• Like
  • Save
Practical Auditing
Upcoming SlideShare
Loading in...5
×
 

Practical Auditing

on

  • 6,711 views

 

Statistics

Views

Total Views
6,711
Views on SlideShare
6,711
Embed Views
0

Actions

Likes
5
Downloads
0
Comments
3

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel

13 of 3 Post a comment

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
  • Very good presentation for understanding of basic auditing concepts.
    Are you sure you want to
    Your message goes here
    Processing…
  • The presentation is clear and concise. It can easily be understood by the users. Thank you for the share.
    Are you sure you want to
    Your message goes here
    Processing…
  • i ve gone through in detail about this presentation, its very informative, i wish and request to send me if any one who ve this presentation. i ll be grateful for this act of kindness.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Practical Auditing Practical Auditing Presentation Transcript

    • PRACTICAL AUDITING Continual Improvement Program for Internal Quality Auditors By Sid Calayag
    • Agenda• PDCA and Process Approach• Interview/Question Technique• Notes, Check List & Cheat Sheet• Report Writing• Toughest ISO 9001:2000 Clauses• How to Audit Difficult Clauses• How to Audit Undocumented Process• Auditor’s Code of Ethics Auditor Training rev 0 022009 2
    • Process Based Approach MANAGEMENT RESPONSIBILITYC CU U RESOURCE MANAGEMENTS ST T PRODUCT REALIZATIONO O Requirements INPUT PROCESS OUTPUTM A P M C DE ER MEASUREMENT, ANALYSIS & R IMPROVEMENT Satisfaction 4
    • THE PDCA CYCLE VERIFY PLAN ACT DO EVALUATE IMPLEMENT CHECK STUDYVALIDATE
    • Interview and Question Technique• Interview • Reason • Steps• Question Techniques • Closed-ended Question • Open-ended question • Show-me Question Auditor Training rev 0 022009 6
    • Interview Reason• Supplements the documented process• Determines the actual defined process• Principal way of obtaining information• Allows auditee to explain work practices• Ascertains understanding and commitment Auditor Training rev 0 022009 7
    • Interview Steps -1• Interview persons at their workplace• Conduct interviews during normal hours• Put person at ease (lower anxiety level)• Explain your purpose (what you want)• Ask about their job (question; observe)• Verify responses (confirm understanding) Auditor Training rev 0 022009 8
    • Interview Steps - 2• Check the facts (use other sources)• Record evidence (notes on checklist)• Make tentative conclusion (no secrets)• Give opportunity to discuss other topics• Thank for their time and cooperation Auditor Training rev 0 022009 9
    • Summary on Interview• Remember, it is an interview, not an interrogation!• Investigate a claim; accept an admission. Auditor Training rev 0 022009 10
    • Questioning Techniques - 1• Ask question and then actively listen• Rely primarily on open-ended questions• Avoid closed question (except to confirm)• Ask for explanations and examples• Rephrase your question for clarification• Restate answer for your understanding• Keep neutral; dont disagree or interrupt Auditor Training rev 0 022009 11
    • Questioning Techniques - 2• Ask "suppose" or "what if" questions• Find basic flaws with simple questions• Ask the blunt question about quality• Nod in agreement to maintain dialog• Use silence for expanded responses• Observe unguarded facial expressions• Learn from remarks of nearby people Auditor Training rev 0 022009 12
    • Close and Open-ended Question• Open-ended question can be used in determining the actual process during the interview.• Close-ended question can be used to conclude the result of the interview. Sample Auditor Training rev 0 022009 13
    • Summary on Questioning Techniques• STOP TALKING - LISTEN Do not ask closed questions unless to conclude item Maintain a 20% talking : 80% listening ratio• USE THE SIX HONEST SERVING MEN “I keep six honest serving men They taught me all I knew Their names were WHAT and WHY and WHEN And HOW and WHERE and WHO” (The Elephant Child - Kipling)• SHOW ME
    • Notes, Check List & Cheat List• Taking Notes in an Audit• Check List• Cheat List Auditor Training rev 0 022009 15
    • Taking Notes in an Audit• One use of a checklist is as a repository for your notes• Take brief notes on what you have read, heard, and seen• Capture specific references• record what people are telling you about their practices• Some of your notes will be used immediately for your next line of questioning Auditor Training rev 0 022009 16
    • Advantages on Using Check ListChecklists, if developed and used properly:• Promote planning for the assigned audit• Ensure a consistent audit approach• Act as a sampling plan and time manager• Serve as a memory aid and confidence builder• Provide a repository for notes on evidence Auditor Training rev 0 022009 18
    • Drawback on Using Check ListDrawback• May result in poor coverage.• Restrict interview questions• May cause the auditor to use an outdated tool if not updated according to the new standard Auditor Training rev 0 022009 19
