1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

When consultants do Internal Audits

Discussion in 'ISO 19011 - Auditing Management Systems Guidelines' started by Andy Nichols, Sep 7, 2021.

?

Do you outsource your Internal Audits? Was it an issue for the CB auditor?

Poll closed Sep 27, 2021.
  1. Yes, and we had to provide evidence of qualifications

    1 vote(s)
    100.0%
  2. No, and it's never been an issue

    0 vote(s)
    0.0%
  3. No, we do all our audits ourselves

    0 vote(s)
    0.0%
  1. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    I've seen some discussions where it seems some "experts" believe that if the person doesn't come from within the organization and they perform Internal Management Systems audits, those people MUST be treated under the "External Providers" clause (8.4) of the ISO 9001 requirements. As such, it appears, since many "experts" have worked exclusively for CBs most of their careers, that this position is "mission creep" since no other such requirement is placed on, let's say trainers of tools such as SPC, or APQP, or PFMEA, yet those things directly affect product quality - and internal audits do not.
     
  2. yodon

    yodon Well-Known Member

    Joined:
    Aug 3, 2015
    Messages:
    198
    Likes Received:
    115
    Trophy Points:
    42
    I'm more familiar with 13485 and this would fall under purchasing controls there, and so we / the companies I worked with did manage contract internal auditors effectively like this. The main reason is that they can affect regulatory compliance (effectively under the product conformity requirement) so we've always considered that aspect as driving the need. In fact, it's become rather in vogue now for the CBs to require that contract auditors have a quality agreement in place (driven by 13485 4.1.5 "The controls [over outsourced processes] shall include written quality agreements.")

    I'm not sure how to answer your poll. :) We used to outsource audits but now do it internally. We have always been asked by the CB auditor to show qualifications for the auditors used (both internal and external).
     
  3. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    It may be vogue (I like the term) but IMHO it's mission creep, again. The CBs have to do it for their contract auditors, so by their default, their clients must. It's totally bogus in my view. How someone gets paid is of zero consequence to an effective audit. What about pro bono audits? Or only part time employees? TBH the evidence of competency is in the audit reports, notes etc. and nothing to do with a certificate of "training"...
     
    tony s likes this.
  4. John C. Abnet

    John C. Abnet Well-Known Member

    Joined:
    May 23, 2017
    Messages:
    709
    Likes Received:
    510
    Trophy Points:
    92
    Location:
    Upper Midwest- USA

    Good day @Andy Nichols ;
    As I interpret clause 8.4 of ISO 9001, the "scope" is limited to, as you imply, product quality. This position is based on the following content of that clause...

    "The organization shall determine the controls to be applied to externally provided processes, products
    and services when:
    a) products and services from external providers are intended for incorporation into the organization’s
    own products and services;"



    Be well.
     
    Andy Nichols likes this.
  5. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    I am amazed, @John C. Abnet, how many "experts" (usually from CBs) who absolutely state that 8.4 applies. I have a feeling at lot stems from the ISO "APG", which is staffed mainly by CB management, that everything ISO is viewed through the (corrupted) optics of the CBs. Whether it's "Lead Auditor" training or goofy, impractical implementation interpretations, the whole use of a QMS seems to have come right off the rails in slow-motion train wreck...
     
  6. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    If 8.4 is applicable to internal audit service providers, then it is also applicable to CBs (i.e. external audit service providers).
     
    Andy Nichols likes this.
  7. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    :D:confused::rolleyes:
     
  8. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    1,071
    Likes Received:
    722
    Trophy Points:
    112
    Location:
    USA
    While we could argue about auditing courses until next week, I suggest 8.4 could be applied because who would want a service provider who does not return calls, provide timely and accurate billing, behave professionally, provide insightful outputs etc.? There is a lot more to consultant auditing than whose certificate one claims to have earned, isn't there? Evaluation for continuing services should be based on the service performed and what is important to the organization. What is important to your clients?

