Internal Quality Audit

FOR ISO 9001 : 2008

:Prepared By
.Ashraf S. Youssef, Ph. D
QA & Ind. Methods Manager
S.M. ASQ, L.A. BSI, M. ELI, M. EMS

ISO 9001 : 2008

Nov, 14-16, 2009

Course Structure

Tutorial Sessions
Case Studies
Role Play
Games

Learning Objectives
To understand:
Purpose, benefits and typical structure of a
Quality Management System (QMS)
Plan-Do-Check Act (PDCA) methodology,
and the process approach to Quality
Management
The 8 principles of Quality Management
and how they relate to the QMS and ISO
9001
Purpose, scope and uses of the ISO 9000
series standards
Auditing Process
Roles, responsibilities and competence
requirements of auditors and lead auditors
with reference to ISO 19011

Agenda
1. Purpose and structure of
o a QMS, PDCA
o and the 8 principles of quality management
2. ISOM 9001 Explored & Understood
3. Internal Quality Audit Steps
4. Auditors Skills & Responsibility

Course assessment
Continual assessment
You will be informed of progress as we go
The exam

Exam Pass Criteria

70% pass mark
Open book

Ask questions
Its your tutors job to make problems go away

Session 1

Purpose and structure of a

QMS, PDCA and the 8
principles of quality
management

What is Quality?
Q is fitness for use.
Q is conformance to requirements.
Q is conformance to customer/user
requirements.
Meet/satisfy customer/user requirements,
needs, and expectations.

Degree to which a set of inherent

characteristics fulfills requirements.
(ISO 9000 : 2005)

What is Audit?
Systematic, independent and documented
process for obtaining audit evidence and
evaluating it objectively to determine the
extent to which the audit criteria are fulfilled

What is Audit Evidence?

Records, statements of fact or other

information, which are relevant to the
audit criteria and verifiable

What is Audit Findings?

Results of the evaluation of the
collected audit evidence against audit
criteria.

What is Audit Client?

organization or person requesting an
audit.

What is Auditee?
Organization being audited

What is Auditor?
Person with the competence to conduct
an audit.

What is Technical Expert?

person who provides specific knowledge or
expertise to the audit team.

What is Audit Plan?

Description of the activities and
arrangements for an audit.

What is Audit Scope?

extent and boundaries of an audit.

What is Nonconformance?

Non-fulfillment of a
requirement

What is Correction, and C & P Actions?

Correction:
Action to eliminate a detected
nonconformity
Corrective Action:
Action to eliminate the cause of a
detected nonconformity
Preventive Action:
Action to eliminate the cause of a
potential nonconformity or other
undesirable potential situation

What is Ident., Trac. And Status?

Identification:
To describe product/ raw material/ semi finish
product etc. Example Batch #, Lot #, Code etc
Traceability:
Ability to trace the history, application or location of
that which is under consideration
Status:
To identify the current status of product/ raw material with regard
to inspection and test results. Tag/ sticker of HOLD, REWORK,
SCRAP Identified areas.

Types of Audits
First-party
Second-party
Third-party

The purpose of an audit is ...

to collect objective evidence to permit an
informed judgment about the status of the
quality management system

Objectivity of Auditing
AUDIT
CRITERIA

AUDIT
EVIDENCE
AUDIT FINDINGS

Improvement

Non-Conformance

Conformance
Major

Minor

AUDIT CONCLUSION
RECOMMENDATION
FOR AUDIT

Audit Methods & Techniques

FORWARD TRACE
RECEIVE
GOODS

INSPECT

STORES

BACKWARDS TRACE

What is ISO 9000:2008 QMS?

ISO = International Organization for
Standards
9000 = code to denote QMS Family
2008 = year of last revision
Is a family of standards for implementing a
Quality Management System (QMS)

ISO 9000:2008 Family

ISO 9000

ISO 9001

ISO 9004

ISO/DIS 19011

Only ISO 9001 can be used for

certification purposes

The ISO 9001:2008 Model

clause 4
management
info. flow
management
responsibility
responsibility
clause 5
clause 8
clause 6
meas,
resource
info. flow
meas,analysis
analysis
resource
improvement
management
improvement
management

Input
value adding
activities

clause 7
product
product
realization
realization

product
product

Output

value
adding activities

CUSTOMER SATISFACTION

CUSTOMER REQUIREMENTS

Continual
Continual Improvement
Improvement of
of the
the QMS
QMS

Clauses/Requirements
Clause 4. Quality Management System
Clause 5. Management Responsibility
Clause 6. Resource Management
Clause 7. Product Realization
Clause 8. Measurement, Analysis and
Improvement
Count the number of requirement categories.

