1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

How long is a piece of…

Discussion in 'ISO 19011 - Auditing Management Systems Guidelines' started by Andy Nichols, Jul 2, 2023.

Tags:
  1. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,109
    Likes Received:
    2,562
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Internal Audit?

    If we leave out the planning and reporting pieces, adopt the so-called “process approach” (whatever THAT is), how long does an internal audit take to perform? Typically?
     
    Andy Nichols, Jul 2, 2023
    #1
  2. RonR Quality Pro

    RonR Quality Pro Active Member

    Joined:
    Sep 30, 2021
    Messages:
    54
    Likes Received:
    45
    Trophy Points:
    17
    Location:
    SW Ontario Canada
    Depends on the process being audited.......something fairly straightforward (corrective action as an example) is fairly quick - an hour or so is (usually) enough time. But something more involved (manufacturing processes) may take more time, as you need to sample several different manufacturing processes (with the tied-in processes of scheduling, calibration, doc control, etc).
    There is no real 'quick' answer, but when I am planning for internal audits, I allow myself 2 hours per process.....if it takes less, then I know that I will end up using that 'saved' time somewhere else.
     
    RonR Quality Pro, Jul 5, 2023
    #2
    RoxaneB, Sarvar and Andy Nichols like this.
  3. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,109
    Likes Received:
    2,562
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Interesting, Ron. Empirically, this is what I have also found, so in my mind this is the "right" answer. I've asked it in other places and have been stunned by the replies. It has left me wondering what the "process approach" really means...
     
    Andy Nichols, Jul 11, 2023
    #3
    RonR Quality Pro likes this.
  4. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,055
    Trophy Points:
    112
    Location:
    Laguna Philippines
    Although mentioned in IATF 16949 and ISO 19011, I'm still looking for an international standard that clearly explains how "process approach" in auditing is to be carried out. Below are just my list of guidelines that I employ to carry out my own interpretation of a process approach audit:
    • Focus more on effectiveness, than conformity. I need to see whether planned results are clearly established and there are evidence that these are being fulfilled. There should be evidence that the planned activities are realized;
    • Objectives that were established for the processes should be based on the needs and expectations of the receiver of the outputs of the processes;
    • Risks that can adversely affect the achievement of the objectives are determined and the controls to address them are evidently integrated into the processes;
    • There should be evidence that the controls to address risks are implemented;
    • If there are applicable requirements (e.g. own, customer, regulatory, international standards) that are relevant in implementing the controls of the processes, conformity/compliance is then verified;
    • Audits are planned according to the processes to be covered, not the clauses that are applicable;
    • The audit criteria that will be included in the audit checklist are requirements relevant to the process to ensure expected outputs are produced and objectives are achieved;
    • Use of generic checklist (i.e. clause-based) is a mortal sin;
    • Avoid ambiguous connection. Negative audit findings should be raised against a particular relevant requirement (own, customer, regulatory) - NOT on ISO clauses (unless it's very clear with the auditee that a particular clause was violated);
    • Don't compute the score of the results of audits. There's no value in doing it.
     
    tony s, Aug 3, 2023
    #4
  5. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,109
    Likes Received:
    2,562
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Good post, Tony on the HOW TO of auditing. I agree with you that the whole "process approach" to auditing is a myth which few seem to have recognized.

    My question was based on the fundamental need to set a time boundary on audits. We have the "physical" boundary of the audit scope, yet this has less relevance than the practical boundary - that of time - which affects the auditor and auditee. We can't - and mustn't - overlook that audits take time. Most employees are compensated for their time. Budgets are allocated based on, among other things, estimates of time to perform functions. Indeed, even CB audits are based on hours spent auditing.

    How do we justify to management X dollars spent on audits for Y ROI?
    How do we allocate time to conduct an audit?
    How will we know an internal auditor spends sufficient/insufficient time on an audit?
    How will an auditee know to carve out time for their personnel to participate, even in a basic manner?

    Shouldn't we be applying the "What gets measured gets managed" maxim? Not the "ISO-Says-So" reasoning?
     
    Andy Nichols, Aug 3, 2023
    #5