Internal Audit

In carrying out internal audit in a particular area or process, do you limit your interview to the Manager or Process owner of the area to be audited or can you extend your interview to any other within the work area e.g operators, shop floor assistants?

What are the factors, share your knowledge and experience in auditing.

 

Andy, I'm launching myself back to the field, and i need to refresh myself with some practical experience after a while. I don't think it is out of place to ask this type of question. thank you.

 

Kunle,
You should by all means extend your auditing process to anyone affecting a process. Follow the processes where they go, checking for objective evidence throughout. The supervisors are not necessarily the ones doing the majority of the process work - and when an external auditor comes in, they will definitely be talking to people other than the manager/supervisors.

Good luck!

 

I quite appreciate your explanation, one more question, do I need to include the names of different individual auditee in the audit checklist and audit report?

 

Hello Kunle,
In my opinion, you do not need to include the those with whom you spoke in the report, although it shows the sampling taken. I use the names in the competence and training sections of the audit to ensure training records/matricies are available.
Hope this helps you Kunle.

 

It depends on the scope, Suppose you are going to audit only Production, normally you audit against clauses and procedures if they exist but most of the times an authorization or reject may come from operators, in this case they should be audited.

If your scope is management responsibility and one of the points to audit is how the people know the the quality policy, then in this case you should audit operators, shop floor assistants also the drivers if they affect the product.

Remember all people/positions affecting product are candidate to be audited.

Hope this help

 

Andy
Please explain why not to use clauses, it is supposed that your system was designed to comply against iso Clauses or not?, So the purpose of audits it is to verify how you met with standards, verification lists are very useful tool for the audits mentioning on it the clause numbers.
Additionally in a process also it is audited what is stated in procedures even if what is stated is not a clause.

On the other hand, when auditing some processes, It is not prohibited to audit persons from other processes/departments, but normally people audited, it depends on the scope of the audit.

 

When auditing a particular process- for example inbound, you want to follow an audit trail. That trail may take you out of receiving to purchasing or QA laboratory or warehouse or maintenance. You will want to follow this trail to see if the receiving process is in control. If you write down names of the auditee, you might want to audit their on-the-job training. Then I look for how effective is this process and how effectiveness is monitored and measured. It has been a difficult transition for me (not mentioning any clauses) but when I am getting use to it. It is only when writing the report that Idescribe the requirements of the work instructions and ISO clauses. Maybe I am still a work in progress auditor. You need to buy Andy's book. It focuses on a risk-based internal auditing.

 

Dear Andy,

It's very interesting to hear your concepts, your experience help us too much to people like me (new to ISO systems).
Maybe I'm misunderstanding what you say.

I know that I may have an audit based on client's requirements and be successful, in the case that procedures/practices are performed well, but I don't see a way to pass an ISO audit ignoring ISO clauses.

Suppose I need to perform an internal audit, then I hire an external auditor to audit my company.

The audit is focused on (5) Management review (9001:2008), then the auditor starts the audit, what does he do first?

Starting with the meeting, he asks for procedures which apply to the audited process, working instructions, Process map, KP and so on, then starts interviewing the responsible of the process, reading what is stated in the procedures, asking for records as evidences, additionally checks the ISO standard, and sees that in 5.1 (d) evidences of management review meetings are requested, so he asks such evidences to the responsible.
at this point, He used the standard to check if the process complied with 5.1 (d), additionally when writing the Audit report
clauses have to be mentioned at referring the compliance.

On this method of auditing, what's wrong in using the standard/clauses as a reference?

Thanks in advance

 

Thanks Andy

Well, I have to learn more about audits, I follow the CB audit criteria to perform my internal audits.

Thanks you so much.

 

In my short experience, I have seen that most of the times, Management people trust in what the QMS responsible/coordinator suggests regarding the type of audits.

This is the case when a Director/CEO don't know too much about QMS systems and they have implemented ISO because of client's recommendation, not because they have knowledge about that.

No doubt that there are companies/people that fully know how to get most of benefits when having an ISO system.

Regards

 

I'd say that many (most?) companies that are interested in ISO 9001, do so with the intention to get or maintain certification.
As such, without knowing the CB they use/intend-to-use, I'd say it'd be bad advice to sweepingly advise that ISO clauses be not used for internal audits.

The reason has more to do with what can be expected these days from CBs, and how a company can best prepare themselves.

ISO Clause says "shall conduct internal audits...to determine whether the quality management system conforms to...the requirements of this International Standard..."
It is reasonable for a CB to look at your internal audits and ask "how do these determine compliance to ISO requirements"?

If you've not considered the specific requirements of the standard it could be difficult to answer in a way that you'd be certain of CB acceptance.

Please note: I agree with your critiques of the way internal audits are done. First-and-foremost they should provide value to the company. ...however, the reality is that those who want to get/maintain certification need to also consider how they will be audited by CBs, and the "safest" way to do so is to consider the clauses.