AUDITING TECHNIQUES

Presented by : Muhammad Waqar

Agenda
 Definition of Auditing
 Types of Audit
 Requirement of Audit (ISO 9000)
 Audit Phases
 Auditing Techniques
 Auditors Attributes
 Types of NCs
Audit Definition

A systematic, independent and documented process

for obtaining audit evidence and evaluating it
objectively to determine the extent to which audit
criteria are fulfilled.
Types of Audit
 First-Party Audits
 Also known as an internal audit
 Performed within your own company or facility

 Second-Party Audits
 Performed by a customer on a supplier
 Third Party Audits
 Performed by regulators, accrediting organizations
Rules for Auditing
 Audits provide information for decisions
 Auditors are qualified to perform their tasks
 Defined requirements are used
 Conclusions are based on facts
Planning the Internal Audit
 Requirements:

8.2.2 Internal Audit (ISO 9001:2008)

The organization shall conduct internal audits at planned
intervals to determine whether the QMS:
a. Conforms to planned arrangements to the requirements of
the standard, and the QMS requirements established by the
organization, and

b. Is effectively implemented and maintained.

Planning the Internal Audit

8.2.2 Internal Audit (ISO 9001:2008)

An audit program shall be planned, taking into
consideration the status and importance of the
processes and areas to be audited, as well as the
results of the previous audits. The audit criteria,
scope, frequency and methods shall be defined.
Selection of auditors and conduct of audits shall
ensure objectivity and impartiality of the audit
process.
Planning the Internal Audit
8.2.2 Internal Audit (ISO 9001:2008)
Auditors shall not audit their own work.

A documented procedure shall be established to

define the responsibilities and requirements for
planning and conducting audits, establishing records
and reporting results.

Records of the audits and their results shall be

maintained (see 4.2.4)
Planning the Internal Audit
8.2.2 Internal Audit (ISO 9001:2008)
The management responsible for the area being
audited shall ensure that any necessary corrections
and corrective actions are taken without undue delay
to eliminate detected nonconformities and their
causes. Follow-up activities shall include verification
of the actions taken and the reporting of verification
results.
Phases of an Audit
 Preparation
 Decision to perform the audit
 Gather preliminary information
 Performance
 Begins with an opening meeting
 Includes the gathering of information
 Analysis of information
 Reporting
 Covers the translation of audit team
 conclusions to cited observations
 Includes the audit report
 Closure
 Development of corrective action by facility
I. Planning/Preparation
 Define the purpose of the audit
 Define the scope of the audit
 Identify the requirements/standards for the audit
 Prepare an audit schedule
Preparing the Checklist
• Check which elements of the Standard apply to the
area to be audited
• Check key requirements in the document
• Check for any problems which normally are known to
occur in the process to be audited
• If necessary, ask other people for advice
• Refer to other previous audit checklists/reports
II. Performance
 Data gathering
 Understanding facility processes
 Verifying system controls work
 Communicating among team members
 Communicating with the facility representatives
Auditor Attributes
 Knowledge of requirements
 Ability to communicate with team members and
facility representatives
 Ability to ask open-ended questions
 Ability to synthesize information into systems
 Ability to manage information in a confidential
manner
 Ability to relate observations to specific requirements
Opening Meeting

 All audits must have some sort of opening meeting

 Introduce team members
 Discuss audit schedule
 State purpose and scope of audit
 Identify facility escorts/ visits
 Answer any preliminary questions
Gathering the Facts
 Observe
 Interview
 Putthe person at ease
 Explain your purpose

 Ask open-ended questions

 Corroborate information
 Trace a process (traceability)
Conducting Audit
• Interview the staff responsible for each task
• Obtain audit evidence by:
• Asking questions: inquire about task details
• Observing actual task: watch the task being
done
• Checking records: confirm if task done is
consistent with the documented procedure; cross
check with what records reveal
• Follow the audit trail: sequence of process steps
Conducting Audit

• Compare and evaluate practice against the

documented
procedures/ Requirements (conforming? At variance?)
• Use checklists to guide you in completing audit
• Define nonconformity where lapses of the practice
against standard documentation might be found
• Record objective evidence/s of the NC
• Confirm with the auditee the presence of NC
• Point out observations; area for improvement
Conducting Audit
What key things to look for and where?
• Task - work methods defined, efficiency
• People - training, skills, competence and motivation
• Equipment; Work Environment
- identification, capability, condition, safety, sanitation
• Documents / Records
- identification, issue, content, correctness and distribution
- retention, preservation, legibility, accessibility
Perceptions
 Stick to the facts – not your feelings
 Pay attention to significant things
III. Reporting …Audit Findings
The Audit Reporting Cycle
• Discuss and agree on findings
• Record Findings
• Hold Closing Meeting
• Issue Audit Report
• Update Records
• Agree to undertake follow-up audit, if needed
• Carry out and record results of Follow-up Audit
Reporting
 The audit report is the product
 Reports should have accuracy, conciseness and
clarity and be factual
 Reports should be verifiable
 Include enough information for facility to
understand the issues
 Should not describe how to fix the issues
IV. Exit Meeting
 Formal opportunity to present audit report
 Audit team speaks with one voice
 Compliment facility for good practices observed
 Summarize findings
 Answer questions/clarify issues
 Discuss corrective action process for responding to
issues
Post-Audit Activities
What happens next?
• For the concluded audit:
• Agree on the corrective actions
• Agree on-site follow-up audit, if necessary
• Compile the audit report and submit to Top
Management
• Review the Audit Program
• Improve the Audit Program
• Prepare for the next audit