Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
articles:rainbows_unicorns_audit_reports [2020/07/09 09:15] – [Rainbows, Unicorns... and Audit Reports?] rrandallarticles:rainbows_unicorns_audit_reports [2023/01/31 15:54] (current) – [Rainbows, Unicorns... and Audit Reports?] rrandall
Line 8: Line 8:
 </blockquote> </blockquote>
  
-So why does AS9101F, Form 5, "Audit Report" include a field, under the "Audit Conclusions" section, requiring auditors to include their "//subjective opinions//" regarding "Strengths and Good Practices"?+So why does AS9101G, Form 5, "Audit Report" include a field, under the "Audit Conclusions" section, requiring auditors to include their "//subjective opinions//" regarding "Strengths and Good Practices"?
 {{ :articles:as9101_form_5-audit_conclusions.png?nolink&600 |}} {{ :articles:as9101_form_5-audit_conclusions.png?nolink&600 |}}
  
-Is this actually required? Upon examining ISO 17021-1:2015 & AS9101F, the ONLY reference I could find was the requirement in AS9101F, sec. 4.2.3 to complete the "...Audit Report (Form 5)".+Is this actually required? Upon examining ISO 17021-1:2015 & AS9101G, the ONLY reference I could find was "Table 1 - Audit reporting requirements" in AS9101G, sec. 4.3.1 indicating that Form 5 was "Required".
  
 I did find "//best practices//" mentioned in ISO 19011:2018, "Guidelines for auditing management systems". I did find "//best practices//" mentioned in ISO 19011:2018, "Guidelines for auditing management systems".
Line 23: Line 23:
 But, of course, ISO 19011 is only a guideline, that's not mandatory. But, of course, ISO 19011 is only a guideline, that's not mandatory.
  
-<note>{{ :articles:john-cleese-transparent.png?nolink&200|}}When reading "//should consider, where appropriate//", I imagine a "Monty Python" skit featuring a very British John Cleese saying "//...should consider, where appropriate because we would really, really feel bad if this were the least bit of a burden on you. We really don't want it to be a bother. But seriously, if it's not too much of an inconvenience, think about://" </note>+<WRAP center round info 80%> 
 +{{ :articles:john-cleese-transparent.png?nolink&200|}}When reading "//should consider, where appropriate//", I imagine a "Monty Python" skit featuring John Cleese saying, with his very British accent, "//...should consider, where appropriate because we would really, really feel extremely bad if this were the least bit of a burden on you. We really don't want it to be a bother. But seriously, if it's not too much of an inconvenience, think about://" 
 +</WRAP>
  
 Even worse, some registrars require their auditors to complete a SWOT analysis for each audit! This is beyond ridiculous because auditors have extremely limited time to assess a management system... much less reasonably identify any meaningful "Strengths, Weaknesses, Opportunities and Threats" to the organization.  Even worse, some registrars require their auditors to complete a SWOT analysis for each audit! This is beyond ridiculous because auditors have extremely limited time to assess a management system... much less reasonably identify any meaningful "Strengths, Weaknesses, Opportunities and Threats" to the organization. 
Line 29: Line 31:
 ===== Conclusion ===== ===== Conclusion =====
  
-Ultimately, incorporating subjective “Strengths and Good Practices” OR a SWOT Analysis into an audit report contradicts the definition of the audit purpose of using "__objective__ evidence" to "__objectively__" determine the extent to which the audit criteria are fulfilled. +Ultimately, incorporating subjective “Strengths and Good Practices” OR a SWOT Analysis into an audit report dilutes the purpose of an audit relying on "__objective__ evidence" to "__objectively__" determine the extent to which the audit criteria are fulfilled. 
  
-There have been instances where I've issued NCs against areas that previous auditors had identified as “Strengths” or "Good Practices". Usually, because the previous auditor(s) had either missed something in that area or was “struggling” to identify __any__ "strength”. Of course, the client was confused. How could I issue a NC against an area that a previous auditor had actually complimented them on? So I have to bite my tongue to keep from criticizing the previous auditor for misidentifying a mediocre practice as a good practice… leading into the “//All audits are based on a sample//” speech.+There have been instances where I've issued NCs against areas that previous auditors had identified as “Strengths” or "Good Practices". Usually, because the previous auditor(s) had either missed something in that area or was “struggling” to identify __any__ "strengths”. Of course, the client was confused. How could I issue a NC against an area that a previous auditor had actually complimented them on? So I have to bite my tongue to keep from criticizing the previous auditor for misidentifying a mediocre practice as a good practice… leading into the “//All audits are based on a sample//” speech.
 {{ :articles:unicorn-clipart-rainbow-hair-pencil-and-in-color-unicorn_transparent.png?nolink&200|}} {{ :articles:unicorn-clipart-rainbow-hair-pencil-and-in-color-unicorn_transparent.png?nolink&200|}}
  
Line 37: Line 39:
  
 IAQG... please consider this an "opportunity for improvement"; and remove the “Strengths and Good Practices” from Form 5 in the next revision of AS9101. IAQG... please consider this an "opportunity for improvement"; and remove the “Strengths and Good Practices” from Form 5 in the next revision of AS9101.
 +
 +And ANAB... since many of your auditors pay little to no attention to the IAQG, please consider this an "opportunity for improvement"; and stop mandating that CBs force their auditors to identify “Strengths and Good Practices” on Form 5 of AS9101 in OASIS.
  
 And as for other standards, registrars, please stop requiring your auditors to waste their time by "//dreaming up//" some nonsense data to complete a SWOT for your report.  And as for other standards, registrars, please stop requiring your auditors to waste their time by "//dreaming up//" some nonsense data to complete a SWOT for your report. 
  
 For a variety of reasons, these add about as much value (perhaps even less) as placing a rainbow unicorn clipart graphic into the report.  For a variety of reasons, these add about as much value (perhaps even less) as placing a rainbow unicorn clipart graphic into the report.