Auditor responsibility
Started by okido, Aug 02 2005 07:52 AM
Hi,
To what extent is an internal auditor responsible for safety and food safety.
Is he just an observer that goes around and writes his reports based on his knowledge of any given formal standard.
What about the common sense standard, this is part of his knowledge too.
Few examples:
The fire door is open > should he close them
A technician is working without the required scalp covering > address him on the spot
An ingredient that is not given free for use is processed > stop the production immediately
Where does your responsibility as an auditor begin but more important where does it end?
I look forward to get some opinions on this subject.
Have a nice day, Okido
To what extent is an internal auditor responsible for safety and food safety.
Is he just an observer that goes around and writes his reports based on his knowledge of any given formal standard.
What about the common sense standard, this is part of his knowledge too.
Few examples:
The fire door is open > should he close them
A technician is working without the required scalp covering > address him on the spot
An ingredient that is not given free for use is processed > stop the production immediately
Where does your responsibility as an auditor begin but more important where does it end?
I look forward to get some opinions on this subject.
Have a nice day, Okido
Over lenient NSF auditor
Are You an Effective Auditor?
FSSC Internal auditor competency
Choice of Auditor and Auditing Date
BRCGS 3.5.3 Issue 6 - Internal Auditor competency
[Ad]
Okido you sound a little frustrated my friend.
In my opinion the auditor should do whatever is necessary including making a direct intervention if there is deemed to be a significant risk to product or personnel. After all the auditor is acting as an agent for the business (and customer) in ensuring their policies and procedures are operating as specified.
The ability to operate this method of auditing smoothly depends on a variety of things including (but not limited to):
- How committed the company are to the ‘management system'
- Responsibility and Authority are clearly defined and delegated to the auditor by senior management
- Effective communication of the above to relevant personnel
- The auditor knows his stuff technically
- The auditor isn't a complete jackass
Have a nice day,
Simon
In my opinion the auditor should do whatever is necessary including making a direct intervention if there is deemed to be a significant risk to product or personnel. After all the auditor is acting as an agent for the business (and customer) in ensuring their policies and procedures are operating as specified.
The ability to operate this method of auditing smoothly depends on a variety of things including (but not limited to):
- How committed the company are to the ‘management system'
- Responsibility and Authority are clearly defined and delegated to the auditor by senior management
- Effective communication of the above to relevant personnel
- The auditor knows his stuff technically
- The auditor isn't a complete jackass
Have a nice day,
Simon
- Responsibility and Authority are clearly defined and delegated to the auditor by senior management
Hi Saferpakers,
I was wondering why in public ceremonies and similar, the journalists use quite often the word "Authority" but in few occasions the use the word "Responsibility"
Moreover, may responsibility exist without authority ?
You'll like this article Franco it explains the difference in simple terms:
DIFFERENCE BETWEEN AUTHORITY AND RESPONSIBILITY: In the Context of Managing a Business Structure
It's difficult to explain but there is a difference. Can anyone with a cross functional job to do admit to never having been hindered by it?
Responsibility
1. The state, quality, or fact of being responsible.
2. Something for which one is responsible; a duty, obligation, or burden.
Authority
1. The power to enforce laws, exact obedience, command, determine, or judge.
Regards,
Simon
DIFFERENCE BETWEEN AUTHORITY AND RESPONSIBILITY: In the Context of Managing a Business Structure
It's difficult to explain but there is a difference. Can anyone with a cross functional job to do admit to never having been hindered by it?
Responsibility
1. The state, quality, or fact of being responsible.
2. Something for which one is responsible; a duty, obligation, or burden.
Authority
1. The power to enforce laws, exact obedience, command, determine, or judge.
Regards,
Simon
Hi Simon,
I have this problem on my desk for several months now and I straight forward answer is difficult to formulate.
I will follow the line that the auditor takes up his responsibility and lets prevail safety above anything else.
One of these "anything else's" is that the signal to the person who creates the mess is less strong.
Okido
Remember to share good fortune with your friends
I have this problem on my desk for several months now and I straight forward answer is difficult to formulate.
I will follow the line that the auditor takes up his responsibility and lets prevail safety above anything else.
One of these "anything else's" is that the signal to the person who creates the mess is less strong.
Okido
Remember to share good fortune with your friends
The wise choice Okido.I will follow the line that the auditor takes up his responsibility and lets prevail safety above anything else.
