Presentation i did about ISO internal Auditor

1. The British Standards Institution raising standards worldwide TM Issue 1 December, 2008 QMS-030-01-EN-GX © 2008 BSI Management Systems

2. ISO Internal Auditor Compliance Management Prepared & Presented by Yamin K Hajeej

3. 1 5 Introduction to Auditing Auditor Competence and Responsibilities 2 3 6 4 Table of Content The Process Approach and Process Auditing Managing an Audit Program Audit Activities Conclusion

4. Introduction to Auditing

6. Monitor and measure the management system

8. Fair presentation

10. Evidence-based approachNote: reference to ISO 19011:2002 Clause number

11. Benefits of Auditing Verifies conformity to requirements Increases awareness and understanding Provides a measurement of effectiveness of the management system to top management Reduces risk of management system failure Identifies improvement opportunities Continuous improvement if performed regularly

12. Types of Audit Registration / Certification Product Customer contract Gap assessment / Pre-assessment Surveillance Combined audit / joint audit

13. The Process Approach and Process Auditing

14. Process Approach The process approach emphasize the importance of: Understanding and meeting requirements Looking at processes in terms of added value Obtaining results of process performance Continual improvement of process

16. Activities

17. Controls

18. Documentation

19. Resources

21. Decide/change

22. Improve effectiveness

24. Applies the PDCA cycle to implementing, operating, monitoring, exercising, maintaining and improving the effectiveness of a QMSISO 19011:2002 does not explicitly mention process audits, but is written for application to all management system audits

25. Applying the Process Approach to Auditing Auditors can apply the process approach to auditing by ensuring the auditee: Can define the objectives, inputs, outputs, activities, and resources for its processes Analyzes, monitors, measures, and improves its processes Understands the sequence and interaction of its processes

26. Process Auditing Approaches Individual Process: Input / Output / Value-added Activity Plan-Do-Check-Act Resources Relationship with other processes: Flow / Sequence / Linkage / Combination Interaction / Communication Evidence Customer and supplier contract(s)

27. Process Auditing “Turtle Diagram” With what? Resources With who? Personnel Inputs From Whom/ Where Outputs To Whom/ Where Process (specific value-added activities) What results? Performance indicators How done? Methods/ Documentation

30. Value of orders

32. Processing system

33. Terms and conditions

36. EVALUATE

37. AUDITORS

38. SELECT TEAMS

39. DIRECT ACTIVITIES

40. MAINTAIN RECORDS

41. OBJECTIVES

42. EXTENT

43. ROLES

44. RESOURCES

45. PROCEDURES

46. MONITOR

47. REVIEW

49. Audit Activities

50. Typical Audit Activities 6.1 Initialing the Audit PLAN Conducting Document Review Preparing for On-site Activities Conducting for On-site Activities DO Preparing, Approving, Distributing Audit Report Completing the Audit CHECK Conducting Audit Follow-up ACT

52. Identify the necessary resources and ensure they are provided

53. Organization should develop audit program processes

54. Program should be managed by a member of the organization

57. Defining Audit Objectives, Scope, Criteria 6.2.2 Audit Objectives may include: Determining of the extent of conformity of auditee`s QMS with audit criteria Evaluation of capability of QMS to ensure compliance with statutory, regulatory, and contractual requirements Evaluation of effectiveness of the QMS to meet its objectives Identification of areas of improvement

58. Selecting the Audit Team 6.2.4 For Team size and competence, consider: Audit objectives, scope, criteria, and duration Whether audit is combined or joint Competence of team to meet objectives Statutory, regulatory, contractual and accreditation/certification requirements Independence of the team

59. Auditor Competence and Responsibilities

61. Application of knowledge and skillsCompetence is to be developed, maintained, and improved

62. Personal Attributes Open-minded Decisive Perceptive Ethical Observant Diplomatic Versatile Tenacious Self-reliant Auditor CompetencePersonal Attributes 7.2

63. Auditor CompetenceGeneric Knowledge and skills 7.3.1 Auditor skills and competence could include: Audit principles, procedures, and techniques Management system and reference documents Organizational situations Laws, regulations, and other requirements

64. Auditor CompetenceSpecific Knowledge and skills 7.3.3 Specific knowledge and skills for quality auditors could include: Quality methods and techniques Quality terminology Quality management tools and their application Processes and products/services specific to the sector being audited

65. Auditor Responsibilities Arrive on time Maintain confidentiality Be objective and ethical Support the audit team and team leader Plan and prepare work documents Inform auditees of the audit process Document and support all findings Keep auditee informed Safeguard all documents Prepare the audit report

66. Audit Activities (Continued)

67. Audit Planning Determine the objective of the audit Identify specified requirements Determine audit duration and resources needed Select the team Contact the auditee – agree the date(s) Draw up audit plan Brief the team Prepare work documents

68. Conducting Document Review 6.3 A review of documentation: Should be conducted prior to on-site audit activities unless deferring review is not detrimental to the effectiveness of the audit May include relevant QMS documents, records, and previous audit reports May include a preliminary site visit

