Internal Auditor Course

February 1, 2017
Internal Quality Auditor Course

Copyright © 2014 ProSep. All Rights Reserved.
SECTION 1 – COURSE PROGRAM

SECTION 1 - OUTLINE
Workshop 1
ISO 9000 Family Standards
Benefits of Quality Systems
Quality Management Principles
Workshop 2
ISO 9000 Terms and Definitions
The Process Approach
Workshop 3
February 1, 2017 3

WORKSHOP 1 - INTERVIEW
Using the information provided below, please
pair off and interview one another and observe
the responses. Assign time keeper, Time Limit: 10 Min.
Information you seek:
– Name
– Company or Department
– Brief resume of your career
– Quality Management System experience (scale
of 1 to 10)
– Objective of attending this course
February 1, 2017 4

ISO 9000 FAMILY OF STANDARDS
What is ISO?
– ISO stands for International Organization for
Standards.
– ISO is a worldwide federation of national standard
bodies (ISO member bodies)
– The work of preparing ISO is normally carried out
through ISO technical committees.
– International organizations, governmental and non-
governmental, in liaison with ISO, also take part in the
work.
February 1, 2017 5

ISO 9000* - Quality
Management Systems
– Fundamental and
Vocabulary
ISO 9001 - Quality
Management
Systems
Requirements
ISO 9004 – Quality
Management
Systems –
Guidelines for
Performance
Improvements
ISO 19011 are Guidelines for Quality and / or Environmental Systems Auditing
ISO 9000 FAMILY OF STANDARDS
February 1, 2017 6

ISO 9000 QMS FUNDALMENTALS & VOCABULARY
Specifies terms and definitions for Quality
Management Systems (QMS).
Prepared by Technical Committee ISO/TC/176,
Quality management and quality assurance,
subcommittee SC 1, Concepts and terminology.
ISO 9001 refers to this standard as a “Normative
Reference” i.e. it is essential for the application
of the standard.
Organization cannot be certified to it (ISO 9000).
It is not auditable.
February 1, 2017 7

ISO 9001 QMS - REQUIREMENTS
Specifies requirements for implementing and
maintaining a quality management system.
Prepared by Technical Committee ISO/TC 176,
Quality management and quality assurance
Subcommittee SC2, Quality Systems.
It is auditable and organizations can be certified
to this standard (ISO 9001).
February 1, 2017 8

BACKGROUND & DEVELOPMENT OF ISO 9001
February 1, 2017 9
Before
1950
1959 1969 1974 1979
Focus to
inspect
products
after
completion
US Military
Spec. MIL-
Q-9858
NATO
Published
Allied
Quality
Assurance
Publications
(AQAP)
British
Standards
published
guidance,
BS4891 &
BS 5179
BS
published
first
standard
BS 5750

BACKGROUND & DEVELOPMENT OF ISO 9001
February 1, 2017 10
1987 1994 2000 2008 2015
•ISO
publishes
set of
standards.
•ISO 9000
Series
introduced
ISO 9000
was
reviewed
and revised
•ISO 9000
significantly
revised. Process
Approach
introduced.
•Focus shifted
away from
documentation.
Minor
changes to
2000 rev.
(Customer
Focus)
Focus - less
process more Risk
Management.
Acceptance stages:
Final draft: July
2015, International
standard Sept 2015.

ISO 9004 GUIDELINES FOR PERFORMANCE
IMPROVEMENTS
Provides guidance to management for achieving
sustained success.
Any organization can apply principles to move
beyond the minimum requirements of ISO 9001
in pursuit of continued performance
improvement.
ISO 9001 and ISO 9004 have been designed to
complement each other, but can be used
independently.
It is not auditable and cannot be certified to.
February 1, 2017 11

OTHER ISO STANDARDS
While ISO 9001 is intended to be fully generic to be
applicable for a wide range of industries, many such
industries have developed their own sector based
standards which tailor the generic ISO 9001 standards to
specific industry requirements.
Some examples:
– ISO 27001- Information Security
– API Q1 - Oil Industry
– TS 16949 - Automotive
– ISO 14001 - Environmental
– AS 9100 - Aerospace
February 1, 2017 12

BENFITS OF QUALITY SYSTEMS
Prevention of mistakes
Profitability increase
Enhance customer satisfaction and reputation
Improve confidence, morale and motivation
Better and more consistent training to align with
business needs
February 1, 2017 13

BENEFITS OF ISO 9001 CERTIFICATION
QMS is based on a worldwide, proven and
recognized standard
External independent audits
On-going monitoring
Increased marketing opportunities
Improved employee morale
February 1, 2017 14

QUALITY MANAGEMENT PRINCIPLES
1. Customer Focus
2. Leadership
3. Involvement of People
4. Process Approach
5. System Approach to Management
6. Continual Improvement
7. Factual Approach to Decision Making
8. Mutually Beneficial Supplier Relationships
February 1, 2017 15

QUALITY SYSTEMS BENEFITS
Customer Focus
Organizations depend on their customers and
therefore should understand current and future
customer needs, should meet customer
requirements and strive to exceed customer
expectations.
February 1, 2017 16

Leadership
Leaders establish unity of purpose and direction of
the organization.
Leaders should create and maintain the internal
environment in which people can become fully
involved in achieving the organization’s objectives.
February 1, 2017 17

Involvement of People
People at all levels are the essence of the
organization and their full involvement enables
their abilities to be used to the benefit of the
organization.
February 1, 2017 18

Process Approach
A desired result is achieved more efficiently when
related resources and activities are managed as a
process.
February 1, 2017 19

Systems Approach to Management
Identifying, understanding and managing
interrelated processes as a system contributes to
the organization’s effectiveness and efficiency to
achieve it objectives.
February 1, 2017 20

Continual Improvement
Continual improvement of the organization’s
overall performance should be a permanent
objective of the organization.
February 1, 2017 21

Factual Approach to Decision Making
Effective decisions are based on the analysis of
data, both qualitative and quantitative information.
February 1, 2017 22

Mutually Beneficial Supplier Relationships
An organization and its suppliers have an
independent but mutually beneficial relationship
that enhances the ability of both to create value by
leveraging each other.
February 1, 2017 23

WORKSHOP 2 – REASONS AND BENEFITS
Break into groups of four.
In your group discuss the following points:
– List at least three benefits to an organization that
implements a QMS.
– List at least 3 quality management principles that
promote continual improvement.
Assign time keeper, Time Limit: 10 minutes
February 1, 2017 24

ISO 9000 TERMS AND DEFINITIONS
Quality – Degree to which a set of inherent
characteristics fulfils requirements.
Quality Assurance – Part of quality
management, focused on providing confidence
that quality requirements will be fulfilled.
Quality Control – Part of quality management
focused on fulfilling quality requirements.
February 1, 2017 25

Requirements – Need or expectation that is
stated, generally implied or obligatory.
February 1, 2017 26
Industry
standards
REQUIREMENTS

