1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Evaluation of Internal Audit Results

Discussion in 'ISO 14001:2015 - Environmental Management Systems' started by Divine De La Pena, Mar 19, 2019.

  1. Divine De La Pena

    Divine De La Pena Member

    Joined:
    Mar 18, 2019
    Messages:
    5
    Likes Received:
    1
    Trophy Points:
    2
    Hi all,

    How do you guys evaluate the results of your internal audit? Do you do it by clause? By area? Do you observe trends (i.e. decrease or increase in number of findings per clause or area)?

    Thanks for your responses.
     
  2. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    It comes back to why you want to do audits. That's going to determine what you evaluate. Compliance? Effectiveness?
     
  3. John C. Abnet

    John C. Abnet Well-Known Member

    Joined:
    May 23, 2017
    Messages:
    709
    Likes Received:
    510
    Trophy Points:
    92
    Location:
    Upper Midwest- USA
    Good day @Divine De La Pena ;

    Welcome to the forum.
    @Andy Nichols has pointed you in the right direction.

    Remember- while we obviously must meet the requirements of the standard, your organization should take a very selfish approach to ensure that the ORGANIZATION is benefiting from the management system and not the CB.

    ISO gives a lot of flexibility regarding how and when (frequency) internal audits are managed. In fact, ISO requires us to look pragmatically at our approach, including prioritizing our audit activity towards areas of risk and concern.

    Regarding your question- "clause" vs "area" . In 2000, ISO moved to the "process approach". The reason? Organizations (and 3rd party auditors) were often simply "checking the box" by each clause of the standard instead of really seeing how the activity impacted the process (area) and how those processes (areas) interacted with/affected each other.
    For example: "Documented Information" (previously control of documents/records) is commonly needed in multiple "areas" within an organization. AND, the document controls applied in area "x" may affect the transfer of information to area "y". For these reasons, my professional experience leads me to council you to identify where individual clauses of the standard are applicable within the "areas" of your organization, and then focus on those "areas" (processes) of concern/risk---then you can simply reference the clause that is governing/not being met (because one "area" may be dealing with requirements of a clause just fine, while another "area' (process) may be struggling/failing. )

    Hope this helps.
    Be well.
     
  4. Divine De La Pena

    Divine De La Pena Member

    Joined:
    Mar 18, 2019
    Messages:
    5
    Likes Received:
    1
    Trophy Points:
    2
  5. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    In addition to John's comment. Auditors should not audit per clause. Audit per process instead.

    ISO 19011:2018 Annex A.2 recommends that: "Auditors should understand that auditing a management system is auditing an organization’s processes and their interactions in relation to one or more management system standard(s)."