1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Concerning Internal Audits for MR, COTO, and Risk Management

Discussion in 'ISO 9001:2015 - Quality Management Systems' started by Kamishado, Jun 2, 2017.

  1. Kamishado

    Kamishado New Member

    Joined:
    Jun 2, 2017
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    I was recently promoted to managing our quality department with the retirement of our previous Quality Manager. I was working on developing an internal audit schedule for this audit year (having just completed our ISO 9001:2015 certification audit). After reviewing my predecessor's audit schedule from prior years, I had noticed that he had left it to our registrar to perform the audit for our Management Review MR instead of performing an internal audit.

    I was wondering if this is an acceptable practice. If so, I was thinking that Context of the Organization could have the same treatment. Risk management as well, but I feel that one is a bit of a stretch.

    Thanks in advance for any advise.
     
  2. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Context should be audited at the same time as Management review - if Context has been handled some other way, then it's not going to be very effective and there will be a potential non-conformity somewhere. Risk should be part of other processes and considered when you audit those processes, and dependent upon how your organization deals with risk (formally or somewhat informally). Beware of auditing "clauses" and, while auditing processes isn't mandatory, it's worth considering.
     
  3. Kamishado

    Kamishado New Member

    Joined:
    Jun 2, 2017
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Thank you for the input.
    Would it be an acceptable thing for a registrar audit (re-cert. or surveillance) to count as the audits for Context and Management Review? if not, how do you ensure independence when selecting an auditor for these two?
     
  4. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    1,071
    Likes Received:
    722
    Trophy Points:
    112
    Location:
    USA
    No, the certificate holder needs to audit the processes internally.

    The standard asks for objectivity and impartiality, not independence. Merriam-Webster online dictionary defines impartial as "not partial or biased : treating or affecting all equally" and objective as, among other things, "expressing or dealing with facts or conditions as perceived without distortion by personal feelings, prejudices, or interpretations."
     
  5. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    No, because they - the CB audits - are NOT internal auditors. Don't forget that being compliant to ISO 9001 has nothing to do with Certification, so 9.2.2 has to be view without considering the CB. To be very direct, your auditor candidates, don't have to be "independent". That's a myth. What you are required to do is have competent auditor(s) who, through the audit process etc. can be shown to be objective and impartial. That's more important than "independent". Along with what Jennifer suggests, impartiality comes from the auditor planning their approach to their audit assignment. That can make a big difference.

    If you have no suitable internal candidates, why not find a consultant?
     
  6. Kamishado

    Kamishado New Member

    Joined:
    Jun 2, 2017
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Thank you both. I believe I have a better understanding of how I should audit these. I was hung up on "independence." My next challenge will be finding someone internally impartial to the Management Review
     
  7. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Impartiality doesn't just come from being a particular person. It's being objective and impartial in the way the audit is conducted, which comes from planning and preparing for the audit assignment, for the most part. Sure, some personal attributes make for impartiality, that's true, but mainly it comes from planning.