1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

You CAN audit your own work!

Discussion in 'ISO 19011 - Auditing Management Systems Guidelines' started by Andy Nichols, Oct 8, 2015.

  1. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    The recently published ISO 9001:2015 no longer prohibits internal auditors from auditing their own work! The selection of auditors still has to ensure objectivity and impartiality. We know that having someone from another department doesn't always mean objectivity and impartiality - and some have no clue about the process(es) they audit! Taking someone from the shop floor and putting them in sales or engineering isn't always going to give a good result!

    So, how will your organization ensure this objectivity and impartiality?
     
    Steven Severt, GStough and Candi1024 like this.
  2. GStough

    GStough Member

    Joined:
    Aug 17, 2015
    Messages:
    37
    Likes Received:
    35
    Trophy Points:
    17
    Location:
    Winston-Salem, NC area
    I have a feeling that this will be a difficult change for external auditors to accept....
     
    hogheavenfarm likes this.
  3. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    In many ways it also flies in the face of the ISO 19011 ideals about "independent" verification. However, it does seem a little closer to reality for smaller businesses (and a significant proportion of the input to the changes came from them) to be able to address the need for multi-hatted people to audit without worrying about whether they touched the work they were looking at.

    As for external auditors, well, they need to evolve or something...
     
    GStough likes this.
  4. hogheavenfarm

    hogheavenfarm Well-Known Member

    Joined:
    Jul 30, 2015
    Messages:
    220
    Likes Received:
    160
    Trophy Points:
    42
    I have had to do this in our company regularly, there is just no one else available, and "swapping" with another small company is considered dangerous for proprietary reasons. I find I can be very objective when auditing my own work, but I will admit it can lead to blind spots, and I welcome additional eyes whenever I can get them. Part of my solution involves Q&A with different departments and team leaders so I can get a feel for how they see things (when auditing QA functions), of course I use that technique in all other areas. I find a "checklist" also useful in keeping observations honest when it comes to this, regardless of what most people think of them. Yes, it is shallow but provides a good foundation to build on, especially when auditing your own area. It is not the only thing I use, but provides a consistent ground rules for areas that may need improvement for follow up. Of course I still require 'evidence' to back up a checkmark as well, otherwise it becomes a pencil whipping exercise, which renders a checklist useless.
     
  5. RoxaneB

    RoxaneB Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    926
    Likes Received:
    1,081
    Trophy Points:
    92
    Location:
    Ontario, Canada
    This is where properly established metrics may come in handy. I may assess my own driving skills and consider myself an excellent driver. Metrics such as accidents, insurance rates and tickets will confirm (or negate) my self-assessment. If the checklist says I conform to what I'm supposed to do and the results of the metric(s) is/are good, then I have bit more of a leg to stand on when saying that all is good with the process.

    Larger organizations (sorry, hogheavenfarm!) may be able to have an extra set of eyes review internal audit reports and give them a stamp of approval. Although, I do confess that I do not like this added layer of bureaucracy.

    Lastly, this may be where senior management can play a bit more of a leadership role. If they believe that there was a bias or skew by the individual during the assessment of his/her own work, they may define an alternate approach, negate the findings or find some other way to properly assess the process in an unbiased manner.
     
  6. hogheavenfarm

    hogheavenfarm Well-Known Member

    Joined:
    Jul 30, 2015
    Messages:
    220
    Likes Received:
    160
    Trophy Points:
    42
    By the way, some of those "additional eyes" come from customer audits, and they are a great place to get ones work validated! Like Roxane said, using some measurable metric along with the audit is key to keeping on track and reducing blind spots. Customer audits then highlight the blind spots.
     
  7. Eric Twiname

    Eric Twiname Well-Known Member

    Joined:
    Jul 31, 2015
    Messages:
    329
    Likes Received:
    232
    Trophy Points:
    42
    Location:
    Northeast USA
    Sort of assumed by default, but I'll go ahead and say it out loud...

    Auditors CAN audit their own work...but they don't HAVE to.
    Being that they couldn't (shouldn't?) a month ago, and now can...makes no change here at all.
    We'll still have others audit the auditors...it's cheaper and easier (and arguably more effective anyway) just to not change.
     
  8. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    I guess I don't understand, Eric. 2008 says you can't audit your own work. Now you can. That's NOT a change?
     
  9. Eric Twiname

    Eric Twiname Well-Known Member

    Joined:
    Jul 31, 2015
    Messages:
    329
    Likes Received:
    232
    Trophy Points:
    42
    Location:
    Northeast USA
    I guess I was unclear...

    2008 Standard says you cant
    2015 does not say you cant
    If I am already compliant with current systems to 2008, my current way of arranging the audit process don't have to change to remain compliant in this area.
    and it's cheaper and easier to not change the current arrangement.
     
