Internal Audit AS9100 - all elements within a 3 year cycle…required or not?

Crusader

Crusader

Trusted Information Resource
Hello! Been a very long time since I have been here…

need advice - see title - Is that required? Where is the shall? I’ve looked at ISO 19011 and AS9100. Zero requirement.
I have looked at AS9100, ISO 19011, and AS91-4 for grins….no shall statement For the client.

I have an action request to cover all of the AS9100 standard in our internal audit plan…said within a 3 year cycle was not performed. And, the requirement is to audit all unaudited elements to close out the action request!

and this was written up as a Major finding.:oops:

our audit plan is risk based and importance based so it does not cover the entire AS9100 standard in a 3 year cycle.

Thoughts?
 
Kronos147

Kronos147

Trusted Information Resource
Kronos147 said:
An Internal Audit is required to review the QMS agains the requirements of the standard (as per 9.2.1 a) 2). If you are not reviewing all of the shalls over that three year period, how have you documented your acceptance of the risk?

If not over a three year cycle, then how does the organization plan to verify all the shalls have been met? A six year cycle?

I would argue for my own organization should an auditor say we didn't look at all the requirements over a 1 year period, but over a three year period? Not sure I how I could justify that.
Click to expand...
Looks like you asked the same question, so I will quote my other post.

Crusader said:
Where is the shall?
Click to expand...
How do you read 9.2.1 a. 2.?
 
B

Big Jim

Admin
Obviously the auditor is making up his own rules.

That said, I personally believe that not auditing the entire system within a three year period is a horrible practice. It would be hard to demonstrate you have control over your quality management system. As much as I would like to write a nonconformance for this, I don't see a shall that effectively covers it.

I would, however, ask for an explanation about just how they apply risk to their schedule.
 
Jen Kirley

Jen Kirley

Quality and Auditing Expert
Leader
Admin
The standards share the clause "...audit the management system..." which implies all of it, not just pick and choose which processes to audit. Who is to say no more than half of the system is required to be assessed for effectiveness? Like Big Jim said, is that really what you want?

A past employer received an OFI for not having every process covered in the three year audit plan (risk based). He started talking NC so I grabbed my copy of the standard and leafed through it, asking "Where does it say that? Can you help me find it?" He was displeased with my behavior but the NC was not issued. That being the case, we still moved the 5-year frequency of that particular process to 3 years.

There is still a tendency to use the black and white letters on the standards' pages to tell us what to do; it would be better to make decisions based on maintaining a robust and profitable management system.
 
You must log in or register to reply here.

Similar threads

Crusader
AS9100 Internal Audit Frequency - Audit all AS9100 elements within a specific timeframe?
2 3 4
Replies
30
Views
1K
4theindustry
4
T
AS9110 and Part 145 Internal Audit Program (combined)
Replies
2
Views
92
Trav99
T
QCBOB
ISO 13485:2016 Internal Audit checklist/template?????
Replies
1
Views
153
shimonv
shimonv
Vader22
ISO 17025 Internal Auditor Requirements
Replies
6
Views
630
david7763
D
N
Findings from internal audits
Replies
2
Views
488
Quality-Nation
Q
Top Bottom