Both sides previous revisionPrevious revisionNext revision | Previous revision |
articles:rainbows_unicorns_audit_reports [2023/01/31 15:46] – [Rainbows, Unicorns... and Audit Reports?] rrandall | articles:rainbows_unicorns_audit_reports [2023/01/31 15:54] (current) – [Rainbows, Unicorns... and Audit Reports?] rrandall |
---|
{{ :articles:as9101_form_5-audit_conclusions.png?nolink&600 |}} | {{ :articles:as9101_form_5-audit_conclusions.png?nolink&600 |}} |
| |
Is this actually required? Upon examining ISO 17021-1:2015 & AS9101G, the ONLY reference I could find was "Table 1 - Audit reporting requirements" in AS9101F, sec. 4.3.1 indicating that Form 5 was "Required". | Is this actually required? Upon examining ISO 17021-1:2015 & AS9101G, the ONLY reference I could find was "Table 1 - Audit reporting requirements" in AS9101G, sec. 4.3.1 indicating that Form 5 was "Required". |
| |
I did find "//best practices//" mentioned in ISO 19011:2018, "Guidelines for auditing management systems". | I did find "//best practices//" mentioned in ISO 19011:2018, "Guidelines for auditing management systems". |
But, of course, ISO 19011 is only a guideline, that's not mandatory. | But, of course, ISO 19011 is only a guideline, that's not mandatory. |
| |
<note>{{ :articles:john-cleese-transparent.png?nolink&200|}}When reading "//should consider, where appropriate//", I imagine a "Monty Python" skit featuring John Cleese saying, with his very British accent, "//...should consider, where appropriate because we would really, really feel extremely bad if this were the least bit of a burden on you. We really don't want it to be a bother. But seriously, if it's not too much of an inconvenience, think about://" </note> | <WRAP center round info 80%> |
| {{ :articles:john-cleese-transparent.png?nolink&200|}}When reading "//should consider, where appropriate//", I imagine a "Monty Python" skit featuring John Cleese saying, with his very British accent, "//...should consider, where appropriate because we would really, really feel extremely bad if this were the least bit of a burden on you. We really don't want it to be a bother. But seriously, if it's not too much of an inconvenience, think about://" |
| </WRAP> |
| |
Even worse, some registrars require their auditors to complete a SWOT analysis for each audit! This is beyond ridiculous because auditors have extremely limited time to assess a management system... much less reasonably identify any meaningful "Strengths, Weaknesses, Opportunities and Threats" to the organization. | Even worse, some registrars require their auditors to complete a SWOT analysis for each audit! This is beyond ridiculous because auditors have extremely limited time to assess a management system... much less reasonably identify any meaningful "Strengths, Weaknesses, Opportunities and Threats" to the organization. |
===== Conclusion ===== | ===== Conclusion ===== |
| |
Ultimately, incorporating subjective “Strengths and Good Practices” OR a SWOT Analysis into an audit report dilutes the purpose of audit using "__objective__ evidence" to "__objectively__" determine the extent to which the audit criteria are fulfilled. | Ultimately, incorporating subjective “Strengths and Good Practices” OR a SWOT Analysis into an audit report dilutes the purpose of an audit relying on "__objective__ evidence" to "__objectively__" determine the extent to which the audit criteria are fulfilled. |
| |
There have been instances where I've issued NCs against areas that previous auditors had identified as “Strengths” or "Good Practices". Usually, because the previous auditor(s) had either missed something in that area or was “struggling” to identify __any__ "strength”. Of course, the client was confused. How could I issue a NC against an area that a previous auditor had actually complimented them on? So I have to bite my tongue to keep from criticizing the previous auditor for misidentifying a mediocre practice as a good practice… leading into the “//All audits are based on a sample//” speech. | There have been instances where I've issued NCs against areas that previous auditors had identified as “Strengths” or "Good Practices". Usually, because the previous auditor(s) had either missed something in that area or was “struggling” to identify __any__ "strengths”. Of course, the client was confused. How could I issue a NC against an area that a previous auditor had actually complimented them on? So I have to bite my tongue to keep from criticizing the previous auditor for misidentifying a mediocre practice as a good practice… leading into the “//All audits are based on a sample//” speech. |
{{ :articles:unicorn-clipart-rainbow-hair-pencil-and-in-color-unicorn_transparent.png?nolink&200|}} | {{ :articles:unicorn-clipart-rainbow-hair-pencil-and-in-color-unicorn_transparent.png?nolink&200|}} |
| |
| |
IAQG... please consider this an "opportunity for improvement"; and remove the “Strengths and Good Practices” from Form 5 in the next revision of AS9101. | IAQG... please consider this an "opportunity for improvement"; and remove the “Strengths and Good Practices” from Form 5 in the next revision of AS9101. |
| |
| And ANAB... since many of your auditors pay little to no attention to the IAQG, please consider this an "opportunity for improvement"; and stop mandating that CBs force their auditors to identify “Strengths and Good Practices” on Form 5 of AS9101 in OASIS. |
| |
And as for other standards, registrars, please stop requiring your auditors to waste their time by "//dreaming up//" some nonsense data to complete a SWOT for your report. | And as for other standards, registrars, please stop requiring your auditors to waste their time by "//dreaming up//" some nonsense data to complete a SWOT for your report. |
| |
For a variety of reasons, these add about as much value (perhaps even less) as placing a rainbow unicorn clipart graphic into the report. | For a variety of reasons, these add about as much value (perhaps even less) as placing a rainbow unicorn clipart graphic into the report. |