ISO 9001:2015

Internal Auditor 1 Day

1
Objective
The programme aims to provide delegates with the
knowledge and ability to
Demonstrate the process based auditing and risk
based thinking in meeting the new quality
management system requirements
Enhance the existing understanding of auditing
business process
Assess the Quality Management System based
on ISO 9001:2015

Who Should Existing ISO 9001:2008 personnel appointed to be involved in

Attend: audits and appointed Internal Auditors.
Prior ISO 9001:2015 Requirements and ISO 9001:2008 audit
knowledge is a MUST for this course.

2
Contents

Session 1: Audit Fundamentals

Session 2: Audit Planning
Session 3: Audit Preparation
Session 4: Audit Methodology

3
 Session 1
Audit Fundamentals

4
 Important Key Awareness

(1) Applicability of requirements within

the scope of the Quality Management
System
(2) An understanding of process
management, PDCA process
model and Risk-based thinking

5
 PROCESS APPROACH

Process

any activity that takes inputs

and converts them to outputs

Process approach

the systematic identification and

management of these activities and
the interactions between activities

6
Schematic representation of the
elements of a single process

7
 ISO 9001:2015

Quality Management System (4)

Organization Support(7)
and its Operation
context (4) (8)
Customer
PLAN DO satisfactio
n
Results
Customer Planning Leadership Performance of the
requirements (6) (5) Evaluation QMS
(9)
Products
ACT CHECK and
Services

Needs and
Expectations Improvemen
of Interested t
Parties (4) (10)
8
 Plan-Do-Check-Act cycle & continual
improvement
Establish objectives
necessary to deliver
Take actions to continually results in accordance
improve process performance with customer
effectiveness and efficiency requirements
Act Plan and the organisation's
What to do
How to improve How to do it policies, and identify
next time? and address risks and
opportunities

Check Do
Do what was
Did things happen planned
according to plan?
Monitor and measure
Implement the
processes and product
processes
against policies, objectives ,
requirements and planned activities,
and report the results

9
 Risk-based thinking
Risk is the effect of uncertainty can have positive
and negative effects
Opportunities can arise as a result of a situation
favourable to achieving and intended result.
The extent of risk is determined by the
organisation
Organisation can consider risk qualitatively (and
quantitatively) depending on the organisations
context

10
 ISO 9001:2015
Clause 4

4
Context of the
organization

4.2
4.1
Understanding the 4.3 4.4
Understanding the
needs and Determining the QMS and its
organization and
its context
expectation of scope of the QMS processes
interested parties

11
 ISO 9001:2015
Clause 5

5 Leadership

5.2 Policy 5.3 Organizational

5.1 Leadership roles,
and commitment responsibilities
5.2.1 and authorities
Establishing the
quality policy
5.1.1 General
5.2.2 Communicating
the quality policy
5.1.2 Customer focus
12
 ISO 9001:2015
Clause 6

6
Planning

6.1 6.2
6.3
Actions to address risks Quality objectives and
Planning of changes
and opportunities planning to achieve them

13
 ISO 9001:2015
Clause 7

7
Support

7.5
7.1 7.2 7.3 7.4
Resources Competence Awareness Communication Documented
information

14
 ISO 9001:2015
Clause 8
8: Operation

8.1 Operational planning and control

8.2 Requirements for products and services

8.3 Design and development of products and services

8.4 Control of externally provided processes, products

and services

8.5 Product and service provision

8.6 Release of products and services

8.7 Control of nonconforming outputs

15
 ISO 9001:2015
Clause 9

9 Performance evaluation

9.1 Monitoring, 9.2 Internal audit

measurement, 9.2.1 9.3 Management
analysis and review
evaluation
9.1.1 General 9.3.1 General
9.1.2 Customer 9.3.2. Management
satisfaction review inputs
9.1.3 Analysis 9.3.3 Management
and evaluation review outputs
16
 ISO 9001:2015
Clause 10

10 Improvement

10.2 10.3
10.1
Nonconformity and Continual
General
corrective action improvement
10.2.1

10.2.2

17
 ISO 9001:2015 PDCA Flowchart
Internal & External Context,
Customer Focus, Interested
parties requirements

Identify relevant legal and any other obligation

P Quality Policy
Opportunities
Risks and

Quality Objectives Identify processes at respective function and level

D Program/Action Plan Implement the processes Procedures

Monitor & Measure

C
Audit

Continual Improvement
A Mgt Review

18
 Process Approach
Two themes:

customer focus continual

improvement

19
 Session 2
Audit Planning

20
 AUDIT PLAN

Scope of Audit
Establish the audit team
Identification of key auditee personnel
Prepare audit plan

