Published: 10 Nov 2020
Andy Nichols, CQP MCQI, Program Manager at Michigan Manufacturing Technology Center, US, explains how internal auditors can achieve the independence requirements of ISO 9001.
One of the most frequently misunderstood and debated requirements of the ISO 9001:2015 requirements for Internal Audits (9.2.2) is the idea that auditors are ‘independent’ of the work being audited. It’s frequently taken that for internal auditors to be independent of the work they audit, they must be employed in a different function/department to the one being audited. Previous versions of ISO 9001 were somewhat clearer on the point.
ISO 9001:2008, Clause 8.2.2 stated that “auditors shall not audit their own work”, while ISO 9001:1987, Clause 18.104.22.168 explained that “design reviews and audits of the quality system, processes and/or product shall be carried out by personnel independent of those having direct responsibility for the work being performed.”
Meanwhile, ISO TS/9002:2018 Clause 9.2.2 Guidelines for the application of ISO 9001:2015, states: “When assigning persons to conduct audits, the organization should ensure objectivity and impartiality of the audit process. In some cases, specifically in smaller organizations or areas of the organization where specific job knowledge is required, it can be necessary for a person to audit their own work. In this situation, the organization might have the internal auditor work with a peer, or have the results reviewed by a peer or a manager, to ensure results are impartial.”
The model of management systems auditing, which is often used as the default for all things in ISO and auditing, is that of the certification body. After all, they are deemed as independent – as they are not the organisation’s customer(s) nor are they the organisation’s staff (albeit, they are paid for by them). It’s easy to conclude, perhaps incorrectly, that an internal auditor candidate must be recruited from a different part of the organisation, another department, in emulation of this independence. Indeed, certification auditors may also expect a business to use independent people as their internal auditors. Who wouldn’t agree that a fresh set of eyes is a good thing?
What appears to vex those people responsible for internal audit programmes is how to demonstrate the independence of internal auditors (for example, being from another department), while also having the knowledge of a function, process or activity. Clearly, there are ways to ensure objectivity and impartiality of auditors, which can be employed. This can be conducted by:
- Reviewing the planning and preparation of checklists, based on audit scope and criteria – this can be a help.
- Peer reviewing – doing a ‘ride along’ with an internal auditor to ensure the auditor follows the (audit) process and seeks objective evidence.
- Report reviewing – is what is being reported both factual and objective?
The state of being independent as an internal quality systems auditor comes from the freedom to plan, conduct and report the audit without pressure. For example, an auditor could be assigned to prove that certain personnel were not carrying out their work correctly and the audit becomes more of a witch hunt. In a case such as this, independence is lost.
It’s optimal to have internal auditors who are objective, impartial, and knowledgeable of the process/processes they are assigned to audit
The resulting audits should be much more effective, efficient and focus less on simple compliance to (documented) procedures. Instead, internal auditors should take an informed view of the effectiveness of the audited process. Issues raised for management’s attention are, therefore, more likely to be understood and support the improvements.