Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Competence Requirements for Internal Auditors

Discussion in 'AS 91XX - Aerospace Quality Standards' started by Laura N., Jun 3, 2020.

  1. Laura N.

    Laura N. Member

    Joined:
    Sep 23, 2019
    Messages:
    14
    Likes Received:
    7
    Trophy Points:
    2
    Location:
    Northern California
    We are a small manufacturing company of 12 employees, currently seeking AS9100 Certification we have passed our Stage 1 audit and are waiting to complete Stage 2 if a couple weeks. (Yikes!)
    One of the Areas of Concern was
    Internal Audit process must identify what are the competence requirements for Internal Auditors.
    What guidelines do we use to determine the requirements?
    How shall we determine competence?
    Do we need to send someone to full on auditor training?
    Where does one find full auditor training? How do we verify it is competent?
    I am going over 9.2.2 and not getting what the "requirements" might be.

    I am looking forward to your input and thank you for the guidance.
     
  2. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    3,564
    Likes Received:
    1,795
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Hi Laura and welcome to QFO! To help us a little more, can you share the basic report wording on the Area of Concern?

    Having worked for a Leading AS91XX Certification Body and having taught AS9100D Auditor courses for a while, I don't specifically remember a requirement which stated that the internal auditors HAD to be identified. What I DO detect is "mission creep" which happens a LOT in the Certification world. The CB auditors are held to a standard for their performance and then, BLAM, as if by magic, that requirement is flowed down to clients. Let me go check my copy of AS9100D, but I was an internal auditor for a few 9100/9120 clients and NO-ONE ever questioned my competency being written down. Indeed, we didn't EVEN WRITE an audit procedure.:D

    The answers to your questions are coming to a post near here soon...
     
  3. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    3,564
    Likes Received:
    1,795
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
     
    John C. Abnet likes this.
  4. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    3,564
    Likes Received:
    1,795
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Let me begin to answer this by saying DO NOT GO to "Lead Auditor Training". You will pay more than is necessary for stuff you don't need and will end up seeing all audits through the eyes of the external auditor and that's NOT what internal auditors do!

    Let's call "full on" auditing as Internal Auditing. There are literally hundreds of classes available, in all kinds of media - classroom, self paced and Youtube videos. An effective instructor-led course is no fewer than 24 hours, if the fullest value is to be had for the cost. Anyone who thinks they can attend/deliver such training in 2 or fewer days is off their meds. I mean that seriously. Some courses have an accreditation by "Probitas" or Exemplar Global, but often they also teach internal audit through external auditor optics. Beware. Your local MEP might have training which can help - there's often state funding to help small businesses.
     
    Last edited: Jun 4, 2020
    Laura N. likes this.
  5. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    3,564
    Likes Received:
    1,795
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    In the cold light of morning, here's a thought: Maybe your CB auditor saw something about the results of your audits which gave rise to them thinking your audits were "immature" (a euphemism for "not cutting it"). It's like other things in life, it's one of those "know it when you see it" deals. So, the auditor thinks your audits could do with being more effective and yet, there's nothing much in the standard which describes what that is. A default position for them to comment upon is the competency of the auditor, since the auditor must not be seen to be pushing auditor training (many CBs offer such ~ see comments above). Let us help you:

    If you would post examples of your internal audit documentation, sanitized as necessary to protect identity of company etc. this will give a clue to the genesis of the auditor's comments.
     
  6. Laura N.

    Laura N. Member

    Joined:
    Sep 23, 2019
    Messages:
    14
    Likes Received:
    7
    Trophy Points:
    2
    Location:
    Northern California
    Hello Andy,
    Well, one post got me three replies........that tells me a lot right there. :eek: I am going back to our auditor and questioning that concern.

    He left me with the impression that he expected us as a company to have this extensive training just to perform our internal audits, this is why I am going back to him.

    "To help us a little more, can you share the basic report wording on the Area of Concern?"

    the exact wording is just as I wrote it above,
    "05: Internal Audit process must identify what are the competence requirements for Internal Auditors."

    "In the cold light of morning, here's a thought: Maybe your CB auditor saw something about the results of your audits which gave rise to them thinking your audits were "immature" (a euphemism for "not cutting it")"
    I am sure we are seen as "immature" lol, we are a old privately owned company that has been around since the 40s, 3rd generation now, they are used to doing things their own way and we are trying to move them forward as easily as possible.

    I will post the reply I get back for our auditor and we can go from there. Thank you for your replies, you are giving me a direction to go. Talk to you again soon.
     
