Guide to Internal Quality Auditing

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Guide to Internal Quality Auditing

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
STONEHILL Quality Consultants Page : 1
 Guide to Internal Quality Auditing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1.0 PURPOSE AND OBJECTIVES OF THE GUIDE

1.1 PURPOSE

To describe and explain the role of auditing in an organisation and management of a Quality
Management System.

Also, to enable the trainee to take part in and conduct audits as a lead auditor or audit team member.

1.2 OBJECTIVES

TO :-

Understand and appreciate the benefits of auditing.

Understand the different types of audits and their purposes.

Understand the generic audit process.

To arrange and manage an audit, including the initial and closing contact with the auditee.

Present the findings of an audit in the form of an audit report and documented non-conformances.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
STONEHILL Quality Consultants Page : 2
 Guide to Internal Quality Auditing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2.0 WHAT IS QUALITY ?

2.1 YOUR DEFINITION : -

2.2 WELL KNOWN DEFINITIONS :-

Delighting the Customer, (both internally and externally).

Establish customer requirements, satisfy requirements.

Delight the customer.

Continually improve.

It is what gives complete customer satisfaction.

A satisfied customer

Consistent satisfaction of Customer expectations

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
STONEHILL Quality Consultants Page : 3
 Guide to Internal Quality Auditing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
3.0 THE BENEFITS OF AUDITING

Audits are primarily conducted to ensure that the Quality Management System is complying with
any requirements defined within a contractual or accredited Quality Management System.

The benefits of such a Quality System are to ensure that effective controls are in place and the
system is operating in a cost effective manner.

An audit systematically obtains and analyses objective evidence and presents facts rather than a
subjective opinion of value judgements. It corrects preconceived ideas about the state of a
companys Quality Management System, methods, procedures and training requirements.

An audit provides vital feedback to management as to whether the organisation is meeting its legal
and contractual obligations.

Audits also identify areas of opportunity by analysing objective evidence concerning the
effectiveness of the organisation and its structure, therefore challenging decisions and the original
basis for them.

Audit results are communicated throughout the business therefore promoting communication. It
also enables employees to make suggestions for improvements. This improved communication and
involvement will increase the morale and motivation at all levels if peoples ideas are acted upon.

An audit also produces an unbiased assessment of each individuals training needs and the
effectiveness at his or her job.

An audit assists in obtaining an unbiased assessment of the status and capability of equipment, its
physical condition, maintenance requirements, repair and fault history as well as the need for new
or modified equipment.

An audit can provide useful training for personnel who participate as observers.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
STONEHILL Quality Consultants Page : 4
 Guide to Internal Quality Auditing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
4.0 THE DIFFERENT TYPES OF AUDITS

4.1 AUDITS - GENERALLY

Audits are the evaluation to verify the effectiveness of control.

The purpose is not to duplicate product and process controls but to assure that there is control.

A systematic and independent examination to determine whether quality activities and related
results comply with planned arrangements and whether these arrangements are implemented
effectively and are suitable to achieving objectives.

The results of such an examination should be presented in a true and fair way, and at all times,
while conducting the audit the aim is :-

FACT FINDING NOT FAULT FINDING

4.2 SELF AUDITS

These are a formal examination of effectiveness and implementation of documents describing

specific activities in accordance with an audit schedule. The purpose of these audits is:- to establish
to what extent the procedure/work instruction is being worked to, ensure that they are accurate, easy
to use i.e. 'user friendly', covers the 'complete process' as defined in the scope of the document and
that ultimately there is control of the activity.

4.3 INTERNAL QUALITY SYSTEM AUDITS

These Audits cover audits of functions, processes, special processes, Vendor Assessments, Product
Audits and Top Management Audits.

4.3.1 Functional / Process Audits

These audits assesses the effective implementation of the Business Management System as defined
by :-

External requirements
Quality Manuals
Policy & Procedures Manual
Procedures, Work Instructions etc.
Quality Plans
Customer requirements

To determine the degree to which they are being achieved. These audits may be based on functions
or key processes within the business as they are defined.