Quality Management – Coordinated activities to
direct and control an organization with regard to
quality.
Please note that direction and control with
regard to quality generally includes
establishment of a quality policy and objectives,
quality planning, quality control, quality
assurance, and quality improvement.
February 1, 2017 27

Quality Policy – Overall intentions and direction
of an organization related to quality as formally
expressed by top management.
Quality Objectives – Something sought or aimed
for that is related to quality.
Quality Improvement – Part of quality
management, focused on increasing the ability
to fulfill quality requirements.
Continual Improvement – Reoccurring activity to
increase the ability to fulfill requirements.
February 1, 2017 28

Product – Results from a set process, e.g.:
– Services, Software, Hardware, Processed Materials
Audit – A systematic, independent and
documented process for obtaining audit
evidence and evaluating it objectively to
determine the extent to which audit criteria are
fulfilled. Audit Types:
– Internal and External
February 1, 2017 29

Internal Audits – Conducted by, or on behalf of
the organization itself for internal purposes, and
may form the basis for an organization’s
declaration of conformity.
– In smaller organizations, independence can be
demonstrated by the freedom from responsibility for
the activity being audited.
– Reasons:
• To validate that current processes are compliant to
specifications or procedures
• Preventive measures to catch problems before they occur
• Systematically improve the organizations internal processes
February 1, 2017 30

External Audits –
– Include those generally termed second and third party
audits.
– Second-party audits - Conducted by parties having an
interest in the organization, such as customers or
persons on their behalf.
– Third-party - Conducted by external, independent
auditing organizations, such as those providing
certification/registration.
February 1, 2017 31

External Audits: Second-party audits, reasons:
– Provides input to selecting, grading and approving
suppliers.
– Provides help to improve the QMS of suppliers
– Increases mutual understanding of QMS
requirements
February 1, 2017 32

External Audits: Third-party audits –
– Carried out by competent certification bodies
– Auditors must be independent and not provide advice
or consultancy
– Background
Note:
1950’s and 1970’s: more and more second party audits were being
carried out.
Some companies employed people whose sole responsibility was
to escort visiting auditors during audits.
Certification bodies were created after ISO 9000 was introduced.
February 1, 2017 33

Nonconformity – Non-fulfillment of a
requirement, specification, or standard.
Corrective Action – Action taken to eliminate the
cause of a detected nonconformity or other
undesirable situation.
Preventive Action – Action taken to eliminate the
cause of a potential nonconformity or other
undesirable potential situation.
February 1, 2017 34

Procedure – Specified way to carry out an
activity or a process:
– Note 1: Procedures can be documented or not
– Note 2: When a procedure is documented, the term
“written procedure” or “documented procedure” is
frequently used
Inspection – Conformity evaluation by
observation and judgment accompanied
as appropriate by measurement, testing,
or gauging.
February 1, 2017 35

Verification – Confirmation through the provision
or objective evidence that specified
requirements have been fulfilled. (e.g.:
measurement)
Validation – Confirmation through the provision
of objective evidence that the requirements for
specific intended use or application have been
fulfilled. (e.g.: Process is working as intended).
Review – Activity taken to determine the
suitability, adequacy and effectiveness of subject
matter to achieve established objectives.
February 1, 2017 36

Specification – A document stating requirements
Auditor – Person with the demonstrated
personal attributes and competence to conduct
and audit
Auditee – Organization being audited.
Outsourced process – Is a process the
organization needs for its QMS and which the
organization chooses to have performed by an
external party. (ref: ISO 9001 standard)
February 1, 2017 37

THE PROCESS APPROACH
ISO 9000 defines a process as: a set of
interrelated or interacting activities which
transforms inputs into outputs.
– The process approach is one of the most important
concepts of ISO 9001
February 1, 2017 38
Inputs Process Outputs

Process continued – Fishbone, Ishikawa Diagram
February 1, 2017 39
INPUTS OUTPUT

Process continued:
The flowchart illustrates a picture of the processes
of a simple business.
February 1, 2017 40
Customer
Inquiry
Order
review &
processing
Materials
Planning
Production
Warehouse
& Shipping
Product
Inspection

To determine a process, you must determine the
set of inputs required to have the desired output.
Define the processes to conduct business in the
organization.
Determine the monitoring and measuring
activities.
Determine the sequence and interaction.
– Review some of ProSep’s internal department
processes
February 1, 2017 41

WORKSHOP 3 – THE PROCESS APPROACH
Using the process approach, map a designated
process, making sure to include the following:
– Inputs
– Outputs
– Main steps to accomplish the process
– Verification steps
– Sequence and interaction
– Support processes (optional)
Assign time keeper, Time Limit: 15 minutes
Each team will explain their process map to other groups (wait until
each team has finished before asking questions).
February 1, 2017 42

SECTION 2 – ISO 9000 SCOPE

SECTION 2 - OUTLINE
Scope of ISO 9001:2008
Clause 4: Quality Management System
Workshop 4
Clause 5: Management Responsibility
Clause 6: Resource Management
Workshop 5
Clause 7: Product Realization
Workshop 6
Clause 8: Measurement, Analysis & Improvement
Workshop 7
February 1, 2017 44

AIMS AND OBJECTIVES
February 1, 2017 45
QMS requirements for
an organization that
meets:
Demonstrates ability to
consistently provide
product that meets:
Customer requirements
Compliant to
statutory/regulatory
requirements
Aims to enhance
customer satisfaction
through:
Effective system
application
System continual
improvement
Assurance of
conformity to:
Customer requirements
Applicable statutory &
regulatory
requirements
These objectives translate into:

SCOPE OF ISO 9001:2008
One of the first tasks an organization must do
when deciding to seek ISO 9001 certification, is
to define the scope of the quality management
system to be implemented.
The scope relates to the areas of the
organization what will actually be affected or will
have to conform to the ISO 9001 standard.
It is important for auditors to be aware of the
scope of the system and the standard.
February 1, 2017 46

Statements of scope may start with the following
aspects:
February 1, 2017 47
Activity
Design,
Manufacturing,
Repair,
Delivery, etc.
Limitations
Locations/Site,
Divisions,
Geographical area,
etc.
Product or
Service
Chemicals, Admin.
Processing,
Manufacturing,
etc.

Exclusions:
– When parts of ISO 9001 requirements are believed not to
apply to an organization, they can claim “exclusions”.
– Exclusions are discussed in the standards introductory
section and emphasizes they are limited to clause 7.
– If exclusions are to be taken from other clauses, then the
organization would not be conforming to the standard.
– In addition, the standard requires that such exclusions do
not affect the organizations ability or responsibility to
provide product that conforms to the customer’s and
applicable regulatory requirements.
February 1, 2017 48

Organizations
– Can choose not to have all of
their products covered by their
quality system (Clause 7).
– They cannot take an option
out of their responsibilities
within the quality system when
seeking certification or if they
have obtained certification.
February 1, 2017 49
Activity
Design,
Manufacturing,
Repair,
Delivery, etc.
Limitations
Locations/Site,
Divisions,
Geographical
area, etc.
Product or Service
Chemicals, Admin.
Processing,
Manufacturing, etc.
Exclusions
ISO 9001,
Clause 7

Scope statement examples:
February 1, 2017 50
Organization A:
Elevator Service Company
Exclusions:
7.3 Design and development. Where Organization A is a
service provider and does not engage in designs of product.
7.6 Control of monitoring and measuring devices. Organization
A does not own or maintain any devices for monitoring or
measuring.