  10. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    OoooooH. Sure, "Just because you can, doesn't mean you should" kinda thing? Agreed!
     
  11. Eric Twiname

    Eric Twiname Well-Known Member

    Joined:
    Jul 31, 2015
    Messages:
    329
    Likes Received:
    232
    Trophy Points:
    42
    Location:
    Northeast USA
    Well, that and a dose of "If it ain't broke, don't fix it" thrown in... ;)
     
  12. Sidney Vianna

    Sidney Vianna Well-Known Member

    Joined:
    Jul 30, 2015
    Messages:
    127
    Likes Received:
    172
    Trophy Points:
    42
    I guess that depends on how "enforceable" is the normative definition of the term audit (in ISO 9000:2015). The definition of "audit" includes the word independent. Note 3 to entry 3.13.1 states that "...independence can be demonstrated by the freedom from responsibility for the activity being audited...."

    So, if an internal auditor is auditing something s/he is responsible for, s/he is not being independent and not fulfilling the requirement for what an audit should be, according to ISO 9000: "...systematic, independent and documented process....
     
  13. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    In practical terms what does independence mean? Does it mean you are independent of responsibility? From another department? Or free from bias and exhibit objectivity? Americans sought independence, yet the day after it was granted they went about their business "as usual", many speaking with the same (British) accents etc.

    When it quotes "independence can be demonstrated" it's leaving options on the table. Not "is", but "can".

    I believe you are putting your personal interpretation on the meaning of the text...
     
  14. Sidney Vianna

    Sidney Vianna Well-Known Member

    Joined:
    Jul 30, 2015
    Messages:
    127
    Likes Received:
    172
    Trophy Points:
    42
    Not personal interpretation, but rather, professional judgement. If someone tries to convince me s/he is independent of the work they perform, I would simply disagree and state the finding and, if applicable report the finding as a nonconformity.

    If we are afraid of reaching an audit conclusion because the word independent might be weaseld in other meanings, time to find another profession.
     
  15. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    What evidence would you seek to justify a non-conformity, Sidney? What would you - objectively - seek to demonstrate that the auditor has themselves NOT been objective or unbiased? I'm all eyes/ears...
     
    etorresg likes this.
  16. JCIC49

    JCIC49 Member

    Joined:
    Jul 31, 2015
    Messages:
    42
    Likes Received:
    27
    Trophy Points:
    17
    Location:
    United Kingdom
    This also becomes interesting when organisations are working to multiple standards for quality systems, I am thinking of my back ground in medical, where companies have 9001, 13485 and also need to work to FDA 21 CFR. As it stands at present only 9001 has made this change, with the requirement for independence still in other requirements. This is another reason that organisations need to be careful about maintaining compliance to multiple standards, they shouldn't go for the easiest option. As has already been said companies that are already in compliance must have a system that demonstrates independence so why change it.
     
    hogheavenfarm likes this.
  17. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    The concept of "independence" isn't the same as having someone from another department and so on doing the audit. That's a myth and always has been. Someone CAN be unbiased and objective about their own work. Since the definitions don't help in the case of ISO 9000, and we're talking specifically about ISO 9001 (other standards may or may not follow the same requirements in future), the fact remains that the words "auditors shall not audit their own work" has been deleted - I'd guess, to address small business needs (small businesses were 60% of the respondents to the 2015 survey). Why SHOULD a small business HAVE to find an outsider to do their internal audits?
     
  18. RoxaneB

    RoxaneB Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    926
    Likes Received:
    1,081
    Trophy Points:
    92
    Location:
    Ontario, Canada
    Small businesses should not have to find an outsider to do their internal audits...it simply is not practical or feasible for every organization to have someone audit someone else's work. Still, what should be in the standard is note that requires the organization to demonstrate the objective and unbiased nature of the audit. That's why I suggested possible options above such as using metrics as part of the audit process, an extra set of eyes to 'approve' the audit report before it is official, and/or incorporate the review of the results into management review.

    Unfortunately, by simply removing the words "auditors shall not audit their own work", this may imply to organizations that internal auditors may now be biased and subjective in their approach. If the intent is for internal auditors to continue being unbiased and objective, this removal smells like a ploy for organizations to purchase a copy of ISO 19011 so that they can understand "all things auditor".
     
    Andy Nichols likes this.
  19. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    They did keep the words about the need to ensure impartiality and no bias.
     
  20. RoxaneB

    RoxaneB Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    926
    Likes Received:
    1,081
    Trophy Points:
    92
    Location:
    Ontario, Canada
    Wonderful to hear! I'm curious now to see how organizations will demonstrate this. :)
     
    Andy Nichols likes this.