INTERNAL QUALITY AUDIT

THE NEED FOR AUDITING

A quality management system is a management system designed to provide assurance of quality. The
system is documented in the quality manual, quality procedures and instructions and it is necessary
that such a quality management system meets the requirements the ISO 9001 :2000 quality
management system.
The question arise how, how do you check that satisfactory quality management system is operating.
In other words, how do you obtain assurance that quality management system is
1. Adequately defined, documented and understood
2. Is being followed and effectively implemented
3. Provide the correct degree of assurance to our product or services
You can only check these points by carrying out an audit of the quality management system. Auditing
is method of formally and systematically checking a quality management system to see if these three
requirements are being met. It is therefore, one of the most important part of the quality management
system, because it provide the proof that the quality management system is adequate and meeting the
requirements of the standard. Consequently, it also exposes inadequacies in the quality management
system.
.
Auditing is a means of gaining information in an independent and unbiased manner. Information
about what we have achieved, or about the means of achievement. Auditing enables us to establish if
our systems are being followed and if they are fully effective. This information enables us to proceed
with confidence Systems.
ISO 9000 : 2000 definitions:
Audit
Systematic, independent and documented process for obtaining audit evidence and evaluating
it objectively to determine the extent to which audit criteria are fulfilled
Audit Criteria
Set of polices, procedures or requirements used as a reference
Auditor
Person with the competence to conduct an audit

Quality System Audit

A systematic investigation of the intent, the implementation and the
effectiveness of selected aspects of the quality system of an
organization.
In order to obtain information about how the work within various processes is actually performed it
is possible to use process quality audits.
Audits of this type are carried out by studying the actual conditions that exist at each work stage and
work station. The various factors which influence the quality result of each process or operation are
taken into account. Examples of factors include;
- use of the right documentation, such as job descriptions and process instructions
- use of the right materials
- compliance with the above documentation
By: G. R. P. K. Perera, Lecturer, CoT, Kandy.

- execution of prescribed follow-up and control activities

- conduction of equipment
- checking and calibration of measuring devices and instruments
- orderliness at the work station.
TYPES OF AUDITS
There are three types of audit.
First party
Second party
Third party
First party (internal Audit)
Definition : An audit by the organization of its own systems and procedures.
Objective : To assure maintenance, development and improvement of the quality system
Second Party (External Audit)
Definition : An audit by the organization on its suppliers and sub-contractors.
Objective : - to determine suitability of suppliers
- to appraise supplier/sub contractors performance
- to ensure that suppliers have the capability to supply product
- to meet purchasing requirements.
Third party audit (External Audit)
Definition : an audit by a body which is commercially and contractually independent of the
organization, its suppliers and customers. In this context an audit by certification body on a quality
system standard.
Objective : to determine whether an organizations quality system has been
documentation and implemented in accordance with a specified standard.
ISO 19011 AND AUDITOR COMPETENCE
The standard provides guidance on audit principles, the management of audit
programmes, audit conduct and auditor competency requirements. It has been
prepared in a general way so as to be applicable to different industries and
organisations, is equally applicable to First, Second and Third Party auditing and
is now used as the basis for audit approaches throughout the world and by a
diverse range of organisations undertaking audits and assessments. There are of
course variations in the particular approaches adopted, however it is generally
acknowledged that ISO 19011 provides a good foundation for audit activities. It
is important to note that ISO 19011 makes it quite clear that an auditor always
has a client, and the sole purpose of undertaking an audit is to provide the
'client' with information. In other words audits are not undertaken to keep
auditors employed or for the benefit of the auditors !
Structure of ISO 19001.
ISO 190011 provides guidance on the management of audit programmes, audit conduct and auditor
competency requirements. It has been prepared in a general way so as to be applicable to different
industries and organisations and provides guidance that is intended to be flexible in the way that it is
applied dependent upon the size, nature and complexity of the organisation to be audited as well as
the
objectives and scope of the audit to be conducted. The guidance is provided in
By: G. R. P. K. Perera, Lecturer, CoT, Kandy.

the following clauses:

Clause 4 - Principles of auditing,
Clause 5 - Guidance on managing audit programmes,
Clause 6 - Guidance on audit conduct,
Clause 7 - Guidance on competency requirements and auditor evaluation.
Principles of auditing,
Reliance on:
a) Ethical conduct
b) Fair presentation
c) Due professional care
d) Independence
e) Evidence based approach
Managing Audit Programmes.
An audit programme comprises a series of audits undertaken over a specified
period of time. Such a programme needs to be effectively managed.
Audit activities
Initiating the audit (audits normally initiated by a 'client' here by management or MR),
Defining (or confirming) audit objectives, scope and criteria,
Selecting the audit team,
Conducting document review and planning and the Preparing for the on-site audit activities audit
activities (stage 1 of Audit),
Conducting the on-site audit activities, (stage 2 of an Audit),
Preparing, approving and distributing the audit report,
Completing the audit (normally considered complete once report issued),
Conducting audit follow up (if requested to do so by the 'client').
THE AUDIT PROCESS
It will be found that this approach is very similar to that detailed in ISO 19011
(guide to Quality Systems Auditing) and is believed to be a desirable approach
to encourage. The general assessment process involves the following;

By: G. R. P. K. Perera, Lecturer, CoT, Kandy.