Yes attitude is everything. An essential part of an internal auditor's role is to educate and develop understanding of staff; this is the best way to increase commitment to the management system.One of these "anything else's" is that the signal to the person who creates the mess is less strong.
Regards,
Simon
Hi Simon,
Agree with what you say.
Would you say the same for an external auditor too ?
How an external auditor has to behave and react in order to give the audetee an "added value" from the audit, but without becoming a "consultant" ?
Moshe Saguy
Yes attitude is everything. An essential part of an internal auditor's role is to educate and develop understanding of staff; this is the best way to increase commitment to the management system.
Agree with what you say.
Would you say the same for an external auditor too ?
How an external auditor has to behave and react in order to give the audetee an "added value" from the audit, but without becoming a "consultant" ?
Moshe Saguy
In most accredited third party audit schemes there are rules on what auditors can and cannot do. I don't know what they are precisely but I believe they include not providing paid or unpaid consultancy.
Maybe I wouldn't expect my third party auditor to provide me with consultancy per say, but I would expect a lot more for my money than a robot with a 'Nonconformity' stamp. And I would hope we could freely exchange ideas, views and confer without fear of retribution.
An example to illustrate:
Mr Woodruff - Third Party Auditor, Good Assurance Services Ltd. (GAS)
'Mr Timperley - You have failed to meet clause 9.7.6.3.2 of the standard which requires the organisation to have recorded the competency level of all employees in the criteria that affects internal and/or external product and/or service quality with respect to the satisfaction of interested and/or uninterested parties. How plead you?'
Mr Timperley:
Guilty…but the training records are so difficult to maintain, we did have them up to date following your last audit but nobody tells me when someone starts or leaves the company or when an employee becomes competent in a criteria that affects internal and/or external product and/or service quality with respect to the satisfaction of interested and/or uninterested parties.
Mr Woodruff - Third Party Auditor, Good Assurance Services Ltd. (GAS)
Have you consider a competence matrix for each department? You could have employees down the left side and tasks along the top. You just colour in the squares when the employee becomes competent. If you wanted you could use different colours to denote level of competence e.g. gold = trainer, green = fully competent, yellow = in training, blue = requires training and white = training not required. Stick it on the wall and it's easier to update and easier for you to see whether it is up to date. You never know your managers may also find it to be a useful tool for resource planning.
Mr Timperley:
That's a really great idea Mr Woodruff it will definitely improve our training system and prevent this nonconformity from recurring. Thanks for your help I appreciate it.
So is this the heinous crime of consultancy? What say you?
Regards,
Simon
Maybe I wouldn't expect my third party auditor to provide me with consultancy per say, but I would expect a lot more for my money than a robot with a 'Nonconformity' stamp. And I would hope we could freely exchange ideas, views and confer without fear of retribution.
An example to illustrate:
Mr Woodruff - Third Party Auditor, Good Assurance Services Ltd. (GAS)
'Mr Timperley - You have failed to meet clause 9.7.6.3.2 of the standard which requires the organisation to have recorded the competency level of all employees in the criteria that affects internal and/or external product and/or service quality with respect to the satisfaction of interested and/or uninterested parties. How plead you?'
Mr Timperley:
Guilty…but the training records are so difficult to maintain, we did have them up to date following your last audit but nobody tells me when someone starts or leaves the company or when an employee becomes competent in a criteria that affects internal and/or external product and/or service quality with respect to the satisfaction of interested and/or uninterested parties.
Mr Woodruff - Third Party Auditor, Good Assurance Services Ltd. (GAS)
Have you consider a competence matrix for each department? You could have employees down the left side and tasks along the top. You just colour in the squares when the employee becomes competent. If you wanted you could use different colours to denote level of competence e.g. gold = trainer, green = fully competent, yellow = in training, blue = requires training and white = training not required. Stick it on the wall and it's easier to update and easier for you to see whether it is up to date. You never know your managers may also find it to be a useful tool for resource planning.
Mr Timperley:
That's a really great idea Mr Woodruff it will definitely improve our training system and prevent this nonconformity from recurring. Thanks for your help I appreciate it.
So is this the heinous crime of consultancy? What say you?
Regards,
Simon
Moshe
Its very hard to place critics on auditors as everybody wants to be a nice person. There are just so many selection criteria i.e. from competency, experience to professionalism. I had just gone through an audit a week ago where the auditor was more concern about "advising" the client than "auditing" the system.
