Muhammad Afzal Meo

meo786pk@yahoo.com , meo786@hotmail.com

ADVANCED INTERNAL AUDITING WORKSHOP

COURSE OBJECTIVE

Purpose of Audit Define Audit Terms Auditor Independence Audit Preparation Conducting An audit Reporting Follow up

Why Audit

Formal requirement of ISO 9001:2000 Standard To encourage continuous improvement To give managers feedback on their systems To help employees understand corporate goals and procedures To monitor progress on targets and objectives

What to Audit ?

Understanding of corporate policies and objectives Compliance to procedure and standards Effective control on documentation & standards Record preparation & filing Competence and training of staff to perform job effectively Commitment of managers and workers towards continuous improvement

How Often ?

All departments at least once a year More regular audits in areas where there are problems, new personnel or regular customer visits In response to customer complaints Include off-site locations like stores and marketing offices Right after an emergency or management change Before certification audits and/or customer visits

Who Audits ?

Auditors should be selected from all departments in the organisation Auditor selected for an audit should be independent from the function being audited Auditors should include personnel from both the top and middle management Auditors must be allocated time needed to study documents, perform the audit and report on findings Presentation skills are also important

Auditor Competence

Quality
Quality Specific knowledge and skills (7.3.3)

Generic knowledge and skills (7.3.1 and 7.3.2)

Environmental / Food Safety

Environmental /Food safety Specific knowledge and skills (7.3.4)

Types of Audits

Systems Audits - ISO 9000 Financial Audits Safety Audits Customer Audits Regulatory Audits - Factory Law, Labour Law & Environmental Law

In general there are three types of audits First Party Second Party Third Party Audits

First Party - Internal

Audits conducted against corporate policies, procedures and standards Schedule and frequency against audit programmes and/or special circumstances Auditors chosen from a cross section of departments

First Party - Internal

These audits typically look at enforcing

compliance to corporate policies effective record keeping employee awareness improvement in all processes

2nd Party - Supplier Audits

Audits against standards imposed by businesses onto their suppliers Supplier audits are very common in automotive, textile & food industry prompt delivery of zero defect product is vital

2nd Party - Supplier Audits

These audits typically look at enforcing fewer defects for products & services better response on customer service documentation on inspection & testing better storage & handling of product equipment maintenance & calibration

3rd Party Audit

Performed by independent authorities These include certification bodies, inspection agencies and surveyors These audits are regulated by accreditation authorities and other associations like

United Kingdom Accreditation Services American Petroleum Institute American Society of Mechanical Engineers


Phases of an Internal Audit

AUDIT INITIATION

Phase I

Initiation
Quarterly or six month or annual

Audit Plan plan

department wise frequency circulated to all staff will change based on results of audit and performance of departments

Audit basis ISO 9001, Company policy, etc.. Audit scope Extent and boundaries of audit Audit Objectives Compliance against ISO 9001, improvement of current system, closing out previous NCs

What is an Audit Plan?

Description of the activities and arrangements for an audit ISO19011:2002

Phase I Audit plan

The audit plan can be issues annually or Quarterly, the plan should be based on :

The status and importance of the activity The results of the previous audits (internal & external) Corrective Actions Changes to systems elements Introduction to new methods and technology Organizational and personnel changes The risk to quality if audit frequency is reduced Availability of audit personnel

Factors to be considered when developing an Audit Plan

The audit objectives and criteria The audit scope including processes to be audited The dates and places where the on-site audit activities are to be conducted The expected time and duration for the on-site activities including safety/security requirements

Persons to be interviewed
Competency of auditors

AUDIT PLANNING

Phase II Planning & Preparation

Inform auditor, auditee Make arrangements - guide, safety Examine documents Prepare checklists

What is a Checklist?

A structured list of points to evaluate Identifies and communicates the scope of an audit

An auditors tool to gather evidence and provide an audit trail Guides the course and controls the pace of an audit

Phase III Checklists

Keeps audit relevant to objective Provides evidence of planning Memoir Assists note taking Reduces risk to bias Manages time Assists in the preparation of audit report

Types of Checklists

Standard Ready formatted Facilitates consistency across different area's) Uniform questions Can be inflexible Not suited to all types of audit

Customised Constructed as and when needed Usually specific to a particular audit Assists preparation by client organisation Demonstrates professional approach by Audit team

Key points when developing a Process-Based Checklist

Audit objectives Audit criteria Time available

Format of checklist
Product Types

Associated Risks / Hazards

Techniques in place

AUDIT EXECUTION

Phase III Audit Execution

Opening meeting

Introduce auditors Confirm programme Confirm arrangements

Interview personnel Examine documents Observe processes Examine materials and equipment

