Iso Internal Auditor

  • 34,179 views
Uploaded on

Presentation i did about ISO internal Auditor

Presentation i did about ISO internal Auditor

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
No Downloads

Views

Total Views
34,179
On Slideshare
0
From Embeds
0
Number of Embeds
3

Actions

Shares
Downloads
2,587
Comments
7
Likes
18

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. The British Standards Institution
    raising standards worldwide TM
    Issue 1 December, 2008 QMS-030-01-EN-GX © 2008 BSI Management Systems
  • 2. ISO Internal Auditor
    Compliance Management
    Prepared &
    Presented by
    Yamin K Hajeej
  • 3. 1
    5
    Introduction to Auditing
    Auditor Competence and Responsibilities
    2
    3
    6
    4
    Table of Content
    The Process Approach and Process Auditing
    Managing an Audit Program
    Audit Activities
    Conclusion
  • 4. Introduction to
    Auditing
  • 5. Auditing
    What is an audit?
    • Systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled
    (ISO19011: 2002 clause 3.1)
    Why audit?
    • Requirement of ISO 9001:2008
    • 6. Monitor and measure the management system
    • 7. Promote continuous improvement of the management system
  • Principles of Auditing
    4.0
    Principles relating to auditors:
    • Ethical conduct
    • 8. Fair presentation
    • 9. Due professional care
    Principles relating to audit:
    • Independence
    • 10. Evidence-based approach
    Note: reference to
    ISO 19011:2002
    Clause number
  • 11. Benefits of Auditing
    Verifies conformity to requirements
    Increases awareness and understanding
    Provides a measurement of effectiveness of the management system to top management
    Reduces risk of management system failure
    Identifies improvement opportunities
    Continuous improvement if performed regularly
  • 12. Types of Audit
    Registration / Certification
    Product
    Customer contract
    Gap assessment / Pre-assessment
    Surveillance
    Combined audit / joint audit
  • 13. The Process Approach and Process Auditing
  • 14. Process Approach
    The process approach emphasize the importance of:
    Understanding and meeting requirements
    Looking at processes in terms of added value
    Obtaining results of process performance
    Continual improvement of process
  • 15. Plan
    Your
    Process
    Act
    Do
    Check
    PDCA (Plan-Do-Check-Act)
    The Plan-do-Check-Act (PDCA) methodology applies to all processes
    Continual
    Improvement
    • Analyze/review
    • 21. Decide/change
    • 22. Improve effectiveness
    • 23. Measure and monitor for conformity and effectiveness
  • Management System Standards and the Process Approach
    ISO 9001:2008:
    • Is based upon the PDCA cycle which can be applied to processes
    • 24. Applies the PDCA cycle to implementing, operating, monitoring, exercising, maintaining and improving the effectiveness of a QMS
    ISO 19011:2002 does not explicitly mention process audits, but is written for application to all management system audits
  • 25. Applying the Process Approach to Auditing
    Auditors can apply the process approach to auditing by ensuring the auditee:
    Can define the objectives, inputs, outputs, activities, and resources for its processes
    Analyzes, monitors, measures, and improves its processes
    Understands the sequence and interaction of its processes
  • 26. Process Auditing Approaches
    Individual Process:
    Input / Output / Value-added Activity
    Plan-Do-Check-Act
    Resources
    Relationship with other processes:
    Flow / Sequence / Linkage / Combination
    Interaction / Communication
    Evidence
    Customer and supplier contract(s)
  • 27. Process Auditing “Turtle Diagram”
    With what?
    Resources
    With who?
    Personnel
    Inputs
    From
    Whom/
    Where
    Outputs
    To
    Whom/
    Where
    Process
    (specific value-added
    activities)
    What results?
    Performance
    indicators
    How done?
    Methods/
    Documentation
  • 28. Process Auditing Example
    With what?
    • Order processing system
    With who?
    • Customers
    • 29. Competent sales and
    processing staff
    Inputs
    • Customer
    requirements
    • Sales staff
    Outputs
    Production/Service Delivery
    Contract
    Review
    What results?
    • Order processing
    time
    • Number or orders
    • 30. Value of orders
    • 31. Contract accuracy
    How done?
    • IT system
    • 32. Processing system
    • 33. Terms and conditions
    • 34. Contract review procedure
  • Managing an Audit Program
  • 35. Managing an Audit Program Process Flow
    5.1
    PLAN
    DO
    CHECK
    ACT
    AUTHORIZE
    MONITOR &
    REVIEW
    ESTABLISH
    IMPLEMENT
    IMPROVE
    FOR CA/PA
    • IDENTIFY
    OPPORTUNITIES
    TO IMPROVE
    AUDITOR
    COMPETENCE
    & EVALUZATION
    SPECIFIC AUDIT
    ACTIVITIES
  • 49. Audit Activities
  • 50. Typical Audit Activities
    6.1
    Initialing the Audit
    PLAN
    Conducting Document Review
    Preparing for On-site Activities
    Conducting for On-site Activities
    DO
    Preparing, Approving, Distributing Audit Report
    Completing the Audit
    CHECK
    Conducting Audit Follow-up
    ACT
  • 51. Audit Program
