1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Internal Audit Depth

Discussion in 'IATF 16949:2016 - Automotive Quality Systems' started by Andrew Lee, Jul 6, 2020.

  1. Andrew Lee

    Andrew Lee New Member

    Joined:
    Jul 6, 2020
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Hi all,

    I'm just beginning to conduct internal audits for my company and wanted to get an idea of how thorough other people are with this. For example, I'm going to investigate our contingency plans (IATF 6.1.2.3) and the section has subsections a-g. Would you investigate all of these requirements?

    Keep in mind, I'm not a dedicated auditor. The auditors here have primary roles and do the audits as a secondary task. And the plant is extremely large so not all processes can be covered. It seems to me that something like contingency plans would require talking to many people (process engineers, safety managers, even plant managers) to evaluate all the subset requirements.

    How do you guys go about checking something like this?

    Thanks
     
  2. qmr1976

    qmr1976 Well-Known Member

    Joined:
    Jun 17, 2019
    Messages:
    174
    Likes Received:
    88
    Trophy Points:
    27
    If items a-g are preceded by the word 'shall', you need to make sure your company is compliant with them. Having said that, we are a very small company and I can tell you that although our contingency plan is reviewed during management review, only one person is really responsible or takes ownership of the procedure and makes sure the testing of the contingency plans take place. (Contingency simulations)
     
  3. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,203
    Likes Received:
    2,598
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Hi Andrew: These are great questions, that rarely, IMHO, get asked! What others might do, may not be the only reasons. So, let's do this: Why are you doing the audit (audit objective)? What are the audit criteria? Is it IATF 16949? The a-g requirements are pretty straightforward, however, e and f will require some thought, since there's no requirement to "retain documented information" on the testing (e) or the review (f), which might present you with a problem...(the changes are the only records).

    Are you also going to check (audit) the organization's process(es) for contingency planning? Does the organization have it's own process description? Do you have an assigned Process Owner? Have you spoken to them about the internal audit and what they can show you has been done?
     
  4. Andrew Lee

    Andrew Lee New Member

    Joined:
    Jul 6, 2020
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    I will be speaking to the process owner tomorrow to see what the situation is regarding out contingency planning. We are IATF certified so I suppose I'm conducting the audit to ensure continued compliance. The thing I'm unsure about is how much is enough with contingency planning.

    For example, item a: a) identify and evaluate internal and external risks to all manufacturing processes and infrastructure equipment essential to maintain production output and to ensure that customer requirements are met;

    ALL processes and equipment is a large area at my plant, and I could go through all the documents to ensure everything is covered, but that would cause me to need to neglect my primary job.

    And again item e: e) periodically test the contingency plans for effectiveness (e.g., simulations, as appropriate);
    Would something like regular fire drills be enough to satisfy? Or will external auditors be looking for simulations for each contingency plan?

    Thanks for the responses. I'm plunging headfirst into the ISO/IATF world and I have a lot to learn.
     
  5. qmr1976

    qmr1976 Well-Known Member

    Joined:
    Jun 17, 2019
    Messages:
    174
    Likes Received:
    88
    Trophy Points:
    27
    According to the standard, whatever is listed in your contingency plan needs to be tested. It doesn't call out the frequency, of course but we perform our simulations annually.
     
  6. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,203
    Likes Received:
    2,598
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    This is a great help! Did anything change to the CP since the last audit? If not, why do it?
    Nope, it means actually running a simulation or similar. Who knows what external auditors want to see? You can't predict that, so having a good reason WHY you are auditing the CP is a great place to start. We never audit "just because", there has to be a reason...
     
  7. Andrew Lee

    Andrew Lee New Member

    Joined:
    Jul 6, 2020
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    We internally audit each IATF clause at least once per year. Yes, we do a lot of them.

    That's pretty much what I was looking for. Wanted to make sure I wasn't just probing for proof of simulations on things that we didn't need to have simulations for.
     
  8. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,203
    Likes Received:
    2,598
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    That's not a good reason! It's common, but that doesn't make it good! If it didn't change or it was implemented (tested) correctly, don't waste time auditing it.
     
  9. Andrew Lee

    Andrew Lee New Member

    Joined:
    Jul 6, 2020
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    I agree, sometimes companies stick to standard practice just because it's standard practice. Our 2019 certification audit had 0 findings so really we should scale back the audit rate for areas that aren't subject to much change.

    Thanks for all the help in this thread though!
     
  10. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,203
    Likes Received:
    2,598
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    I wouldn't be taking that auditor back! You pay good money for them to come in and do what? Report nothing? Everything is the "Midas Touch"? For IATF audits is so complex, there can't be zero issues...

    But, your thought process is good. If it ain't broke, what are we fixing here?
     
    qmr1976 likes this.
  11. qmr1976

    qmr1976 Well-Known Member

    Joined:
    Jun 17, 2019
    Messages:
    174
    Likes Received:
    88
    Trophy Points:
    27

    I agree! Although admirable of your company, It's VERY rare that an IATF auditor would report zero nonconformances. Since transitioning from TS to IATF the requirements are a lot more stringent and require a lot more to be documented. The auditors usually have their audit reports reviewed by a technical reviewer and they usually get reprimanded for not finding anything. No company is perfect, so if they don't find anything it's usually because the auditor isn't doing their job.
     
    Andy Nichols likes this.