Quality Management Principles

Customer Focus
Leadership
Involvement of People
Process Approach
System Approach to Management
Continual Improvement
Factual Approach to Decision Making
Mutually Beneficial Supplier Relationships

Customer Focus

Organizations depend on their customers;

therefore they should
Know their current and future needs
Meet their requirements
Exceed their expectations
Get their feedback

CUSTOMER SATISFACTION

CUSTOMER REQUIREMENTS

1.

2.

Leadership

Leaders create common purpose

and direction; therefore they
should
Maintain a healthy internal
environment
Inspire workforce to excel

management
management
responsibility
responsibility

3. Involvement of People
People are the essence of an
organization; therefore
They should be fully involved
Their abilities should be used for
organization benefits

resource
resource
management
management

4. Process Approach
Manage activities and related

resources as a PROCESS
Review Purchase Design Make
Order

Deliver
Product

Turtle Approach
?WITH WHAT

?WITH WHO

Materials /)
(Equipment

Competence / Skills)
(/ Training

PROCESS

OUTPUTS

INPUTS

?HOW
Support Processes,)
(Procedures & Methods

?OBJECTIVES/MEASURES
(Performance Indicators)

Example: Management, Responsibility

with what

with who

Management Review
forum
Previous years results

inputs
Internal audits
Customer satisfaction
trends
Process/Product
measures
Faults/Complaints data

measures
Results vs plan
Customer surveys
Milestones

Management team
Quality manager
Team leaders

Management
responsibility
& objective
setting

support
processes
IT systems
Purchasing
HR, Training

outputs
Annual plan
Improvement
objectives

how
Implementation plan
Resource allocation
Roles & responsibilities
Communications

5.

System Approach to Management

Managing interrelated processes as a system

helps the organization in achieving its
objectives in an effective and efficient manner

6.

Continual Improvement: PDCA Cycle

Continual
Continual Improvement
Improvement of
of the
the QMS
QMS

Plan

management
management
responsibility
responsibility

resource
resource
management
management

Act

meas.,
meas.,analysis
analysis
improvement
improvement
Check

Do
product
product
realization
realization

info. flow

management
management
responsibility
responsibility

meas.,
meas.,analysis
analysis
improvement
improvement

product
product
realization
realization

info. flow

CUSTOMER SATISFACTION

Factual Approach to DecisionMaking

Effective decisions are based on the
analysis of data and information

CUSTOMER REQUIREMENTS

7.

8. Mutually Beneficial Supplier Relationship

Interrelated
Win-Win
Supplier

product
product
realization
realization

Session 2

ISO 9000 series explored

and understood

Structure of ISO 9001:2008

0.1 General
0.2 Process Approach
0.3 Relationship with ISO 9004
0.4 Compatibility with other standards
1 Scope
2Normative References
3 Terms & Definitions
4. Quality Management system
5. Management Responsibility
6. Resource Management
7. Product Realization
8. Measurement, Analysis & Improvement

4: Quality Management System

General requirements (4.1)
General requirements for approach & content of the
QMS (e.g. for the adoption of the process approach)
Outsourcing

Documentation requirements (4.2)

Mandatory procedures
Manual, Policy & Objectives
General sufficiency of documentation and records
System for Document Control
System for Control of Records

5: Management Responsibility
The areas where direct Top Management
involvement is mandatory

Demonstrating commitment
Demonstrating customer focus
Input into policy development & review
Identification of objectives and input into the planning
process
Defining responsibilities, providing resources
Ensuring internal communications are effective
Involvement in management review

6: Resources
Human Resources
Ensuring adequacy particularly in respect of training

Infrastructure
Buildings, work space, equipment, vehicles,
information systems etc

Environmental controls (Aligned with ISO14000)

Heat, light, humidity, temperature, clean rooms
In fact any controls that are applicable

7: Product Realisation
Think of this as Production or Service Delivery
Control of the core day to day operations
Operational planning (7.1)
Handling contracts, enquiries & customer
communication systems (7.2)
Design (7.3)
Management of supplies and suppliers (7.4)
Operational controls (7.5)
Calibration (7.6)

Exclusions may apply

8: Measurement, Analysis & Improvement

The collection and constructive use of data
Measuring product (conformity checks and inspection)
Measuring process (efficiency measures)
Customer satisfaction (Survey, Feedback, Complaint)
Internal audit
Control of quarantine/isolation activities
Analysis of data (you must do something with data)
Continual improvement (the standard encourages the
application of the process approach to improvement)
Corrective action (Correction + Corrective Action)
Preventive action

Session 3

Internal Quality Audit Steps

Internal Quality Audit Steps

Initiation
Preparation
Evaluation
Reporting
Fixing

Internal Quality Audit Steps

Initiation

STEPS
1. Request Audit
2. Identify Lead Auditor
3. Define Audit Scope

RESPONSIBILITY
Program Manager
Program Manager
Program Manager
& Lead Auditor

Importance of Preparation

Exercise: Initiation
Who is responsible for scheduling the
audits?
When are internal audits scheduled?
How often are audits performed?
Who is responsible for selecting the
auditors?
What criteria are important for selecting
auditors?