They also highlight opportunity for improvements which are needed in support of business

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
STONEHILL Quality Consultants Page : 5
 Guide to Internal Quality Auditing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
objectives and a member of the team will also be looking at known problems within that area
(Problem audits). Care is needed when looking at know problems, as part of a general audit, that it
doesn't distract from an overall view of a function / process, this is why it should be left to one
member of the audit team.

These audits can be led by Lead Auditors from around the business, along with other team
members.

4.3.2 SPECIAL PROCESS AUDITS

These audits concentrate on special processes where the output is costly to verify, such as Fuel,
Heat treatment etc. The processes can be defined as having the following elements :-

- Input
- Process, mechanism
- Output - product
- Feedback

A process audit is conducted to evaluate the information, environment, equipment, product/service

and the training/skills of personnel to ensure that the process is under control and hence the output
is of the required standard.

4.3.3 PRODUCT AUDITS

A product audit evaluates the product - " FROM THE VIEW POINT OF THE CUSTOMER " (i.e.
with previous customer findings and requirements or regulatory bodies in mind, auditor experience
etc.), upon which all operations, functions, tests, inspections have been performed and which awaits
customer acceptance.

Product audits are also conducted prior to customer acceptance on characteristics which cannot be
viewed at the customer acceptance stage.

4.3.4 TOP MANAGEMENT AUDITS

These audits centre around the activities of the Chief Executive Officer and his/her direct reports
and defined in top documents such as :- Expositions, Quality Manuals, Policy & Procedure Manuals
etc.

4.3.5 SUPPLIER AUDITS

These audits are carried out on suppliers to ensure they meet our customer requirements, regulatory
requirements and contract requirements. They may focus on the Quality Management System,
specific products or elements of the Quality System.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
STONEHILL Quality Consultants Page : 6
 Guide to Internal Quality Auditing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
5.0 COST OF AUDITS

The cost of conducting an audit should be considered against the benefits obtained. The cost
consists of :-

- The auditors time spent preparing, performing, following up and completing the audit.
- The auditee's time spent participation in and following up the results arising from the audit.
- overheads.

Insufficient training and inadequate/unsuitable training is possibly the greatest cause of cost, as they
are likely to miss key areas of a process, raise points without objective evidence rather than a
specific and objective evaluation.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
STONEHILL Quality Consultants Page : 7
 Guide to Internal Quality Auditing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
6.0 GENERIC AUDIT PROCESS

6.1 - Establish Audit

to be carried out

6.2 - Prepare for the

Audit

6.3 - Establish Audit

Plan

6.4 - Construct Audit

Checklist

6.5 - Initial Contact /

Opening Meeting

6.6 - Conducting the

Audit

6.7 - Closing Meeting

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
STONEHILL Quality Consultants Page : 8
 Guide to Internal Quality Auditing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
6.1 ESTABLISH AUDIT TO BE CARRIED OUT

6.1.1 Identify audit need

Establish why the audit is to be carried out. The three main reasons are :-

A Programmed/scheduled audit.

A series of audits conducted at a pre-determined time frequency to verify the

establishment and effective control of the Quality Management System.

This can simply be a timetable to show when the individual processes, procedures, areas
or function will be audited. It will also assign a person to lead/carry out the audit, and also
display the results of the audit.

B Opportunity based audit.

Audits conducted to investigate current organisation, controls, procedures working

practices and responsibilities, in order to see if improvement can be made.

The area/subject being audited may be operating adequately, but the business needs may
require an improvement.

C Problem based audit.

The audit need is generated from an identified problem, from the customer or identified
within the process by the owner. The purpose being to investigate the described problem,
describe and identify the root cause leading to implementation of corrective action. In this
way, auditing is used as a problem solving tool and therefore may be used in conjunction
with other tools such as :-

Brainstorming
Data collection
Cause and effect/why why

The reason for carrying out the audit will influence the type of audit that will be used, ie Process
audit. See section 4.0 on 'The different types of audits'.

