How different will be CB audits against ISO 9001:2015?

Can I ask how you plan and prepare for your audits? Do you make them align with managements' objectives or anything they might find a risk to attaining those objectives? Sitting down with your process owners and asking them what they are concerned about, then auditing the process to see if those objectives are at risk? Or do you put a calendar together and satisfy the CB auditor by covering all the requirements a year etc? Please be honest...

 

But you ARE schedule driven. Do you sit down with you management and plan their audits?

 

Sigh. I was very fortunate to have a strong manager at my back, and a Director who backed me to, because I did write a fair number of Majors for repeat NCs. I upset some engineering managers...

 

I understand, however, I'm left wondering why that would happen. In my experience, if the internal audit is focused and planned to address something they are interested in, why are they upset? You see, when (the vast majority of) internal audits are done based on external audit techniques, there is almost zero of this type of planning and preparation. As a result, all kinds of defensive responses happen...

 

I look at the role of the lead internal auditor as the person who has the say in "grading" an internal audit finding. In fact, as part of the training provided to the internal auditors within our organization, they are instructed to never classify a finding as a major or minor or opportunity...simply that there is a potential finding that will be discussed with the team during the team caucus. Why this approach? Because the internal auditor is only seeing one snapshot of the moment in time. Let's say they found a documented procedure that did not reflect the actual process. It's a one time situation. But if there is another audit team who also finds one...another team who finds yet another a little later in the audit...well, now we're looking at a systematic issue, not an "isolated within one department" finding.

During these team caucus meetings, led by the lead internal auditor, observations/findings/discrepancies are raised...discussed...sometimes debated...and ultimately classified by the lead internal auditor, who has attained that position through experience and demonstrated skills. (and, no, it's not always me!)

The lead internal auditor is to be cognizant of the fact that audits need to add value. Multiple findings of "procedure did not reflect reality" mean very little next to the identification of a systematic breakdown within the document control and production processes.

I have said - and will continue to say - that I expect more value from my internal audits than the external ones. Internal audits should catch all dirty laundry before it's aired before an external party.

CB auditors do need to relearn how to audit. They rely too heavily on the existence of documentation and pay little attention to the consistent application of activities within a process or even across processes. However, part of this could be the amount of time. In order to observe consistency, one much have time to observe and with only 1-4 days (depending on the nature of the audit), it is easier to fall back to documentation and a one-time observation of the documented process.

 

Of course I know what they are, Sidney! Where ever did you get that notion? You know I've been in the CB industry since 1990!

My comment was made in the context of internal audits, where no oversight exists to discuss such matters or set criteria for grading. And please don't tell me it's the same for all audits...

 

But the content of the nc hasn't been discussed. Only a "grade". So how can we comment (other than grades have no place in internal audits)

 

What do you do currently, to schedule and plan internal audits? It helps to know the 'as is" state.

 

I agreed Karen. In fact, your well-made point adds fuel to the fire that internal audits and external audits should be taught differently. I'd suggest that the days of the "lead auditor" course are run. In my 16+ years of teaching it, few students were actually destined to become a CB auditor. Some were going to do supplier audits and after that, most were internal auditors and many of those were "pirating" the course to teach their own people (to "save money" no doubt)...

So, why would the CB auditor expect anything different to what they'd been taught in class? They got the same training as the internal auditors! What's more, there's no accredited training for audit programme management - the CB figures that as a business and it's quite different from the needs of the internal auditor process owner.

Fro my perspective, this whole auditor training industry is a trainwreck in slow motion and no-one seems to see it. Management, almost totally, see no benefit to internal audits other than "we do them because it's a requirement..."