1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Competency of internal auditor

Discussion in 'ISO 9001:2015 - Quality Management Systems' started by jacktkt, Jan 27, 2016.

  1. jacktkt

    jacktkt New Member

    Joined:
    Jan 27, 2016
    Messages:
    2
    Likes Received:
    1
    Trophy Points:
    2
    I have ten iso9001:2008 internal auditors in my company. Is it feasible for me to train them with the iso9001:2015 standard instead of taking traing courses from service provider ? My boss think that there is no change in iso19011, so he asks me to train them about the difference and highlights of new version. I am wondering my competency on training them and their recognition as i am just irca iso9001:2015 lead auditors.
    Thanks.
     
  2. RoxaneB

    RoxaneB Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    926
    Likes Received:
    1,081
    Trophy Points:
    92
    Location:
    Ontario, Canada
    There is nothing in the standard that says you need to send your internal auditors on external training to the standard. Your organization can determine the criteria for internal auditor competency. So, yes, you can train them on the difference between the two versions...but there may be more value in training them on HOW the changes impact the organization and WHAT kind of evidence they may be looking for (if it's even difference from past internal audits).
     
    drgnrider likes this.
  3. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Agreed! In fact, I'd go so far as to suggest that internal auditors don't need to know what's in the standard...
     
  4. RoxaneB

    RoxaneB Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    926
    Likes Received:
    1,081
    Trophy Points:
    92
    Location:
    Ontario, Canada
    I agree, but sometimes it's nice to understand the 'why' factor. To understand why you are auditing for a particular activity or nuance can help an auditor re-frame or re-phase a question, and see connections to other aspects of a management system. Understanding the standard can also help an internal auditor use the audit as a training opportunity. Many times I've had auditees get flustered or go off on some wild tangent. At that point, I physically put my pen and clipboard down, and we have a talk about how they know their job, they're rock stars, and the scope of the discussion. Having knowledge about the standard and auditor techniques can come in handy, but, you're right...knowing them isn't necessarily a requirement. They *can* add value to the internal audit if applied properly.
     
    QMS Jaeger and charanjit singh like this.
  5. Sidney Vianna

    Sidney Vianna Well-Known Member

    Joined:
    Jul 30, 2015
    Messages:
    127
    Likes Received:
    172
    Trophy Points:
    42
  6. drgnrider

    drgnrider Member

    Joined:
    Nov 30, 2015
    Messages:
    44
    Likes Received:
    17
    Trophy Points:
    7
    Location:
    Kansas, USA
    Agree. I also have an auditor that has suggested modifications to a written procedure; change the wording, delete a paragraph, etc. We try to keep our procedures short and simple (KISS-method), less "technicalities".

    You have to know your auditors. I have some that could care less about the standard, 'just give me my assignment and I will get it done', and others that like to know the rest of story (I get better audits from these people).
     
  7. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
  8. jacktkt

    jacktkt New Member

    Joined:
    Jan 27, 2016
    Messages:
    2
    Likes Received:
    1
    Trophy Points:
    2
    Thanks all. That's right sometimes there's something that is more important than standard or clause.
     
    Andy Nichols likes this.
  9. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    In another thread recently posted, apparently a contracted internal auditor is making a big deal of names on documents. Meanwhile, the reason for not using names - the high turnover of staff - goes unaudited. A classic case of being buried in a clause/requirement of the standard "while Rome burns"...
     
    Jennifer Kirley and Paul Simpson like this.
  10. MCW8888

    MCW8888 Well-Known Member

    Joined:
    Aug 17, 2015
    Messages:
    642
    Likes Received:
    198
    Trophy Points:
    42
    I suggest that the auditing be focused is on the effectiveness of the QMS. If you do that the standard clauses will fall in nicely. We are scheduled to audit our support processes and their was a push back because the support processes think they are not part of ISO. Then they ask for checklist off hand to prepare for this audit. I told them I do not have an ISO clause checklist but I will evaluate their processes by asking a few questions around their SOP's. I made them understand that or organization is Global and we do not work for ISO. We let ISO work for us. Management at remote location responded positively. Stay tuned and I will let you know how it goes. Maybe I am pushing myself too hard because I am also new in this type of auditing. I am gong to get messy and learn new things.
     
    Andy Nichols likes this.
  11. Leonid

    Leonid Well-Known Member

    Joined:
    Jan 4, 2016
    Messages:
    164
    Likes Received:
    31
    Trophy Points:
    27
    Location:
    Moscow
    One of internal audit objectives is to provide information on whether the QMS conforms to the requirements of this International Standard (9.2.1).
    To achieve this objective the internal auditor shall know the standard requirements.
     
  12. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    I believe this is your interpretation only. There's NOTHING to say the auditors MUST be competent in the ISO standard. ONLY ISO/TS 16949 makes it a clear requirement, which is because, in part, it's NOT in ISO 9001.
     