6.2 PREPARE FOR THE AUDIT

Before embarking on any audit activity, it is important to adequately prepare the ground, taking full
account of all relevant issues, i.e. What is the risk involved in postponing the audit ?

6.2.1 Audit Scope

Clarify which processes or process chains are to be addressed through the audit.

Clarify which activity or activities need to be addressed.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
STONEHILL Quality Consultants Page : 9
 Guide to Internal Quality Auditing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In turn, clarify the boundaries of the audit (what processes, activities are contained within the
boundaries and what therefore are the external interfaces to the boundaries).

When working from an audit schedule, (see section 6.1), the scope will have already been defined,
i.e. a particular process, or a specific department.

None of these may be immediately apparent at the outset of the audit, especially in the case of an
investigative audit.

6.2.2 Notification of an Audit

The auditor should discuss informally with the auditee a mutually convenient date and time for an
Opening meeting/Initial contact, where the scope/objectives of the audit can be agreed.

Refer to section 6.5 on 'The Opening Meeting'.

Unplanned audits may be notified to the auditee or may be conducted without prior warning, the
arguments being that the auditee will have time to prepare and put things right and therefore get a
clean bill of health. If this is the case and the auditee has not got the necessary controls in place, the
audit frequency must be increased until the disciplines are confirmed. Also it may indicate a more
fundamental root cause which needs to be addressed in order to resolve future problems.

6.2.3 Documentation

Ensure that appropriate documentation (procedures, reports, general information) are identified and
that they will be available for and in advance of the audit.

Understand the relevance and importance of external and internal engineering, workmanship or
regulatory/legislative standards relative to the process to be audited.

Depending on the nature of the audit some or all of the following will be necessary as well :-

* Company Quality Manual

* Departmental Quality Manuals
* Procedures
* Work Instructions
* Inspection Plans
* Test Plans
* Product/Service specifications, ie drawings, contract
* Previous Audit Reports
* Information on the product/service
* Health and Safety Regulations
* Information on the Location and Size of area
* Site audit statistics
* Known quality problems, (backed up with objective evidence)
* Contracts - if applicable
* Organisation Structure

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
STONEHILL Quality Consultants Page : 10
 Guide to Internal Quality Auditing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Job descriptions
* Job specifications
* Flow charts
* Process models

With the above information, flow charts of the key processes can be drawn up, highlighting key
activities against each part of the flow chart.

6.2.4 Skills Required

Identify the skills required to be effective in the audit of the processes and activities defined.

It is important to take account of the technical, managerial, and interpersonal skills required and
also experience appropriate to levels of seniority, auditor to auditee.

Those personnel ultimately identified to conduct the audit must satisfy the necessary skills required.

Audit team leaders should be formally trained, experienced and appropriately qualified.

Team members may consist of a mixture of formally trained auditors and others who bring a special
skill to bear (e.g. Technical experts, persons well versed in particular aspects of the type of process
involved).

6.3 ESTABLISH AUDIT PLAN

This should be planned to be most effective whilst involving as few people as possible. It is
recommended that you start about half an hour after the normal start of the auditee's day to allow
the auditee to prepare the normal day's work. Late finishes should be avoided.

6.3.1 Issues

The essential issues to consider and account for are :-

Geographical location, and therefore, travelling and accommodation requirements.

Identification of key staff required for interview during the audit.
Where an audit team is to be used, the identification of auditors possessing the required skills
(skills identified earlier).
Availability of auditors and auditees. It will be necessary to arrange the auditors availability
with their managers and gain commitment from the individual to undertake the role.
Time intervals, start and finish dates, related to size of the audit task and size of the audit team.
Determine the sequence of events necessary to satisfy the audit objectives (Relate to existing
knowledge of the process).
In the case of an audit team, assign particular auditors to specific audit tasks.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
STONEHILL Quality Consultants Page : 11
 Guide to Internal Quality Auditing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
6.3.2 Planning the audit

It is useful and sometimes necessary to prepare an outline plan of events for the audit. This should
address such issues as :-

Who will audit what.

