1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Audit of Internal Audit Process - Appropriate personnel

Discussion in 'ISO 9001:2008 - Quality Management Systems' started by Padym, Mar 3, 2016.

  1. Padym

    Padym Active Member

    Joined:
    Oct 19, 2015
    Messages:
    55
    Likes Received:
    8
    Trophy Points:
    7
    I have a query that in a small to medium organization, can Management representative do the Audit of an Internal Audit process and the auditee reports to him and vice versa. I know from requirement perspective, this isn't allowed as it states that Auditor should not audit their own work.
    Can somebody suggest a simple solution to correct this situation so as not get an non-conformance on this aspect.
     
  2. AndyH

    AndyH Member

    Joined:
    Feb 12, 2016
    Messages:
    16
    Likes Received:
    5
    Trophy Points:
    2
    Location:
    UK
    You could argue a first party audit on their own work (not desirable in this case) but do you not have a spread of trained internal auditors from different departments? They should be able to complete the audit as long as they didn't create/authorise the process.

    Just another audit on a process.
     
  3. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,285
    Likes Received:
    2,631
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Sorry, Andy but even under ISO 9001:2008 this isn't true! You can't audit your own work was the requirement. Under 2015 this requirement is also removed. Just have to be objective and impartial.
     
  4. AndyH

    AndyH Member

    Joined:
    Feb 12, 2016
    Messages:
    16
    Likes Received:
    5
    Trophy Points:
    2
    Location:
    UK
    So it's been reduced to simple first party assurance? Well I never. Lucky we're all so honest...
     
  5. David Sanabria

    David Sanabria Active Member

    Joined:
    Jan 2, 2016
    Messages:
    50
    Likes Received:
    4
    Trophy Points:
    7

    1. Is the Management Representative in charge of Internal audits.

    If they are then - there are ways to go around that.

    2. Hire an outside individual.

    3. or... have a team of two or more individuals audit the same area - remember - the key is to maintain objectivity in the process.
     
  6. Padym

    Padym Active Member

    Joined:
    Oct 19, 2015
    Messages:
    55
    Likes Received:
    8
    Trophy Points:
    7
    1. Yes.

    2. not really a preferred option.

    But on ground we have the proof that activities of both personnel are not different.
     
  7. David Sanabria

    David Sanabria Active Member

    Joined:
    Jan 2, 2016
    Messages:
    50
    Likes Received:
    4
    Trophy Points:
    7
    ... so bring in another party that it is diferent to maintain objectivity, otherwise you could be looking at a violation of 2008 (not 2015) requirements.
     
  8. Padym

    Padym Active Member

    Joined:
    Oct 19, 2015
    Messages:
    55
    Likes Received:
    8
    Trophy Points:
    7
    If we are able to prove on the lines that activities of MR and Internal Auditor who reports into MR are distinct and there is no conflict of interest. It doesn't influence the Objectivity and independence.
    The standard says that Auditor cannot audit their own work, no specific requirements that cannot be of same department.
     
  9. Nick1

    Nick1 Member

    Joined:
    Jan 27, 2016
    Messages:
    49
    Likes Received:
    20
    Trophy Points:
    7
    I agree with Padym. It might not be ideal but because it is a small organisation you can use the Management Review as a safeguard, though you are violating the standard. To make sure you don't get into a discussion with the external auditors you could hire a consultant to do these audits.
     
  10. Leonid

    Leonid Well-Known Member

    Joined:
    Jan 4, 2016
    Messages:
    164
    Likes Received:
    31
    Trophy Points:
    27
    Location:
    Moscow
    By definition in ISO 9000:2005 and ISO 9000:2015, audit is an "independent process". MR cannot be independent of the QMS performance.
     
  11. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    1,071
    Likes Received:
    723
    Trophy Points:
    112
    Location:
    USA
    How do we take into account the changed definitions of Management Representative inn ISO 9001:2015? In fact, no defined responsibilities for that role exist in the revised standard.

    3.13.1 of ISO 9000:2015 states "...carried out by personnel not being responsible for the object audited."
     
    yodon and RoxaneB like this.
  12. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,285
    Likes Received:
    2,631
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Leonid - your definition of "independent" isn't appropriate, IMHO. If an organization appoints a "Management Representative" how can you say they are responsible for the performance of the QMS? That role has NEVER been responsible for the performance of the QMS! Compliance of the QMS to ISO requirements? Yes! Reporting on the QMS? Yes! Never the actual performance of the QMS. That's clearly Top Management's work.
     
  13. James A Shell

    James A Shell Member

    Joined:
    Mar 29, 2016
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Varies
    In my role as quality manager I have a checklist which covers all of the requirements of the standard as well as our internal audit procedure. It is simple enough that I can give it to someone who is "impartial" (the only requirement of the standard) they walk through it and sign off and that is my objective evidence of an audit of my internal audit. Anybody can do it.

    This also helps me accumulate the audit records because I organize my file by the same checklist.
     
  14. normzone

    normzone Well-Known Member

    Joined:
    Aug 3, 2015
    Messages:
    137
    Likes Received:
    78
    Trophy Points:
    27
    Yes, that's how I handle it. When in doubt, train somebody how to audit the things you should not audit yourself. Teach them what to look for to verify that they're not being fed a bill of goods, have them audit what you do.
     
  15. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,285
    Likes Received:
    2,631
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    You only audit to the requirements of ISO 9001?
     
  16. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,285
    Likes Received:
    2,631
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    I'm not sure this is all. I didn't read anything about "competency"... If you simply tell someone how to audit what you can't, how does that become "impartial" or "objective"? Indeed, how do you ensure no bias? Aren't you at risk of them doing exactly what you do, and who validates the process is impartial and objective?
     
  17. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,355
    Likes Received:
    1,060
    Trophy Points:
    112
    Location:
    Laguna Philippines
    In ISO 9001:2015, "Auditors shall not audit their own work" is already obsolete. "Management Representative" is also obsolete. If an organization opted to retain its Management Representative and keep his/her 2008's responsibility of "ensuring that processes needed for the QMS are established, implemented and maintained", then if he/she chose to use internal audit as his/her method (see 4.1e and 8.1 of 2008) to fulfill his/her responsibility - then why should he/she be barred from doing so?
     
    Andy Nichols likes this.