21
ACTIVITY 1

22
 AUDIT TEAM

Team Leader
a) To plan the audit
b) To organize and direct audit team members
c) To provide direction and guidance to auditors-in-training
d) To represent the audit team in communications with auditee
e) To lead the audit team to reach the audit conclusions and
complete audit report
f) To report to top management the result of audit
g) To prevent and resolve conflicts

23
 AUDIT TEAM

Auditor
a)To review documentation and develop audit checklist
b)To conduct audit in accordance to audit plan
c)To conduct audit in accordance to requirements
d)To prepare audit notes / findings
e)To conclude audit findings based on evidence and logical reasoning
f)To report to team leader the result of audit
g)To follow up with nonconformance raised

24
 AUDIT TEAM

Knowledge and skills:

a) Audit principles, procedures and techniques
b) Management system and reference documents
c) Organizational situations
d) Applicable laws, regulations and other requirements
relevant to the discipline

25
 AUDIT TEAM

Attributes:
a) Ethical, i.e. fair, truthful, sincere, honest and discreet
b) Open-minded, i.e. willing to consider alternative ideas or
points of view
c) Diplomatic, i.e. tactful in dealing with people
d) Observant, i.e. actively aware of physical surroundings and
activities
e) Perceptive, i.e. instinctively aware of and able to understand
situations
f) Versatile, i.e. adjusts readily to different situations
g) Tenacious, i.e. persistent, focused on achieving objectives
h) Decisive, i.e. reaches timely conclusions based on logical
reasoning and analysis
i) Self-reliant, i.e. acts and functions independently while
interacting effectively with others
26
 AUDIT PLAN

The objective and duration of each audit to be conducted

The frequency of audits to be conducted
The number, importance, complexity, similarity and
locations of the activities to be audited
Conclusions or results of previous audits
Significant changes to an organization or its operations

27
 AUDIT PLAN

Ensure that all the systems described in the scope are

audited at planned frequency / interval
Schedule required showing Program Activities, dates of the
Audit, assigned auditors, plus completion dates
To be approved by top management or Management
Representative to show the commitment
Schedule follow-up audits, when required

28
 EXAMPLE OF AUDIT PLAN

Round of Audit:
Audit Date:
Audit Team Leader:
Audit Team Members:

Date Time Auditor Area/ Process/ Department Auditee

29
 WORKSHOP 1
Establish Audit Plan

30
 AUDIT NOTIFICATION

Verbal Notification
May precede written notification and this is usually
done to confirm the audit plans before its confirmed
in writing

Written Notification
Usually includes the subject (scope), Auditor(s),
personnel / auditee to be contacted, scheduled date /
time for opening meeting and any appropriate
background information

31
 Session 3
Audit Preparation

32
ACTIVITY 2

33
 AUDITOR

Audit objectives
Planning
Audit Schedule

Notification of Audit

Selection of Audit Team
Preparation
Prepare Checklist

Audit Plan

Audit team
Conduct Audit
Auditee
Audit
AUDITEE
Complete Audit /
Discuss Findings
Audit team Process
Non-conformance Statements
-investigate cause of Audit Report Back CAR (s) / Audit Report
nonconformance and Recording
-return completed CAR CAR Status Log

-implement necessary Follow - up

Team Leader
corrective / preventive
action and monitor for
effectiveness.
Team Leader
Close - out
QMR

34
 Audit Objectives
OBJECTIVES

Determining the extent of conformity to audit criteria

Evaluating compliance with legal and contractual requirement

Evaluating the effectiveness in meeting objectives

Continual Improvement / Maintenance of the System

35
Advantages of Audit Checklist

Thoroughness
- Provide auditor with a list of items that needs to be covered
during audit to ensure complete coverage of systems
Supplement auditors memory
Improves the auditors efficiency
Ensure the consistency of Audit
Help auditor manage his/ her time during audit

36
Disadvantages of Audit Checklist

Lead to limiting questions that generate Yes or No

answer
Predetermined sequence of thought and questions; may
prevent auditor using his own discretion
Boring and rigid
Non-focused audit; details may be overlooked