Who the key audit contact will be.
Time interval in specific areas.
Intended lunch intervals.
Start and Finish dates for the audit.
Time and place of opening and closing meetings (where these are required) and who should
attend.
Wash-up discussions, i.e. discussing and agreeing the days findings with the auditees, prior to
firming up on any non-conformances. Usually done at the end of the day. However, where there
is clear evidence of a non-conformance, it may be documented and agreed with the auditee at
the time. The important thing is for the method to be clear to both parties in advance of the
audit, and for it to fit the work situation.

The plan, when agreed, will need to be discussed and agreed :-

a) With the audit team, where a team is involved

and b) With the auditees prior to commencing the audit, this would normally be done at the
opening meeting. See later section.

6.3.3 Team Briefings

When an audit is to be conducted using an audit team, it is vital that the team should be clear on :-

What they are to audit, where and when. i.e. their individual assignments.
Who else will be involved.
Why the audit is being conducted.

Unqualified auditors, such as technical experts who are to be included in the team, and who have
not audited before, may need additional guidance from the team leader.

Information gathered during the preparatory stages must now be shared with the audit team. This
will include a full review of the processes to be audited, and the flow charts of the key processes.

The developed checklists will need to be presented to the team giving them an initial view of the
specifics to be addressed.

It is then important to use the team to further develop the audit approach and add to the flow charts
and checklists as appropriate. This can be done as a team effort, (brainstorming ideas), and/or
individually by the team members.

Their particular proposed assignments will also need discussion and review. New approaches and
emphasis may well emerge in the light of individual experience and skill, leading to amendments to
the plan.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
STONEHILL Quality Consultants Page : 12
 Guide to Internal Quality Auditing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
6.4 CONSTRUCT AUDIT CHECKLISTS

Checklists are a very important pre-requisite to successful auditing. They help to focus the mind on
essential issues. They also provide an invaluable aide-memoir and ensure the auditor is adequately
prepared with 'trigger' questions prior to the audit. The checklists also form part of the audit
documentation, which will be available for future audits.

Reviewing the documentation mentioned in the previous section and any flow charts produced,
allows the auditor to familiarise himself/herself with the auditee's activities and enables a checklist
to be drawn up to assist the continuity of and set the depth of the audit.

Audit checklists should allow some flexibility to determine whether or not an activity is acceptable
or not, rather than asking for an unqualified yes or no. Some activities whilst not strictly in
accordance with the written procedures might be quite acceptable. Qualification must therefore be
allowed in such cases.

The questions developed in the checklist are there to set the wheels in motion. In the audit situation,
responses to these questions will lead to further questions from the auditor, and may lead the auditor
down a particular path which proves to be critical. Questions raised, therefore, on the checklist
should be open questions i.e. 'Who', 'Where', 'What', 'How', 'Why', 'When' etc.

As a result of gearing the questions to be open, it is quite likely that the auditor may not cover all
the questions on the checklist. This is quite acceptable and helps the auditor to establish any areas
not covered during the audit, (which would be highlighted in the final report), and gives a guide to
whoever does the audit next time.

The auditor should be aware of the risk of relying solely on generalised 'off the shelf' checklists
(developed by others) as the basis of questioning. To be effective, checklists need to be specific to
the processes subject to audit.

There are for/against arguments for giving the auditee the check list prior to the audit, if the system
is totally lacking then the evidence will indicate this with new documentation or working practices.
If this is the case be mindful that the system will have been rushed in and therefore may not be the
most appropriate. In which case it should be fairly simple to find evidence of the fact and/or
recommend that the area is visited again in a couple of months later, either way, if it gets the actions
in place then the audit has worked, if reactive rather than pro-active.

