Beruflich Dokumente
Kultur Dokumente
(1089456-K)
Table of Content
1. Introduction to Auditing
2. Process Approach & Process Auditing
3. Managing Audit Programme
4. Auditing Activities
5. Competency & Responsibilities of Auditor
6. Conclusion
1. Introduction to Auditing
What is an audit ?
Systematic, independent and documented
process for obtaining audit evidence and
evaluating it objectively to determine the extent
to which audit criteria are fulfilled
(ISO19011: 2002 clause 3.1)
Why audit ?
Requirement of ISO 9001:2015
Monitor and measure the management
system
Promote continuous improvement of
the management system
Principle of Auditing
Principles relating to auditors:
Ethical conduct
Fair presentation
Due professional care
Principles relating to audit:
Independence
Evidence-based approach
Note: reference to ISO 19011:2002 Clause number 4.0
Benefits of Auditing
Verifies conformity to requirements
Increases awareness and understanding
Provides a measurement of effectiveness of the
management system to top management
Reduces risk of management system failure
Identifies improvement opportunities
Continuous improvement if performed regularly
Type of Audit
First-party (internal
audit)
Second-party
(external audit)
Third-party (external
audit)
Workshop 01
Process Approach
The process approach emphasize the importance of :
Understanding and meeting requirements
Looking at processes in terms of added value
Obtaining results of process performance
Continual improvement of process
Process Approach
PDCA (Plan-Do-Check-Act)
ACT
How to
improve next
time?
CHECK
Did things
happen according
to plan?
PLAN
What to do?
How to do?
DO
Do what was
planned
Workshop 02
PDCA (Plan-Do-Check-Act)
Continual Improvement
of QMS
C
U
ST
O
M
ER
RE
Q
UI
RE
M
E
N
TS
LA
P
N
input
Information flow
AC
T
Measurement,
Analysis,
Improvement
Resource
Management
Value-adding activities
Management
Responsibility
D
Product
Realization
EC
H
C
K Product
output
SA C
U
TI
SF ST
O
A
CT M
IO ER
N
PDCA (Plan-Do-Check-Act)
PDCA (plandocheckact or plandocheckadjust) is an
iterative four-step management method used in business for
the control and continuous improvement of processes and
products.
It is also known as the Deming circle/cycle/wheel, Shewhart
cycle, control circle/cycle, or plandostudyact (PDSA).
By Wikipedia
Workshop 03
Workshop 03
DO
PLAN
ACT
AUTHORIZE
OBJECTIVES
EXTENT
ROLES
RESOURCES
PROCEDURES
MONITOR &
REVIEW
IMPLEMENT
ESTABLISH
SCHEDULE AUDITS
EVALUATE
AUDITORS
ELECT TEAMS
DIRECT ACTIVITIES
MAINTAIN RECORDS
AUDITOR
COMPETENCE
& EVALUATION
MONITOR
REVIEW
IDENTIFY NEED FOR CA/PA
IDENTIFY OPPORTUNITIES
TO IMPROVE
SPECIFIC AUDIT
ACTIVITIES
IMPROVE
Audit Activities
PLAN
DO
CHECK
ACT
Workshop 04
Audit Program
Top management should authorize responsibility for
program management to:
Establish, implement, review, and improve the audit
program
Identify the necessary resources and ensure they are
provided
Organization should develop audit program processes
Program should be managed by a member of the
organization
Keep appropriate audit records to monitor and review the
audit program
Auditor Competence
Auditor competence is based on:
Personal attributes
Application of knowledge and skills
Competence is to be developed, maintained, and
improved
Workshop 05
Auditor Competence
SELFRELIANT
OPENMINDED
PERSONAL
ATTRIBUTES
ETHICAL
DIPLOMATIC
DECISIVE
TENACIOUS
OBSERVANT
VERSATILE
PERCEPTIVE
Auditor Competence
Auditor skills and competence could include:
Audit principles, procedures, and techniques
Management system and reference documents
Organizational situations
Laws, regulations, and other requirements
Auditor Competence
Specific knowledge and skills for quality auditors
could include:
Quality methods and techniques
Quality terminology
Quality management tools and their application
Processes and products/services specific to the
sector being audited
Auditor Responsibilities
Arrive on time
Maintain confidentiality
Be objective and ethical
Support the audit team and team leader
Plan and prepare work documents
Inform auditees of the audit process
Document and support all findings
Keep auditee informed
Safeguard all documents
Prepare the audit report
Audit Planning
Checklists Preparation
One Approach is to:
Identify audit scope and process(es) within scope
Identify applicable factors (inputs, outputs, measures,
resources, etc.)
