Your Internal Audit Team: Internal or Hired External? Outsourcing Internal Audits

Internal audit: in-house or outsource?

  • We perform internal audit in-house - love it & wouldn't change.

    Votes: 32 50.8%

  • We perform internal audit in-house - waste of time and resources.

    Votes: 12 19.0%

  • We out source internal audit - love it & wouldn't change.

    Votes: 6 9.5%

  • We out source internal audit - waste of time and resources.

    Votes: 1 1.6%

  • We do both - love it & wouldn't change.

    Votes: 1 1.6%

  • We do both- waste of time and resources.

    Votes: 1 1.6%

  • I perform internal audits for others

    Votes: 10 15.9%
  • Total voters
    63
B

Bill Ryan - 2007

We do both. Basically, it's split more as the "Level 3 & 4" documentation is audited by our internal staffing. The "Level 1 & 2" documentation we have outsourced. This is how our management decided to have it set up. I don't believe we have any certified lead auditors here and I'm not sure there is anything underway to have anyone go that route internally. There are a few ASQ CQAs, but as has been mentioned before, that doesn't stand up to some/most Customer Specific Requirements.
 
Jim Wynne

Jim Wynne

Leader
Admin
cncmarine said:
In a small company it is a one size fits all answer.

Auditors can not audit their own work....
Click to expand...

I understand. I meant that in the grand scheme of things (not within any single company) there isn't a single right answer.
 
K

Koala

I agree that there isn't a single right answer- each company is different with what works for them. I have personally seen small companies successfully audit themselves that were way under 100 employees. Yet I have also seen companies way over 100 and struggle with 'no time, not important enough' etc.
My company has a team of internal auditers who do an excellent job. Of course some do a more thorough job than others, but each auditor does take the internal auditing seriously even though it is a separate function from their normal job. To keep it interesting for them, I do my best to not have them perform a repeat audit from the 2 years prior (which can be difficult since we normally perform 35+ audits per year.
I am very interested in swapping auditors with another company in my area. I have tried to canvas my local ASQ chapter for this (with no luck). I wanted to do this simply to keep my auditors interested and to give them some auditing training and to keep them motivated- keep it fun. Our audit program has been in full swing for 6 years. Anyone out there have luck with this type of program?
 
C

cncmarine

It is so much more beneficial and cost effective to have an external audit program. That way you can use your internal people for corrective / preventive actions.
 
K

Koala

Our internal personnel are working on corrective / preventive actions anyway. (BTW, we do not tie corrective/preventive actions together. We have a completely separate preventive action program that everyone works on.). While I do see a benefit to 'outside' eyes perhaps seeing some things that we may be missing, I would like to respectfully disagree that having an outside auditor is "so much more beneficial and cost effective". I have had quite a few suppliers and customers commend our company on the excellent internal audit program we have implemented here. Perhaps it is 'more beneficial and cost effective' for some companies. And perhaps my own company could benefit from some outside eyes- I would love to get involved with auditor swapping- I think my auditors would enjoy the experience and learn from it (perhaps sharpen their own auditing skills). But I truly feel my company's internal audit team does an excellent job and the outside auditor would NOT understand the inner workings and processes like our auditors do.
 
B

bpritts

Involved - Posts
Wes Bucey said:
I can see lots of reasons to have INTERNAL staff perform INTERNAL audit. I fail to be convinced about EXTERNAL staff performing INTERNAL audit.

I can see adding some outsiders (neighbors as part of free swap) or even some paid professionals to give each team a cross-functional character or to help in on-the-job training for the audit team, but I still maintain the team should have mostly in-house personnel.

Those of you who advocate 100% outsiders to perform INTERNAL audit should take this opportunity to help me understand your point of view.

I should warn in advance that I will be very hard to convince if you claim "employees are too busy" since it is management's chore to schedule things so there is sufficient time to do everything, even if it means increasing staffing or granting overtime pay. I will be similarly resistant to claims that employees are "incompetent" since it is management's task to provide training and opportunities to take such training to eliminate "incompetence" as an excuse.
Click to expand...


Wes --

Even as a professional offering internal audit services, I share your opinion
about the benefit of having your own people do internal audits. I would
submit that the most important benefits are not the performance of the
audits themselves, but rather the favorable "side effects" that doing auditing brings. These include:

-- a degree of awareness/training on other functions in the company
-- a heightened degree of quality consciousness when I do my own job
-- a bit of peer pressure (if I am checking that everyone is wearing their
safety glasses when I audit, I jolly well better wear my own ALL the time!)

Our best situation is to use the outsider (me, or a colleague) for the more
complex requirements - e.g. full compliance to ISO 9001/ TS 16949/ etc.
We have the internal people only auditing for compliance to the documented
system, using the client company's language... not ISO jargon.

