Internal Auditor Qualifications - TS16949:2002

In the end it is the registrar and the 3rd party auditors that make the determination of competence and effectiveness of an IA program. It would be unreasonable for the 3rd party to say that all the IA's must have a LA course, but not unreasonable for them to say that the guidelines of 10011-2 (or 19001) will be used as the criteria for detemining competence. To me as a 3rd party auditor I don't so much care about how long a training class is as I do as to it's content and the ability of people to put content to practice.

Randy

Would your determination of competence at an audit be based therefore on not finding anything to suggest incompetence ?

but not unreasonable for them to say that the guidelines of 10011-2 (or 19001) will be used as the criteria for detemining competence

Click to expand...

I beg to differ, Randy. I think it is unreasonable for a registrar to attempt audit me to an unrequired standard. Especially 10011-2. I don't have my copy in front of me, but if my memory serves me correctly, doesn't it mention "evaluation boards" and other things? 10011-2 works well for 2nd or 3rd party auditors, but is far too prescriptive for internal auditors.

Attending a class, even lead auditor does not make one ‘competent’, the same goes for being “Certified”. I have come across several ‘qualified’ auditors that were incompetent. Competency of the internal auditors should be based on their ability to understand the QMS requirements (not just the standard), and their ability to properly assess compliance and effectiveness. This can easily be demonstrated by analyzing the number and type of nonconformances and observations generated. If the internal auditors are not finding things, but the external auditors are, then one could question the competence of one group or the other. It is the output that determines competence, not the input (although the better inputs, the greater chance for a good output).

DUH!!

To me as a 3rd party auditor I don't so much care about how long a training class is as I do as to it's content and the ability of people to put content to practice.

Click to expand...

Competency of the internal auditors should be based on their ability to understand the QMS requirements (not just the standard), and their ability to properly assess compliance and effectiveness.

Click to expand...

Apparently you failed to properly interpret what I stated.

In addition....If you want my certificate/registration of your system then you must meet my minimum requirements, ie., In order for you to have an acceptable IA program your auditors must meet the requirements of an accepted auditor qualification standard (10011-2, 14012 or 19011). These are MY requirements for you to get MY certificate with my seal/logo.

I believe 3rd party registrars have that right. Check Guide 62 and 66

Registrar's prerogative

I believe 3rd party registrars have that right. Check Guide 62 and 66

Click to expand...

Okay, I see your point. I know registrars that include Appendix A of ISO 14001 as part of their contract. My main point is that 10011 has some things in it that small organizations might have difficulty with (I'm talking in auditor selection and evaluation -- once again based on my memory banks)

BTW, is 66 out yet? I think that was supposed to replace 62, according to my memory.

62 is for QMS and 66 is for EMS.

In the Lead Auditor and Internal Auditor courses I teach I go through qualifications of auditors (10011-2, 14012,& now 19011). I spend some time explaining (at least according to Randy) how these are and can be applied to various auditors and by various organizations. I am one who thinks that it is a waste of time & money to send folks that are only going to perform IA's to a Lead Auditor course. A good IA course utilizes the auditor qualification standard as a guidance document, covers the standard in question & maybe some of the supporting guidance standards, basic auditing skills (with exercises), and company specific programs. It should be at least 8, possibly 16 and no more than 24 hours (depends on the organization).

Internal auditing has more snares and pitfalls than 3rd party ever will. The IA's (except those that are contracted, in which case they are actually 3rd party in nature) have to face the "auditees" at lunch, on the highway and in the lavatory everyday. 3rd party guys get to dump and bail.

Then there is "company politics"

I have attended a briefing session conducted by an international CB. I was informed (but not agreed) that the IA has to be trained by IAOB recognized course. What do you think?

Internal auditor training by IAOB is not required, yet.