Use these points and other requirements
(ISO 9001:2015, system documentation, etc.) to:
Plan what to look at
Plan what to look for (audit evidence)
Prepare checklist
Workshop 06
Checklists Structure
Audit checklist structure
PROCESS / ACTIVITY AUDITED:
REQUIREMENT
ISO 9001:2008
Clause No.
or other
requirement
SOURCE
What to
Look At
EVIDENCE
What to
Look For
NOTES
Opening Meeting
Hold opening meeting with auditee top management and
those responsible for processes audited
Meeting may be informal
Chaired by team leader
Audit team present
Purpose is to confirm all prior arrangements
Workshop 07
CONCLUDE
Audit Evidence
Review documents that describe:
Activities
Plans
Controls
Strategies
Exercises
Tests
Show interest
Be tactful and polite
Show patience and understanding
Remember to say please and thank you
Ask the right person
Don`t say you understand when you do not
Questioning Technique
Open question
Using why, who, what, where, when, or how gets more
than a yes or no answer
Expansive question
Further elaborates the current point
Opinion question
Asks opinion about current point
Non-verbal
Uses body language, for example: raise eye-brow to
elicit further information
Questioning Technique
Repetitive question
Repeats back response in form of a question
Hypothetical question
Uses what if, suppose that, etc.
Closed question
Gets yes or no answer
Avoid using too often
Used for confirmation
Silence
Draws more information
Note Taking
Notes could be used as reference for:
Immediate investigation
Investigation later
Use by a colleague
Subsequent audits
Notes taken during an audit are a record of:
The audit sample taken
What was reported
What was observed
Notes may be referenced by subsequent auditor
Volunteered
Information
Unprepared
Long
telephone calls
Constant
interruptions
Long
auditees
Diversionary
tactics
Interdepartmental
/ Personality
conflicts
Boastful
Called away
Language
Provocation
Noisy
environment
Workshop 07
Nonconformity
Non-fulfilment of a specified requirement:
Not doing it
Partially doing it
Doing it the wrong way
Specified requirement:
Conditions of the customer contract
Quality standard (ISO 9001:2015)
Quality management system
Statutory or regulatory requirements
Nonconformity - MINOR
Failure to comply with a requirement which (based on
judgment and experience) is not likely to result in QMS
failure
Single observed lapse or isolated incident
Minimal risk of nonconforming product or service
Examples:
A two month lapse in the internal audit program
A training record not available
No actions taken to improve system based on previous
result findings
Nonconformity - MAJOR
Absence or total breakdown of a system to meet a
requirement
A number of minors related to the same clause or
requirement
A nonconformity that experience and judgment indicate
will likely result in QMS failure or significantly reduce its
ability to assure controlled processes and products
Nonconformity - MAJOR
Examples:
No documented procedure for a required documented ISO
9001:2008 process/activity
Document changes routinely made without authorization
No awareness program for the quality management
system
No future planned internal audits
Insufficient scope
Numerous minor nonconformities found in the production
process
Major
Minor
Requirement:
Clause 7.4.1 of ISO 9001:2008 requires that the organization establish criteria for evaluation
and re-evaluation of suppliers.
Nonconformity Findings:
Upon speaking with the purchasing Manager, it was found that no evaluation of XYZ supplier
had taken place since the contract was signed and business begin with XYZ supplier.
Audit Report
Prepare, Approve & Distribute
1.
2.
3.
4.
5.
6.
7.
8.
9.
Audit reference
Client and Auditee details
Audit team details
List of auditee representatives
Objectives, scope, and criteria
Audit plan dates, places, areas audited and timing
Summary of audit process
Audit Summary
Uncertainty due to sampling
Audit Report
Prepare, Approve & Distribute
10.Nonconformity reports
11. Recommendation
12.Obstacles encountered
13.Any areas in audit scope not covered
14.Any unresolved issues between the auditee and team
15.Confirmation that audit objectives accomplished
16.Confidentiality statement
17.Distribution list
Closing Meeting
Hold closing meeting to present audit findings and
conclusions
Cover situations encountered during audit that may
decrease reliance on audit conclusions
Discuss and resolve diverging audit findings and
conclusions
Keep a record if not resolved
Provide recommendations for improvement where
specified by audit objectives
Keep minutes and attendance records
Will normally be informal for internal audits
Conclusion
Workshop 08
Q&A
THANK YOU