February 1, 2017 51
Organization B:
Is a manufacturer of marine navigation, survey, and
communications equipment company.
Organization B has no design and development
function and claims exemption form Clause 7.3 of the
ISO 9001 standard.

February 1, 2017 52
Organization C:
Is a manufacturer of plastic and rubber based parts utilizing
injection, insert and compression molding; form- vacuum
casting of parts.
Exclusion:
Organization C does not keep any customer information or
customer property of any kind, and claims exemption to clause
7.5.4 from the standard.

Clause 4: Quality Management System
General Requirements:
– Section 4.1 requires organizations to document,
implement and maintain quality management system
and continually improve its effectiveness.
– Most of the requirements set forth in this clause are
re-stated in other parts of the standard; however this
section forms the basis for the development of the
whole quality management system.
February 1, 2017 53

QMS outline of requirements:
– Determine the processes needed for the quality
management system and their application throughout the
organization.
– Determine their sequence & interaction of these
processes.
– Determine criteria & methods for their effective operation
and control.
– Ensure resources and information are available.
– Monitor, measure, and analyze the processes.
– Implement actions necessary to achieve planned results
and continual improvement.
February 1, 2017 54

February 1, 2017 55
Continued
Improvement
Determine the
processes
(inputs and
desired outputs),
their interaction,
and criteria
Ensure proper
resources and
information are
available
Monitor,
Measure, and
analyze
Implement
actions to
achieve planned
results
• PDCA is a common
problem solving method.
• DMAIC: “Define, Measure,
Analyze, Improve, &
Control” is the Six Sigma
preferred method for
problem solving.

Outsourcing of Processes:
– The standard requires the
organization to ensure
control over such processes.
– The control level must be
defined by the organization
in the QMS.
– Ensuring control over
outsourced processes does
not absolve the organization
of the responsibility of
conformity to all customer.
statutory, and regulatory
requirements.
February 1, 2017 56
Calibration
Engineering
Maintenance
Internal Audits

Documentation Requirements
– Specifies what documents are necessary for any
quality management system and outlines what should
be a part of those documents.
February 1, 2017 57
Documented statements of quality policy and objectives
A Quality Manual
Documents procedures and records required by the standard.
Documents including records needed by the organization

Quality Manual
The organization shall establish and maintain a quality manual that
includes:
– The scope of the quality system including justification for any
inclusions
– If any standards are excluded then these must be specified
including justification for the exclusion claimed
– The documented procedures established for the quality
management system or references to them
– A description of the interaction between the processes of the
QMS
February 1, 2017 58

February 1, 2017 59
Quality
Manual
Required
procedures
or reference
Scope and
Exclusions
Process and
interaction

4.2.3 Control of Documents
Ensure those documents which are necessary for the effective
operation of the QMS are under control.
A documented procedure is required to define the following
controls:
• Approval prior to issue
• Review and updates as necessary
• Identification of changes and revision status
• Availability at points of use
• Legibility and identification
• Documents of external origin are controlled
• Obsolete documents are prevented from unintended use
February 1, 2017 60

Example of processes addressed by a Control of
Documents procedure:
February 1, 2017 61
Title: Document Control
NewDocumentSupport
Existing
Documents
Phase
Uncontrolled
Document
Document Creation Review and approval Implementation
Document change
Controlled
Document
Request for change
Obsolete
Documents
Documents of
External Origin
(Projects or
other)

4.2.4 Control of Records
Records are required to be established and
maintained to:
• Provide evidence of product conformity
• Demonstrate effective operation of QMS
• Records must be:
• Legible
• Readily identifiable
• Readily Retrievable (e.g. if it takes too long to
retrieve, then recording system is lacking)
February 1, 2017 62

Records Required
February 1, 2017 63
Management Reviews (5.6.1)
Education & training skills (6.2.2e)
Meeting Requirements (7.1d)
Review of Requirements and actions (7.2.2)
Design Inputs 7.3.2)
Design Reviews (7.3.4)
Design Verification (7.3.5)
Design Validation (7.3.6)
Design Changes (7.3.7)
Supplier Evaluations (7.4.1)
Validation of processes (7.5.2d)
ID & traceability (7.5.3)
Customer Property (7.5.3)
Basis used for calibration and verification (7.6a)
Results of calibration and verification (7.6)
Audits and audit results (8.2.2)
Authorization of product release & delivery (8.2.4)
Nonconformities (8.3)
Corrective Actions (8.5.2e)
Preventive Actions (8.5.3d)

WORKSHOP 4 - ISO 9001 COMPLIANCE
Workshop 4 (Time limit: 20 Minutes, assign timekeeper)
Using the following documentation, please review the
procedure for adequacy and conformance to ISO 9001
standard.
• ISO 9001:2008
• Procedure assigned by the instructor
 Using a Green highlighter, mark compliant areas.
 Using a Red highlighter, mark areas not compliant.
 Compile a list of requirements that have not been addressed by all
participants.
February 1, 2017 64

Clause 5: Management Responsibility
5.1 Management Commitment
This requirement calls for top management of an organization to be
committed to the development and improvement of the quality system:
February 1, 2017 65
Communicate the importance of meeting customer,
statutory & regulatory requirements.
Establish the Quality Policy and convey to
all levels in organization
Ensure Quality Objectives are
established and convey to
appropriate levels
Conduct
Management
Reviews
Ensure resource
availability

5.2 Customer Focus
Top management shall ensure that customer requirements
are determined and met with the goal of enhancing
customer satisfaction (ref. 7.2.1 and 8.2.1).
February 1, 2017 66

5.3 Quality Policy
A formally documented policy is required which:
• Is appropriate to the purpose of the organization
• Includes a commitment to comply with requirements
• Includes a commitment to continually improve the quality
management system effectiveness
• Provides a framework for establishing and reviewing
quality objectives
• Is reviewed for continuing suitability
February 1, 2017 67

5.4.1 Quality Objectives
Top management shall ensure that quality objectives
including those needed to meet requirements for product are
established at relevant functions and levels within the
organization.
The quality objectives shall be measureable and is
consistent with the quality policy.
February 1, 2017 68

5.4.2 Quality Management System Planning
Top management shall ensure that:
• The planning of the quality management system is carried
out in order to meet the general requirements as well as
the quality objectives.
• When changes to the QMS are planned and implemented
the integrity of the quality management system is
maintained.
February 1, 2017 69

5.5.1 Responsibility and Authority
Responsibilities and authorities need to be defined and communicated
within the organization.
5.5.2 Management Representative
Top management is required to appoint a member of the organization
who, irrespective or other responsibilities shall have responsibility and
authority that includes:
• Ensuring processes are established, implemented and maintained
• Reporting on the performance of the system
• Reporting on the need for improvements to the system
• Ensuring the promotion of awareness of customer requirements
throughout the organization
February 1, 2017 70

5.5.3 Internal Communication
Top management shall ensure that appropriate
communication processes are established within the
organization and that communication takes place regarding
the effectiveness of the quality management system.
Methods of Communication:
February 1, 2017 71
• Presentation
• Company Intranet
• Training
• Bulletin Boards
• Etc.

