1. Hello and Welcome to The Quality Forum Online...Continuing in the spirit of People Helping People !
    Dismiss Notice
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Internal Audit

Discussion in 'ISO 9001:2008 - Quality Management Systems' started by Kunle Ogunola, Dec 15, 2015.

  1. Kunle Ogunola

    Kunle Ogunola Member

    Joined:
    Sep 9, 2015
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Nigeria
    In carrying out internal audit in a particular area or process, do you limit your interview to the Manager or Process owner of the area to be audited or can you extend your interview to any other within the work area e.g operators, shop floor assistants?

    What are the factors, share your knowledge and experience in auditing.
     
  2. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    1,857
    Likes Received:
    975
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Kunle: You've been to auditor training? Didn't they cover this? What do YOU think should happen. You see, we can't tell you you must do one thing or another. Interview one position or someone else. Didn't your training cover these "factors" as you (correctly) call them?
     
  3. Kunle Ogunola

    Kunle Ogunola Member

    Joined:
    Sep 9, 2015
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Nigeria
    Andy, I'm launching myself back to the field, and i need to refresh myself with some practical experience after a while. I don't think it is out of place to ask this type of question. thank you.
     
  4. Emmyd

    Emmyd Member

    Joined:
    Jul 31, 2015
    Messages:
    38
    Likes Received:
    37
    Trophy Points:
    17
    Location:
    Tennessee
    Kunle,
    You should by all means extend your auditing process to anyone affecting a process. Follow the processes where they go, checking for objective evidence throughout. The supervisors are not necessarily the ones doing the majority of the process work - and when an external auditor comes in, they will definitely be talking to people other than the manager/supervisors.

    Good luck!
     
  5. Kunle Ogunola

    Kunle Ogunola Member

    Joined:
    Sep 9, 2015
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Nigeria
    I quite appreciate your explanation, one more question, do I need to include the names of different individual auditee in the audit checklist and audit report?
     
  6. Sandra T

    Sandra T Member

    Joined:
    Sep 4, 2015
    Messages:
    12
    Likes Received:
    6
    Trophy Points:
    2
    Location:
    Shropshire, England
    Hello Kunle,
    In my opinion, you do not need to include the those with whom you spoke in the report, although it shows the sampling taken. I use the names in the competence and training sections of the audit to ensure training records/matricies are available.
    Hope this helps you Kunle.
     
  7. RoxaneB

    RoxaneB Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    552
    Likes Received:
    615
    Trophy Points:
    92
    Location:
    Ontario, Canada
    I would not recommend that you include names in the audit report - but I do include them in my audit notes. The reason I do not include them in the report - or meetings with leadership after the audit - is the whole aspect of confidentiality. Audits are looking for strengths and opportunities within PROCESSES. If names are included, it can turn into finger-pointing and laying blame on PEOPLE. This will undermine any value you wish to gain from audits.
     
    selena15, David Bradley and Emmyd like this.
  8. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    1,857
    Likes Received:
    975
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    I didn't say - or imply it is out of place to ask such a thing - simply trying to establish what you already know/have experienced. As with all things in life, even the simplest of questions can lead to a confusing array of answers such that picking through them becomes a practical impossibility! Some, as you may see, only know what they were taught in a Lead Auditor course and they believe this one week's training to be "gospel". Others have tried, practiced, improved their audit techniques over many years (25+ for me, for example). My first question - before I tell you "this" or "that" is the answer - is to ask you, "what's the scope of the audit?" That is one factor which is going to determine who you speak with. Another factor is how much planning you do for an audit with management BEFORE you go and do an audit, so that might also dictate who you interview.

    Hence my asking you for what you'd do...
     
  9. Qualmx

    Qualmx Well-Known Member

    Joined:
    Oct 7, 2015
    Messages:
    266
    Likes Received:
    37
    Trophy Points:
    27
    Location:
    Mexico
    It depends on the scope, Suppose you are going to audit only Production, normally you audit against clauses and procedures if they exist but most of the times an authorization or reject may come from operators, in this case they should be audited.

    If your scope is management responsibility and one of the points to audit is how the people know the the quality policy, then in this case you should audit operators, shop floor assistants also the drivers if they affect the product.

    Remember all people/positions affecting product are candidate to be audited.