    Top management should authorize responsibility for program management to:
    • Establish, implement, review, and improve the audit program
    • 52. Identify the necessary resources and ensure they are provided
    • 53. Organization should develop audit program processes
    • 54. Program should be managed by a member of the organization
    • 55. Keep appropriate audit records to monitor and review the audit program
  • Audit Program Responsibilities
    Top management should authorize responsibility for program management
    Those assigned responsibility should:
    • Establish, implement, review, and improve the audit program
    • 56. Identify the necessary resources and ensure they are provided
  • Initiating the Audit
    6.2
    Initiating the audit includes:
    Appointing the audit team leader
    Defining audit objectives, scope, criteria
    Determining feasibility of the audit
    Selecting the audit team
    Establishing initial contact with the auditee
  • 57. Defining Audit Objectives, Scope, Criteria
    6.2.2
    Audit Objectives may include:
    Determining of the extent of conformity of auditee`s QMS with audit criteria
    Evaluation of capability of QMS to ensure compliance with statutory, regulatory, and contractual requirements
    Evaluation of effectiveness of the QMS to meet its objectives
    Identification of areas of improvement
  • 58. Selecting the Audit Team
    6.2.4
    For Team size and competence, consider:
    Audit objectives, scope, criteria, and duration
    Whether audit is combined or joint
    Competence of team to meet objectives
    Statutory, regulatory, contractual and accreditation/certification requirements
    Independence of the team
  • 59. Auditor Competence and Responsibilities
  • 60. Auditor Competence
    7.1
    Auditor competence is based on:
    • Personal attributes
    • 61. Application of knowledge and skills
    Competence is to be developed, maintained, and improved
  • 62. Personal
    Attributes
    Open-minded
    Decisive
    Perceptive
    Ethical
    Observant
    Diplomatic
    Versatile
    Tenacious
    Self-reliant
    Auditor CompetencePersonal Attributes
    7.2
  • 63. Auditor CompetenceGeneric Knowledge and skills
    7.3.1
    Auditor skills and competence could include:
    Audit principles, procedures, and techniques
    Management system and reference documents
    Organizational situations
    Laws, regulations, and other requirements
  • 64. Auditor CompetenceSpecific Knowledge and skills
    7.3.3
    Specific knowledge and skills for quality auditors could include:
    Quality methods and techniques
    Quality terminology
    Quality management tools and their application
    Processes and products/services specific to the sector being audited
  • 65. Auditor Responsibilities
    Arrive on time
    Maintain confidentiality
    Be objective and ethical
    Support the audit team and team leader
    Plan and prepare work documents
    Inform auditees of the audit process
    Document and support all findings
    Keep auditee informed
    Safeguard all documents
    Prepare the audit report
  • 66. Audit Activities
    (Continued)
  • 67. Audit Planning
    Determine the objective of the audit
    Identify specified requirements
    Determine audit duration and resources needed
    Select the team
    Contact the auditee – agree the date(s)
    Draw up audit plan
    Brief the team
    Prepare work documents
  • 68. Conducting Document Review
    6.3
    A review of documentation:
    Should be conducted prior to on-site audit activities unless deferring review is not detrimental to the effectiveness of the audit
    May include relevant QMS documents, records, and previous audit reports
    May include a preliminary site visit
  • 69. Prepare Work Documents
    Prepare work documents
    Use as a reference and for recording audit proceedings
    Include checklists, sampling plans and forms, ISO 9001:2008 standard, etc.
    Keep checklists flexible to allow changes resulting from information collected during the audit
    Safeguard any confidential and proprietary information
    Retain work documents and records
  • 70. Checklists Preparation
    One Approach is to:
    Identify audit scope and process(es) within scope
    Identify applicable factors (inputs, outputs, measures, resources, etc.)
    Use these points and other requirements
    (ISO 9001-2008, system documentation, etc.) to:
    • Plan what to look at
    • 71. Plan what to look for (audit evidence)
    Prepare checklist
  • 72. Checklists Structure
    Audit checklist structure:
  • 73. Conduct on-Site Audit Activities
    6.5
    Conduct opening meeting
    Communicate during the audit
    Explain roles and responsibilities of participants
    Collect and verify information
    Generate audit findings
    Prepare audit conclusions
    Conduct closing meeting
  • 74. Opening Meeting
    6.5.1
    Hold opening meeting with auditee top management and
    those responsible for processes audited
    Meeting may be informal
    Chaired by team leader
    Audit team present
    Purpose is to confirm all prior arrangements
  • 75. Sources of information
    Audit Conclusions
    Collect by appropriate sampling & verification
    Evaluate against audit criteria
    Review
    Collecting and Verifying Information