    • Summary on Check List• A checklist should guide auditors through the system flow from quality policy, to objectives, to processes, to measurements, to results, to actions, and eventually to continual improvement.• Auditors should use the checklist as a planning tool for their assignment and be willing to pursue other areas of investigation. Auditor Training rev 0 022009 20
    • Cheat Sheet• A "cheat sheet" is a concise set of notes used for quick reference• Job notes may not accurately describe the tasks, in conflict with written instructions, or unapproved by management.ISO 9001:2000, clause 4.2.3 states that "Documents requiredby the quality management system shall be controlled." So, ifcheat sheets are needed by employees to carry out theiractivities, these would be viewed as documents that must becontrolled. Auditor Training rev 0 022009 21
    • Report Writing• Use CPLANES as a reminder • C – Clause • P -- Procedure or Instruction • L -- Location • A – Activity • N – Nature of Deficiency • E – Evidence • S – Scale of Deficiency Auditor Training rev 0 022009 22
    • Writing Nonconformity Reports• Conformity,• Conformance, or• Compliance? Auditor Training rev 0 022009 23
    • Exercise No. 1How well do you know the new ISO 9001:2000 standard? Can you identify theclauses for these requirements? 1. Reviewing the system at planned intervals 2. Identifying the status of product measurements 3. Maintaining process equipment 4. Handling, packaging, and storing products 5. Preventing the "recurrence" of nonconformities 6. Maintaining evidence of conformity of acceptance criteria 7. Ensuring requirements are complete and unambiguous 8. Identifying the control of outsourced processes 9. Planning for design review, verification, and validation 10. Including a quality manual in the documentation answer Auditor Training rev 0 022009 24
    • Toughest Requirements• 4.1 General Requirements• 5.1 Management Commitment• 5.4.1 Quality Objectives• 5.4.2 Quality Management System Planning (vs. 7.1 Planning of Product Realization)• 7.3.1 Design and Development Planning Auditor Training rev 0 022009 25
    • Toughest Requirements• 7.5.2 Validation of Processes for Production and Service Provision• 8.2.1 Customer Satisfaction• 8.5.1 Continual Improvement• 8.5.3 Preventive Action Auditor Training rev 0 022009 26
    • Most Common Audit Findings* Internal Audit Findings• 1. Customer satisfaction data and assessment (8.2.1 . . .• 2. Documentation gaps (4.2.3 . . .• 3. Continual improvement process (8.5.1 . . .• 4. Objectives not measurable (5.4.1 . . .• 5. Collection and analysis of data (8.4 . . .• 6-7. Top management commitment and responsibility (5.4 . . .• 6-7. Record keeping gaps (4.2.4 . . .• 8-9. Competency requirements (6.2.2 . . .• 8-9. Effective control of processes (4.1 . . . * Ref. : <http://standardsgroup.asq.org/news/psi/IMS06-2002E-Implementing_ISO_9001-BD.pdf> Auditor Training rev 0 022009 27
    • Most Common Audit Findings* Registrar Audit Findings• 1. Documentation gaps• 2-3. Objectives not measurable• 2-3. Top management commitment and responsibility• 4. Continual improvement process• 5-6. Customer satisfaction data and assessment• 5-6. Effective control of processes• 7-8. Collection and analysis of data• 7-8. Record keeping gaps• 9. Competency requirements * Ref. : <http://standardsgroup.asq.org/news/psi/IMS06-2002E-Implementing_ISO_9001-BD.pdf> Auditor Training rev 0 022009 28
    • Comparison of RankingsInternal Audit Findings Registrar Audit Findings• 1. Customer satisfaction data and • 1. Documentation gaps assessment • 2-3. Objectives not measurable• 2. Documentation gaps • 2-3. Top management commitment• 3. Continual improvement process and responsibility• 4. Objectives not measurable • 4. Continual improvement process• 5. Collection and analysis of data • 5-6. Customer satisfaction data and assessment• 6-7. Top management commitment and responsibility • 5-6. Effective control of processes• 6-7. Record keeping gaps • 7-8. Collection and analysis of data• 8-9. Competency requirements • 7-8. Record keeping gaps• 8-9. Effective control of processes • 9. Competency requirements Auditor Training rev 0 022009 29
    • How to Audit Difficult Clauses4.1 General Requirements Clause 4.1 covers the requirement for your organization to set up a quality management system and broadly defines the associated activities. These activities are described in greater detail in the remainder of the standard. And, when you audit these other clauses, you are in essence auditing clause 4.1. Auditor Training rev 0 022009 30
    • How to Audit ISO 9001:2000, Clause 4.1• By recognizing its linkages to the clauses in the remainder of the standard.• Audit those other areas well and you are in effect auditing clause 4.1. Auditor Training rev 0 022009 31
    • How to Audit Difficult Clauses5.1 Management Commitment Look for evidence on how top managers ensure their commitment is well known throughout the organization and records that show how they are keeping their promise Auditor Training rev 0 022009 33
    • How to Audit Difficult Clauses5.4.1 Quality ObjectiveAre You Setting SMART Quality Objectives?• Is it specific?• Is it measurable• Is it achievable• Is it relevant• Is it timed? Auditor Training rev 0 022009 34