37
 PREPARATION OF CHECKLISTS

a) Form questions using

5W+1H*

*What, Who, When, Why,

Where, How

b) Avoid using Is, Are or Do

38
 CHECKLIST DETAILS / DATA

a) Basic Audit Data

- Audit Date
- Name of Auditor
- Department / Area Audited
b) Audit basis / Requirements
(Questions)
c) Results

39
 Audit Scope
SCOPE

DESCRIBE THE EXTENT AND BOUNDARIES OF AUDIT

Physical locations

Organisation units

Activities, processes and duration

40
 Audit Schedule
CRITERIA

INCLUDES
Applicable standards QMS requirement

Policies Industry /business sector

code of conduct
Procedures
Regulations / legislation

41
 Audt Planning and Audit Schedule
- Schedule
Audit Frequency
- number of deficiencies
- severity of deficiencies
- customer complaints
- adverse trends in product defects
- cost of audits
- people and/or process changes
-criticality of process

Problem Areas
Note: Frequency of audit shall take into consideration the status and
importance of the processes and areas to be audited, as well as the results of
previous audits

42
 Checklists- Preparation

Reflects objective and scope of the audit

Sources of information for checklists

-Previous internal audit report / CAR (S)

-Previous checklist
-Audited Quality Documents
-known quality problems

43
 Checklist Preparation

Context?
Interested parties?
Risks & Opportunities?
Organisational knowledge?
Post-delivery activities?
Managing changes?

44
 Checklist - Preparation

WHAT the auditor wants to look at

WHAT the auditor wants to look for
WHOM the auditor wants to speak to
WHAT the auditor wants to speak about

45
 AUDIT PROCESS

Opening audit meeting

Conduct audit
Collect audit evidence

Closing audit meeting

46
 OPENING AUDIT MEETING
Between 10 15 minutes
Between management, audit team and auditee
Introduction of audit team
Review the purpose and scope of audit
Review resources and facilities required
Brief on audit methodology
Identify auditee
Confirm audit plan / schedule
Open for questions

47
 Critical Process
Visualised by:
mapping the processes
developing flow-charts
using standard checklists based on ISO 9001
develop personal checklists from procedures or
other documentation

48
 Mapping a process

Increasing level of detail

Level 1

Level 2

Level 3

49
 Session 4
Audit Metholodgy

50
 AUDIT METHODOLOGY

VERTICAL METHOD
Focuses on each function to audit all
requirements of ISO 9001for conformance

HORIZON TAL METHOD

Focuses on one element of ISO 9001at a time

51
 AUDIT METHODOLOGY
TRACKING METHOD
Trace Forward by obtaining random samples and follow through,
example
Incoming of chemical to usage of chemical
Identified significant environmental impact / risk to control
Identification of scheduled waste to disposal

Trace Backward by taking random samples and review backward,

example
Incoming of chemical to supplier selection
Corrective action to source of complaint, incident
Trainings to training needs

52
 AUDIT METHODOLOGY
AUDIT TRIANGLE CYCLE

Observe

Listen /
Check Question
Evidence

53
 AUDIT METHODOLOGY

OBSERVE
Sample Selection
Observing Operations
Reviewing Documentation/ Records
Reviewing Activities

54
 AUDIT METHODOLOGY

QUESTION
Different types of question on the same topic may
lead to different depth of information
Auditor should develop a strategy to use the best
sequence and use appropriate type of questions
Where much closer attention is required, start with an
open question and lead to a closed question
A good combination of different questioning
techniques is recommended

55
 Checklist Questions
Step by step process of tracking activities - audit trail.
The processes which are taking place
Any relevant procedures
Documented information which are being used
The requirement of the standard

56
 QUESTIONING
The six important words: TECHNIQUES
How
Where
When
What
Why
Who
Questions to be avoided:
Tricky
Leading
Ambiguous

57
 Type of Description Examples Comments
Question

Open An open question will lead 1. What is your 1. Open questions may
to a wide range of interpretation of the sidetrack your
answers. We generally result obtained? conversation and focus.
use it to seek the auditees 2. How you process these 2. It may be difficult for the
opinion, to get an results? auditee to respond.
explanation from the 3. How do you implement 3. They may be so open
auditee or to allow for management program? that you will get general
reasoning on certain answers.
matters.