A Typical Opening Meeting Agenda

Introductions, if applicable

Confirmation of the objectives, scope and criteria of the audit

Confirmation of audit timetable Outline the audit process and approach

Explain the reporting method

Confidentiality Statement Confirmation of availability and roles of guides

Provide any clarifications which may be required

How to Manage the Opening Meeting

Be prepared Control the meeting

Keep it short and stick to the point

Be professional

Keep a record of people who attend

Phase III Key Points

Ensure who you are auditing and their organizational responsibilities Explain the importance of the audit Ask for the auditees help in achieving the objectives of the audit Ask permission before disturbing work in progress Obtain auditees acknowledgement on any NCs you are recording Ask the auditee if they have any points about the audit or their QMS that they wish to discuss Thank the auditee for their co-operation

What is Evidence?

Qualitative or quantitative information, records, or statements of fact pertaining to: the quality of the product or service to the existence and implementation of a quality management system requirement

which is based on observation, measurement or test and which can be independently verified

Phase III Objective Evidence

what was observed, examined or stated, where and when details of requirement ( standard, procedure, work instruction, specification etc.) who made what statement(s)

Objective Evidence evidence which exists uninfluenced by emotions or prejudice can be traced does not need further clarifications within the scope of the document

Procedure for Gathering Evidence

Question

Observe
Check

Look out for ...

Employees understanding of the procedures that affect their work Managers understanding of their quality objectives and progress towards meeting these objectives What happens to the system when responsible person for a job is absent from work System integrity under an emergency

Avoid

Letting personal prejudice enter the audit process Being bullied by your seniors Bullying your juniors Concealing systems irregularities due to friendships looking at the same things over & over Giving your opinions on how things should be done Being casual

Sampling

Sample/sample frame Representative Random Reduced time and costs

Taking Notes

Employee names and job titles Product identification Quotes and statements Rough sketches

Surroundings
Issues which may impact other functions

Observation

People Product and service Processes Information systems

Types of Questions

Open Closed

Hypothetical
Obvious Answered

General Points on Questioning Techniques

Use appropriate types of question Adopt a logical approach Follow a natural sequence

Actively listen to what is being said

Use silence appropriately Seek clarification, where necessary Verify responses, where necessary

Handling Difficult Situations

Time Wasting Discrimination Hostility Avoidance Finger Pointing

Undermining Deception Obstruction Usurping Control Flattery

Communication Skills

Verbal Body language

Style and tone of speech

Facial

Range of literacy

AUDIT REPORTING

Phase IV Audit Reporting

Audit reports Audit summary Non conformity report These are needed to: Enable corrective action to be taken Provide information for management review

An Audit Report is

A summary or record of the outcome of an audit, in line with the agreed audit objectives, scope and criteria

Audit Reporting Principles

Never loose sight of the basic aim of an audit, namely to get management commitment to act on the findings It should be fair and balanced

Never point the finger!

Keep it simple and concise Keep the audit outcome confidential Publish in a timely manner

Contents of a Final Audit Report

Audit objectives and criteria Audit findings Audit conclusions Strengths and Weaknesses Number of nonconformities and observations, if any Recommendations, if any Obstacles encountered Follow-up activities Statement of the confidential nature of contents Audit Plan Nonconformity/Observation Reports Audit Checklists (Appendix) Identification of the lead auditor and team members List of auditee representatives

A Typical NCR should contain

A unique reference number The agreed requirement - why it is wrong Nonconformity - what is wrong Where it was found What is necessary to put matters right Auditor name

Area representative signature

Date

Typical Root Causes of Nonconformities

Organisation structure Management System Standard Education and training Resources Adherence to defined processes and procedures Management leadership and support

Information
Legal & Regulatory Requirements

AUDIT FOLLOWUP

Audit Follow-up & Corrective Action

close outstanding NCs / Observations special visit next audit verify corrective action effectiveness probability of recurrence

Audit Follow-up, why is it important ?