Annual Audit Plan

Considerations
Approvals

Exercise: Auditing the Training Activity

Why is the audit performed?

What is being audited?
Which requirements?

SOLUTION:
Purpose:
To verify compliance with Quality Manual
and ISO 9001:2000

Audit Scope:
Training Activity

Requirements:
As specified in
ISO 9001:2008
EEICQM-01
EEICHR-P-01

Internal Quality Audit Steps

Initiation
Preparation

STEPS
RESPONSIBILITY
4. Select Audit Team
Lead Auditor
5. Understand Org.
Audit Team
6. Review Documentation Audit Team
7. Plan the Audit
Lead Auditor
8. Prepare Checklist &
Working Papers
Audit Team

Audit Team
Consider team member qualifications
Consider activities being audited
Consider type and degree of experience of
the auditors
Create a balanced team

Preparation Steps

initiation

review
documents

get
approvals

plan
audit

Exercise: Review Documentation

For the Training activity, which specific
documents would you request to prepare
your team for the audit?

Review Documentation

Quality manual
Procedures
Forms
Organization chart
Facility floor plan

Past audit performance

Customer feedback
Number of employees
Working hours

Plan Audit
Confer with audit team members
Dont forget the approvals

Audit Plan: December 22-23, 2001

Purpose: To verify compliance with Quality Manual and ISO 9001:2000
Audit Scope: Training
Requirements: As specified in
- ISO 9001:2008
- Quality Manual,
- HR Procedure
Overall Schedule:
December 22, 2001
December 23, 2001
8:00-8:30 Opening Meeting
8:00-11:00 Field Activities
8:30-9:00 Audit Team Meeting 11:00-12:00 Audit Team Meeting
9:00-12:00 Field Activities
12:00-1:00 Exit Meeting
12:00-1:00 Audit Team Meeting
1:00-3:00 Field Activities
3:00-3:30 Daily Auditee Briefing
Audit Team Members:
Ms. Ashraf Youssef, Lead Auditor
Mr. Wissam Toumeh, Auditor
Mr. Nelson Tenorio, Auditor
Approved: ________________
Mr. Ashraf Youssef

Approved: ________________
Mr. Muntaser Kalahji.

Internal Quality Audit Steps

Initiation
Preparation
Evaluation

STEPS
RESPONSIBILITY
9. Conduct Opening Meeting Lead Auditor
10. Meet with Management
Audit Team
11. Interview & Observe
Audit Team
12. Assess Evidence
Audit Team

An auditors memory is
.as sharp as his pencil

Focus of the Audit

To collect objective evidence to permit
an informed judgment about the status
of the quality management system.

Objective evidence may be ...

documented
based on interview
based on observation
quantitative
qualitative
verifiable

Checklists & Working Papers

Checklists
Audit Questions
Audit Investigation
Audit Findings

Checklists

Checklists plan
the flow of
questions

Checklists

Checklists
guide the course
of the audit

Checklists

Checklists
define
the sample

Checklists

Checklists
help in writing
the report

Checklist should
Be based on information available before
the audit
Be modified when necessary
Allow follow-up
Be balanced to cover priority areas
Be created by individual auditors

Checklist should NOT

Restrict auditors inquiry
Be completely generic
Be yes/no lists

To Create a Checklist
What am I
?looking for

Documents

Who do I want
?to talk to

Individual

?What will I ask

Questions on checklist

What am I looking for?

What am I looking for?

RECORDS ARE THE MOST

RELIABLE SOURCE OF
INFORMATION

What am I looking for?

Sample should be representative,
although not necessarily statistically valid

Who do I talk to?

Talk to the right people
Those responsible for the activity
Those doing the activity

Audit Team Meeting

Informal briefings
Opportunity to share
information
Discuss necessary
adjustments to plan
Develop report
Helps keep communication
lines open among audit team
members

Opening Meeting

Conduct before start of field activities

Audit team members must be present
Auditee contacts should be present
Creates an atmosphere of cooperation
between auditors and auditee

Opening Meeting
Sign-in sheet
Distribute detailed audit schedule
Address any auditee scheduling
concerns
Revise schedule, if necessary

Daily Auditee Briefing

Review potential findings regularly with
auditee
Opportunity for auditee to close a finding
before the end of the audit
Helps strengthen communications
Audit becomes constructive

Interview & Observe

Asking questions
Observing activities
Examining documents & records
Examining facilities

Observing Activities

Confirm that
procedures are
being followed

?how

Observing Activities

Look for
undocumented
activities

?what

Observing Activities

Confirm answers

?who

Observing Activities
Auditee Reactions
Take over conversations
Play show & tell
Blame someone
Act defensively
Waste time
Interrupt
Provoke
Bribe!

