AS9100 Internal Audit Frequency - Audit all AS9100 elements within a specific timeframe?

M

Mike S.

Happy to be Alive
Trusted Information Resource
Sidney Vianna said:
So, I take it you would accept a 25 year internal audit schedule then.
Click to expand...
Don't play games and try to put words in my mouth. I said what I said.

Time is not the determining factor. I would not use time as the determining factor. I would use what the damn standard says are the determining factors. If as the auditor I wanted to use time as a determining factor, I would make that a contractual requirement in my contract with the auditee.
Why is this so damn hard?
 
J

jmech

Trusted Information Resource
Sidney Vianna said:
So, if you are auditing an organization and they schedule their audit program to take a 25 year cycle to cover the whole system, you can’t say nothing?
Click to expand...
I don't think this would be a good idea but it might be possible to do this and still conform to ISO 9001 / AS9100. Just because something is sub-optimal or riskier than an auditor would like does not mean that it is nonconforming.

Which ISO 9001 / AS9100 requirement is not being met in your 25 year cycle scenario?
 
Last edited:
Randy

Randy

Super Moderator
A BIG BIG catch that has been ignored and very few pay attention to..........What does the contract, that all have agreed to, between the organization and the Certification Body say? If the contract has specific language saying that within the "certification cycle (3 years)" objective evidence of "all elements" being audited internally must be demonstrated, then all bets are off, and it doesn't matter how anyone feels, wants or likes.

Nobody ever "reads" the language of the instrument governing the entire process, and most don't know where to find the thing.
 
Sidney Vianna

Sidney Vianna

Post Responsibly
Leader
Admin
jmech said:
Which ISO 9001 / AS9100 requirement is not being met in your 25 year cycle scenario?
Click to expand...
It is the same one that states that an inspection, measuring & test equipment used to determine product conformity can be calibrated every 10 years. A management system along the lines of 9001/9100 is structured on a PDCA cycle. If you are deliberately and irresponsibly avoiding checking activities, processes and systems, on a timely basis your reviews and actions are compromised.

The organization is required to establish an internal audit program/schedule. If they are excessively extending the interval between internal audits of certain aspects of the system, they better have data to justify that, just like you would expect historical data to justify extending the interval between calibrations of a gage.
 
Crusader

Crusader

Trusted Information Resource
Randy said:
A BIG BIG catch that has been ignored and very few pay attention to..........What does the contract, that all have agreed to, between the organization and the Certification Body say? If the contract has specific language saying that within the "certification cycle (3 years)" objective evidence of "all elements" being audited internally must be demonstrated, then all bets are off, and it doesn't matter how anyone feels, wants or likes.

Nobody ever "reads" the language of the instrument governing the entire process, and most don't know where to find the thing.
Click to expand...
Yeah we thought if that and because it is done at a high level, we are still trying to get ahold of it.
 
Randy

Randy

Super Moderator
Crusader said:
Yeah we thought if that and because it is done at a high level, we are still trying to get ahold of it.
Click to expand...
The "Contract"? That document, whether you signed it or someone with authority to do so signed it, can require, as a condition that all documents be on polka do paper and you audit everything, every stinking thing, 2 times a year (crazy examples). You've been obligated to "meet requirements" and some of those, even though not 9100 related, are binding and are conditions that have to be adhered to.

Every time I do an audit (I only do 3rd party CB work like this week), I have to verify specific material that could impact a certificate holder such as display of certificates and use of the CB's specific identity mark (actual pre-loaded items in my report template), and if not performed as required the result has to be documented and nonconformity issued as well as potential suspension and/or revocation. (also covered in the contract). A bunch of the "experts" here seem to fail to understand this.
 
Crusader

Crusader

Trusted Information Resource
Randy said:
The "Contract"? That document, whether you signed it or someone with authority to do so signed it, can require, as a condition that all documents be on polka do paper and you audit everything, every stinking thing, 2 times a year (crazy examples). You've been obligated to "meet requirements" and some of those, even though not 9100 related, are binding and are conditions that have to be adhered to.

Every time I do an audit (I only do 3rd party CB work like this week), I have to verify specific material that could impact a certificate holder such as display of certificates and use of the CB's specific identity mark (actual pre-loaded items in my report template), and if not performed as required the result has to be documented and nonconformity issued as well as potential suspension and/or revocation. (also covered in the contract). A bunch of the "experts" here seem to fail to understand this.
Click to expand...
Right, the contract. Trying to get a copy of it so we can see what it says.
 
J

jmech

Trusted Information Resource
Sidney Vianna said:
It is the same one that states that an inspection, measuring & test equipment used to determine product conformity can be calibrated every 10 years. A management system along the lines of 9001/9100 is structured on a PDCA cycle. If you are deliberately and irresponsibly avoiding checking activities, processes and systems, on a timely basis your reviews and actions are compromised.

The organization is required to establish an internal audit program/schedule. If they are excessively extending the interval between internal audits of certain aspects of the system, they better have data to justify that, just like you would expect historical data to justify extending the interval between calibrations of a gage.
Click to expand...
I still don't understand which written 9001/9100 requirement (Section 9.2 is identical except for a couple extra notes in 9100) is being violated in this scenario. Which clause number would you write this against and how would you write the nonconformance statement?
 
O

outdoorsNW

Quite Involved in Discussions
Miner,

As time since a check occurs increases, the risk increases. So a 25 year plan does not adequately account for risk. But a hypothetical plan where high risk areas have an internal audit every 2 years and lowest risk areas go 4 years between audits in many cases will be more effective at catching issues with the greatest likelihood of causing quality or other problems. In my hypothetical, the time gained by putting low risk areas on a 4 year interval can be used to audit high risk areas more often.
 
You must log in or register to reply here.

Similar threads

Crusader
Internal Audit AS9100 - all elements within a 3 year cycle…required or not?
2
Replies
11
Views
2K
Randy
Randy
T
AS9110 and Part 145 Internal Audit Program (combined)
Replies
2
Views
92
Trav99
T
QCBOB
ISO 13485:2016 Internal Audit checklist/template?????
Replies
1
Views
153
shimonv
shimonv
D
Gap Analysis for Customer specific requirements
Replies
5
Views
511
radame
R
N
Findings from internal audits
Replies
2
Views
488
Quality-Nation
Q
Top Bottom