5.6 Management Reviews
Top management is required to review the suitability,
adequacy, and effectiveness of the QMS at planned
intervals. The review also includes an assessment of
opportunities for improvement of the QMS, Quality Policy
and Objectives.
Review Inputs:
• A definitive set of inputs for the review process is provided by the
standard
Review Outputs:
• The management review meeting needs to yield decisions and
actions
February 1, 2017 72

Inputs Outputs
• Audit results (E.g. NCRs, CARs, PARs)
• Customer feedback (E.g. Satisfaction surveys,
emails, project close-out, etc.)
• Process performance and product
conformity (Increased Project costs,
expediting fees, Overtime, NCRs, CARs, PARs)
• Status or preventive and corrective actions
(open items, not closed in a timely manner)
• Follow-up actions from previous
management reviews (reoccurring issues?)
• Changes to the QMS (Internal Processes,
Standards, statutory, regulations, etc.)
• Recommendation for improvements
• Improving the effectiveness of the QMS and
its processes (How to drive change?)
• Improving product related to customer
requirements
• Resource needs
February 1, 2017 73

Clause 6: Resource Management
6.1 Provision of Resources
The organization is required to determine and provide the
resources needed:
• To implement and maintain the quality management system and
continually improve its effectiveness
• To enhance customer satisfaction by meeting customer requirements
February 1, 2017 74

6.2 Human Resources
People performing work affecting conformity to product
requirements shall be competent on the basis of appropriate
education, training, skills and experience.
6.2.2 Competence, Awareness, & Training
Organization is required to determine:
• Competency requirements
• Identify any competency gaps and provide training or other
actions to fill those gaps
• The effectiveness of any actions taken to fill competency gaps
needs to be evaluated
• People are required to be made aware of the relevance and
importance of their activities and how they contribute to the
achievement of the quality objectives
February 1, 2017 75

6.3 Infrastructure
Organization is required to formally consider what facilities
are needed to support their activities, this includes but is not
limited to work-space, utilities, equipment, hardware,
software, support services, transport, communication, and
information systems.
6.4 Work Environment
The work environment needs to be determined and
managed to achieve conformity to product requirements.
February 1, 2017 76

WORKSHOP 5 - ISO 9001 COMPLIANCE
Workshop 5 (Time allotted 20 minutes, assign timekeeper)
Using provided documentation, review the procedure for
adequacy and conformance to the ISO 9001 standard.
• ISO 9001 standard
Please note the areas you believe the procedure complies
with the requirements. Make a note of requirements that
have not been met.
February 1, 2017 77

Clause 7: Product Realization
7.1 Planning of Product Realization
The organization is required to plan and develop the processes
needed for product realization. Planning shall include as
appropriate:
• Quality objectives
• Establishing processes and documents, providing resources for
products
• Verification, validation, monitoring, measurement, inspection
and test activities for products and product acceptance
• Records needed to provide evidence the product meets
requirements
February 1, 2017 78

7.2.1 Determination or requirements related to the product
Organizations need to identify all the requirements for the
product that must be met.
1. Requirements specified by the customer, including the requirements
for delivery and post delivery activities.
2. Requirements not stated by the customer but necessary for specified
or intended use, when known.
3. Statutory and regulatory requirements applicable to the product.
4. Any additional requirements considered necessary by the
organization, ISO 9001, industry standards, etc.
February 1, 2017 79

7.2.2 Review of Product Requirements
The organization has to perform a review of the
requirements related to the product. The review shall ensure:
• Requirements have been defined
• Any conflicts are resolved
• The organization has the ability to meet the requirements
• Records have to be maintained. Verbally specified
requirements are to be confirmed. Changes have to be
controlled and documented.
February 1, 2017 80

7.2.3 Customer Communication
The organization shall determine and implement effective
arrangements for communicating with customers in relation
to:
• Product information
• Inquiries, contracts, order handling, including
amendments
• Customer feedback, including customer complaints
February 1, 2017 81

7.3.1 Design and Development Planning
Design and development planning activities are planned to
determine:
• Design and development stages
• Appropriate review, verification, and validation
• Responsibilities and authorities
• The organization needs to manage the inter faces
between difference groups involved in the design and
development activities
• Planning output is to be updated as design and
development processes
February 1, 2017 82

7.3.2 Design and Development Inputs
Inputs related to product requirements need to be
determined and recorded. These are to include:
• Functional & performance requirements
• Statutory & regulatory requirements
• Information from previous designs
• Other essential requirements
The inputs are to be reviewed for adequacy and any
incomplete, ambiguous or conflicting requirements are to be
resolved.
February 1, 2017 83

7.2.3 Design and Development Outputs
Outputs are required to be provided in a form that enables
verification against inputs. Outputs shall:
• Meet input requirements
• Provide appropriate information for purchasing, production, and
service provision
• Contain or reference acceptance criteria
• Specify essential characteristics for safe and proper use
Outputs shall be approved prior to release.
February 1, 2017 84

7.3.4 Design and Development Review
At suitable stages, systematic reviews of design and
development shall be performed:
• To evaluate the ability of the results of design and development to
meet requirements
• To identify any problems and propose necessary actions
• Participants in such reviews shall include:
─ Representatives of functions concerned with the design and development
stage(s) being reviewed. Records of the review results and necessary
actions shall be maintained.
February 1, 2017 85

7.3.5 Design and Development Verification
Verification is to be performed to ensure design outputs have met
input requirements.
Records of verification results and any necessary actions shall be
maintained.
7.3.6 Design and Development Validation
Design and development changes shall be identified.
Changes shall be reviewed, verified, and validated, as appropriate
and approved before implementation.
Review of design and development changes shall include
evaluation of the effect of the changes on constituent parts and
product already delivered.
Records of change review results and any necessary actions shall
be maintained.
February 1, 2017 86

7.4.1 Purchase Process
Organizations are required to ensure that purchased product
conforms to specified purchase requirements.
The type and extent of control applied to suppliers and purchased
product must be dependent upon the effect of the purchased
product on subsequent product realization efforts or the final
product.
The organization must evaluate and select suppliers based on
their ability to supply product in accordance with the requirements.
Criteria for selection, evaluation and reevaluation must be
established.
Records of evaluation results and necessary actions arising from
evaluation must be maintained.
February 1, 2017 87

