AUDITING COMPETENCE AND AWARENESS

Auditors must have a good understanding of the following issues:

- The quality policy

- Objectives
- Organizational structure and responsibility of key positions within the organization

AUDITING COMMUNICATION

Consider:

- Identification of “key” positions – eg: personnel whose work way have affect on quality
- Whether internal communication methods and lines of communication have been identified and
established between positions
- Whether communications are effective in practice

OTHER DIFFICULT AREAS FOR INTERNAL AUDITORS

- production and services provision (8.5)

- monitoring, measurement, analysis and evaluation (9.1)
- customer satisfaction (9.1.2)
- internal audit (9.2)
- management review (9.3)

CONTINUAL IMPROVEMENT

Continual improvement to effectiveness of the QMS through the:

- suitability
- adequacy
- effectiveness

to enhance quality performance

FOR AUDITORS …

Information from the improvement processes provides evidence that the QMS:

- is able to address risk and opportunity

- enables the organisation to plan, implement and control the processes needed to meet QMS
requirement
- enables the implementation of actions determined in its quality plans by
 establishing criteria for the processes
 implementing control of the processes, in accordance with the criteria
 preventing deviation from the quality policy, quality objectives

AUDITING MANAGEMENT SYSTEM

ISO 19011:2011 provides guidance on:

- principles of auditing (4)

 - managing audit programmers (5)
- performing an audit (6)
- competence of auditors (7)

AUDIT

Systemic, independent and documented process for obtaining audit evidence and evaluating it
objectively to determine the extent to which audit criteria are fulfilled. (ISO 19011)

AUDIT EVIDENCE

Records, statement of fact or other information relevant to the audit criteria and verifiable (ISO 19011)

PRINCIPLES OF AUDITING

- integrity
- fair presentation
- due professional care
- confidentiality
- independence
- evidence-based approach

9.2 INTERNAL AUDIT

Internal audits are to determine whether QMS:

- conforms to the planned arrangements

- conforms to requirements of the international standard
- is effectively implemented and maintained

audit programme to be implemented based on:

- quality importance of the processes concerned

- changes affecting the organization
- previous audit results

audit criteria and scope to be defined

auditors to be objective, impartial

results of audits are to be reported to management

documented information to be retained as evidence of the implementation of audits and audit results

AUDITOR RESPONSIBILITIES

Responsibilies:

- review information
- prepare work documents
- comply and communicate audit requirements
- stay in scope
 - collate evidence
- document nonconformities
- report findings
- safequard documents

AUDIT OBJECTIVES

INCLUDE:

- determining the extent of comformity to audit criteria

- evaluating risk and opportunity
- evaluating the effectiveness in meeting objectives
- identifying areas of potential improvement
- providing added value to the business objectives of the organization

AUDIT SCOPE

Describes extent and boundaries of audit including:

- clause in standard
- process
- physical locations
- legislation
- significant aspect
- procedure
- combination

AUDIT CRITERIA

INCLUDES:

- applicable standards
- policies
- procedures
- regulations
- legislation
- management system requirements
- industry/business sector codes of conduct

AUDIT CHECKLIST

Purpose

To :

- ensure audit objectives and scope are met

- every part of the audit is completed
- provide guidelines for auditor
PREPARING A CHECKLIST

Consider :

- the processes taking places

- relevant procedures
- documents in use
- records
- requirements of ISO 9001
- requirements of the QMS

COLLECTING AND VERIFYING INFORMATION

1. sources of information
gathering and selecting (document review, interviews, observations) by appropriate sampling
2. information
verifying
3. audit evidence
evaluiating against audit criteria
4. audit findings
reviewing
5. audit conclusions

AUDIT EVIDENCE

Records, statements of fact or other information which are relevant to the audit criteria and verifiable
(ISO 19011:2011)

INFORMATION RELEVANT TO THE AUDIT

Information is obtained from:

- people
- processes
- equipment/tools/materials
- documentation

SAMPLING

A skill in audit to examine evidence

Sufficient examples to establish a degree of conformity or nonconformity

- no sampling plans
- no statistical method

AUDIT FINDINGS

The audit evidence will be :

