1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Timing of the evaluation of effectiveness of the actions to address risks and opportunities

Discussion in 'ISO 9001:2015 - Quality Management Systems' started by tony s, Aug 11, 2019.

  1. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    During a certification audit of a government agency, a CB auditor criticized the timing of the agency on when actions to address risks/opportunities are evaluated for effectiveness. According to the CB auditor, evaluation should be carried out more frequently by the process owners themselves and not as practiced by the agency.

    The practice of the agency is: when they perform their internal audit for the scheduled processes, the internal auditors are tasked to evaluate the actions specified in the RBT planning tool (i.e. risks/opportunities register) accomplished for each process. The internal auditors look for evidences on whether the specified actions were implemented in order to achieved the process expected outputs. The results of these evaluations are reported during their quarterly management meeting.

    The CB auditor find this approach ineffective, since internal audits are usually performed not in a regular basis while evaluation by the process owners can be done more frequently.

    What's your take on this?
     
  2. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Firstly, the auditor isn't being objective - that's purely their opinion since there's no evidence of an ineffectiveness as a result of this timing being reported. The audits are done whenever you want them to be done. The auditor needs to hold their tongue.
     
    Nicolas Ryan, Qualmx, yodon and 2 others like this.
  3. Bev D

    Bev D Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    605
    Likes Received:
    663
    Trophy Points:
    92
    Location:
    Maine
    OR find (with objective evidence) that the risk process is ineffective AND that an ‘infrequent’ audit process is a contributing factor to the ineffectiveness. ?
     
    Qualmx, yodon and Andy Nichols like this.
  4. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    I don't know if CB auditors use the International Accreditation Forum Auditing Practices Group Guidance as their reference on how they perform their audits. According to the APG Guidance on Risk-Based Thinking, dated January 13, 2016:

    In answering the question:
    “Does the organization evaluate the effectiveness of the actions to address risks and opportunities?”

    APG Guidance mentioned that:
    “The auditor should confirm if internal audits and performance evaluation activities take into account the effective application of risk-based thinking”.

    You can check this out in this link (see the last two bullet statements).
     
  5. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    I do! The answer is "No". Maybe a few are knowledgeable about the existence, but for the most part both CBs and their auditors rarely reference this material.

    “The auditor should confirm if internal audits and performance evaluation activities take into account the effective application of risk-based thinking”.

    They would, if they knew what "risk-based thinking" actually is (which the general population struggle with, too...)
     
    tony s likes this.