Corrective and preventative action takes place in a timely manner Corrective and preventative action is effective and suitable The real benefits of the audit can be realised The effectiveness of the audit programme can be measured

Purpose of a Closing Meeting

To verbally present the audit teams findings and conclusions in such a manner that they are understood and acknowledged by the auditee, and to agree, if appropriate, on the time period for the auditee to present a corrective and preventive action plan

A Typical Closing Meeting Agenda

Re-statement of audit objectives, scope, and criteria Representative sample statement Audit conclusion - executive summary Audit findings detail Follow-up activities Obtaining ownership and commitment

Reporting
Questions

Auditing as a Career

You can build a career auditing against quality, safety, environmental and legal issues Textile and Engineering sectors have a large demand for auditing services You do not need a Lead Assessor course unless you are thinking of auditing for a certification agency Specific knowledge of quality, safety, environmental and legal issues a must

Professional Qualifications

Quality Management
IRCA(UK) International Register for Certified Auditors RAB(USA) Registrar Accreditation Board
PNAC (Pak) Pakistan National Accreditation Council

Environmental Management
EARA & IEMA (UK)

Occupational Health & Safety Automotive

Auditors are Not

fault finders rock throwers avenging angels politicians dictators dishonest

Do not take up Auditing if ...

You do not have the authority to question your seniors You do not have the time to read documents and write reports You do not believe in the concepts of quality management You are not looking to improve the practices employed by your company

Thank you Question & Answer Session

ISO 9001 costs & benefits

COSTS

BENEFITS

Consultancy Training Time of employees Calibration Fees Certification

Compliance to corporate policies Easy acceptability for clients supplier evaluations Employee morale Reduced Rework

Quality Management Concept

The job of the top management is to : Confirm quality as an organizational priority just like profitability Build quality management everywhere build concern for quality in all processes, products and people Look at problems as opportunities

ISO 9001 action plan

Gain management commitment Choose an implementation team Prepare a budget and schedule Assign responsibilities to cross functional teams Involve all employees Conduct preliminary reviews to identify gaps Modify plan (if required) Prepare procedures Plan for change Train employees Assess performance through audits Address gaps

KEY ELEMENTS OF ISO 9001

Quality policy Regulatory requirements - Product specific only Objectives and targets Quality management system Structure and responsibility Training awareness and competence Communication - Internal & External Document control Operational control Purchase control and supplier development Monitoring and measurement Non conformance and corrective action Records Audit Management Review Use of Statistics & other improvement methodologies

Training, awareness & competence

Motivation Awareness Commitment Skills/Capability Compliance Performance

Communication
INTERNAL METHODS

EXTERNAL METHODS

Newsletters Staff meetings Employee meetings Bulletin boards Quality circles

Open house Focus group Press release Annual reports Advertising

QMS Documentation
Policy
EMS Manual Procedures Forms & Drawings

Document control

Issue/revision date Effective date Approval Revision number Document number Copy number Cross references

Non conformance & Corrective actions

Identify the problem Identify the cause Come up with the solution Implement the solution Document it Communicate it

QMS Auditing

Develop audit procedures & protocols Establish audit frequency Train your auditors Maintain audit records

ISO 9001:2000
8 Quality Management Principles

Structure of the ISO 9001:2000 Standard

Scope Application Normative Reference Terms and Definitions Requirements Annex(s)

Clause 1.2_Application
ISO 9001:2000
8 Quality Management Principles

All requirements of this International Standard are generic and are intended to be applicable to all organisations, regardless of type, size and product provided
Where any requirement(s) of this International Standard cannot be applied due to the nature of an organisation and its product, this can be considered for exclusion

Permissible Exclusions
ISO 9001:2000
8 Quality Management Principles

Where exclusions are made, claims of conformity to this International Standard are not acceptable unless these exclusions are limited to: requirements within clause 7, and

such exclusions do not affect the organisation's ability, or responsibility, to provide product that meets customer and applicable regulatory requirements

It should be noted that clause 1.2 of ISO 9001:2000 is not intended to apply only to entire clauses; there may be circumstances where specific requirements within one of the sub-clauses of clause 7 are applicable, whilst others can be excluded.

Justification of Exclusions
ISO 9001:2000
8 Quality Management Principles

Defined and justified in the organisation's Quality Manual

Other publicly available documents, such as: certification/registration documents marketing materials

To avoid confusing or misleading customers and end users

ISO 9001:2000
8 Quality Management Principles

Examples of most likely exclusions

7.3 (Design and development) - where the organisation has no responsibility for the design and development of the products it provides 7.5.3 (Identification and traceability) - this clause would only be partially applicable where there is no specific traceability requirement for the organisations products 7.5.4 (Customer property) - where the organisation uses no customer property in its product or product realisation processes.

