Document Sample
Audit-Terms-and-Definitions-ISO-9001-2000 Powered By Docstoc
					IQA TO ISO 9000:2000


Audit Terms and Definitions Ref: ISO/CD.3 19011

• Audit: systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled • Audit Criteria: set of policies, procedures or requirements used as a reference • Audit Evidence: records, statements of fact or other information, relevant to the audit criteria and which are verifiable (can be quantitative or qualitative)

• Audit Finding(s): result(s) of the evaluation of the collected audit evidence against audit criteria • Audit Conclusion(s): outcome of an audit, reached by the audit team after consideration of the audit objectives and all audit findings • Auditee: organization being audited • Auditor: person with the competence to conduct an audit

• Audit Team: one or more auditors conducting an audit (one being appointed as audit team leader) • Technical Expert: person who provides specific knowledge or expertise with respect to the subject to be audited • Audit Program: set of one or more audits planned for a specific time frame and directed toward a specific purpose

• Audit Plan: description of the on-site activities and arrangements for an audit • Audit Scope: extent and boundaries of an audit (typically includes a description of physical locations, organizational units, activities and processes, as well as the time period covered • Competence: demonstrated capability to apply knowledge and skills

IQA TO ISO 9000:2000

Principles of Auditing Ref: ISO/CD.3 19011

Five Principles of Auditing

Fair Presentation

the obligation to report truthfully and accurately

Independence Evidence

Free from bias and conflict impartiality and objectivity of the audit conclusionof interest Proper sampling verifiable the rational basis for reaching audit conclusions

1 2 3 4 5

Ethical Conduct

the foundation of professionalism

Trust, integrity, confidentiality, discretion

Accurate and complete

Due Professional Care

Priorities of stakeholders necessary competence application of reasonable care in auditing

IQA TO ISO 9000:2000

Competence of Auditors Ref: ISO/CD.3 19011

Elements of Competence

Personal Attributes Auditor Training

Work Experience


Audit Experience

• There should be an evaluation process that should first be used for initial evaluation of a person who wishes to become an auditor • Even in case where he/she doesn’t, the development process of an auditor should be clearly defined to ensure a sound and professional function in the organization • Providing competent auditors is only the first step towards ensuring the reliability of the audit process

General Guidelines

• EDUCATION: minimum high school, preferably graduation • TOTAL WORK EXPERIENCE: minimum 5 years • TOTAL QUALITY EXPERIENCE: at least 2 years from the 5 years general • AUDITOR TRAINING: two days for internal auditor, 5 days (Lead Auditor) for the External Auditors • AUDIT EXPERIENCE: 4 complete audits or 20 days of audit

Auditor’s Personal Attributes

• • • • • • • •

Mature unbiased and fair ethical open minded diplomatic observant decisive self-reliant

IQA TO ISO 9000:2000

Managing An Audit Program

What is being Audited ?







Why an organization is being audited?

• • • • • •

it is an ISO 9000’s requirement no trust on employees check and balance is a human nature people tend to forget and/or neglect managers are not competent a sort of an external and internal pressures to run systems • or anything else


How the extent of an audit vary?
Large Textile Spinning 1000 persons 4 processes Automobile Plant 400 person 3 5 processes Dental Clinic 3 person Many Complex Treatment Processes

•Scope ? •Objective? •Duration? •Expertise? •Frequency of Audit? •Complexity of Product and Processes? •Legal Requirements? •Standards? •Audit Criteria? •Social Environment? •Educational Environment?

What resources are required to audit?
Large Textile Spinning 1000 persons 4 processes Automobile Plant 400 person 3 5 processes Dental Clinic 3 person Many Complex Treatment Processes

•Number of Auditor(s)? •Competence of Auditor(s)? •Technical Expertise? •Duration? •Administration? •Documentation? •Stationary?

Can you identify company’s Product ?
• Shoe company • Pharmacy • Hospital • Airline • University • Primary School • Insurance Company

What does it mean to Audit a Process Model ?
• • • •

to audit every process to audit departments in a certain sequence to audit people in a certain sequence to audit QMS in a certain sequence and logic

Discussion Exercise - Process Model

• You are auditing a purchase dept. that buys material for the company. How would you apply the QMS Process Model on the activities of the department? Identify the sequence of your check points / from the requirements of ISO 9000:2000.

Audit Process

1 2 3

Initiating the Audit

• Definition of scope, objective and criteria • Establish audit team and contacts

Document Review

• Review the documents of the QMS and establish their completeness and correct ness (relevance to their processes)

Site Audit Preparation

• Planning • Team assignments • Preparing working documents

Audit Process (cont.)


Site Audit

• Opening Meeting • Verification Process (collecting and verifying information), audit findings, communicating findings, closing meeting. • audit report preparation • report review, approval and distribution • retention of documents • confirmation of completion as per the audit plan • Verification of Corrective, Preventive and/or Improvement Action

5 6 7

Audit Reporting

Audit Completion

Audit Follow-up

Key Points of the Audit Process

• Audit Objectives, scope, and criteria
– to be defined by the auditee – Objectives: compliance to all applicable ISO 9001 QMS requirements, legal obligations (illegality) for product conformity, contractual obligations to clients, and consumer protection (in general) – scope: boundaries of audit, I.e. location, organizational units, activities and processes to be audited – criteria: applicable policies, procedures, standards, laws, QMS requirements, contractual requirements, industry codes,

Audit Team’s Requirement

– independence, process familiarity, mature personality, good communicator and analyzer, motivated, physically fit, socially disciplined, free from conflict of interest, honest, capable to write objective audit findings/reports, not submissive, and interactive

– relevant technical expertise or take assistance of technical experts with appropriate technical knowledge, skills and experience.