69. Prepare Work Documents Prepare work documents Use as a reference and for recording audit proceedings Include checklists, sampling plans and forms, ISO 9001:2008 standard, etc. Keep checklists flexible to allow changes resulting from information collected during the audit Safeguard any confidential and proprietary information Retain work documents and records

71. Plan what to look for (audit evidence) Prepare checklist

72. Checklists Structure Audit checklist structure:

73. Conduct on-Site Audit Activities 6.5 Conduct opening meeting Communicate during the audit Explain roles and responsibilities of participants Collect and verify information Generate audit findings Prepare audit conclusions Conduct closing meeting

74. Opening Meeting 6.5.1 Hold opening meeting with auditee top management and those responsible for processes audited Meeting may be informal Chaired by team leader Audit team present Purpose is to confirm all prior arrangements

75. Sources of information Audit Conclusions Collect by appropriate sampling & verification Evaluate against audit criteria Review Collecting and Verifying Information

77. interfaces between functions, activities and processesCollect audit evidence by appropriate sampling and verify and record it Be aware on sampling limitations, if acting on the audit conclusion Use only information that is verifiable as audit evidence

79. Also ensure they are responsible for the activity being audited

81. Plans

82. Controls

83. Strategies

84. Exercises

85. testsReview records for evidence of conformity to documents Review records, statements of fact, or other information which are relevant to the audit criteria and verifiable Audit evidence may be qualitative or quantitative

86. Communication and interpersonal skills Put auditee at ease Ask short questions and listen Reflect right attitude, tone of voice, body language, and facial expressions Smile and show eye contact Avoid interruptions Avoid off-cuff and condescending remarks Give praise when appropriate

87. Communication and interpersonal skills Show interest Be tactful and polite Show patience and understanding Remember to say please and thank you Ask the right person Don`t say you understand when you do not

89. Avoid using too often

91. Investigation later

92. Use by a colleague

94. What was reported

95. What was observedNotes may be referenced by subsequent auditor

97. Structured

99. Importance

100. Status

102. Note for later

105. Establish the FactsJudgment in the Audit Process Audit focus must be on conformity and effectiveness, NOT on finding nonconformities The auditee must be given the benefit of any doubt where there is insufficient audit evidence

107. Where, what, etc.Establish why a nonconformity or otherwise State who (if relevant) – preferably by job title Obtain agreement with the facts

108. Generate Audit Findings 6.5.5 Evaluate audit evidence against audit criteria to generate audit findings Indicate if findings are conformities, nonconformities or opportunities for improvement Meet (audit team) to review findings Specify (with supporting evidence) or summarize conformity by location, function, or processes, as required by audit plan

110. Partially doing it

112. Quality standard (ISO 9001:2008)

113. Quality management system

116. A training record not available

118. Nonconformity - Major Examples: No documented procedure for a required documented ISO 9001:2008 process/activity Document changes routinely made without authorization No awareness program for the quality management system No future planned internal audits Insufficient scope Numerous minor nonconformities found in the production process

121. NonconformityPoor Report Examples The nonconformity statements below are inadequate due to the lack of specified requirements and detailed evidence: Steering Group meeting minutes are not adequate The authority level for the Emergency Controller must be documented for clarify purposes

123. Agree on audit conclusionsTo prepare the audit report and recommendations If included in audit plan, to discuss audit follow-up

124. Audit ReportPrepare, Approve & Distribute 6.6.1 Audit reference Client and Auditee details Audit team details List of auditee representatives Objectives, scope, and criteria Audit plan – dates, places, areas audited and timing Summary of audit process Audit Summary Uncertainty due to sampling 6.6.2

125. Audit ReportPrepare, Approve & Distribute 6.6.1 Nonconformity reports Recommendation Obstacles encountered Any areas in audit scope not covered Any unresolved issues between the auditee and team Confirmation that audit objectives accomplished Confidentiality statement Distribution list 6.6.2

127. If delayed, provide reasons and agree on new issue date

128. Report must be dated, reviewed, and approved as per procedures

129. Distribute to recipients designated by audit client

130. Report is property of audit client

132. Maintain or dispose of audit documents based on contractual, regulatory, and audit program procedures

133. Maintain confidentiality of audit documents, information, and report

135. Cover situations encountered during audit that may decrease reliance on audit conclusions

136. Discuss and resolve diverging audit findings and conclusions

137. Keep a record if not resolved

138. Provide recommendations for improvement where specified by audit objectives

139. Keep minutes and attendance records

141. Auditee decides and carries out these actions within agreed timeframe

142. These actions are not part of the audit

143. Audit team number should verify completion and effectiveness of actions taken

144. This verification may be part of a subsequent audit

146. Auditee prepares and approves a corrective action plan

147. Auditee submits the plan to auditors

148. Auditors evaluate and approve the plan

149. Auditee implements the approved corrective action plan

150. Auditor verifies the implementation and effectiveness

152. Typical Audit Activities Initialing the Audit Conducting Document Review Preparing for On-site Activities Conducting for On-site Activities Preparing, Approving, Distributing Audit Report Completing the Audit Conducting Audit Follow-up

153. Final Questions?

154. Thank You! For you attendance and participation! Prepared & Presented by Yamin K Hajeej