  • 76. Auditing ProcessCollect & Verify information
    6.5.4
    Collect information relevant to:
    • Audit objectives, scope, and criteria
    • 77. interfaces between functions, activities and processes
    Collect audit evidence by appropriate sampling and verify and record it
    Be aware on sampling limitations, if acting on the audit conclusion
    Use only information that is verifiable as audit evidence
  • 78. Auditing ProcessTechniques to Obtain Audit Evidence
    6.5.4
    Interview:
    • Personnel that manage, perform, and verify activities
    • 79. Also ensure they are responsible for the activity being audited
    • 80. Listen carefully to responses
    Observe:
    • Identity, status, condition, processes, equipment, activities, environment, and people
  • Auditing ProcessAudit Evidence
    Review documents that describe:
    Review records for evidence of conformity to documents
    Review records, statements of fact, or other information which are relevant to the audit criteria and verifiable
    Audit evidence may be qualitative or quantitative
  • 86. Communication and interpersonal skills
    Put auditee at ease
    Ask short questions and listen
    Reflect right attitude, tone of voice, body language, and facial expressions
    Smile and show eye contact
    Avoid interruptions
    Avoid off-cuff and condescending remarks
    Give praise when appropriate
  • 87. Communication and interpersonal skills
    Show interest
    Be tactful and polite
    Show patience and understanding
    Remember to say please and thank you
    Ask the right person
    Don`t say you understand when you do not
  • 88. Questioning Techniques
    Open question
    • Using why, who, what, where, when, or how gets more than a yes or no answer
    Expansive question
    • Further elaborates the current point
    Opinion question
    • Asks opinion about current point
    Non-verbal
    • Uses body language, for example: raise eye-brow to elicit further information
  • Questioning Techniques
    Repetitive question
    • Repeats back response in form of a question
    Hypothetical question
    • Uses what if, suppose that, etc.
    Closed question
    • Gets yes or no answer
    • 89. Avoid using too often
    • 90. Used for confirmation
    Silence
    • Draws more information
  • Note Taking
    Notes could be used as reference for:
    • Immediate investigation
    • 91. Investigation later
    • 92. Use by a colleague
    • 93. Subsequent audits
    Notes taken during an audit are a record of:
    • The audit sample taken
    • 94. What was reported
    • 95. What was observed
    Notes may be referenced by subsequent auditor
  • 96. Sampling
    Samples should test the effectiveness of the system and should be:
    • Representative
    • 97. Structured
    • 98. Independently selected
    Sample size should be based on:
  • Control of the Audit
    Checklist is an aid, not a requirement
    If potential audit trails appear, decide to:
    Following audit trails may effect:
  • Constant interruptions
    Cannot find document
    Diversionary tactics
    Called away
    EXAMPLES
    Long telephone calls
    Noisy environment
    Interdepartmental or personality conflicts
    Volunteered information
    Long-winded
    auditees
    Boastful
    Uncooperative
    Unprepared
    Provocation
    Language
    Handling Difficult Situations
  • 105. Establish the FactsJudgment in the Audit Process
    Audit focus must be on conformity and effectiveness, NOT on finding nonconformities
    The auditee must be given the benefit of any doubt where there is insufficient audit evidence
  • 106. Establish the Facts
    Discuss concerns
    Verify the findings
    Record all the evidence:
    • Exact observation
    • 107. Where, what, etc.
    Establish why a nonconformity or otherwise
    State who (if relevant) – preferably by job title
    Obtain agreement with the facts
  • 108. Generate Audit Findings
    6.5.5
    Evaluate audit evidence against audit criteria to generate audit findings
    Indicate if findings are conformities, nonconformities or opportunities for improvement
    Meet (audit team) to review findings
    Specify (with supporting evidence) or summarize conformity by location, function, or processes, as required by audit plan
  • 109. Nonconformity
    6.5.5
    Non-fulfillment of a specified requirement:
    • Not doing it
    • 110. Partially doing it
    • 111. Doing it the wrong way
    Specified requirement:
    • Conditions of the customer contract
    • 112. Quality standard (ISO 9001:2008)
    • 113. Quality management system
    • 114. Statutory or regulatory requirements
  • Generate Audit Findings
    6.5.5
    Record nonconformity findings and supporting evidence
    Obtain auditee acknowledgement of nonconformities for accuracy and understandability
    Try and resolve differences of opinion
    Keep a record of unresolved issues
  • 115. Nonconformity - Minor
    Failure to comply with a requirement which (based on judgment and experience) is not likely to result in QMS failure
    Single observed lapse or isolated incident
    Minimal risk of nonconforming product or service
    Examples:
    • A two month lapse in the internal audit program
    • 116. A training record not available