Examples where exclusions may not be claimed

ISO 9001:2000
8 Quality Management Principles

Where an organisation fails to provide justification for the exclusion of specific clause 7 (Product realisation) requirements in its Quality Manual Where an organisation decides not to apply a requirement in clause 7 based only on the justification that this was not a requirement of the 1994 version of the Standard, and had not been previously included in the organisations QMS Where requirements in clause 7 have been excluded because they are not required by regulatory bodies, but this affects the organisations ability to meet customer requirements Subcontracted or Outsourced processes where the overall responsibility for product realisation belongs to an organisation

Quality Management System (QMS)

ISO 9001:2000
8 Quality Management Principles

General Requirements

The organisation shall establish, document, implement, maintain and continually improve the QMS.
To implement the QMS, the organisation shall:
a) identify the processes needed for the quality management system b) determine the sequence and interaction of these process c) determine criteria and methods required to ensure the effective operation and control of these processes d) ensure the availability of information necessary to support the operation and monitoring of these processes e) measure, monitor and analyse the processes, and implement action necessary to achieve planned results and continual improvements.

ISO 9001:2000
8 Quality Management Principles

Quality Management System Documentation Requirements

The QMS documentation shall include:

a) documented quality policy and objectives b) quality manual c) documented procedures required by this International standard d) documents required by the organisation to ensure the effective operation and control of its processes e) quality records

A Quality Manual shall be established and maintained, that includes the following:
- the scope of the quality management system and Exclusions (if any) - documented procedures reference - a description of the sequence and interaction of the processes included in the QMS

Control of documents and records

Management Commitment
Top management shall provide evidence of its commitment to the development and improvement of the QMS by: a) communicating to the organisation the importance of meeting customer as well as regulatory and legal requirements b) establishing the quality policy and objectives c) conducting management review d) ensuring the availability of necessary resources

Management Responsibility

Resource Management

Measurement, Analysis and Improvement

Product Realisation

Customer Focus

Management Responsibility

Resource Management

Measurement, Analysis and Improvement

Product Realisation

Top management shall ensure that customer needs and expectations are determined, converted into requirements and fulfilled with the aim of achieving customer satisfaction

Quality Policy
Top management shall ensure that the quality policy:
Management Responsibility

Resource Management

Measurement, Analysis and Improvement

Product Realisation

a) is appropriate to the purpose of the organisation b) includes a commitment to meeting requirements and to continual improvement c) provides a framework for establishing and reviewing objectives d) is communicated and understood at appropriate levels in the organisation e) is reviewed for continuing suitability

Planning

Management Responsibility

Top management shall ensure that objectives are established at relevant functions and levels within the organisation. Top management shall ensure that the resources needed to achieve the objectives are identified and planned. The output of the planning shall be documented.

Resource Management

Measurement, Analysis and Improvement

Product Realisation

Quality planning shall include: a) the processes of the QMS, considering permissible exclusions b) the resources needed c) continual improvement of the QMS d) Planning shall ensure that change is conducted in a controlled manner and that the integrity of the QMS is maintained during this change.

Objectives and Targets

Objective overall quality goal arising from the quality policy Target detailed quantified performance target

Examples of objectives & targets

OBJECTIVE Reduce energy use

TARGET in the year 2002 reduce energy consumption by 8%

Reduce waste

Reuse packing materials used by suppliers by 10% in the year 2002

Reduce rejections at final checking by 30%

Responsibility, Authority and Communication

Management

Responsibility

Resource

Management

Measurement, Analysis and

Improveme nt

Product

Realisatio n

Functions and their interrelations within the organisation, including responsibilities and authorities, shall be defined and communicated Top management shall appoint a member of the management, who, irrespective of other responsibilities, shall have responsibility and authority for the QMS The organisation shall ensure communication between its various levels and functions regarding the processes of the QMS and their effectiveness

Management Review

Management Responsibility

Resource Management

Measurement, Analysis and Improvement

Product Realisation

Top management shall review the QMS, at planned intervals, to ensure its continuing suitability, adequacy and effectiveness. The review shall evaluate the need for changes to the organisations QMS, including quality policy and business objectives Review Input and Output clearly defined

Provision of Resources

Management Responsibility

The organisation shall determine and provide, in timely manner, the resources needed:
To implement, maintain and improve the processes of the QMS To enhance customer satisfaction

Resource Management

Measurement, Analysis and Improvement

a)

b)
Product Realisation

Human Resources

Management Responsibility

Resource Management

Measurement, Analysis and Improvement

Product Realisation

Personnel who are assigned responsibilities defined in the QMS shall be competent on the basis of applicable education, training, skills and experience Provide training or take other actions Determine the necessary competence Evaluate the effectiveness of actions taken Maintain records

Infrastructure

Management Responsibility

The organisation shall identify, provide and maintain the infrastructure it needs to achieve the conformity of product quality including: a) workspace and associated facilities b) equipment, hardware and software c) supporting services (transport and communication etc.)