    Andy Nichols likes this.
  7. Golfman25

    Golfman25 Well-Known Member

    Joined:
    Nov 6, 2015
    Messages:
    692
    Likes Received:
    345
    Trophy Points:
    62
    So according to the auditor, you need to have the competence criteria for auditors laid out somewhere. I don't know the specifics of the AS standard, but it certainly be implied from the ISO 9001 standard that it should be documented. He may be just looking for the shortcut document -- this is what we require of auditors to determine competency: and then list the requirements, training, number of audits, experience, etc. Add a list of "competent" auditors and his job is simple. Now, I am not saying that is what is required, but sounds to me that's what he is looking for. Good luck.
     
    Laura N. likes this.
  8. Laura N.

    Laura N. Member

    Joined:
    Sep 23, 2019
    Messages:
    14
    Likes Received:
    7
    Trophy Points:
    2
    Location:
    Northern California
    SO... I emailed our auditor and asked......What do you mean by this?
    "05: Internal Audit process must identify what are the competence requirements for Internal Auditors."
    His reply

    This is the requirement. (Including Internal Auditing Process)

    upload_2020-6-4_12-42-17.jpg

    What I mentioned to you was, that if you have internal auditors performing AS9100 audits, There should be some evidence that personnel is competent in meting those requirements. AS9100Internal Auditing training is an acceptable training record.

    SO..... I am reading this to mean that as an auditor in our company we should have completed AS9100 auditor training.

    I am not against the idea of having this training, I just want to make sure I have my ducks in a row when I present it to management for approval.
     
  9. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    3,564
    Likes Received:
    1,795
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    No, it isn't! Training is training! Competency is the ability to apply that training (and other stuff). TBH - your auditor isn't competent because they are making that assertion! If they were to think about it, coming out of driver's ed, does that make you a good driver? Not in any way I've seen...

    That is a conclusion the auditor would like you to drawn, especially since the CB which employs them probably offers such training courses.

    Of course, however, competency can be shown by other means. You don't mention if you had a QMS before AS9100D. If you did, auditing is auditing. If some folks had already had training, they really only need to know the AS9100D requirements. That could be accomplished internally, if YOU believe your auditors need to be competent in the standards.

    I happen think it's better to have someone who knows the processes of the company really well than can list the "shalls" in AS9100D and when they write their report they know the difference between "there", "their" and "they're"...
     
  10. Laura N.

    Laura N. Member

    Joined:
    Sep 23, 2019
    Messages:
    14
    Likes Received:
    7
    Trophy Points:
    2
    Location:
    Northern California
    This company has never had a formal QMS system, although when I came to work for them I was quite impressed with their level of documentation of product. They want to expand into aerospace so they chose to bypass ISO-9001 and go right to AS9100. I came from a ISO certified company although I do not have specific training as an auditor.

    This is great information and I appreciate the replies, you will most likely see me back some time in the near future. Thank you.
     
    Andy Nichols likes this.
  11. Golfman25

    Golfman25 Well-Known Member

    Joined:
    Nov 6, 2015
    Messages:
    692
    Likes Received:
    345
    Trophy Points:
    62
    So he is cutting you to the chase. Show him a "training certificate" and you'll "pass" that part of the audit. I do think at the beginning of their quest, internal auditors should have at least a cursory auditing course. We had ours years ago and combined with years of audits, we are competent. You could train them yourself, if you have such skills.
     
  12. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    3,564
    Likes Received:
    1,795
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    No, no, no! All this does is pass an audit (which is a very low bar as you well know) and create a monster! That monster will require feeding and it leaves Laura to do that...

    The auditor has done the wrong thing. He has determined what he thinks is the root cause. It's a symptom. He a) should have reported the FACTS and b) allowed the client to determine a course of action to get them to meet their objective! We've know each other here to know we don't see eye to eye over many aspects of implementation of Quality Systems. It's simply a case of knowing what the options are and understanding what the pros and cons are. Your comments don't even address whether the organization have a clue this was a requirement and then did nothing about it, preferring to react when written up! There's the root cause!