Auditee’s Right on acceptability of Auditors
• Both the audit client and auditee have a right to request the replacement of particular team members on reasonable grounds, which should be communicated to those responsible for managing the audit program. • Examples of reasonable grounds can be conflict of interest situation (formal employees, consultant), unethical behavior, lacking appropriate professional background of the audit team, non-professional behavior (e.g. violating confidentiality), etc.

Document Review

• A necessary step before site audit • Should be reviewed in light of audit objectives, scope and criteria • A preliminary on-site visit may be necessary to be able to carry out the document review • Document Review should be done very carefully, and is most effectively done with the support of relevant records.

Planning for On-Site Audit

• Parameters of plan: auditor(s), departments / sections, time (usually hours), applicable QMS processes (clauses), applicable criteria (standards, legal, contractual, etc.), locations / sites, logistics, language limitations, technical expertise (doctors, computer specialists, pharmacists, architecture, etc.)

Working Documents

• • • •

Audit procedure audit checklist(s) sampling plan forms / papers for recording information and supporting evidence • NCR forms

On-Site Activities

• Opening Meeting • Investigation
– – – – Observation Interviews confirmations Communication

• Audit Findings • Closing Meeting

Opening Meeting

• Establish an Audit Environment and Communication links with the management • Inform about the audit plan and methodology • confirm the audit criteria (contractual, legal, industrial, and company’s obligations and standards) • confirm the sampling plan (number of samples to be used in the width and depth of audit) • confirmation of relevant work safety, emergency and security procedures for the audit team


• Main objectives:
– what are the contractual and legal requirements – Does the company products meets the contractual and legal requirements – Is consistency ensured in the standards – Are company policies and procedures followed as a routine activity – Is the company following the standards and procedures genuinely – Is there any serious discrepancy between what is produced and the test results


• Interviews:
– relevant people must be interviewed directly at all levels – auditor should go to the relevant people to interview; they should not be called to answer the auditor – tone must be respectful and genuine – objective of interview must be clarified to the interviewee – Types of questions: Open-ended, Closed-ended, Leadingquestions, Personal -questions, Interrogative-questions, taunting-questions. Certain types must be avoided. – The results from the interview should be summarized and reviewed with the interviewed person – End must be with thanks


• Observations and Confirmations
– actual products – actual processes (operators, skill levels, equipment, material) – actual operators – actual environment – actual records – external documents (customers’, vendors’, legal, and referenced standards) – computerized data bases – effectiveness of procedures

Audit Findings
• Auditors should review all facts and the overall situation • Conformities should be summarized to at least indicate locations, functions, processes, or requirements that were audited, where no nonconformities were observed • Nonconformities should be recorded and supported by audit evidence. It should be reviewed by the auditee to ensure accuracy and understanding. • Difference of opinions should be resolved before finalizing

Nonconformity Statement a critical output of an Auditor
• Few auditors write accurate, clear, and complete statements of non-conformity • Example of a good non-conformity statement “One of the voltmeters, number 389000, used for the testing of generators at the final test bench of the main assembly shop was not calibrated, as required by the Quality Procedure No. QSP4.11/2000. All test equipment which affect product quality shall be calibrated to ensure accuracy of results”


• Poor way of writing NC statements: Examples
– – – – – quality objectives were not defined test equipment was not calibrated there were no training programs identifications were missing the procedure for SPC was wrong Can you identify why the above statements are not good?


• Statements blaming to wrong people ! “An operator was repairing the machine with wrong method” OR “The operator was not properly trained to repair the machines” who is to be blamed in the same incident above?

Preparing for the Closing Meeting

• • • •

Review the overall audit findings Prepare the list of audit findings reach consensus on the audit conclusions agree on the roles and tasks for the closing meetings (for more than one auditors) • prepare recommendations • discuss subsequent audit follow-up

Closing Meeting

• Present overall conclusion and findings. Address your summary of Conformity and Non-conformity, both. • Present non-conformities in order of priority (from more important findings to less important) • Provide direction to management on Corrective, Preventive and Improvement actions. It is auditee's responsibility to identify C/A or P/A; however they normally do not understand the difference. • Confirm follow-up audit

Auditor-Auditee Roles


Audit Report

Approve C/A

Verify C/A


Identify Rootcause & Suggest C/A

Take C/A


Audit Report

• Should provide a complete, accurate, concise and clear record of the audit and should contain audit conclusions on the following issues:
– extent of conformance of the management system to the audit criteria – effective implementation and maintenance of the management system, and – the ability of management review process to ensure the continuing suitability, adequacy, and effectiveness of the management system

Contents of Audit Report

• The second/third party reports are formal, whereas, first party audit can be less comprehensive and may include just nonconformance reporting.

Audit Follow-up
• Focus should be on whether the auditee has gone into the root cause of the nonconformance, and whether solution provided by the auditee eliminate the root cause(s) • Auditee tend to neglect timely corrective actions. Therefore, auditor should ensure timely corrective actions. Appropriate time should be ensured, as most often daily or weekly solutions are projected into monthly tasks. • Just recorded answers to solutions are not sufficient. Physical verification of effectiveness of the solution is necessary

Audit Completion

• An audit is completed when all activities in the audit plan have been finalized and the approved audit report has been distributed

Normal Problems in Audits
• • • • Lack of Product Orientation Lack of Process Orientation Non-technical audits in technical areas Incomplete audits
– depth – width

Final Words ...

• Audits driven by professional programs can be highly valuable in improving the Quality of organizations. On the other hand, if conducted unprofessionally, the same can be damaging • Auditors and audit programs should also be subject to checking and improvements • Progressive development of auditors is generally neglected, resulting in poor value • Technical competence and personal attributes are both important parts of the auditors • Announced audits can be mixed with unannounced ones