Audit checklists are also important in establishing the criteria against which the audit was
conducted. ie. if at a later date the checklist is looked at it can be established what was audited and
therefore what was not. It therefore gives invaluable objective evidence for future audits or for
extrinsic audits. It is also a good discipline that ensures the auditor is operating professionally and
with clear direction and without hidden agenda's or subjective requirements, therefore improving
the overall quality of the audit.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
STONEHILL Quality Consultants Page : 13
 Guide to Internal Quality Auditing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
6.4.1 Consideration of attributes

A useful aspect of any audit is to consider aspects of product/service, people, equipment, practices,
environment and information. i.e. :-

* Is the equipment right for the job ?

* Is the equipment working as it should ?
* Are the people doing the job appropriately skilled and experienced ?
* Is the environment right for the job ?
* Are the techniques employed appropriate to the job in hand ?
* Does the procedure used fit the job to be done ?
* Does the product/service meet the customer's expectations ?

6.4.2 Application of the Quality System Standards - ISO 9001, AS EN SJAC 9100, JAR 21

One can run through the various requirements in turn and consider how each is applicable and
appropriate to the process, project, area in question. i.e. :-

What kind of records would I expect to be used here ?

What are the issues affecting the retention of records ?
To what extent would I expect procedures and work instructions to be used and in what forms ?
How would this process be affected if work instructions did not exist, i.e. risk to the
product/service of not having ?
When was the process last audited ?
Where are the audit reports and corrective actions logged ?
Is the information from audits being analysed and are the results being used to ensure adequate
corrective action coverage?

In every case, it is important to interpret each requirement of the standard to the particular needs of
the particular process, project or area under review and to phrase questions accordingly.

Considering all of the requirements of the appropriate quality system standard in this way will help
to ensure that all aspects of control have been addressed, and appropriate questions raised, (bearing
in mind the audit objectives).

At all times 'ADEQUACY FOR NEED', relative to the process, project or area being audited
should be borne in mind.

Questions need to be raised on the respective roles of the individual departments and of the people
within them. In doing this consider :-

Departmental objectives.
Individuals objectives.
Job descriptions.
Compatibility of roles and objectives. Overlaps/underlaps.
Relationship of objectives to what is being achieved.
Manager's understanding of the processes they own, design and operate.
Manager's knowledge and control of what is actually happening.
Manager's understanding of the relationships and dependencies in their process flows.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
STONEHILL Quality Consultants Page : 14
 Guide to Internal Quality Auditing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Additionally, the auditor needs to think about the physical layout of the department, as covered in
the preparation. Does it support the work that needs to go on ?

The above discussion on checklist development does not exhaust the subject.

It is recommended that the audit team use a group technique of Brainstorming to uncover additional
questions to be raised during the audit.

Checklist queries must always be such that objective evidence will be available to allow satisfactory
judgement.

6.4.3 Advantages and Disadvantages of Checklists

Advantages

1 Easy and convenient to use.

2 Can be generated specifically for the area being generated.
3 Provides an aid to training inexperienced auditors.
4 Provides auditees with view on what the auditor is looking for.
5 Aids the conducting of partial audits

Disadvantages

1 Auditors can be focused to much on the checklist and not the audit.
2 Gives indication of auditors preconceived ideas.
3 Check lists may not be agreeable to external auditors.

6.4.4 Advantages and Disadvantages of Generic Checklists

Advantages

1 Consistent audit questions for audit team.

2 Enables training of auditors in company requirements.
3 Provides evidence of consistent approach to audits for external assessors.
4 Economical.
5 Easily reviewed.

Disadvantages

1 Is not suitable for all audits.

2 May produce inflexibility of auditors, and inability to adapt with different audit
objectives and problems.
3 Perceived lack of value by auditee, 'always check the same things'.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
STONEHILL Quality Consultants Page : 15
 Guide to Internal Quality Auditing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
6.5 INITIAL CONTACT/OPENING MEETING

This is a meeting between the auditor (audit team) and auditee(s) to :-

Introduce auditor (audit team) to auditee's if necessary.