Education, work experience, auditor training and audit experience.

Auditors should have:
a) education that provides a good foundation for their intended field of auditing
coupled with appropriate knowledge and skills,
b) work experience in an environment that contributes to the development of
their knowledge and skills,
Audit team leaders should have:
a) additional knowledge and skills in team / audit leadership to facilitate efficient
and effective conduct of an audit, e.g.
audit planning,
communication,
organising and directing,
reaching conclusions,
preventing and resolving conflict,
audit reporting.
PROCESS MANAGEMENT
Monitoring and Improvement
ISO 9001 : 2000 focuses very much on the need for an organization to adopt a
process approach when designing, implementing and improving a quality management system, and
verification that this has been undertaken in an effective manner will place heavy demands on an
assessment team leader to construct a suitable assessment schedule and associated audit samples for
the various team members. It will require the team leader tot develop a very good understanding of
the organization, the various processes that are in operation and how they interact with each other.
Process analysis will need to be performed in greater depth before the assessment schedule can be
finalized. Process analysis , which should have been undertaken by auditors in the past will not be
very necessary, and an essential tool within the auditors toolbox. This will need to be undertaken at
two levels at the first level process analysis will involve looking at the organization at the macro
level to understand the nature of the business the processes involved and the general sequence and
interaction of these processes. At the micro level it will involve the examination of individual
processes to clearly understand how the process functions, is managed and outputs measured against
By: G. R. P. K. Perera, Lecturer, CoT, Kandy.

any performance standard.

Cross functional, process are processes that flow through the different company
functional areas or departments, and auditors will need to consider to verify particular aspects of
such processes. There will also be important outputs from processes and it will be necessary for
auditors to clearly understand what these outputs should be and if they are satisfying the appropriate
criteria.
For a full assessment of an organization to verify conformity with ISO 9001 : 2000 it will be very
necessary for significant identified processes as well as those specifically referred to in ISO 9001 to
be carefully audited to ensure that there has been adequate and effective planning, control and
monitoring of such processes. The assessment will need to focus on not only on the processes
themselves but also the inputs and outputs from them to establish if specified requirements for each
are being met. In particular there will be some key quality management system processes that will
need to be fully verified. An assessment team leader will wish to verify 4.1 General Requirements in
relation to the most important (or significant) processes undertaken by the company.
There will also be feedback of performance from both the process and process output monitoring
activities that will be used to continually improve the Process management activity. Here there is an
important link into 8.4 Analysis of data which holds the key to an organizations improvement
focus and activities relating to process improvement and subsequently leads in to 5.6.2
Management.
Review where management need to work with the results of data analysis to determine the need for
process and quality management system improvement.
For Process Management an auditor would wish to see that there has been adequate process planning,
and hence would wish to verify that the elements of 4.1 General Requirements have been applied
PROCESSProcess Inputs Monitoring of the Process and Process outputs Management of the Process outputs

Process outputs

Together with the general planning requirement of 7.1 Planning of product

realization thus
The auditor would then wish to verify that the planned actins are being implemented in an effective
manner. In relation to the Process monitoring, again there are elements of 4.1 General
Requirements that the auditor would wish to verify, that is.
For the process output the auditor would need to verify 8.2.4 Monitoring and measurement of
Product and finally the auditor may wish to verify that use is being made of data provided from the
process monitoring and product (process output) monitoring activities as an input to the continual
improvement process. Thus will require an auditor to establish if there is an adequate link between
8.2.3/8.2.4. (taking due account of customer satisfaction) and 8.4, conforming with the organizations
quality policy and related objectives and subsequently 5.6. Thus for any of the organizations
processes there are some general requirements that the team leader may wish individual auditors to
verify. This may be undertaken on a general basis relating to the
organizations Quality planning process, or specifically to some of the most significant product
realization processes undertaken by the organization. The assessment team leader will need to decide
which processes are to be the focus of audit attention and objective evidence of compliance.
Have the criteria and methods required to ensure the effective operation and control of the process been
determined?
Have the necessary resources and information to support the operation of the process been determined?
Are the actins necessary to a planned results and continued improvement of the process being
implemented?
Have the quality objectives and requirements for the product (process output) been determined?
Are necessary documents and resources specific to the product
By: G. R. P. K. Perera, Lecturer, CoT, Kandy.

(process output) available to support eh process?

Have the required verification, validation, monitoring, inspection and test activities specific to the
product (process output) been determined?
Have the quality records needed to provide evidence that the process and the product (process
output)meet requirements been determined?
Have the necessary resources and information to support eh monitoring of the process been
determined?
Have the process measurement, monitoring and analytical methods been determined?
together with the more specific elements of 8.2.3 Monitoring and measurement of processes
Is the organization applying suitable methods for monitoring and or measurement of the process?
Do these methods demonstrate the ability of the process to achieve planned results?
Where processes are found to be nonconforming, is corrective action taken to ensure conformity of
product?

By: G. R. P. K. Perera, Lecturer, CoT, Kandy.