SlideShare a Scribd company logo

MD_1___Audit_Time_Determination.pptx

Download as PPTX, PDF
C
CPTiwari3

Audit

Automotive
1 of 22
SHAPING A WORLD OF TRUST A G L O B A L L E A D E R I N T E S T I N G , I N S P E C T I O N & C E R T I F I C A T I O N S E R V I C E S
CHAPTER - 2 IAF MD 1: 2018 IAF Mandatory Document for the Audit and Certification of a Management System Operated by a Multi-Site Organization
Note to the Self Learner This mandatory document is for the audit and, if appropriate, the certification of management systems of organizations with a number of sites with a single management system. Depending on the certification scheme, there may be specific requirements related to permissible sampling, particularly sampling of sites. The aim of this document is to ensure that the audit provides adequate confidence in the implementation of the management system to the relevant standard across all sites listed on the certification document and that the audit is both practical and feasible in economic and operative terms. This mandatory document is intended to be applied to multi-site organizations. It calls up other relevant IAF mandatory documents, notably IAF MD 5: Determination of Audit Time of Quality, Environmental and Occupational Health & Safety Management Systems. INTRODUCTION
Definition Multi-site Organization : An organization covered by a single management system comprising an identified central function (not necessarily the headquarters of the organization) at which certain processes/activities are planned and controlled, and a number of sites (permanent, temporary or virtual) at which such processes/activities are fully or partially carried out. Central Function : The function that is responsible for and centrally controls the management system Virtual Site : Virtual location where a client organization performs work or provides a service using an on-line environment allowing persons from different physical locations to execute processes. Sub-scope : The scope of a single site. Note: The scope of a single site might be the same as the full scope of the multi-site organization but may also be only a small part of the multi-site organization’s scope.
Multi Site Approach- Applicability to Sites  This means that the central function has rights to require that the sites implement corrective actions when needed in any site. Where applicable this should be set out in the formal agreement between the central function and the sites.  where processes/activities are under the control of an organization including storage facilities of raw materials, by-products, intermediate products, end products and waste material, and any equipment or infrastructure involved in the processes/activities, whether or not fixed. Alternatively, where required by law, definitions laid down in national or local licensing regimes shall apply.  Where it is not practicable to define a location (e.g. for services), the coverage of the certification should take into account the organization’s headquarters processes/activities as well as delivery of its services. Where relevant, the Certification Body may decide that the certification audit will be carried out only where the organization delivers its services. In such cases all the interfaces with its central function shall be identified and audited.  A multi-site organization need not be a unique legal entity, but all sites shall have a legal or contractual link with the central function of the organization and be subject to a single management system, which is laid down, established and subject to continuous surveillance and internal audits by the central function. Multisite of an organisation is considered for all the sites ;
Multisite – Sampling Approach There may be different sampling approach based on the activities and Management system Scope of multiple sited covered under one management system. In a multi-site organization, where each site is performing very similar processes/activities, there may be a clear case to be made for appropriate “site sampling” (e.g. a chain of franchise stores or a bank branch network, Food retail chain, Educational Institute). There may be a case where such site sampling may not be appropriate. This can be due to various reasons such as  all the sites perform significantly different processes/activities in connection with the management system scope;  the client requests each site to be audited; or  there is a sector scheme or regulatory requirement stipulating that each site is to be audited systematically. Between these two extreme cases mentioned above, there are many multi-site organizations with part of their sites performing similar processes/activities while other sites are dedicated to very specific processes not performed elsewhere in the organization. This leads to permit sampling only between sites having very similar processes/activities
MD1- Multisite Organisation AN ORGANISATION IS ELIGIBLE OF A MULTI-SITE ORGANIZATION CERTIFICATION ,  The organization shall have a single management system  The organization shall identify its central function. The central function is part of the organization and shall not be subcontracted to an external organization  The central function shall have organizational authority to define, establish and maintain the single management system.  The organization’s single management system shall be subject to a centralized management review  All sites shall be subject to the organization’s internal audit programme  The central function shall be responsible for ensuring that data is collected and analyzed from all sites and shall be able to demonstrate its authority and ability to initiate organizational change as required in regard PROVIDED……….
Multi site Organisation- Site sampling  Sampling of a set of sites is permitted only where the sites are each performing very similar processes/activities Kindly Note that,  Not all management systems standards are suitable for consideration for multi-site certification.  The certification Body shall restrict sampling where the site sampling does not give confidence of system effectiveness. Such restriction can caused due to’ a. scope sectors or processes/activities; b. size of sites eligible for multi-site audit ; c. Variation in system implementation or different contractual or regulatory systems & d. Use of Temporary sites even if they are not documented in Certification Docs.  The sample shall be partly selective based on the various factors mentioned in the next slide and partly random, and shall result in a representative range of different sites being selected, ensuring all processes covered by the scope of certification will be audited  At least 25% of the sample shall be selected at random