Confirm the purpose and scope of the audit.
Allay any fears about the audit.
Review audit scope, timetable and agenda.
Make arrangements for breaks, lunch and finish time on each day.
Describe the method of auditing/reporting (questioning, examination of documents, methods for
reporting observations, classification of majors, minors and observations, etc.).
Agree a provisional date and time for the closing meeting.

The Lead Auditor/Auditor should confirm with the company the standard and other references that
will be used. The Lead Auditor/Auditor should also state the reason and background for the audit
and any other relevant information such as previous audit results etc.

This opening meeting/initial contact should not take more than 30 minutes.

It is at this stage that the auditee should appoint 'guides', should the logistics of the audit prove
necessary.

The names of people present should be recorded.

6.5.2 Technique of presentation

The Lead Auditor and the team or the auditor, should conduct this important opening meeting/initial
contact bearing in mind that the first impression of the audit team/auditor will set the tone for the
rest of the visit. Points to be aware of are :-

Look professional in your appearance.

Present your information clearly.
Be organised in your presentation and be polite.
Be in control of the situation.

Don't

Arrive late.
Allow the meeting to go on longer than planned.
Be bossed or dictated to by the department's management.
Let your team or yourself become distracted during the meeting.

6.5.2 Appointment of Guides

In some audits, guides are used to continually listen to and observe the auditors discussions and
findings. They will additionally :-

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
STONEHILL Quality Consultants Page : 16
 Guide to Internal Quality Auditing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Confirm what the auditor has observed by endorsing the audit report form on completion of the
audit.
Guide the auditor through the organisation in line with the agreed audit schedule, or in line with
an audit trail.
Describe the work processes as the audit progresses and point the auditor(s) to the appropriate
individuals to question or records to examine.
The guide may also help with arranging the schedule in mid-audit, where audit findings point to
this necessity.

6.6 CONDUCTING THE AUDIT

6.6.1 The Attributes of an auditor

The following are desirable attributes to look for in a good auditor :-

* Good Judgement * Industrious

* Open minded * Good communications
* Resilient * Professional
* Diplomatic * Interested
* Self disciplined * Inquiring mind
* Honest * Analytical
* Unbiased * Human
* Good listener * Patient
* Articulate * Good time management

It then follows that undesirable attributes in an assessor would be the reverse of these qualities

6.6.2 Do's and Don'ts of an auditor

When carrying out an audit within a process, department, company, etc, it should be remembered
that the auditor/team are guests of that department and should behave in a manner that is
professional and proper. A well conducted audit reflects well on the auditors as well as the
audit/team itself and the auditor/Lead auditor should ensure the following :-

DO :

Introduce yourself, explaining why you are there and what will happen
Put the auditee at ease
Remember the auditors six friends. How, What, Why, Where, Who, When
Seventh friend 'Please Show Me'
Know the quality system standard being used (eg. ISO 9001) and be able to interpret to the
situation being audited.
Get into the work area 'don't sit in the office drinking coffee'
Keep your eyes and ears open : look for the unusual
Beware of time wasters : interruptions, late arrivals, etc
Listen actively
Look for non-verbals
Obtain your own objective evidence
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
STONEHILL Quality Consultants Page : 17
 Guide to Internal Quality Auditing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thank the auditee for his time
Stop auditing if there is no more to be gained
Use silence to draw out the facts
Be specific

DON'T :

Argue or intimidate
Rise to provocation - stay calm
Make assumptions
Pre-judge
Answer the questions for the auditee
Jump to conclusions
Blame, criticise or patronise
Interrupt response to questions
Use hear say
Ask more than one question at once
Use jargon or abbreviations
Get side-tracked
Run overtime without approval of auditee
Use checklists without being flexible to change direction if needed

6.6.3 Gaining information in an effective way

The aim of an effective audit is to review the activities of an area within a department, process etc
and evaluate the documentary evidence of these activities being performed against the controls or
standards to which it should be working.