    Hope this help
     
  10. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    1,857
    Likes Received:
    975
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    I can't agree! For a start, no-one should be using "clauses" for internal audits. Secondly, if you are performing an audit of the production process(es), why wouldn't you meet with management to have them tell you about goals and objectives? Having then audited the process - maybe with management coming along - why wouldn't you then go back to management and ask them about how they use the process data and what they are doing to improve? To suggest an internal audit is one thing or another, based on ISO "clauses", is completely wrong and misses the value of effective management participation in internal audits!
     
  11. Qualmx

    Qualmx Well-Known Member

    Joined:
    Oct 7, 2015
    Messages:
    266
    Likes Received:
    37
    Trophy Points:
    27
    Location:
    Mexico
    Andy
    Please explain why not to use clauses, it is supposed that your system was designed to comply against iso Clauses or not?, So the purpose of audits it is to verify how you met with standards, verification lists are very useful tool for the audits mentioning on it the clause numbers.
    Additionally in a process also it is audited what is stated in procedures even if what is stated is not a clause.

    On the other hand, when auditing some processes, It is not prohibited to audit persons from other processes/departments, but normally people audited, it depends on the scope of the audit.
     
  12. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    1,857
    Likes Received:
    975
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Of course not. Your Quality Management System is supposed to be designed to be able to take your customers' requests and turn them into deliverables, at the same time attempting to prevent problems for the organization as it does so. So, while you are focusing on that, you also ensure that if "ISO says X" you do that - maybe as much as 75% of what's in ISO 9001 is often done because the organization has been doing a good job of satisfying the customer. I don't know if you have had any kind of training on how to do audits, but if anyone told you this, or to audit by clauses, you should go back and ask for your money to be refunded. In more than 25 years of auditing I cannot conceive of how a QMS can be audited other than by following the natural flow of the business processes, gathering information as you go.:)
     
    Last edited: Dec 16, 2015
    Somashekar and Mukesh Sharma like this.
  13. MCW8888

    MCW8888 Well-Known Member

    Joined:
    Aug 17, 2015
    Messages:
    640
    Likes Received:
    194
    Trophy Points:
    42
    When auditing a particular process- for example inbound, you want to follow an audit trail. That trail may take you out of receiving to purchasing or QA laboratory or warehouse or maintenance. You will want to follow this trail to see if the receiving process is in control. If you write down names of the auditee, you might want to audit their on-the-job training. Then I look for how effective is this process and how effectiveness is monitored and measured. It has been a difficult transition for me (not mentioning any clauses) but when I am getting use to it. It is only when writing the report that Idescribe the requirements of the work instructions and ISO clauses. Maybe I am still a work in progress auditor. You need to buy Andy's book. It focuses on a risk-based internal auditing.
     
  14. Qualmx

    Qualmx Well-Known Member

    Joined:
    Oct 7, 2015
    Messages:
    266
    Likes Received:
    37
    Trophy Points:
    27
    Location:
    Mexico
    Dear Andy,

    It's very interesting to hear your concepts, your experience help us too much to people like me (new to ISO systems).
    Maybe I'm misunderstanding what you say.

    I know that I may have an audit based on client's requirements and be successful, in the case that procedures/practices are performed well, but I don't see a way to pass an ISO audit ignoring ISO clauses.

    Suppose I need to perform an internal audit, then I hire an external auditor to audit my company.

    The audit is focused on (5) Management review (9001:2008), then the auditor starts the audit, what does he do first?

    Starting with the meeting, he asks for procedures which apply to the audited process, working instructions, Process map, KP and so on, then starts interviewing the responsible of the process, reading what is stated in the procedures, asking for records as evidences, additionally checks the ISO standard, and sees that in 5.1 (d) evidences of management review meetings are requested, so he asks such evidences to the responsible.
    at this point, He used the standard to check if the process complied with 5.1 (d), additionally when writing the Audit report
    clauses have to be mentioned at referring the compliance.

    On this method of auditing, what's wrong in using the standard/clauses as a reference?

    Thanks in advance
     
  15. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    1,857
    Likes Received:
    975
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Why not? The audit doesn't have to "ignore" any requirements, however, that can be determined other ways.

    Are you talking about a CB auditor or another person coming in to do an internal audit for you?