Interviewing

Interviewing
Introduce yourself
Explain why you are there
Investigate to depth
necessary
Ask, Listen, Verify
Interview the right people
Those responsible for the
activity
Those doing the activity

Hearsay is not evidence

Interviewing

Interview for:
elaboration
corroboration
perspective
basis for evidence

Interviewing
Two eyes
Two ears
One mouth
Ratio of use:
One of speaking
to four receiving

Interviewing

why
what
who

when
how
where

When Something Seems Wrong

When Something Seems Wrong

Is it really wrong?
Does he know it is wrong?
What is his explanation?
Is it an isolated event, or a
symptom of a deeper problem?
Why didnt quality system detect
it?
What lapse in the quality system
allows this to happen?

Nonconformity
Nonconformity refers to a
failure to meet a specified
requirement:
Quality Manual Policies
Procedures
ISO 9001:2000 req.
Government Regulations

or more of processes can be 90%

improved
by modifying organizational systems
rather( a management responsibility)
than attempting to modify an
.individual employees performance

W. Edwards Deming

What if nothing seems to be wrong?

No problems
dont panic
Move on
Dont keep looking
for something wrong

ROLE PLAY:

Auditing role play

Internal Quality Audit Steps

Initiation
Preparation
Evaluation
Reporting

STEPS
RESPONSIBILITY
13. Write Nonconformities
Audit Team
14. Conduct Closing Meeting Audit Team
15. Write a Summary Report
Lead Auditor

Do I have a Nonconformity?

YES
if you have objective evidence that:
A requirement is not addressed
Practice differs from defined system
System is not effective

Major or Minor Nonconformity

Major
System element is missing
System element is not implemented
System element is not effective

Minor
A single/isolated lapse in the system

EXERCISE: Nonconformity or Not

For each situation, identify whether
major nonconformity,
Minor nonconformity, or
nothing.

Nonconformity Statement
State the evidence
What is it?

State the requirement

What is it against?

Writing a Nonconformity: The 4 Cs

Clear Simple language

Correct Objective
Complete Traceable
Concise
What happened?
What should happen?

Writing Nonconformity: Steps

1. Write )informally( the

nonconformity on the spot.
2. Explain to auditee manager
promptly.
3. Review with team members.
4. Write nonconformity statement on
the NCR.
5. Get auditee manager signature.

Closing Meeting Keys

Informal setting
Report the results to management
Agree on follow-up
Entertain questions

Agenda of Closing Meeting

1.
2.
3.
4.
5.
6.

Introduction & purpose of meeting

Thanks for cooperation
Distribute list of attendees
Review audit purpose and scope
Explain nature of sampling
Summarize results: Good observations, no. of NCRs,
overall weakness, recommendations, repeat good
observations
7. Summary from each auditor
8. When to expect written report
9. Agreement on follow-up
10. Questions & Clarifications

Audit Summary Report

Prepared by Lead Auditor

Sent promptly to MR
Sent promptly to Heads of audited area

Audit Report Content

Audited area
Lead Auditor and members
Audit date
Audit scope
Audit criteria (list of key documents)
Summary of findings
Good practices
Total number of nonconformities
Descriptions and discussion of nonconformities
Conclusion

Internal Quality Audit Steps

Initiation
Preparation
Evaluation
Reporting
Fixing

STEPS
RESPONSIBILITY
16. Take Corrective Actions
Auditee
17. Verify Corrective Actions Audit Team

Follow-Up Flowchart
Identify
Identify
NC,
NC,issue
issueNCR
NCR

??Agree
Agree

Agree
Agreeon
onneed
need
for
forCA,
CA,sign
signitit

not OK

Propose
ProposeCA
CA
plan
plan

OK
Verify
VerifyCA
CA
&&
Close
CloseNCR
NCR

Implement
Implement
CA
CA

Session 4

Auditors Skills & Responsibilities

Auditors Responsibilities

Communicating
Planning and executing
Documenting
Reporting
Verifying
Safeguarding
Cooperating

Auditors Qualifications

Education
Training
Experience
Personal Attributes
Management Skills

Auditor Skills
Communication skills
Interpersonal skills
Analytic skills

Auditor Ethics
I will inform each client or employer of any
business connections, interests, or
affiliations that might influence my
judgment or impair the equitable
character of my services.
ASQ Code of Ethics

Internal Auditor

Acts as a consultant


115