To achieve the above criteria the auditor or audit team must gain enough information and evidence
from the process, department, area being audited to be sure that an acceptable system is in use and
that the controls are effective in achieving their aims.

This will be achieved using the checklist as a guide.

Objective evidence should be examined and details recorded against the checklist. All details
necessary for a rounded judgement must be included e.g.

* Identification of evidence.
* Specific details of non-conformance.

It is very important to record objective evidence whilst conducting the audit as this gives the factual
information for a non-conformance being raised or for highlighting a well controlled area. Without
this factual information, the closing meeting, the presenting of the non-conformances and
highlighting good areas becomes a very hard job, because you can not prove without question!
Therefore, ensure Document references are noted, Part No's noted, serial No's noted, FOD samples,
have photographs taken, etc.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
STONEHILL Quality Consultants Page : 18
 Guide to Internal Quality Auditing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Qualification of activity compliance or non-conformance should be recorded in the remarks
column.

The auditors should be armed with the process flow diagrams and audit checklists. Notepaper and
pen are additional needs. As questions are asked and answered, as many notes as are necessary
should be made to enable adequate recall when writing up the audit.

The technique is to mentally point to each activity in turn in the process and, through appropriate
questioning, develop understanding and clarity on how they function. The aim is to gather facts
about what happens in practice.

6.6.4 Asking the right question

During the assessment it is important to know whether the personnel within the process, department
or area, fully understand the controls they are working to and can demonstrate the system being
used. It therefore follows that the task of the auditor should be in part to request a demonstration of
that knowledge from the relevant person or persons. To do this, questions must be asked by the
auditor which require more than a 'yes' or 'no' answer from the auditee. The questions asked should
therefore be open, remember this verse to help remind you of the key words for open questions :-

"I keep six honest serving men, they taught me all I know, their names are WHAT and WHY and
WHEN and HOW and WHERE and WHO. The seventh friend is SHOW ME."

These questions require a reaction from the auditee which will show knowledge of the system or
process.

6.6.5 Using the Audit Information

As information is gathered about the process(es) and the way in which they function, taking full
account of all supporting controls, (documentation, test routines, records, etc.), the auditor can
begin to make judgements on overall effectiveness including :-

Process capability.
How the process is successful.
Whether it can be relied upon to be consistently successful (taking account of the necessary
controls which are in place).
The adequacy of the controls.
Process weaknesses, (lack of control, such as no standard, no acceptance criteria for a test, no
tests defined, in other words an inappropriately high dependence on an individual's skill and
knowledge).
The attention to detail by the process operators and their individual compliance with established
procedures and work instructions.
How the process is failing, or has the potential to fail. (This in fact relates to determining how
much 'prevention' is designed and built into the process against the risk and effect of failure).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
STONEHILL Quality Consultants Page : 19
 Guide to Internal Quality Auditing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
6.7 CLOSING MEETING

This would be a meeting with the auditee(s) and, where necessary, management representatives.
The attendance should be recorded.

The meeting should cover the following points :-

Summary of findings by the lead auditor/auditor, dealing with positive issues first.
Describe any areas of concern, if details are related to observations or non-conformances detail
individually.
Summarise the number of non-conformances and observations.
Obtain agreement on any non-conformances not signed for.
Ensure corrective actions are detailed on non-conformances if practical. Refer to section 7.0.
Arrange for follow up audits or confirmation meetings as required.
Make any recommendations.

At the end of the audit, it is important to :-

Provide copies of all audit forms raised during the audit to the auditee (preferably, the key
management representative).

