Your Internal Audit Team: Internal or Hired External? Outsourcing Internal Audits

Internal audit: in-house or outsource?

  • We perform internal audit in-house - love it & wouldn't change.

    Votes: 32 50.8%

  • We perform internal audit in-house - waste of time and resources.

    Votes: 12 19.0%

  • We out source internal audit - love it & wouldn't change.

    Votes: 6 9.5%

  • We out source internal audit - waste of time and resources.

    Votes: 1 1.6%

  • We do both - love it & wouldn't change.

    Votes: 1 1.6%

  • We do both- waste of time and resources.

    Votes: 1 1.6%

  • I perform internal audits for others

    Votes: 10 15.9%
  • Total voters
    63
Claes Gefvenberg

Claes Gefvenberg

Admin
YankInOz said:
I KNOW we have non-conformances because I uncover them in my internal audits! Top management is very happy, of course, but I am a bit sceptical of this guy.
Click to expand...
To expand a bit on what Wes said here, :agree1: I also have to say that your internal audits should uncover more than what is found by an external audit.

An internal auditor often knows exactly where to look, and generally does... ...which is precisely why I want internal auditors to do the internal audits: They know the nooks and crannies of the company in a way an external auditor could never hope for.

/Claes
 
C

cncmarine

Claes Gefvenberg said:
To expand a bit on what Wes said here, :agree1: I also have to say that your internal audits should uncover more than what is found by an external audit.

An internal auditor often knows exactly where to look, and generally does... ...which is precisely why I want internal auditors to do the internal audits: They know the nooks and crannies of the company in a way an external auditor could never hope for./Claes
Click to expand...


Thats the issue....

If the internal auditor knows that many nooks and crannies then maybe they are too close to the situation and should not be auditing.

Remember: auditors can not audit their own work !!!!
 
Claes Gefvenberg

Claes Gefvenberg

Admin
cncmarine said:
If the internal auditor knows that many nooks and crannies then maybe they are too close to the situation and should not be auditing.
Click to expand...

A matter of interpretation, I guess... On the other hand we do want audits to uncover improvement potential, right? At least i do.

cncmarine said:
Remember: auditors can not audit their own work !!!!
Click to expand...

That I remember... and of course they don't.

/Claes
 
Jim Wynne

Jim Wynne

Leader
Admin
Claes Gefvenberg said:
A matter of interpretation, I guess... On the other hand we do want audits to uncover improvement potential, right? At least i do.



That I remember... and of course they don't.

/Claes
Click to expand...

If the advantage in having “captive” auditors lies in the fact that they know where the bodies are buried—or where they’re likely to be interred—then the audit team becomes a police force, wandering the building with their corpse-sniffing dogs, ready to pounce and shout “Aha!” when a problem is found.

Auditing isn’t an Easter egg hunt, and it’s not a “gotcha” exercise—it’s a process that should begin with the assumption that everything’s OK. If you assume the opposite, then it’s too early to be auditing—the transformation hasn’t taken place.
 
Claes Gefvenberg

Claes Gefvenberg

Admin
JSW05 said:
If the advantage in having “captive” auditors lies in the fact that they know where the bodies are buried—or where they’re likely to be interred—then the audit team becomes a police force, wandering the building with their corpse-sniffing dogs, ready to pounce and shout “Aha!” when a problem is found.
Click to expand...

Slow down..... I was not referring to knowing where the bodies are buried, but to the fact that internal auditors know the companys processes better than an outsider. Captive auditors? I may have expressed myself poorly but really:

Police force? Corpse-sniffing dogs? Ready to pounce and shout “Aha!” ?
Come now... :rolleyes:


JSW05 said:
Auditing isn’t an Easter egg hunt, and it’s not a “gotcha” exercise
Click to expand...

I don't think I said it was?


JSW05 said:
it’s a process that should begin with the assumption that everything’s OK.
Click to expand...
Yes. I agree. No discussion there.

/Claes
 
R

Rob Nix

I'm mad at myself for missing this thread when it started. Arrgghh! Anyway, most of what I would have said has been included already, so I'll just add my personal experience.

When I started here 4 years ago, the first thing I did was let the external (contracted) auditor go. He was expensive and wasted a lot of valuable time justifying his existence (piles of reports, days of auditing), rather than adding any value to the organization. This company is fairly small: 3 facilities numbering 85, 75, and 50. I do most of the auditing as the quality director. I have a couple of others trained to audit my areas.

Since I know where most of the "evidence" is, and the problem areas, it is quick and easy for me to document these things and report them to management. So the bulk of the audit has been designed to be value-added - seeking input from employees, as I go, for suggestions on how their areas can be improved. It WORKS GREAT! Management receives both concerns and ideas.

The idea of "cross-pollination" is very good also, having people from different departments "tag along" on the audits to see how things are done in other departments. These experiences can be real eye-openers.

And as far as "how much time it takes" goes, give me a break! There is ALWAYS time for some highly efficient auditing. It is only a matter of priorities and organizational ability. Most often, what I see from complainers saying "I don't have time for that" is shooting the breeze two or three times a day, or stuggling through a pile of documentation they could easily keep up with if they didn't let it pile up.

It is true that external people provide some "fresh eyes" to the subject. Maybe that could be done less frequently than internal audits, by consultants or trainers, which would lower the expense. External people aren't going to add THAT much value at three month intervals.