7.4.2 Purchasing Information
Purchasing information must describe the product to be
purchased, including where appropriate:
• Requirements for approval or product, procedures,
processes and equipment
• Requirements for qualification of personnel
• Quality management system requirements
Organizations must ensure the adequacy of specified
purchase requirements prior to their communication to the
supplier.
February 1, 2017 88

7.4.3 Verification of Purchased Product
Organizations are required to undertake inspection, or other
activities to ensure purchased product meets specified
purchase requirements.
If the organization or their customer intends to visit the
supplier’s facility to perform verification activities, then this
must be stated in the purchasing information (P.O. or agreed
upon documented negotiations) provided to the supplier
along with the methods used to release the goods.
February 1, 2017 89

7.5.1 Control of Production and Service Provision
Production and Service Provision is to be planned and carried out
under controlled conditions. Controlled conditions refer to:
• Availability of product information
• Availability of work instructions (as applicable)
• Use of suitable equipment
• Availability and use of monitoring and measuring equipment
• Implementation of monitoring and measurement
• Implementation of product release, delivery and post delivery
activities
February 1, 2017 90

Control of Product and Service Provision
• Product information: Drawings, schematics, Formulas
• Work Instructions (if applicable): Checklist, job packet,
work order
• Suitable equipment: Machines, Pipes, Tanks, etc.
• Monitoring & measurement equipment: Caliper, tape
measure, computer, gauges, etc.
• Monitoring & measuring: Visual, Testing, Verification
• Release & delivery: Handling, Package, Transport,
Commission
February 1, 2017 91

Validation of Processes
The organization shall validate processes that define product
specifications, production and service provision where; the resulting
output cannot be verified by subsequent monitoring or measurement and
deficiencies become apparent after product/service is in use.
Arrangements for processes include:
• Criteria for review and process approvals
• Equipment approval
• Personnel qualification
• Specific methods and procedures
• Record requirements
• Re-validation
February 1, 2017 92

Process Verification
February 1, 2017 93
Can be verified Cannot be verified
• Measured dimensions/specifications
• Visual inspection for imperfections
• Color measure: Spectrophotometer
• Heat Treat: Destructive test
• Welding: NDE - UT
Special processes:
• Soldering
• Coating
• Sterilization
• Plating

Processes with Limited Output Verifications must:
• Quality the process, e.g. Materials and Equipment
• Quality the Personnel, e.g. Education, Training,
Testing, Certifications
February 1, 2017 94

7.5.3 Product Identification and Traceability
Where appropriate, product is identified through product realization.
Measurements and monitoring status is to be identified.
Traceability needs to be controlled and recorded when required.
Identification Traceability Example:
February 1, 2017 95
Materials
• Blue pigment, lot# 463
• HDPE pellets, lot# 266
Equipment
• 1000 Ton Press
• Cutting stations: #1, #2
Status
• In-process
• Awaiting inspection (Tagged/placed in a quarantine area)
• Warehouse

7.5.4 Customer Property
The organization shall exercise care with customer property
while it is under the organization’s control.
Controls required: Identification, Verification, Protection, Safeguarding
Examples: Material, Custom parts, Schematics, software, packaging
material, etc.
If any customer’s property is lost, damaged or otherwise
found to be unsuitable for use, the organization shall formally
report issues to the customer and maintain records for
traceability.
February 1, 2017 96

7.5.5 Preservation of Product
Product conformity is to be preserved during internal
processing and delivery to its intended destination.
Preservation includes:
• Identification
• Handling
• Packaging
• Protection
Preservation also applies to products and component parts.
February 1, 2017 97

7.6Control of Monitoring and Measuring Equipment
The organization is required to determine the monitoring and
measurement undertaken and equipment required to provide
evidence of product conformity.
A process must be established to ensure monitoring and
measurement activities are carried out in a manner that is
consistent with the monitoring and measurement
requirements.
February 1, 2017 98

Measurement Inspection Methods:
(Match description with picture)
• GC (Gas Chromatograph),
• Caliper,
• Micrometer,
• Go-no-go gauges:
• Feeler gauge,
• Pin Gauges
February 1, 2017 99

Equipment used to verify product conformity shall be:
• Calibrated or verified at specified intervals
• Traceable to international/national measurement standards: A2LA
or NIST
• Adjusted or re-adjusted as necessary (when applicable)
• Identified via calibration sticker to verify calibration status
• Safeguarded from adjustments that would invalidate measurement
results
• Protected from damage and deterioration during handling,
maintenance and storage
February 1, 2017 100

Equipment Found Non-conforming
The organization shall assess and record the validity of
previous measuring results when the equipment is
determined to not conforming to requirements.
• In short, verify the previous measuring results on product that may
be affected.
The organization shall take appropriate action on the
equipment and any product affected.
• Tag and remove inspection equipment from use until it is
calibrated, and if needed notify customers who may have non-
compliant product and determine proper course of action.

WORKSHOP 6 - ISO 9001:2008 CLAUSES
Workshop 6 (Time allotted: 7 min./individual. Matching’s, 7 min.
discussion, assign timekeeper.)
Clause matching exercise:
Use the handout of ISO 9001 Clauses to the standard you
believe it belongs to.
Be prepared to discuss your matching's and clause intent
with the class.
• Instructor to provide handout

Clause 8: Measurement Analysis and Improvement
8.1General
The organization shall plan and implement the monitoring,
measurement, analysis and improvement processes needed:
• To determine conformity to product requirements
• To ensure conformity of the quality management system
• To continually improve the effectiveness of the quality management
system
This shall include determination of applicable methods, including
statistical techniques, and the extent of their use.

8.2.1 Organizations are required to determine the
methods to be employed for obtaining and using
information relating to customer perceptions about
weather the organization has met customer requirements.
Leading information Lagging information
• Customer survey • Customer complaints
• Industry surveys • Customer returns
• Product or process data • Customer report cards
PROACTIVE REACTIVE

8.2.2 Internal Audits
Organizations are required to conduct internal audits at
planned intervals to determine whether the quality
management system:
• Conforms to the planned arrangements, to the requirements of
ISO 9001 and to the QMS requirements established by the
organization
• Is effectively implemented and maintained
• Audits are to be planned, taking into consideration the status and
importance of the processes and areas to be audited, including
the previous audit results

Continued –
• The audit criteria, scope and frequency and methods are
to be defined. A documented procedure is required (see
audit procedure and internal audit schedule).
• Selection of auditors and conduct of audits shall ensure
objectivity and impartiality of the audit process.
• The management responsible for the area being audited
is required to take actions on the results of the audit
without undue delay. Follow-up activities are required to
verify the actions taken.
• Records are required.

8.2.3 Monitoring and Measurement of Processes
The organization will apply suitable methods fro monitoring
and where applicable, measurement of the QMS processes.
These methods are to demonstrate the ability of the
processes to achieve planned results.
When planned results are not achieved, correction and
corrective action shall be taken as appropriate.