    Why shouldn't Laura's organization bring in - in some manner - a competent auditor? What course should they select, if they reset and choose to get trained? Should that training be in a course on done on site? You claim you're competent which may be, but that is only viewed through your eyes. Laura has plenty of options and automatically going down the path the auditor has set for them IS NOT necessarily the most effective. Offering a simple "this is what I did" is very dangerous to everyone who reads this without understanding what I just described as options
     
    Last edited: Jun 5, 2020
  13. Golfman25

    Golfman25 Well-Known Member

    Joined:
    Nov 6, 2015
    Messages:
    692
    Likes Received:
    345
    Trophy Points:
    62
    You're assuming all sorts of facts. From the auditor's own words he was just pointing out that they need competency criteria for internal auditors. I'll assume he wanted to see it documented, say in a job qualification (as it makes his life easy). He suggested auditor training could be some evidence of that. And he is right -- somewhere in their career internal auditors should have some documented training on the "how to." And I am not talking about full on CB lead auditor training, but rather a lesser internal auditor how to course. Classes, online or in person, tend to be an very efficient method to obtain that training (no reason to recreate the wheel). Combine that with some completed audits and you can determine competence very easily. Sure you lay out options, but for most of us it really doesn't have to be that difficult.
     
  14. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    3,564
    Likes Received:
    1,795
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Not at all. Facts are facts. Not assumptions.

    You have NOT quoted the auditors words correctly. Facts! You stated:

    He reported the wrong thing! Nowhere in the standard does it say anything about the internal audit process and competency. You are both projecting what you want to see, which is erroneous at best.

    Many people starting off have no clue what the competency criteria are. They send "volunteers" to training, without that and, as a result, the training is wasted, because the volunteer cannot construct a grammatically correct sentence! What YOU did may have accomplished your goal of passing an audit, but that's NOT what implementing an AS9100D QMS is about.
     
  15. Golfman25

    Golfman25 Well-Known Member

    Joined:
    Nov 6, 2015
    Messages:
    692
    Likes Received:
    345
    Trophy Points:
    62
    Here are the auditor's words: "What I mentioned to you was, that if you have internal auditors performing AS9100 audits, There should be some evidence that personnel is competent in meting those requirements. AS9100Internal Auditing training is an acceptable training record."

    So is it your contention that 7.2 doesn't apply to internal auditors?

    You're over complicating it. You can argue with the auditor or make sure your internal auditors are competent.
     
  16. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    3,564
    Likes Received:
    1,795
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Where did THIS come from? And NO, a training record is NOT competency. Period.
     
  17. Laura N.

    Laura N. Member

    Joined:
    Sep 23, 2019
    Messages:
    14
    Likes Received:
    7
    Trophy Points:
    2
    Location:
    Northern California
    Andy,

    It was on the bottom of the email he replied to me in, I did not have it marked with quotes.

    From our auditor
    "This is the requirement. (Including Internal Auditing Process)

    [​IMG]

    What I mentioned to you was, that if you have internal auditors performing AS9100 audits, There should be some evidence that personnel is competent in meting those requirements. AS9100Internal Auditing training is an acceptable training record."
     
  18. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    3,564
    Likes Received:
    1,795
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Aha. Actually, it doesn't change a thing. Training is NOT evidence of competency. It's evidence of training. The CB auditor cited section 9.2. That's not the correct requirement, since there's no requirement in there which mentions competency. That's 7.2. Doubly wrong. I wouldn't be asking this auditor back, since they are clearly demonstrating a lack of competency in AS9100D requirements...(but it's OK, because they have a certificate from a Lead Auditor course, right?)
     
  19. Golfman25

    Golfman25 Well-Known Member

    Joined:
    Nov 6, 2015
    Messages:
    692
    Likes Received:
    345
    Trophy Points:
    62
    Laura, you certainly can do what you feel is best for your company. Some like to argue minutia and challenge auditors. Sometimes that is appropriate. Sometimes, it's a waste of time. And while a training certificate doesn't certify competency, it's the starting point for most. As I said before, training plus execution = competency. Good luck.
     
  20. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    3,564
    Likes Received:
    1,795
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Exactly. The standard requires retained documented information (in 7.2, not 9.2) of competency, not training. Training is an option to take as action to develop competency and NOT the only thing which may be done. A record of training, is (for the most part) meaningless.

    Laura: Having been in the certification world for 30+ years, too many CB auditors will audit you against their "wish list". Some have less experience than you do in the requirements. It's simply not a case of dismissing such situations as "minutiae" (the devil is IN THE DETAILS) and it's not about arguing with auditors - it's understanding what's required, not opinion. I believe Golfman, from reading his many contributions here, has had many bad experiences with auditors - that's his choice to pay the money and not to engage with them on poor service. His choice. Laura, you may not have that luxury. Your job may depend upon it. It's the legacy you leave for others...
     

Share This Page