Resource Management

Measurement, Analysis and Improvement

Product Realisation

Work Environment

Management Responsibility

The organisation shall identify and manage the human and physical factors of the work environment needed to achieve conformity of product Examples include organisation culture, health and safety etc. NCRs cannot be raised on health and safety and/or environmental issues

Resource Management

Measurement, Analysis and Improvement

Product Realisation

Planning of Product Realisation

Management Responsibility

The organisation shall plan and develop the processes necessary for product realisation In planning the processes for realisation of a product the organisation shall determine the following, as appropriate: a) business objectives for the product, project or contract b) the need to establish processes and documentation, and provide resources and facilities specific to the product c) verification and validation activities, and criteria for acceptability d) the records that are necessary to provide confidence of conformity of the processes and resulting product.

Resource Management

Measurement, Analysis and Improvement

Product Realisation

Customer Related Processes

Management Responsibility

Resource Management

Measurement, Analysis and Improvement

Product Realisation

Determination of requirements related to the product - product requirements not specified by the customer but necessary for intended or specified use - obligations related to product, including regulatory and legal Review of requirements related to the product Customer communication

Product information Enquiries, contracts etc. Customer feedback

Design and Development

Management Responsibility

Measurement, Analysis and Improvement

Resource Management

Product Realisation

Design and development planning Design and development inputs Design and development outputs Design and development review Design and development verification Design and development validation Control of design and development changes

Purchasing

Purchasing process

Management Responsibility

The organisation shall control its purchasing processes to ensure purchased product conforms to requirements Purchasing documents shall contain information describing the product to be purchased

Resource Management Measurement, Analysis and Improvement

Purchasing information

Product Realisation

Verification of purchased product

Source inspection Customer verification

Production and Service Provision

Management Responsibility

Resource Management Measurement, Analysis and Improvement

Product Realisation

The organisation shall control production and service operations including the processes for release, delivery and post delivery activities Identification and traceability Customer property including intellectual property Preservation of product including identification, handling, packaging,storage and protection

Control of Monitoring and Measuring Devices

Management Responsibility

Resource Management

Measurement, Analysis and Improvement

Product Realisation

The organisation shall determine the monitoring and measurement to be undertaken and the monitoring and measuring devices needed to provide evidence of conformity of product to determined requirements, (see 7.2.1) Calibration Identification Safeguarded from adjustment Protection from damage Validity of previous results Records maintained. Computer software

Measurement, Analysis and Improvement

Management Responsibility

The organisation shall plan, implement the monitoring, measurement, analysis and improvement processes to demonstrate

Resource Management

Measurement, Analysis and Improvement

Product Realisation

Conformity of product Conformity of QMS and to continually improve the effectiveness of the QMS

Monitoring and Measurement

Management Responsibility

Measurement of customer satisfaction Internal Audit

Resource Management

Measurement, Analysis and Improvement

timing of actions including the elimination of detected NCRs and their causes

Product Realisation

Monitoring and measurement of QMS processes Monitoring and measurement of product

Control of Nonconforming Product

The organisation shall ensure that product that does not conform to product requirements is

Management Responsibility

identified and controlled prevented from unintended use

Measurement, Analysis and Improvement

Resource Management

Product Realisation

Documented procedure Identification and traceability Disposition Records shall be maintained When detected after delivery or use has started the organisation shall take action appropriate to the effects, or potential effects

Analysis of Data

The organisation shall determine, collect and

Management Responsibility

Resource Management

Measurement, Analysis and Improvement

analyse appropriate data to demonstrate the suitability and effectiveness of the QMS and to evaluate where continual improvement of the effectivess of the QMS can be made.

The analysis of data shall provide information relating to

Product Realisation

Customer satisfaction Conformity to product requirements Characteristics and trends of processes and products Suppliers

Continual Improvement

Management Responsibility

The organisation shall continually improve the effectiveness of the QMS through the use of the

Resource Management

Measurement, Analysis and Improvement

Product Realisation

Quality policy Business objectives Audit results Analysis of data Corrective and preventive actions Management review

Corrective Action Preventive Action

Introduction and Scope of ISO 19011:2002

Both the ISO 9000 and ISO 14000 series of standards emphasise the importance of audits as a management tool for monitoring and verifying the effective implementation of an organisations policy for quality and/or environmental management This International Standard provides guidance on conducting internal or external QMS and/or EMS audits, as well as on the management of audit programmes It is discretionary whether or not QMS and/or EMS audits are conducted separately or together This International Standard can be applied to other management system standards