    MCW8888 likes this.
  13. MCW8888

    MCW8888 Well-Known Member

    Joined:
    Aug 17, 2015
    Messages:
    642
    Likes Received:
    198
    Trophy Points:
    42
    Well we completed our audit of Logistics with a partner, and we almost went overtime because we got carried away with asking for evidence of effectiveness. Planning was difficult but it paid off. I think their Manager will be happy to see the report. Thanks to the mentors of this forum.
     
    Jennifer Kirley likes this.
  14. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    1,071
    Likes Received:
    722
    Trophy Points:
    112
    Location:
    USA
    This arguably being the case, leadership very often expects a system to maintain certification. To do that it makes sense to understand the standards and the intent behind the clauses, which are explained in the guidance documents.

    I have run up against a secondary set of expectations, it is true: managers wished I would find the source of process errors. While I regret not doing simultaneously well enough on both systems and the engineering side, I suggest we have, or should have, Quality Engineers to help with this. So, while I don't want to marginalize or compartmentalize the value of system audits or ignore management wishes, I wonder how well the internal audit program can, or should do both at the same time.

    If we did do both at the same time, it could be through recognizing a failure so high up that management did not like to see it because they did not connect the dots.
     
    Andy Nichols likes this.
  15. Leonid

    Leonid Well-Known Member

    Joined:
    Jan 4, 2016
    Messages:
    164
    Likes Received:
    31
    Trophy Points:
    27
    Location:
    Moscow
    How to check confornity to Standard requirements having no idea about these requirements?
     
  16. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    If the audit process owner plans the internal audits and creates a planning tool, for example a checklist, based on the ISO 9001 requirements and the auditor(s) assigned go off and do the audit, why do they HAVE to know what the standard says?
     
  17. Leonid

    Leonid Well-Known Member

    Joined:
    Jan 4, 2016
    Messages:
    164
    Likes Received:
    31
    Trophy Points:
    27
    Location:
    Moscow
    The checklist if used should be prepared by internal auditor rather than audittee to ensure objectivity. The standard requires to check if the QMS conforms to the standard requirements. All standard requirements (except permissible exclusions from Chapter 7) are the must and not subject to bypassing.
     
  18. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    I didn't mention anything about the auditee preparing checklists! Many auditors today are given a checklist by the audit process owner. The checklists, themselves, don't necessarily ensure objectivity, it's more complex than that.
     
    charanjit singh likes this.
  19. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    1,071
    Likes Received:
    722
    Trophy Points:
    112
    Location:
    USA
    Instructors for Lead Auditor courses I have attended first stressed that the class was no replacement for first understanding the standard. While I cannot vouch the same is true for Internal Auditor courses, I would be disturbed if there was no expectation to at least be familiar with the standard the person is using to confirm conformance in support of a certification that management (and perhaps customers) has asked for.

    I can vouch that there is more pressure to do a process audit than before; checklists prepared by process owners may work if they are carefully prepared to include all the features of a process audit, but I wonder why such an approach would be a good use of the process owner's time.

    There are so many weasel words in the new standard that internal auditors should have a good grasp on what applies and why, up to and including the applicable requirements of 4.1 and 4.2. Auditors need to understand the concepts, starting with context. The previous version does not prepare users for that at either the process owner or auditor function.

    It is certainly worthwhile to move the focus away from check-check-check box-ticking of conformance and into value-added auditing. The top link in the web page Sidney referenced is about adding value. While these guidance documents appear to be directed to CB auditors, the "Some tips for the auditor on how to add value" section looks like very good advice to internal auditors. I suggest that a good understanding of the standard can help.
     
  20. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    What I find interesting is that every day we read (here, and at Linkedin) peoples' assertions of what is or isn't in the standard. Many of those are people who make a living auditing. There are many different "opinions" of what's IN the standard, so IMHO, going to a course which includes a review of the ISO requirements isn't working, so why say all internal audits MUST know the standard? Sending them to class confuses them, because they often get what the instructor "thinks" the standard says! A classic case is that of how many internal audits are required. I've sat listening to someone who was trained by a CB and the people gathered were told - categorically - you MUST do one internal audit a year, minimum. I've read my copy of the standard, from cover to cover and I can't find that anywhere. Yet, people implement that and auditors apparently accept that as being in compliance - when NOTHING is further from the truth. So, please, don't tell me that internal auditors MUST know the standard to know what complies.

    If I were the audit process owner I could write a checklist and sit down with the auditor under my charge and tell them, "When you audit process "X", make sure the people are using the work instructions they were provided with. Our procedure for document control says they must be reviewed and approved by an ME, there are red line changes which may be run, but only with the approval of the ME and the QA mgr. Plus check for any previous version also being available." (Of course a checklist might be more comprehensive). Now, tell me where this isn't covering ISO 9001 document control requirements?
     
    Last edited: Jan 30, 2016
    charanjit singh likes this.