TS16949 has a built-in concept of "manufacturing process audits" which
we would have the client people do; we do the "quality system audit, using a process approach". Even before the TS16949 process, we developed
a detailed manufacturing process audit that we could train people to do in a few hours. No worry about ISO jargon... it was translated into their own
language. This approach has served many clients well.



Regards........... Brad
 
Wes Bucey

Wes Bucey

Prophet of Profit
Right, brad! ISO jargon not required. An organization does not have to be registered to any ISO Standard to use internal audit effectively.

The folks who parrot back the "ISO Jargon" are probably a little afraid to trust their ability to make an acceptable translation into real world language. (probably because some wise guy belittled their effort one time when the wise guy didn't have a clue about the underlying meaning and was only looking for familiar text.) [Kind of like a pre-schooler who can't read, but recognizes the picture and the shape of the words on the cover of his favorite book for bedtime reading.]

Over the years, I've found a lot of shops where the owners and managers are intuitive about their quality practices. They perform in-process inspections (prevention, not detection.) They keep records of what they buy, what they sell, and what they do. They train folks in-house when they can or bring in outsiders to help train on special things (new machines, tools, etc.)

Employees know the bosses are concerned and don't hesitate to bring them questions because they do not fear getting fired for a slipup. Bosses and employees treat customers and suppliers like friends, not enemies.

They tell customers the truth, even if it means losing an individual job because the customers will come back to where they are treated well. They don't overextend themselves to the point of financial peril. Above all, they intend to stay in business for the long haul, so they maintain their businesses in a neat, tidy manner. They have 10, 20, 30 years of experience and it is definitely better than having one year of experience 30 times, because they and their employees have a profound knowledge of their business, even if they never heard of Deming or his theory of the System of Profound Knowledge.
 
Y

YankInOz - 2009

The organisation that I am currently with has had the same external auditor for 9 years. I have been with the company for just over a year. Last month we had our trienniel re-certification audit and passed. The auditor told me that this was the first time in 9 years that he had not raised any non-conformances.

But I KNOW we have non-conformances because I uncover them in my internal audits! Top management is very happy, of course, but I am a bit sceptical of this guy.

What is the is the opinion amongst the Cove as to the value of having the same external auditor for an extend period of time?
 
Wes Bucey

Wes Bucey

Prophet of Profit
YankInOz said:
The organisation that I am currently with has had the same external auditor for 9 years. I have been with the company for just over a year. Last month we had our trienniel re-certification audit and passed. The auditor told me that this was the first time in 9 years that he had not raised any non-conformances.

But I KNOW we have non-conformances because I uncover them in my internal audits! Top management is very happy, of course, but I am a bit sceptical of this guy.

What is the is the opinion amongst the Cove as to the value of having the same external auditor for an extend period of time?
Click to expand...
I don't see an intrinsic problem.

There are a variety of explanations for your personal experience:
  1. Outside auditors (customer's or third party) are really only "sampling" a quality management system in the same way a CPA from an outside accounting firm "samples" the accounts in the company he audits. (We do something similar when we sample products during inspection.) It is possible the nonconformances were not in the sample.
  2. You and the outside auditor may have differing interpretations of the severity of an observed nonconformance, with one considering it a sign of systemic failure, while the other dismisses it as something of little consequence and not likely to affect the product reaching the customer. This category happens both ways, each side of the interpretation labeling the other as "too lax" or too "strict," and often engendering a barroom rant once the offending party is out of earshot.
  3. Some operations are characterized by "white coat syndrome" (my doctor uses this term for folks whose blood pressure rises as soon as the doctor pulls out a pressure cuff) where the operator may be nervous and commit errors in front of one auditor, but not another.
I guess the primary question is how you and the organization deal with the situation you are encountering. My advice is to examine whether your internal audits are valid or whether they focus too much on "gotcha" events. If your audits are valid, then you are keeping on top of the situation in keeping your organization in conformance. You can ignore lapses of an outside auditor.

The biggest point I can make is to let go of the idea the outside auditor is some sort of super cop who will see and validate all the same nonconformances you have spotted. That's not his role.
 
You must log in or register to reply here.

Similar threads

J
  • Poll
Average number of Nonconformances during internal quality audit for Medical Device Manufacturers
Replies
3
Views
625
Funboi
F
R
VDA Potential Analysis - Similar product from other customer and confidentiality
Replies
0
Views
712
ronjae
R
M
External audit non conformity related to applicable regulations
Replies
9
Views
980
mihzago
mihzago
M
  • Locked
Hiring: RQA Engineer
Replies
1
Views
908
Jim Wynne
Jim Wynne
R
Audit Closure - Assigned actions
Replies
7
Views
818
RoxaneB
RoxaneB
Top Bottom