Closed/ A closed question is used 1. Do you know that there 1. These questions
Direct to get a yes or no is a documented provide limited
answer, while a direct procedure for this? information and if you
question will invite a short 2. Whats your are in search of an
answer with one or a few responsibility? extended answer, use
words. These questions 3. Has this equipment an open question.
are used to get specific been calibrated? 2. Be careful of the tone
information. 4. Do you check the water when you use this type
quality against the legal of question.
requirement?

58
 Type of Description Example Comments
Question
Probing/ These are open 1. How was the corrective 1. If you need to
Clarifying questions, but they aim at action completed? encourage the
getting more or clarifying 2. Could you provide me with auditee to elaborate,
information about a some examples on these? use this type of
subject. 3. What do you mean by question.
verifying against the 2. Avoid frequent use
regulations? as the auditee may
think that you are not
listening.
Leading Leading question 1. You do check for the noise 1. This type of
suggests an answer, as level every year, dont questions should be
the answer is normally you? avoided as it may
contained implicitly in the 2. You determine your lead to biased
question. chemical label based on information.
legal requirement, dont
you?

Interrogative/ These questions put the 1. Dont you agree with me 1. Avoid this type of
Antagonistic auditee on the defensive. that you have not correctly questions.
label the scheduled waste
bin according to the
requirement?

59
 Objective Evidence is ....
Something the Auditor saw
Something the Auditor is told as being policy or practice:

May be obtained from:

interviews
observation of activities
documented information
data summaries
measurement processes and programmes
reports from other sources: customer feedback, vendor supplier
ratings
interaction between functions, activities, processes
60
 Session 3
Auditing Grading

61
 Audit Finding
It may be:

Nonconformity
Observation/opportunity for improvement

62
 Nonconformity
Definition : The non-fulfilment of a requirement. \
(source: ISO 9000)

May be a failure to :
comply with legal requirements
conform to the Standard
implement a process or other documented requirement
implement a legal or contractual requirement

No requirement = no nonconformity

63
 Opportunities for improvement
good points which may benefit other areas of
organisation
areas of concern
deficiencies given the benefit of the doubt
recommendations for improvement

64
 Complete the Audit
Review Audit Findings:
- audit team meeting to discuss all findings
- team leader to make final decisions
- all findings to be supported by objective evidence

Write non-compliance statements

- non-conformance statements to be recorded on the CAR

Report-back meeting

65
 NON-CONFORMANCE
A failure to comply with a requirement. The fault
may be caused by the failure of the system to comply or
failure to implement the system itself.
_______________________________________

NON-CONFORMANCE STATEMENTS
Non-conformance statements are statements that
explicitly express the identified non-conformity
along with the supporting evidence. They generally
include the following:

The Deficiency
The Objective Evidence
Details of the Deficiency
Where
What
Who
66
 NON-CONFORMANCE STATEMENTS
t No risks and opportunities have been addressed
in
warehouse process implemented since 17/4/2XXX
to give assurance that the QMS can achieve
its intended result(s).

t There is lack of monitoring and review of local authority

requirements who issued the A -type and B-type
Transportation permits.

67
 Closing Meeting Agenda

To be chaired by audit team leader.

Repeat purpose and scope of audit.
Thank auditee
Comment on good points.
State overall compliance
Read non-compliance statements.
Do not argue.
Arrange follow-up (to close out corrective actions).
Take minutes of meeting for any follow up.
Close meeting.

68
CLOSE-OUT THE CAR

Each non-conformance is to be closed out

individually.
Ensure that the corrective action has
addressed the root cause of the non-
conformance.
Update Risks and Opportunities determined
during planning, and make changes to the QMS,
if necessary.

Not treated the symptoms only but

prevented recurrence of the non conformity.
When the auditor is satisfied there is no
further example of the non-conformance.

69
 WORKSHOP 3
Role Play (Simulated Audit)
The purpose of this exercise is to give participants the experience in conducting an audit as
well as to provide opportunities to improve and enhance auditing skills and techniques.

Auditors
i. Within your group, question your auditees based on your audit checklist prepared in
Workshop 2.
ii. In this workshop, if you ask the auditees for documentation, it shall be assumed that the
documentation can be provided.
iii. Report nonconformities/ findings.

Auditees
i. Within your group, response logically and rationally to the auditors questions.
ii. If the auditor asks for documentation, for the sake of this exercise, it should be assumed
that it could be provided.
iii. Propose corrective actions for reported nonconformities.

70