Example of monitoring processes:
Order
review/proc
essessing
Materials
Planning
Production
Warehouse
& Shipping
Inspection
Quote turn
around
time
Production
Backlog
Production
Cycle time
Inventory
accuracy
Internal Audits and Performance Measurements

8.2.4 Monitoring and Measurement of Product
Organizations are required at appropriate stages to monitor
and measure the characteristics of the product to verify that
product requirements have been met.
Evidence of conformity shall be maintained (Production
records).
Records must indicate the person(s) authorizing release of
product for delivery to the customer.
When acceptance criteria is not met, approval by a relevant
authority (authorized person) is required, and where
applicable by the customer.

8.3 Control of Non-conforming Product
Product that does not conform to requirements must be identified and controlled
to prevent its unintended use or delivery in accordance with a documented
procedure.
Examples of ways to handle nonconforming products:
• By taking action to eliminate the detected nonconformity
• By authorizing its use, release or acceptance under concession by a relevant
authority and, where applicable, by the customer
• By taking action to preclude its original intended use or application
• By taking the appropriate action to handle the effects or potential effects, in
cases where the nonconforming product is detected after product delivery
Any corrected nonconforming product must be re-verified to demonstrate
conformity to requirements.
Records must be maintained for these actions.

8.4 Analysis of Data
Organizations are required to determine, collect and analyze
appropriate data to demonstrate the suitability and
effectiveness of the quality management system and
evaluate where opportunities for continued system
improvement are apparent.
Part of this analysis is to provide information on:
• Customer satisfaction
• Conformity to product requirements
• Characteristics and trends of processes and products, including
opportunities for preventive actions
• Suppliers

8.5.1 Continual Improvement
The organization shall continually improve the effectiveness
of the quality management system through the use of:
• The Quality Policy
• Quality Objectives
• Audit Results
• Analysis of Data
• Corrective and Preventive actions
• Management Review

8.5.2 Corrective Action
The organization must take action to eliminate the causes of
nonconformities in order to prevent their reoccurrence.
A documented procedure is required to define:
• Reviewing nonconformities (including customer complaints)
• Determining the causes of nonconformities
• Evaluating the need for action to ensure nonconformities do not
occur
• Determining and implementing actions needed
• Records or actions taken
• Reviewing the effectiveness of the corrective action taken

8.5.3 Preventive Action
Similar requirements apply to preventive action as for
corrective action:
• Documents procedure
• Determine cause of potential nonconformities to prevent
occurrence
• Maintain records
• Review effectiveness

WORKSHOP 7 - ISO 9001:2008 COMPLIANCE
Workshop 7 (time allotted 15 min, assign timekeeper)
Using the following documentation, please review the
procedure for adequacy and conformance to the ISO 9001
standard.
• ISO 9001 standard
Please note the areas you believe the procedure complies
with the requirements and note those that do not.

Thank you for your participation of this classroom training.
Please complete the online training at Opensourcesafety
.comQuality Auditor. Send QHSE Department a copy of your
training record once completed.

ISO 9011
PRINCIPLES OF AUDITING

SCOPE OF ISO 9011 – Principles of Auditing
There are 5 principles of auditing:
1. Ethical conduct – the foundation of professionalism
2. Fair presentation – report truthfully and accurately
3. Due professional care – diligence and judgment
4. Independence – free from bias and conflict of interest
5. Evidence-based approach – rational method for reaching
reliable and reproducible audit conclusions in a
systematic audit process

Audit Planning:
Audit Team and Lead Auditor – ensure an audit team has
been selected that has the competence (subject matter
experts) to achieve the audit objectives.
Lead Auditor is the most experienced and will follow formal
auditing protocol covered in the following information.

Audit Objectives:
1. Determine the conformity of the organization’s
management system utilizing objective audit criteria.
2. Management System capability to ensure compliance
with statutory, regulatory and contractual requirements.
3. Evaluation of the effectiveness of the management
system to meet specified objectives (i.e.: Quality
Objectives & other as specified).
4. Identify areas of potential improvements.

Audit Scope:
The scope of the audit describes the extent and boundaries
of the audit, e.g. physical location, organizational
units/departments, activities, processes and the designated
audit length.
Audit Criteria:
The audit criteria is used as a reference against which
conformity is determined which may include:
• policies, procedures, standards, laws/regulations,
management system requirements, contractual
requirements.

Audit Feasibility:
In some cases there may be a lack of information, cooperation,
time or resources where it is more practical to reschedule the
audit.
Establishing Contact with the Auditee:
The Lead Auditor should coordinate the formal contact with the
auditee to establish:
• Point contact communication channels and audit logistics
• Confirm authorization to conduct the audit: Day(s), Time,
proposed schedule & audit team
• Request access to relevant documents and records: e.g.: QMS,
Policies, Objectives, Procedures, records, etc.
• Agree on the audit scope and audit criteria

Short Audits or Assessments:
Are designed to focus on specific processes that may stem
from Nonconformance's, customer complaints, etc.
Assessments are not utilized for audit certification process.
Are conducted utilizing the same structure and professional
manner as a formal audit.

Pre-Audit Documentation Review:
Per the auditee formal contact where documents were requested for
review.
Review provided documentation to determine conformity of the system
with the audit criteria.
The documentation may include relevant QMS, Management Reviews,
Procedures, Records and previous audit reports.
In some cases this may be conducted as the start of the audit in other
cases it can be reviewed prior to the audit.
If the documentation is found to be inadequate, the audit team leader
should inform the organization and make a decision regarding the course
of action (usually the auditee is accommodating with information
requests, unless it is of confidential nature).

Minimum Documentation Mandatory Documentation
• Quality Policy & Objectives
• Quality Manual
• Documented procedures required
by ISO 9001 (if the audit is based on
ISO 9001 standard)
• Organizational documents needed
to ensure effective planning,
operation, and control of its
processes
• Internal Audit Reports/ schedule
• Control of Nonconforming product
• Corrective Actions
• Preventive Actions Control of
Documents
• Control of Records

Document Styles:
Auditors may observe a wide range of quality documentation
styles. Long and short Quality Manuals being comprised of:
• Which ever style documents should be assessed on their
content and if they meet the requirements of the standard
they reference.

Quality Manual Review:
The review may be performed by other auditors in the team
but should work under the direction of the Lead Auditor.
The intent of a review is to verify if the documentation
provided is compliant to the requirements of the standard.
• Does the procedures comply with the statements
continued in the quality manual?
• Does the procedures accurately reflect the actual
practices observed in the audit?
There are several different approaches of reviewing
procedures during an audit.

Document Reviewing Approaches:
Or
Visit area, gather facts,
Review procedures
Compare results
Documented procedures Undocumented procedures
• Read procedures
• Make notes of key control
points
• Visit areas, gather data
• Compare results
• Visit area(s), gather facts form
various resources
• Compare facts, observations
against requirements

Audit Agenda:
The lead Auditor should prepare the audit plan or agenda to
establish an agreement between the auditee and the
auditor’s company.
The amount of detail provided in the audit agenda should
reflect the scope and audit complexity.
Changes to the audit scope are allowed and may change
while developing the audit agenda.
Topics the audit agenda should cover and potential
confidentiality issues.