- identified
 - documented
- recorded
- evaluated against audit criteria to determine audit finding

OPENING MEETING

To :

- enable participants to introduce the QMS selves

- confirm audit purpose, scope and method
- establish communication
- encourage co-operation, honesty, openness
- confirm reporting arrangements

maybe very informal in an internal audit situation

THE AUDITORS APPROACH

- meet the area representative first

- always talk to those performing the task
- explain the purpose of the visit
- be calm, polite, reassuring
- never “talk down” to people
- speak clearly and carefully

CONDUCTING THE AUDIT

- examine audit evidence

- ask open-ended questions
- refer to checklists
- take notes
ask – look – listen

QUESTIONING TECHNIQUES

Six important words: 5W+1H PLUS SHOW ME

CONTROL THE AUDIT

Do not :

- be side-tracked
- be led or misled
- get “bogged down”
- let auditee dictate the pace of the audit
- make assumptions or presumptions

Do:

- be prepared
- be punctual
 - insist on person questioned answers for them selves
- as little talking as necessary
- avoid misunderstandings
- keep questions clear and concise
- be polite and calm
- thank the auditee

BE AWARE OF:

- aggressive auditees
- timid auditees
- missing people
- missing documents
- pre-prepared samples (choose your own)
- special cases
- local issues ad cultural customs
- emotional blackmail

AUDIT REVIEW

A review after the audit finding to include:

- A study of notes and/or comparison of notes with team members

- A review of checklist
- The listing of findings, together with any audit evidence
- Decisions on nonconformities and opportunities for improvement
- The writing of Corrective Action Requests (CARs)

AUDIT FINDINGS

An audit finding may be :

- Nonconformity
- Opportunity for improvement (observation)

NONCONFORMITY

The non-fulfilment of a requirement (ISO 19011:2011)

A NONCONFORMITY

May be a failure to :

- Comply with the standard

- Implement a process or other documented requirement
- Implement a alegal or contractual requirement

Non requirement = no nonconformity

A FINDING STATEMENT
Includes : [ PLOR  EXTERNAL AUDIT ]

- Overview of finding
- Description of nonconformity (PROBLEM)
- Example of audit evidence (OBJECTIVE EVIDENCE)
- LOCATION
- Summary of requirement (REFERENCE)

CORRECTIVE ACTION REQUEST (CAR)

A form used to :

- Report nonconformities
- Classify nonconformities
- Record acceptance of nonconformities
- Record actions to correct nonconformities
- Record auditor acceptance of corrective actions taken

CARS CONTAIN

- The applicable function, process or procedure

- Standard and clause number
- Auditors name
- Finding statement
- Acceptance by auditee

OPPORTUNITIES FOR IMPROVEMENT

- Good points that may benefit other areas of the organization

- Areas of concern
- Deficiencies given the “benefit of the doubt”
- Considerations for improvement

AUDIT REPORT

Should include :

- Agreed audit objectives and scope

- Audit criteria
- Date and location of audit
- Duration
- Summary of audit findings
- Positive as well as negative findings

CLOSING MEETING

# Internal Audit

- Informal
- Constructive
- System improvement
# Present all findings and evidence carefully, and precisely

# Be prepared to support and justify findings

# Do not be drawn into arguments

# If an error transpires, apologise; alter or withdraw if necessary

# Do not accept a “quick fix” to CARs

CORRECTIVE ACTION

ISO 19011

Action to eliminate the cause of a detected nonconformity or other undesirable situation

TYPICAL CORRECTIVE ACTION “CYCLE”

1. Auditor identifies nonconformity

2. Auditor writes finding statement
3. Auditor classifies & issues CAR
4. Management eliminates detected nonconformity (quick fix)
5. Management investigates root cause
6. Management determines CA to prevent recurrence
7. Auditor agrees CA
8. Management implements CA
9. Auditor verifies effectiveness
Biasanya tidak dilakukan di closing meeting, tapi eksternal dilakukan oleh audit selanjutnya.
10. Auditor closes out

CONTINUAL IMPROVEMENT

Management review should consider:

- Corrective actions in respect of CARs to prevent problem recurrence

- The analysis of data from audits, customer feedback, process performance, product conformity
- Considerations for improvement