You CAN audit your own work!

Sad but it's very true.

 

In my organization, we have a team of internal auditors (with one representative for each department). Since each department has a representative, we ensure objectivity by cross-auditing (i.e. auditor will audit other department/s except where he/she is working). The team is headed by the company's Lead Auditor who prepares the audit program and audit schedule, assigns the auditors, monitors the closure of NCs, reports the results of the audit to top management and maintains audit records. When we had the audit of the internal audit process, two member auditors were assigned and audited the Lead Auditor (audit process owner). They were careful not to touch records they themselves prepared (e.g. audit checklists they used and audit reports they issued to other departments).

Now, here's what just happened during our CB's audit. They raised an NC because, according to them, we failed to satisfy the requirement on objectivity and impartiality (9.2.2c).

 

This is the kind of BS that give ISO et. al. a bad name. As if you have time to deal with this nonsense. Good luck.

 

The CB auditors seem to hit clients with NC on the requirement of objectivity and impartiality (9.2.2c) of auditors. The ISO standard does not explicitly say "auditors cannot audit their own work". I got hit with this finding once while auditing to the new ISO9001 standard. It was a lesson well-learned.

 

It is a good thing that now whenever there is a response to a NC, the client have to verify the effectiveness of responses. At least that is a requirement in the TS16949.

 

Its up to the auditor to discern the objectivity of an internal auditor. From my perspective, this is an easy way to find a nonconformance. My question is this: Why is it not explicitly stated in the new standard that auditor cannot audit their own work?

 

Yes, exactly. While our organization is not micro, it is not very large either. As QM, I often wear many hats including shipping/receiving, purchasing, production work on the line in fabrication, production manager, trainer, material handling, and CAD/design for engineering. Our engineering department does the same. Everyone's job overlaps to a large extent. It is not feasible not to audit your own work in such a case, instead I utilize other methods to ensure my objectivity.

 

On occasion I do get another set of eyes on things, when I can. I tend to be harder on myself than others though, so it seems to work, at least when measured by our outside customer audits. It is hard to avoid your own work when it is everywhere.

 

If the Internal audit is conducted to improve the system, the process owner. if trained as an internal auditor, will know where he pockets of problems are and highlight them in the internal audit report. I'd rather see a report that highlights a root cause rather than a "witch hunt" for petty nonconformance that does not get into the root cause of the system.

 

Furthermore, the CB auditor imposes that the internal auditor(s) who is/are assigned to audit the internal audit process must not audit other processes. If so, impartiality is compromised!

 

This just became an issue in our organization. We have three facilities operating independently from one another in our company, and we are doing our 9001:2015 transition certification audits over this week and next week. We just got word back from our facility in Costa Mesa, CA that was audited this week that they had non-conformances regarding their internal auditing process. One thing that was mentioned by the auditor in the finding was that 'auditors shall not audit their own work', but this is no longer a requirement in the 2015 standard. *sigh*

 

If the auditor raised this issue against clause 9.2, asked him/her "Can you point me the exact statement that we failed to fulfill?" or just a simple "Where is the shall?"

 

Although it is not a "shall" requirement, rationale for NC is in ISO 19011:2012 Clause 5.4.4 e), then Clause 4 e).