Wow, I didn't think this would end up on the soapbox! :eek: :soap:
 
Wes Bucey

Wes Bucey

Prophet of Profit
Personally, I always used auditing teams including a cross-functional group of members.

I don't get quite as vehement as some about "shall not" audit own work as long as it is an open process in the presence of team members whose work is not under scrutiny. In small organizations, many folks wear so many hats, it is impossible for there to be anything for them to audit if we adhere to such a proscription.

I agree, also, that any audit is not a license to play gotcha or policeman. Unfortunately, we still see posts from folks who retain the idea the auditor is a cop with extraordinary powers of police, judge, jury, and executioner.

In my ideal world, the auditing team familiarizes itself with the plan for the process being examined by reading through procedures or work instructions. They then observe the PROCESS in operation (note - the process, not the individual worker.)

If necessary, they ask clarification questions. Then they match what the plan says should be happening with the actual process and note one of three things:
  1. everything proceeds according to plan - the process conforms
  2. there is a glitch between plan and activity - this may be referred to process owner or a special team for confirmation and possible Corrective Action or Preventive Action
  3. the process conforms, but there is an opportunity for improvement
Note in number 2, I do not consider the audit team responsible for staying in business to monitor and approve a CA/PA, similarly to the process in Management Review, where the reports are given to management to decide on action or no action. This takes away the "unlimited police power" aspect of an audit and removes many situations from a personal ego slant where an auditor feels pressure to prove he is right and process owner is wrong.
 
Jim Wynne

Jim Wynne

Leader
Admin
Wes Bucey said:
Personally, I always used auditing teams including a cross-functional group of members.

I don't get quite as vehement as some about "shall not" audit own work as long as it is an open process in the presence of team members whose work is not under scrutiny. In small organizations, many folks wear so many hats, it is impossible for there to be anything for them to audit if we adhere to such a proscription.

I agree, also, that any audit is not a license to play gotcha or policeman. Unfortunately, we still see posts from folks who retain the idea the auditor is a cop with extraordinary powers of police, judge, jury, and executioner.

In my ideal world, the auditing team familiarizes itself with the plan for the process being examined by reading through procedures or work instructions. They then observe the PROCESS in operation (note - the process, not the individual worker.)

If necessary, they ask clarification questions. Then they match what the plan says should be happening with the actual process and note one of three things:
  1. everything proceeds according to plan - the process conforms
  2. there is a glitch between plan and activity - this may be referred to process owner or a special team for confirmation and possible Corrective Action or Preventive Action
  3. the process conforms, but there is an opportunity for improvement
Note in number 2, I do not consider the audit team responsible for staying in business to monitor and approve a CA/PA, similarly to the process in Management Review, where the reports are given to management to decide on action or no action. This takes away the "unlimited police power" aspect of an audit and removes many situations from a personal ego slant where an auditor feels pressure to prove he is right and process owner is wrong.
Click to expand...

:agree1: Agreed on all points, especially the bit about not being obsessive regarding people auditing their own work when part of a team.
 
Crusader

Crusader

Trusted Information Resource
I think what we have learned from our registrar audits is that they point out so many opportunities for improvement that we never even thought of. That is why an external source was considered.
Our internal audit team is constantly changing / rotating out personnel due to job changes, terminations, leaving the company, etc. So often, that I am constantly training and I seem to never have a 100% fully self-confident / fully-effective audit team. Hence, I have to go audit with each person and train as we audit...on-going training! I can't let them go on their own without supervision because the competency level is unsatisfactory. (Not their fault.)

Internal auditing is the way to go if you have the resources but why not also bring in a fresh set of eyeballs once a year? .....Someone who has seen many other companies and seen many ways of interpreting and implementing a "standard"....whichever one that is. Why wait for a registrar audit?

I don't like having the same lead auditor (registrar) but that is what the company wants. He's good, fair, but he has seen the entire company so many times that I wonder if he's too familiar now - we just had 2 assistant auditors in this last ISO upgrade audit because our regular lead auditor needed help to cover everything in the time alotted. Those 2 new auditors pointed out some things that our guy never even noticed. At the same time, we (internal auditors) didn't catch it either.

If one goal is to improve, isn't a fresh set of eyeballs worth trying?
 
D

db

I have several clients that have hired me to do their internal audits. The rationale is as varied as the organizations. One is very small (only 5 folks). The main point with them is they are too interdependent with each other. A large company has too much turnover to have a consistent audit process (in the roughly three years I’ve been auditing they have been through four Environmental Management Representatives (the longest lasted about 14 months). A third company uses me as an additional auditor, working with their internal sources, for a “fresh eyes” approach. One of my co-workers does a lot of auditing for 17025 because some organizations don’t feel their internal resources would have the expertise. The same holds true with some TS companies. The feeling is us “experts” (a term that might be arguable in my case) know how to interpret the standard better than internal sources.
 
You must log in or register to reply here.

Similar threads

J
  • Poll
Average number of Nonconformances during internal quality audit for Medical Device Manufacturers
Replies
3
Views
625
Funboi
F
R
VDA Potential Analysis - Similar product from other customer and confidentiality
Replies
0
Views
712
ronjae
R
M
External audit non conformity related to applicable regulations
Replies
9
Views
980
mihzago
mihzago
M
  • Locked
Hiring: RQA Engineer
Replies
1
Views
908
Jim Wynne
Jim Wynne
R
Audit Closure - Assigned actions
Replies
7
Views
818
RoxaneB
RoxaneB
Top Bottom