    If the organization wants to say they require none of this because auditors don't directly affect the widgets, they may be saving some money on a smaller QMS but wasting more money on terrible service.
     
    Last edited: Sep 14, 2021
  9. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    1,071
    Likes Received:
    722
    Trophy Points:
    112
    Location:
    USA
    100% agree. We have in the past discussed whether they are accredited by a valid accrediting body, haven't we? Also, professional behavior matters as does value-added audit feedback, accuracy, transparency in things like the dispute process, timely reporting, cost, working with the client to help ensure certificates don't expire due to inability to complete the required tasks on schedule, and so on.
     
  10. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    If an organization has little/no clue about what an internal audit or the result is supposed to look like, what performance criteria are they to use?
    They could knock it out of the park and produce meaningless checklists based only on ISO 9001 and everything checked off as compliant, never leave the conference room etc. Who'd know on the client side? Also, to your point about checking a CB credentials, (my) experience shows that's not going to work either. Scopes are inaccurate, the QMS is not compliant (in a recent situation I'm familiar with the QMS is based in the 200/2008 version!), auditors who scream and behave petulantly, writing up "honey-do" notes and insisting the client address them, while the CB visit record states "all's well"... But then, you know my experience with CBs and their auditors isn't yours.
     
  11. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    1,071
    Likes Received:
    722
    Trophy Points:
    112
    Location:
    USA
    Andy, I gave examples: returning calls, provide timely and accurate billing, behave professionally, provide insightful outputs etc. I didn't say anything about fancy checklists, honey-do to-do lists and did not mention basing the audit on ISO 9001... although since we are discussing an ISO 9001-based question I had it in my mind that the audits were meant to help the organization by verifying conformance to the standard.

    It seems I have more faith that business owners can judge a good service than you do. I am also used to their (mostly) understanding QMS more than you suggest.

    That said, I have seen some pretty poor work: non-value audit outputs by consultants serving my smaller clients. I think it really comes down to what the organization wants. Do they want someone to come in and leave them a record of completion for cheap evidence to show for certification? Or do they want to know if their QMS is effectively implemented and maintained? Do they want effectiveness enough to be aware themselves and learn to recognize good service when they experience it?
     
  12. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    How do they know what they "want"? How does someone who comes, "unconsciously incompetent" to the world of quality, management systems and certification know what they want?
     
  13. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    1,071
    Likes Received:
    722
    Trophy Points:
    112
    Location:
    USA
    Why do they contact organizations like The North Carolina Manufacturing Extension Partnership (NCMEP)? Maybe so they can move up to the next level? Maybe to become more effective? Reduce inefficiencies and defects?
     
  14. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    I'm unfamiliar with this organization. What has it got to do with consultants doing internal audits and 8.4 being applicable?
     
  15. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    1,071
    Likes Received:
    722
    Trophy Points:
    112
    Location:
    USA
    Among the points on their About page which is likely to be similar to those of consultants who perform internal audits on contract, "Drawing on almost 20 years of operational excellence and a portfolio of solutions, programs and partnerships, NCMEP is positioned to help manufacturers across NC improve productivity, profits and their bottom line." NCMEP has partnerships with organizations that can provide services that NCMEP is not able to directly provide. A really good consultant would likely similarly refer a client to a specialist in a field in order to better help the client succeed when their own expertise is not robust enough to directly help.

    In other words, intent and purpose. Keeping in mind of course that internal audits are intended to help the organization verify QMS effectiveness, as well as identify opportunities for improvement.

    To put it more simply, both claim they are trying to help the organization improve.
     
  16. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    A good consultant has the intention to capacitate his/her clients' people. For me, the best internal auditors are the people who have in depth understanding of their products, services and processes and sincere concern for their organization. So, a good consultant should not be the one performing the internal audits for his/her clients. A good consultant should be able to transfer the knowledge and skills to his/her clients for them to be able to gain the best value in performing internal audits.
     
    Andy Nichols likes this.