Audit Agenda Topics:
• Date and location
• Roles and Responsibilities of the audit team, the auditee’s
escorts and management
• Audit objectives, criteria and reference documents
• Audit scope and identification of the functions and
processes to be included in the audit
• Expected time and duration of the planned audit activities

Workshop 8 – Preparing and Audit Plan
Allotted time: 30 minutes, assign timekeeper
Prepare an audit plan using the provided template.
Basic information:
Audit duration: 1.5 days
Audit team to be divided into two groups: Team1 is the Lead
Auditor and Team 2 are the other auditor’s.
Please use a flip chart (if available) to present to the other
course attendees.

Audit Team Assignments:
Assignments of tasks must take in consideration the
auditor’s, knowledge and experience of the subject matter.
E.g. An IT person would be ideal to audit IT subject matter,
but they should not have any responsibility in that
department (independent).
Changes to the work assignments are allowed in order to
ensure audit objectives are achieved.

Preparing work package/documents:
After reviewing relevant documents, team members should prepare work
aids for reference and for recording audit events.
Document examples:
• Checklists
• Audit sampling plans
• Forms for recording information, evidence, findings, and meeting
minutes
Checklists should not restrict the flow of audit activities, as they may take
you outside the scope of the audit.
Work documents should be retained until audit completion. Confidential
or proprietary information should be safeguarded at all times.

Checklist benefits:
Guides the auditor – systematic approach
Ensures thoroughness – lists specific areas of the audit
Helps time control – monitor checklist progress completion
Helps reporting – provides area for note taking
Provides objective evidence
Helps consistency – when using multiple auditors
Checklists can be general and/or specific in nature
depending on who you plan to use them.

Workshop 9: Allotted time: 30 minutes, assign timekeeper
• Prepare an audit checklist.
• Write at least 10 questions you
would ask during an audit
interview. State the relevant ISO
9001 clause that may apply.
• Place your answers on a flip
chart (if available) to present to
other course attendees.
Example

The Opening Meeting (Kick-off):
The opening meeting should be held with the organizations
management that are responsible for the areas that will be
audited. Review the organization chart which should be apart of
the requested documents for review.
The purpose of the opening meeting is to:
• Confirm the audit plan
• Provide a brief summary of the audit activities and resources
• Confirm communication channels during the audit
• Provide the auditee an opportunity to ask questions (e.g. roles
and responsibilities)
• Review the resources to be made available at the scheduled
time of the audited area

•Welcome statement
•Introduce audit team and auditee introduce managers
•Circulate the kick-off meeting audit plan to record attendance
Introduction
•Confirm purpose, scope and criteria
•Discuss any proposed changes
Confirm audit plan
•Outline dates, times, auditors for each area/interview
•Confirm closing meeting date and time
Confirm audit schedule
•Examination, interviews, record review
•Sampling base and nonconformity categories (Major and Minor)
Explain audit methodology
•Designate escorts
•Review escort roles and responsibilities
Confirm communication links
•Auditor’s office
•Lunch arrangements
•Safety, emergency and security information
Confirm auditor’s working
facilities
•Records
•Verbal information
Confidentiality
•Assess any proposed changesChanges

Opening Meeting (Kick-off):
Average length: 30 to 40 minutes
Beware of delay tactics, e.g.:
• Continual interruptions
• Engage in trivial discussions
• Additional tour of facilities out side the audit scope
• Proposed lunches off site
Possibly propose depending on the situation:
• Recommend working lunch, order boxed lunches
• Emphasize the audit will continue until the audit objectives have
been met

Workshop 10: Opening Meeting (Allotted time 20 min, assign
timekeeper)
Using the audit plan prepared in workshop 8, break into
teams (no more than 3 or 4 per team) and conduct a formal
opening meeting.
You will be required to present answers and reactions to
questions asked by the instructor.
This exercise will provide a beneficial experience for opening
a meeting.

Audit Performance:
Communication between audit team members:
Periodically it may be necessary to meet and discuss the
audit progress and exchange information, and make any
changes if necessary.
• E.g. Change audit scheduled times due to meetings, absent
supervisor, (this is normal), etc.
During the audit the lead auditor will periodically
communicate to the auditee’s management any concerns,
nonconformance's or other issues.

Guides and Observers Roles and Responsibilities
should:
Accompany the audit team without influencing or interfering
with the audit.
Assist the audit team upon request by the lead auditor. Other
responsibilities may include:
• Establishing contacts, interview preparation, and assist with
record sampling
• Arrange visits to specific parts or the auditee’s facility
• Ensure safety and security rules are provided and respected
• Witnessing the audit and provide clarifications when needed

Collecting and verifying information:
Record sampling, relevant information should be collected
by appropriate sampling.
Methods for record collection:
• Interviews
• Activity observations
• Review of documents
Note: only information that is verifiable (objective, not
subjective) may be used for audit evidence records. Be fair
and accurate.

Interviews:
Interviews are one of the most important means of collecting information.
Consider the following:
• Interview employees from appropriate levels and functions of the
organization
• Conduct interviews during normal working hours at their normal
workstations
• Put the person at ease (tell them what you are doing)
• Pay attention to body language
• Explain the reason for the interview
• Ask open-ended questions
• Listen actively (two way communication, verify what you hear them say)
• Summarize review results
• Thank them for their cooperation

Body Language: Examples (5 minute discussion)
Are these observations subjective or objective?
What are some observations you have experienced?
• Interviewee with hands on hips and chin raised?
• Interviewee with hands along sides and chin down avoids
eye contact?
• Interviewee sitting in chair with legs and arms crossed?
• Interviewee sitting in chair with legs and arms open?

Open-ended verses Close-ended Questions:
Open-ended Close-ended
Seek more descriptive information.
These types of questions utilize verbs
e.g.:
What, Why, When, How, Where, and
Who?
• How does this machine operate?
• What happens when an order is
received?
Allows the auditee to respond with
either a “yes” or “no” providing the
auditor with limited amount of
information.
This method is not effective to
extract the required information.
E.g.:
• Do you keep a record of
nonconforming product?
• Do you have procedures?

Open-ended example questions:
• What is the purpose of this process?
• What procedures/work instructions are provided on how to
perform this process?
• What is the pass/fail tolerance or criteria of this process?
• What equipment is used in this process?
• How are products examined at the end of the process?
• What happens to nonconforming material or product?

Sampling process:
Initial Sampling Review Outcome Course of Action
Review, Qty 3
P.O.’s for
similar items
No issues
with sampled
records
Observed
issue on one
or more P.O.’s
Move to next
record type
(ITP, MTR, etc.
Move on
Review more
samples
Determine:
How critical is the process and what is the risk of any errors observed?

