPC 4
thisby_ Intended Use vs. Intended Purpose vs. Intended by the Manufacturer - Doubts ISO 13485:2016 - Medical Device Quality Management Systems 9
S What is the purpose of Critical to Quality tree (CTQ)? Six Sigma 2
Q Using Class 3 used Electronic Devices for Training purpose ISO 13485:2016 - Medical Device Quality Management Systems 1
R Copy of TS16949:1999 for reading purpose IATF 16949 - Automotive Quality Systems Standard 7
R What is the purpose of Benchmarking? Benchmarking 5
K Process Tailoring - What is the purpose of process tailoring? Software Quality Assurance 12
U What is the purpose of a Software Test Plan? Software Quality Assurance 7

Similar threads

Top Bottom