    • How to Audit Difficult Clauses5.4.2 Quality Management System Planning(vs. 7.1 Planning of Product Realization)Organizations must decide how tomonitor, measure, and analyze their processes, as wellas, be ready to implement the actions necessary toachieve planned results and continually improve theprocesses. Even outsourced processes are included inthe planning.Determine how this is done using process approach. Auditor Training rev 0 022009 35
    • How to Audit Difficult Clauses7.0 Product Realization• 7.1 Planning of Product Realization• 7.3.1 Design and Development Planning• 7.5.2 Validation of Processes for Production and Service ProvisionDetermine how the quality plan is developed. Auditor Training rev 0 022009 36
    • How to Audit Difficult Clauses8.0 Measurement, analysis and Improvement• 8.2.1 Customer Satisfaction• 8.5.1 Continual Improvement• 8.5.3 Preventive Action Auditor Training rev 0 022009 37
    • Auditing Undocumented ProcessAuditing a Process that is UndocumentedRefer to the guide provided to youseparately Auditor Training rev 0 022009 38
    • Summary on Audit PracticeAudits examine compliance from three perspectives:1. Documents (or definitions) that indicate the process is adequate2. Records that show the process is implemented (being practiced)3. Results that prove the process is effective (objectives are met)By using the process approach in auditing, you will beable to gather all the evidence that you need inauditing for any clause that you may encounter in thefield. Auditor Training rev 0 022009 39
    • EXERCISE No. 2The purpose of the exercise is to providepractice in assessing evidence in an objectivemanner.. Auditor Training rev 0 022009 40
    • WorkshopMock-up audit of Engineering Department• 5.4.1 Quality Objectives• 7.3.1 Design and Development Planning Auditor Training rev 0 022009 41
    • Auditor ConductAN AUDITOR SHOULD NOT• Be critical • Be sarcastic• Be side-tracked • Compare• Argue • Pass opinions• Swear • Apportion blame• Be late
    • Code of Conduct for AuditorsPurposeTo communicate theintegrity, objectivity, confidentiality, andcompetence expected of internal auditors, aswell as, to provide a means for them to pledgetheir commitment to these principles. Auditor Training rev 0 022009 44
    • Code of Conduct for AuditorsIntegrityThe integrity of internal auditors establishes trustand provides the basis for relying on theirjudgment. As an internal auditor, I pledge to:1. Perform my work with honesty, accuracy, fairness, and responsibility.2. Not engage in activities that might discredit the audit profession or my organization. Auditor Training rev 0 022009 45
    • Code of Conduct for AuditorsObjectivityInternal auditors must be objective ingathering, evaluating, and communicating information aboutthe activities being examined. They must make a balanced andimpartial assessment of all the relevant facts and not be undulyinfluenced by their interests, or those of others, in makingjudgments. As an internal auditor, I pledge to:3. Not join in any activity or relationship that may affect my unbiased assessment.4. Not accept anything that may impair, or appear to impair, my judgment.5. Disclose all the material facts to avoid any distortion of my audit report. Auditor Training rev 0 022009 46
    • Code of Conduct for AuditorsConfidentialityInternal auditors must respect the value and ownership of theinformation they receive and not disclose it without theappropriate authority (unless obligated for legal orprofessional reasons). As an internal auditor, I pledge to:6. Be prudent in the use and protection of the information acquired during my audit duties.7. Not use the information for personal gain or in any way detrimental to the organization. Auditor Training rev 0 022009 47
    • Code of Conduct for AuditorsCompetenceInternal auditors must apply their knowledge, skills, and experience in the performance of their assessment duties. As an internal auditor, I pledge to:8. Engage only in audits where I possess the needed knowledge, skills, and experience.9. Perform audits in accordance with the procedures and practices of my organizations.10. Continually improve my proficiency and the quality and value of my audit services.11. Assist other auditors under my supervision to develop their audit management skills.12. Report any complaints regarding my performance and address them to avoid recurrence. Auditor Training rev 0 022009 48
    • Addendum• Exercise No. 3 – take home exercise• ISO 9000 : 2005 –• ISO 9001: 2008 –• Sample Question for Top Management Auditor Training rev 0 022009 49
    • Exercise No. 3This is an exercise to see hownonconformities are reportedThis is a take-home exercise. Theanswer shall be submitted later. Auditor Training rev 0 022009 50
    • ISO 9000:2005• It makes no changes to the basic principles of quality management stated in ISO 9000:2000• It is essentially a tidying-up exercise to ensure consistency within ISO Standards• It will probably have little, or no real impact on our quality system Auditor Training rev 0 022009 52
    • ISO 9001:2008• ISO 9001:2000 is due for an update in 2008.• It is currently at Draft International Standard (DIS) stage• Changes to the standard are very small• It will replace ISO 9001:2000 Auditor Training rev 0 022009 53