I had another auditor whom after officially recommending certification, reverted with two more inqueries for response after about 1 month.
Good auditors are hard to come by and by "good" - you have to decide what that is. Right now, I have only come across two truly good auditors but plenty of average auditors.
Charles Chew
Would you say the same for an external auditor too ?
How an external auditor has to behave and react in order to give the audetee an "added value" from the audit, but without becoming a "consultant" ?
Its very hard to place critics on auditors as everybody wants to be a nice person. There are just so many selection criteria i.e. from competency, experience to professionalism. I had just gone through an audit a week ago where the auditor was more concern about "advising" the client than "auditing" the system.
I had another auditor whom after officially recommending certification, reverted with two more inqueries for response after about 1 month.
Good auditors are hard to come by and by "good" - you have to decide what that is. Right now, I have only come across two truly good auditors but plenty of average auditors.
Charles Chew
I have seen many external auditors the last 10 years. I can remember only one that did not add any value to our organisation other than a new certificate on the wall. He audited the management system strictly according the standard.
Personally I like the more "advising" style as CC calls it.
The spirit of the standard prevails and gives room for discussion and new interpretations.
This kind of knowledge sharing creates a dynamic environment that is a perfect starting point for improvement.
But I have to admit that some people raise their eyebrows as the "advise" is given. The advise reflects in most cases on the situation as it will be in 2 to 3 years and this far away for the most people.
Okido,
Remember to share good fortune with your friends!
Personally I like the more "advising" style as CC calls it.
The spirit of the standard prevails and gives room for discussion and new interpretations.
This kind of knowledge sharing creates a dynamic environment that is a perfect starting point for improvement.
But I have to admit that some people raise their eyebrows as the "advise" is given. The advise reflects in most cases on the situation as it will be in 2 to 3 years and this far away for the most people.
Okido,
Remember to share good fortune with your friends!
It's difficult to explain but there is a difference. Can anyone with a cross functional job to do admit to never having been hindered by it?
Simon, thanks for the metaethics stuff. I know there's a difference between the two. What I was trying to point out is that one cannot exist without the other, as is for twins: we all agree that two twins are different, but we must also agree on the fact that one can't have a twin if he's an only child
We all agree that two twins are different, but we must also agree on the fact that one can't have a twin if he's an only child.
Twins, twins - you really are trying to confuse me now Franco.
Simon
So you are saying it's impossible to separate the two completely - if there is responsibility there must be authority, even if it is only a minute amount.
Yeah mate, that's the point IMO
And next question is: why did ISO people explicitly written in 5.5.2 that responsibility AND authority must be given, as if one could give only one of the two or both ?
I don't know perhaps it's recognition by ISO that in some organisations the implementation and administration of the management system is delegated to a relatively junior person and in order they might do their job effectively they must have a degree of organisational muscle.why did ISO people explicitly written in 5.5.2 that responsibility AND authority must be given, as if one could give only one of the two or both ?
Regards,
Simon
... is delegated to a relatively junior person and in order they might do their job effectively they must have a degree of organisational muscle.
Maybe. It would mean that ISO people are dealing with real world.
The rules about consulting and/or advising are quite clear. It is prohibited, but people do have conversations in an evaluation or otherwise. Whenever I conduct an evaluation of the BRC / IOP Global Standard, I always make it quite clear in the opening meeting that any comments or anything which might be construed as advice should not be considered as such. It is up to the company to decide if any of my comments have any merit as I am there simply to challenge the sytem and ensure that the company is meeting the requirements. Incidentally, I have been witness assesed by UKAS without any non-conformances.
It all depends on how you phrase the "suggestion" and make any other qualifications as I described above.
Peter
It all depends on how you phrase the "suggestion" and make any other qualifications as I described above.
Peter
Over lenient NSF auditor
Are You an Effective Auditor?
FSSC Internal auditor competency
Choice of Auditor and Auditing Date
BRCGS 3.5.3 Issue 6 - Internal Auditor competency
BRCGS Auditor Issue 6
SQF Auditor - Contractor vs Salaried?
Where do I find the Practical Internal auditor Training for Food Operations Previous recording that I just purchased?
Is there a process that allows me to request another auditor?
Will an auditor show up on a Friday for an Unannounced SQF Audit?