Posts: 32
From:
Registered: May 99

posted 03 November 1999 09:09 AM            

---

I have had conflicting responses to this question. Is there any requirment for either ISO 9001 or the QSR that the internal audit schedule be a controlled document? I find for various reasons that I have to change the dates (never moved up, always moved back) of several internal audits per year. Currently I initial and date on the schedule if I need to reschedule but if the schedule is controlled, I would need to initiate a change order each time and that could be a headache. comments?

IP: Logged

Posts: 123
From:Milwaukee, WI USA
Registered: Mar 99

posted 03 November 1999 01:40 PM               

---

We have a controlled form to be used for our Internal Audit schedule, with a second page that is used to explain why changes in the schedule take place. The intention is to reduce or eliminate changes in the schedule for insignificant reasons. Our procedures grants the Management Representative the authority to change the schedule as required, and only the Management Rep can change it. Perhaps you just need to change the way your procedures are written to allow you to do what is required.

IP: Logged

Posts: 299
From:Rochester, NY US
Registered: Aug 1999

posted 03 November 1999 03:36 PM               

---

We did something similar...allow mgmt. rep. the authority. If the dept scheduled for audit requested the change, they needed to put it in writing w/ mgmt rep approval. Chnages initiated by the internal auditors were just initialed by mgmt. rep.

IP: Logged

Posts: 19
From:Kingsport, TN
Registered:

posted 03 November 1999 08:12 PM               

---

Whether or not you maintain the schedule as a controlled document will probably depend on how you have it set up originally and how the schedule is being used. You may need to communicate changes to the schedule to any persons who received copies of the original schedule; you can do this in controlled document form or by communication via memo or e-mail, keeping copies as evidence that you did so. If you are the principal user of the schedule and notify participants (assigned auditors and the area to be audited) of an impending audit, then you should not formalize the control of the schedule. However, as Tom pointed out you should revise your audit procedure to ensure that it defines what you need to do to meet your needs. Perhaps note that you are authorized to make changes to the schedule and that those affected will be notified of changes.

IP: Logged

Posts: 8
From:Heber Springs, AR. USA
Registered: Dec 1999

posted 02 December 1999 01:04 PM               

---

We had an outside source come in and perform an audit to help us get ready for our QS Registration. There was a finding on Internal Audits for not having the Audit Schedule under document control. My concern with this was everytime I had to revise it, the rev. level would have to change. My Management Rep said as long as all I was doing was revising the information & not the form it's self and had approval on it, we were covered. We received our registration with out a hitch. At least for now. It seems our registar is pretty inonsistant from one auditor to the next. But that's another story!

IP: Logged

Posts: 38
From:Sydney, NSW, Australia
Registered:

posted 02 December 1999 04:37 PM               

---

Let's think about the concept of document control. The idea is that all the people using the document have the upto date information. If they are filling out a form, then the layout and form fields are the important information, but in this case the important information is the audit schedule it's self. You do want every body to be operating to the same schedule don't you?
This is not a shot at you Jackie but at your Management Rep who should know better.
By the way "revision level" means just that, when the document is revised, you change the revision level, by definition.

The elements in ISO/QS 9K are all there for a reason. They are actually there to help your business, not to create hurdles for hurdles sake, nobody wins then. Think about the intent of the element, how you address this in your business and where it might be usefull in other areas. (Shoot me down if you think I'm wrong, I can handle it.)

IP: Logged

Posts: 32
From:
Registered: May 99

posted 03 December 1999 07:38 AM            

---

I think in this case James I must disagree. The audit schedule that I refer to is not a circulated document. It resides in my audit files and no one else uses it. I inform department Managers by memo of upcoming audits as prompted by the schedule. It was written originally at the end of last year and in it I identified which departments would be audited during which months of the coming year. However, as with most plans, there were unforseen circumstances that required me to make changes to the schedule. My SOP for internal audits states that "Scheduled audits may be rescheduled if approved (signified by initialing of the schedule) by the Director of Q.A." In such instances, it should not be necessary for me to initiate a document change order and revise the document. The format of the schedule is a controlled document template in the way it is structured for two years out by month and department name. Are we in agreement now?

IP: Logged

Posts: 637
From:South Central Massachusetts
Registered:

posted 03 December 1999 08:24 AM               

---

think about it..yes you need to have it under control, yes its a working document with updates, yes it needs to be public in most cases...so where does that leave you?