    This reads like a CB audit. If you are thinking like this, then I'm expecting you go taught that way and that's an external audit technique. It's not as effective to do those things for an internal audit, however.
     
    Qualmx likes this.
  16. Qualmx

    Qualmx Well-Known Member

    Joined:
    Oct 7, 2015
    Messages:
    266
    Likes Received:
    37
    Trophy Points:
    27
    Location:
    Mexico
    Thanks Andy

    Well, I have to learn more about audits, I follow the CB audit criteria to perform my internal audits.

    Thanks you so much.
     
  17. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    1,857
    Likes Received:
    975
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    I completely understand why you would do that. But it's not the same - for many reasons. Don't forget that, ISO 9001 requires internal audits, but NOT certification. CB auditors live in a different world and sadly, most auditor training is from that world. As a result, CB auditors often validate your approach, because they see you did what they do - they are flattered.

    But the REAL question is: Did management get any value from your audit? Would they (if there were no certificate at stake) ask you to do another internal audit? Do they welcome, participate, help plan, take action on the results? Probably, not willingly...
     
  18. Qualmx

    Qualmx Well-Known Member

    Joined:
    Oct 7, 2015
    Messages:
    266
    Likes Received:
    37
    Trophy Points:
    27
    Location:
    Mexico
    In my short experience, I have seen that most of the times, Management people trust in what the QMS responsible/coordinator suggests regarding the type of audits.

    This is the case when a Director/CEO don't know too much about QMS systems and they have implemented ISO because of client's recommendation, not because they have knowledge about that.

    No doubt that there are companies/people that fully know how to get most of benefits when having an ISO system.

    Regards
     
  19. MarkMeer

    MarkMeer Well-Known Member

    Joined:
    Dec 3, 2015
    Messages:
    138
    Likes Received:
    62
    Trophy Points:
    27
    I'd say that many (most?) companies that are interested in ISO 9001, do so with the intention to get or maintain certification.
    As such, without knowing the CB they use/intend-to-use, I'd say it'd be bad advice to sweepingly advise that ISO clauses be not used for internal audits.

    The reason has more to do with what can be expected these days from CBs, and how a company can best prepare themselves.

    ISO Clause says "shall conduct internal audits...to determine whether the quality management system conforms to...the requirements of this International Standard..."
    It is reasonable for a CB to look at your internal audits and ask "how do these determine compliance to ISO requirements"?

    If you've not considered the specific requirements of the standard it could be difficult to answer in a way that you'd be certain of CB acceptance.

    Please note: I agree with your critiques of the way internal audits are done. First-and-foremost they should provide value to the company. ...however, the reality is that those who want to get/maintain certification need to also consider how they will be audited by CBs, and the "safest" way to do so is to consider the clauses.
     
  20. RoxaneB

    RoxaneB Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    552
    Likes Received:
    615
    Trophy Points:
    92
    Location:
    Ontario, Canada
    MarkMeer,

    There should be, in my opinion, several people (let's call them senior leadership) within an organization who would be able to explain how the internal audits meet the requirements of the standard without them actually asking about the 'shall' statements.

    Suppose my company makes hockey pucks and I'm going out to audit the production process.
    • "How do you know how to do your job?" - This starts off the audit and audit trail in the realms of training and competency
    • "What kind of hockey pucks are you making today? How do you know if the final hockey pucks are good or not?" - This gets into understanding requirements and process/product control, nonconforming product
    • "I see there's a document posted by the machine over there. What's it about?" - Training, competency, process/product control
    • "What if you discover a better way to make hockey pucks? Who do you tell? What's the process?" - Improvement, doc control
    • "Where do the hockey pucks go after here? What if I wanted to go find a batch that was made yesterday?" - Process/Product control, traceability
    • "How do you know if you're doing a good job?" Training, competency, metrics, management review
    • "If there was one thing you could do to improve this job/organization, what would it be?" - Improvement, management review
    It should go without saying that I would ask more than those seven points, but they're the start for some amazing value-add assessments that people feel are more like discussions than an audit. And no point did I utter a 'shall' to the operator that was taking time out of his/her busy day to speak with me.

    To be honest, if my CB can't look at my audit notes/reports and figure it out for himself/herself that my organization has assessed our conformance to the standard's requirements, I might have a few issues with the competency of that external auditor. ;-)
     

Share This Page