    • 117. No actions taken to improve system based on previous result findings
  • Nonconformity - Major
    Absence or total breakdown of a system to meet a requirement
    A number of minors related to the same clause or requirement
    A nonconformity that experience and judgment indicate will likely result in QMS failure or significantly reduce its ability to assure controlled processes and products
  • 118. Nonconformity - Major
    Examples:
    No documented procedure for a required documented ISO 9001:2008 process/activity
    Document changes routinely made without authorization
    No awareness program for the quality management system
    No future planned internal audits
    Insufficient scope
    Numerous minor nonconformities found in the production process
  • 119. NonconformityClassifying the Nonconformity
    Consider the seriousness:
    What could go wrong if the nonconformity remains uncorrected?
    Is it likely the system would detect it before the customer is affected?
    If you are not certain it is a nonconformity, it is not.
    You must have:
    • A requirement that has been broken
    • 120. Proof that it has been broken
  • NonconformityGood Report Examples
  • 121. NonconformityPoor Report Examples
    The nonconformity statements below are inadequate due to the lack of specified requirements and detailed evidence:
    Steering Group meeting minutes are not adequate
    The authority level for the Emergency Controller must be documented for clarify purposes
  • 122. Preparing Audit Conclusions
    6.5.6
    Audit team confer prior to the closing meeting:
    Scheduling of the audit plan
    To plan for closing meeting
    Purpose is to:
    • Review audit findings and other information
    • 123. Agree on audit conclusions
    To prepare the audit report and recommendations
    If included in audit plan, to discuss audit follow-up
  • 124. Audit ReportPrepare, Approve & Distribute
    6.6.1
    Audit reference
    Client and Auditee details
    Audit team details
    List of auditee representatives
    Objectives, scope, and criteria
    Audit plan – dates, places, areas audited and timing
    Summary of audit process
    Audit Summary
    Uncertainty due to sampling
    6.6.2
  • 125. Audit ReportPrepare, Approve & Distribute
    6.6.1
    Nonconformity reports
    Recommendation
    Obstacles encountered
    Any areas in audit scope not covered
    Any unresolved issues between the auditee and team
    Confirmation that audit objectives accomplished
    Confidentiality statement
    Distribution list
    6.6.2
  • 126. Audit ReportDistribution
    6.6.1
    • Issue within agreed time period
    • 127. If delayed, provide reasons and agree on new issue date
    • 128. Report must be dated, reviewed, and approved as per procedures
    • 129. Distribute to recipients designated by audit client
    • 130. Report is property of audit client
    • 131. Recipients and audit team must respect the confidentiality of the report
  • Completing the Audit
    6.7
    • Audit is complete when all activities in audit plan have been carried out and audit report is distributed
    • 132. Maintain or dispose of audit documents based on contractual, regulatory, and audit program procedures
    • 133. Maintain confidentiality of audit documents, information, and report
    • 134. Notify audit client and auditee ASAP if disclosure of audit information is required.
  • Closing Meeting
    6.5.7
    • Hold closing meeting to present audit findings and conclusions
    • 135. Cover situations encountered during audit that may decrease reliance on audit conclusions
    • 136. Discuss and resolve diverging audit findings and conclusions
    • 137. Keep a record if not resolved
    • 138. Provide recommendations for improvement where specified by audit objectives
    • 139. Keep minutes and attendance records
    • 140. Will normally be informal for internal audits
  • Completing the AuditConducting the Follow-up
    6.8
    • Audit conclusions may require corrective, preventive, or improvement actions
    • 141. Auditee decides and carries out these actions within agreed timeframe
    • 142. These actions are not part of the audit
    • 143. Audit team number should verify completion and effectiveness of actions taken
    • 144. This verification may be part of a subsequent audit
    • 145. Maintain independence in subsequent audit activities
  • Completing the AuditCorrective the Follow-up
    6.8
    • Auditee receives the nonconformity report
    • 146. Auditee prepares and approves a corrective action plan
    • 147. Auditee submits the plan to auditors
    • 148. Auditors evaluate and approve the plan
    • 149. Auditee implements the approved corrective action plan
    • 150. Auditor verifies the implementation and effectiveness
    • 151. Records of all actions taken by auditor and auditee
  • Conclusion
  • 152. Typical Audit Activities
    Initialing the Audit
    Conducting Document Review
    Preparing for On-site Activities
    Conducting for On-site Activities
    Preparing, Approving, Distributing Audit Report
    Completing the Audit
    Conducting Audit Follow-up
  • 153. Final Questions?
  • 154. Thank You!
    For you attendance and participation!
    Prepared &
    Presented by
    Yamin K Hajeej