In your audit program procedures/documents say how you will control the schedule and who has access/authority to change. Typically the format is under doc control, the working info is what changes...how do you know when it was changed for instance, and by who...come up with something real. What they want to know is that the audits are planned....scheduled in advance..not "GEE think I'll audit this stuff this week...." AND that updates reflect reviews/CA etc. based on need. The revision control feature in word tables will do that nicely......

Typically I have a planned schedule by quarter, then update for assigned auditors, they schedule the dates and there's room for followup additions etc...and the closure details....

[This message has been edited by barb butrym (edited 03 December 1999).]

IP: Logged

Posts: 4119
From:West Chester, OH, USA
Registered:

posted 03 December 1999 08:42 AM               

---

Not to get into a pissing match, but I have *several* clients whose internal audit schedule is nothing more than penciled in dates on a standard, every day calendar on a wall in an office (granted these are relatively small [<200 souls] companies). It is controlled - it is in the office of the person controlling it. No other employee is expected to come into the office and change dates (why, prey tell, would they short of the intent of sabatoge which we all know one can only go so far to prevent). On the other hand, they outsource internal audits so there's not typically any changes in the schedule.

I think this is a case where folks are over reaching in defining document control. Control alone is not so complex as it seems some folks think. If I have a document on my computer and I back it up and if I change it I let everyone know about changes who should know about changes, it is controlled. I know many companies where some process documents are controlled locally by the engineer responsible for the line.

All you have to do is be smart and make sure your level 2 acknowledges local control.

Don't over complicate this issue, folks. Let's look at the intent. The intent is to ensure audits are scheduled. If some audits are rescheduled, that is not an issue. Big deal, that's business and that's life. The issue is whether you get them done or not, and if not that you do a corrective action.

IP: Logged

Posts: 637
From:South Central Massachusetts
Registered:

posted 03 December 1999 08:40 PM               

---

YUP local control ..define it and then do it.

Some use a simple scheduling program like "outlook"

As an auditor, I would look for a planned schedule.....updated with closure status of some kind (not always on the schedule...but somewhere close by or it would prompt me to ask many more questions) and follow up schedules if needed. Then pull the reports and match to see if they were carried out on time and as planned, and then followed up/closed. Facilitates the audit to have it all handy, although not a requirement...BUT bear in mind 99% of auditors will build their confidence in a company through the internal audit program....if its top shelf, and efficient its in the company's best interest...SO whats top shelf and efficient?
Planned audits, clearly scheduled, executed and closed. Trained auditors, detailed audit trails that can be used to recreate the scenario (n/c).

IP: Logged

Posts: 38
From:Sydney, NSW, Australia
Registered:

posted 06 December 1999 08:34 PM               

---

Thanks Marc, once again you're able to better explain what I mean. The intent of Document and Data Control is to ensure that everybody working with data (and the documents that contain this data) have the up to date, or appropriate data.
The information on the audit schedule is what needs to be controlled, the layout is irrelavant. If this information is changed then everybody using this information needs to be notified of the changes.
If you are the only one with the full schedule and you let the departments know of an upcoming audit by memo or what ever, then that is OK, this memo should then become a controlled document. I assume that once the depatment has been notified of dates for the audit, they are also notified of any changes. This is the control mechanism, just write down how it happens.
This is pretty close to what I do, where my review schedule is given by review dates entered in the flow charts of the procedures and everyone has access to this. ( 4TQFlow software by the way, to give it a plug www.4tq.com It is pretty good kit!) Password control enables me to limit who can make changes to these dates, but enables all users to view the schedule. I also have one of those magnetic charts showing the schedule on a wall in my office that is updated weekly to reflect any changes. This is principally for the less technically savey department heads to help them see what is coming up. I then notify my audit team by a task assignment using M$Outlook and they plan the Audit using the meeting function of Outlook. The notification features included in Outlook all form the control mechanism to ensure that everyone is playing off the same page of music. This is all documented in the procedure for Auditing Processes and identified in the Quality manual in a matrix as Document Control.
This is quite different to the way we control work instructions, or the Quality Policy, or the over 300 Standards publications that we use, but it's all document control.
This is why I don't have a single policy for document control but document how it is done in the various areas.
I say again, think of the intent. Identify where is it vital that people are using the upto date (or the appropriate) version of information, and think about how you make sure that is happening. If it is just good luck then you need to introduce a system, otherwise document how you do it now and then you can work on improving it.

PS It would be need to be a pretty good pissing match to reach Austalia!

IP: Logged

Posts: 4119
From:West Chester, OH, USA
Registered:

posted 06 December 1999 08:54 PM               

---

Sounds tight to me.

IP: Logged

All times are Eastern Standard Time (USA)