What makes a good auditor?
I got into this business after dealing with a pretty bad auditor. It's funny that was my inspiration. I dove into this field, without any of the research that you are supposed to do.
Back to the subject: What makes a good auditor? Here is one of my client testimonials on the subject:
This is our third year of working together and we happy to have you as part of our internal auditing team. You made our internal auditing program very easy and efficient by being always truthful, fair and open-minded. You have also helped to make our internal audits more effective. People started to look at the audits with more positive attitude because of your ability to communicate effectively with others. Your great experience has made our internal audit program transparent and very convenient for our business."
Everything said above refers to the outcomes of a great auditor. A auditor needs to make people feel at ease, I view audits as opportunities to get to know the people and the processes. An auditor needs to know the standard that they are auditing agaiinst. They also need to pick their battles, and write up non-conformances that are important, systemic issues.
Another characteristic that an auditor needs is inquisitiveness, ask why why why why, and then show me.
Johnson George added to this linked in blog by writing: Make the auditee team comfortable
- Explain your purpose of audit, make them feel it is the system you are auditng and not the person
- While you write notes, let them see what you are writing (or else they are going to be scared - are you upto giving an NC?)
- Summarise and agree on all the NC's
- Do write a clear report so that they can respond to your NC with effective Correction, Root Cause and Corrective Action
- Offer to help find root cause (this works)
Edward Doss added: As per ISO 19011:2002 (E), 7.2 Personal attributes
Auditors should possess personal attributes to enable them to act in accordance with the principles of auditing described in clause 4.
An auditor should be:
a) ethical, i.e. fair, truthful, sincere, honest and discreet;
b) open-minded, i.e. willing to consider alternative ideas or points of view;
c) diplomatic, i.e. tactful in dealing with people;
d) observant, i.e. actively aware of physical surroundings and activities;
e) perceptive, i.e. instinctively aware of and able to understand situations;
f) versatile, i.e. adjusts readily to different situations;
g) tenacious, i.e. persistent, focused on achieving objectives;
h) decisive, i.e. reaches timely conclusions based on logical reasoning and analysis; and
i) self-reliant, i.e. acts and functions independently while interacting effectively with others.
and finally any auditing mechanism is not an fault finding activitiy rather its an fact finding methodology..
So what did we miss? What makes a good auditor?
Showing posts with label iso 9001. Show all posts
Showing posts with label iso 9001. Show all posts
Sunday, April 25, 2010
Tuesday, February 16, 2010
A closer look at Quality Records
Control of Quality Records is probably one of the least glamourous sections of the ISO 9001 standard.
What the ISO 9001 standard requires: 4.2.4 Control of records
Records shall be established and maintained to provide evidence of conformity to requirements and of the effective operation of the quality management system. Records shall remain legible, readily identifiable and retrievable. A documented procedure shall be established to define the controls needed for the identification, storage, protection, retrieval, retention time and disposition of records.
Automotive, Medical and Aerospace may have additional requirements as well.
For the typical company adhering to ISO 9001 requirements there are a variety of Quality Records which must be kept to provide evidence that the company is complying with the requirements of the standard
Electronic Record Retention
During my audits I am finding that Quality Records Tables or Master Lists of Records do not account for the electronic side of record retention. Typially sales inquiries are kept on e-mail, but we don't mention sales orders, inquiries, etc on the Quality Records Table. Or the quality records table will say that these records are kept for 2 years. Well a quick comparison to what the IT folks are regulating turns up a different story. E-mails quickly deleted after six months. Well happens as evidence of conformity if we are only keeping our records for six months.
A quick way to ensure that your Quality Records Table contains everything that the QMS standard requires is to go through the standard for each requirement and keep track of each reference that requires "records". Then double check that against your quality records table.
Confidentiality
The Quality Records Process should also include how we are going to keep information confidential. If we dispose of a computer, reformatting the hard drive - is that enough to ensure that any customer specifications or personnel records are protected? Does your organization understand that erased data on an old computer drive may still be retrievable? A report "Skeletons on your Hard Drive" by Matt Hines for CNET News.com shows that just because a hard drive was reformatted - the information can still be found. Something to consider when making computers obsolete.
What the ISO 9001 standard requires: 4.2.4 Control of records
Records shall be established and maintained to provide evidence of conformity to requirements and of the effective operation of the quality management system. Records shall remain legible, readily identifiable and retrievable. A documented procedure shall be established to define the controls needed for the identification, storage, protection, retrieval, retention time and disposition of records.
Automotive, Medical and Aerospace may have additional requirements as well.
For the typical company adhering to ISO 9001 requirements there are a variety of Quality Records which must be kept to provide evidence that the company is complying with the requirements of the standard
Electronic Record Retention
During my audits I am finding that Quality Records Tables or Master Lists of Records do not account for the electronic side of record retention. Typially sales inquiries are kept on e-mail, but we don't mention sales orders, inquiries, etc on the Quality Records Table. Or the quality records table will say that these records are kept for 2 years. Well a quick comparison to what the IT folks are regulating turns up a different story. E-mails quickly deleted after six months. Well happens as evidence of conformity if we are only keeping our records for six months.
A quick way to ensure that your Quality Records Table contains everything that the QMS standard requires is to go through the standard for each requirement and keep track of each reference that requires "records". Then double check that against your quality records table.
Confidentiality
The Quality Records Process should also include how we are going to keep information confidential. If we dispose of a computer, reformatting the hard drive - is that enough to ensure that any customer specifications or personnel records are protected? Does your organization understand that erased data on an old computer drive may still be retrievable? A report "Skeletons on your Hard Drive" by Matt Hines for CNET News.com shows that just because a hard drive was reformatted - the information can still be found. Something to consider when making computers obsolete.
Subscribe to:
Comments (Atom)