Process Audit Strategies:
In any given process , depending on what information you are looking for,
the auditor you can begin anywhere in the process you believe will provide
the most information. Beginning, middle, end, or a combination there of.
• This technique is commonly referred to as Trace forward or trace
backward

Handling Difficult Situations:
• Stay focused on the audit objectives
• Be patient but firm
• Interview another person if the auditee is difficult or results in
slow progress
• Make the best use of your time, move to next step if a person is
not available, make a note to return later and follow up
• Ask the auditee to hold calls during interview
• Request information to be brought later. Make a note to return
later and follow up
• Do not argue, debate or take sides
• Notify the escort or the appropriate level contact in the
organization if the situation is other than accommodating

Diversionary tactic examples:
• Key personnel not available or arriving late
• Accessing documents is a challenge
• Guide involved in trivial conversations
• Guide leaving the auditor and not returning
• Guide frequently excusing themselves or frequent stops for
refreshments
• Guide using long routes when shorter routes are available
If these are suspected diversionary tactics the auditor must
handle with tact and diplomacy by being firm in explaining
the agreed agenda and audit objective.

Workshop 11: On-site auditing (Allotted time
approximately 1.5 hours, assign timekeeper)
Use the previous audit plan and using the provided Audit
report form.
Ensure each clause of ISO 9001 standard is covered in the
audit plan (if not already done).
Break into teams and assign each team ISO 9001 clause(s)
to audit (5 total clauses), the object is to determine if the
requirements of the standard are being met.

Conducting the audit:
• Always act in a professional manner. Never criticize or
undermine authorities.
• Give the auditee an opportunity to fully express their point of
view
• Do not guide the auditee toward the correct answer
• Ensure the nonconformity is well understood by both parties
(auditor and auditee)
• Collect the required information in order to issue the
nonconformance
• Obtain the guides acknowledgement of the NCR and collected
data

Conducting the audit (Continued):
• Don’t break the flow of the audit
• Don’t write a nonconformance at the time of the occurrence
• Record sufficient details to write a formal report later on referencing:
Names, function, record name, P.O.#, Project#, Document Number,
locations, etc.
• If applicable, obtain a copy of the document being reviewed as
supportive evidence
• Ensure you have all of the pertinent data as you will likely not be
returning back to this area
• Avoid surprises
• If issues are not well documented and based on fact you will be
challenged. Be factual, accurate and be sure to provide irrefutable
supporting data

Audit Nonconformance's:
Major:
The absence of a system to meet a standard requirement.
A number of minor nonconformance's against one
requirements which indicates a total breakdown of the
system as a whole.
Minor:
A lapse during implementation of a system or procedural
requirement.
Does not represent a system breakdown and where product
or services meet requirements.

Workshop 11: Writing Findings (Allotted time 1 hour, assign
timekeeper)
Using the company’s audit report form.
Use findings obtained during the on-site audit workshop and working per
the previously assigned teams, write up the following (as applicable)
using appropriate wording and being as fair and accurate as possible.
• Noteworthy
• Opportunity for Improvement (OFI)
• Observations
• Nonconformances

The Closing Meeting:
Preparing Audit Conclusions
Prior to the closing meeting, the audit team should review the information
and notes obtained during the audit, agree on the audit findings.
Discuss when audit follow up time frame.
Conducting the Closing Meeting:
The lead Auditor will chair this closing meeting and present the audit
conclusions based on the audit findings.
• Present the findings so they are clearly understood
• Agree on the time to respond to nonconformities
• If needed, record meeting minutes/summary
• Ensure any differing opinions are discussed and resolved if possible. It is
ok to agree to disagree but record any differing opinions as this issue
may reoccur.

The Closing Meeting Conduct:
• The Lead Auditor should present and discuss information as
needed
• The team members should only contribute when specifically
requested by the Lead Auditor
• As in any formal meeting, there should be no side-discussions
• Auditors must be vigilant to the reactions of the audit findings
and be prepared to respond in a professional manner
• Auditors shall not get involved into arguments, even if provoked
by personal comments
• Usually, if you act professionally, you will be treated
professionally

•Restate the audit purpose, scope and criteria
•Circulate the kick-off meeting audit plan to record attendance
Introduction
•Summarize total number of findings
•Categorize if possibleSummary results
•Read conformities, nonconformities, opportunities for
improvement, note worthy information
•Review sampling methodology
Finding details
•Time period to formally respond to the nonconformities
•Review/explain expected responses
Corrective Action time period
•Recommendation as audit findings results
•Provide final statement
Invite questions
•Questions or comments
•Do not engage in resolving nonconformities the organization will
have to investigate and determine best fit CARs
Recommendations
• State confidentiallyConfidentiality
•Always thank management for their hospitality and cooperation
•Thank the escorts and guides
Thank Management
The Closing Meeting - Detailed items to review:

Workshop 12: Closing Meeting (Allotted time 20 minutes,
assign timekeeper)
Based on the previous workshop information. Prepare for conducting a
closing meeting and make a presentation of audit findings to the audited
management. (This is only a audit summary providing the auditee a list of
action items until the formal report is distributed)
Be sure to mention:
• Any positive findings, attitudes, helpfulness and professionalism.
• Any nonconformities
• Opportunities for improvement
• Audit Conclusion

Preparing the Formal Audit Report:
The Lead Auditor is responsible for the preparation and
contents of the formal audit report.
The formal audit report must provide complete, accurate,
concise and clear record of the audit for a documented
history of this event.

The Quality of the Audit Report:
• Should be written in good language, no jargon or
abbreviations.
• The report should be clear and concise, unambiguous
• Content is accurate and realistic
• No contradictory statements
• No grammatical or spelling errors

Audit Report – additional items:
• Provide a list of auditee interviewees
• Summary of audit processes, including sampling
• Confirm the audit objectives were met
• Areas not covered although within the audit scope
• Unresolved differing opinions
• Recommendations form improvement
• Agreed follow-up action items
• Statement of confidentiality
• Audit report distribution list

Distributing the audit report:
Should be issued per the agreed time period, usually 2-3
weeks maximum.
If not possible to distribute the report on time a reasonable
explanation must be provided.
The audit report is the property of the client (who requested
the audit). The audit team must respect and maintain
confidentiality of the report.
The report should be dated, reviewed and approved in
accordance with the audit program procedures.
Once approved it can be distributed accordingly.

Audit Completion:
The audit is considered completed when all activities described in
the audit plan have been satisfactorily carried out. Assigned NCR
numbers should be referenced in the audit report so they can
easily be cross referenced and follow-up during future audits.
Retain or destroy documents as agreed.
Information obtained during the audit must not be disclosed to
anyone outside the audit team its management and the
organization that was audited.
Review audit team conduct as observed during the audit: review
strengths, weaknesses, training and experience required for
further development.

Thank you

Internal Auditor Course

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

En vedette

En vedette (20)

Similaire à Internal Auditor Course

Similaire à Internal Auditor Course (20)

Internal Auditor Course

Notes de l'éditeur