6.7.1 Audit Report

The audit report should be available within 1-2 weeks after the audit. It will contain the following
information :-

Area, process, department audited

Aims and objectives of the audit
Key people involved
Summary of the findings, good and bad
Objective evidence collected, ie. forms, data, proforma's, photographs etc. these would be
attached to the relevant audit report forms
Recommendations - if appropriate
Thanks to auditee's and guides

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
STONEHILL Quality Consultants Page : 20
 Guide to Internal Quality Auditing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
7.0 CORRECTIVE ACTIONS

Agreeing corrective action is one of the key parts of the audit, because if the wrong corrective
action is taken, time is lost in an activity which does not solve the cause of the non-conformance.

What is a fix : A fix is something that puts that particular occurrence right, ie. a document that is not
at the right issue, the fix would be to update it.

What is Corrective Action : Corrective action is the action taken to prevent re-occurrence of a
problem, ie. solve the problem at source. An example of this could be, that if a document is at the
wrong issue, the fix would update the document and the corrective action would be to improve the
process of re-issuing documents to ensure documents are at the correct issue.

Identification

Problem
Prevention
Description

Problem
Corrective Action Acceptance

Root Cause
Problem Fix
Analysis

The above cycle describes the cycle of any problem that can be identified as a result of an audit. In
conducting audits the important aspect of an audit is that it provides evidence of the existence or
adequacy of controls that would ensure the acceptable quality level of a product, service or process.

PROBLEM CYCLE RESPONSIBILITIES

1. Identification By product, service or process auditors

By independent auditor

2. Problem description By Product, service or process auditors

By independent auditor

3. Problem acceptance Product, service or process owners

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
STONEHILL Quality Consultants Page : 21
 Guide to Internal Quality Auditing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
4. Problem fix Product, service or process owners

5. Root cause analysis Every one. By team effort

6. Corrective action Corrective action owner

7. Prevention Product, service or process owners

Generally audit non-conformances are issued by the auditor, and the auditors involvement in the
problem cycle stops at point 4.

However in some instances systems audits may involve the identification and agreement of
corrective actions during the closing meeting. It is very useful for the auditor to prepare
himself/herself, by familiarising himself/herself with any similar problems that may have occurred
in the past and the resultant effectiveness of the corrective action, as this information will prove
vital in assisting the auditee department to come to a satisfactory decision on the corrective action.

For process and product audits, it may be necessary to carry out some causal analysis of common
problems over a period of time ie. two weekly/monthly. By doing this and identifying common
causes corrective actions can be identified agreed which will address a number of similar problems.
This also establishes a method of prioritising the corrective actions, by the problems which occur
the most, are of critical importance or some other agreed criteria.

It is in this causal analysis and agreement of corrective action that the auditor can play an important
role and offer significant contribution to the problem elimination.

An important part of the audit cycle is the measure of the effectiveness of corrective actions. By
monitoring and analysing non-conformances via a database, trends can be established to
improvements or deterioration of problems identified.

It may also indicate an improvement in the severity of the problems found, resulting in the ability to
change the level of audit and points of audit based on measurable, objective and specific data.

In all cases the auditors should be assisting the auditee to understand and take ownership of the
problems, but also for the auditee's department to implement activities which will identify and solve
problems before the independent auditor finds them.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
STONEHILL Quality Consultants Page : 22
 Guide to Internal Quality Auditing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
8.0 FOLLOW UP AND CLOSE OUT OF NON-CONFORMANCES

Audits are only as good as the actions taken in response to it. Therefore without an effective
response the audit will have been a waste of time.

It is very important that follow up action is implemented by the Lead Auditor/Auditor to ensure that
the corrective action has been carried out and the results have been effective and recorded (close
out). In cases where corrective action has been effective then the non-conformances can be closed
out with evidence as to who carried out the follow up and close out activities.

Depending on the nature and cause of the problems, auditors can check the implementation of
corrective action in many ways including those listed below:-

A re-audit of the non-conforming area, process

Reviewing revised or new documents, procedures, documented objective evidence
Verification at the next scheduled audit
Surveillance's at intervals by the auditor

are in place.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
STONEHILL Quality Consultants Page : 23