Multi site Organisation- Site sampling The site selection shall consider the following factors beside other factors learnt in previous slides. They are, 1. results of previous Internal Audits and Management Reviews 2. nature of complaints and effect of its redressal amongst site 3. significant variations in the size of the sites 4. variations in shift patterns and work procedures 5. complexity of the management system and processes conducted at the sites 6. modifications since the last certification audit 7. maturity of the management system and knowledge of the organization 8. Internal & External Issues and its associated risk and/or opportunities 9. differences in culture, language and regulatory requirements 10. geographical dispersion 11. whether the sites are permanent, temporary or virtual  This selection does not have to be done at the start of the audit process. It can also be done once the audit of the central function has been completed. In any case, the central function shall be informed of the sites to be included in the sample. This can be on relatively short notice, but shall allow adequate time for preparation for the audit.  The size or frequency of the sample shall be increased based on above factors.
(1st ) Methodology for Auditing of a Multi-site Organization Using Site Sampling Please note that the certification body shall have proper documented information on the application of sampling for each site of multisite organisation adhering to the requirements of IAF MD1 When applied Sampling, the minimum number of sites to be visited per audit is calculated as : INITIAL AUDIT the size of the sample shall be the square root of the number of sites: (y=√x), rounded up to the next whole number, where y = number of sites to be sampled and x = total number of sites. Example 1: ABC PVT LTD is Electrical Equipment Manufacturing Company with the scope of QMS as “Manufacture of High Voltage distribution Transformers” having following sites Central Location (CL): India (New Delhi), Works Sites: 13 geographical locations in India Then the sampling shall be determined as , Y= CL+(√13), = CL+3.6, = CL+ 4 Total sites to be sampled is Critical Location + 4 Location with this random representative sample.
Multi site Organisation- Sample Size Example 2: Alfha PVT LTD is an Oil & Gas company with the scope of QHSE as “Supply of LPG and LNG through cross country Pipe Line Network” having following sites  Central Location (CL): India (Mumbai)  Works sites:  24 Sites in Saudi Arabia(6 are Compressor Stations + 16 Pumping Station + 2 maintenance Base)  15 Sites in India (4 Compressor Stations + 8 Pumping Stations + 3 Maintenance base) Then the sampling shall be determined as , Y= CL+[(√6+ √16 +√2)+(√4+√8+ √3)], = CL +[(2.45+ 4+1.4)+(2+2.8+ 1.7] Y= CL+[3+ 4+2)+(2+3+ 2)] Total sites to be sampled are: Critical Location + Saudi Arabia (3 Compressor Stations, 4 Pumping Stations & 2 Maintenance bases)+ India (2 Compressor Stations, 3 Pumping Stations & 2 Maintenance bases) With the above example you can very well see a clear reflection of REPRESENTATIVE RANDOM SAMPLING METHODOLOGY
Multi site Organisation- Sample Size  Surveillance audit: the size of the annual sample shall be the square root of the number of sites with 0.6 as a coefficient (y=0.6 √x), rounded up to the next whole number.  Re-certification audit: the size of the sample shall be the same as for an initial audit. Nevertheless, where the management system has proved to be effective over the certification cycle, the size of the sample could be reduced to, y=0.8 √x, rounded up to the next whole number. Similarly for Surveillance & Recertification Audit the following approach shall be followed: Please Note that the central Location/function shall be audited during the initial certification and every recertification audit and at least once a calendar year as part of surveillance.
Multi site Organisation- Sampling When the organization has a hierarchical system of branches (e.g. head (central) office, national offices, regional offices, local branches), the sampling model for initial audit as defined above applies to each level Example: 1 head office: visited at each audit cycle (initial or surveillance or recertification) 4 national offices: Total sample would be 2 locations (with 1 selection at random ) 27 regional offices: Total sample would be 6 locations (with 2 selection at random ) 1700 local branches: Total sample would be 42 locations (with 11 selection at random ) Please Note that; 1. The sample of regional offices should include at least one regional office controlled by each national office. 2. The sample of local branches should include at least one local branch controlled by each regional office As per the above mentioned notes, it needs to learn here that this may result in the sample size at each level exceeding the minimum sample size calculated what we learnt in previous slides. The Certification Body shall review the sampling at planning stage of all events during the certification cycle (Initial, Routine Surveillance, Recertification Audits) in order to establish the need to adjust the sample size prior to auditing the sample with a view to maintaining certification
(2nd )Methodology for Auditing of Multi-site Organizations Where Site Sampling learnt before is not Appropriate There might be a scenario where site sampling methodology learnt in previous slides could not be followed as this may be inappropriate in such cases. It is because of various factors which do not provide confidence of system effectiveness. Hence recently learnt methodology is restricted and for such scenario a different methodology is required. (2nd )Methodology for Auditing of Multi-site Organizations Where Site Sampling learnt before is not Appropriate Following Golden Rules Applies………… 1. The audit programme shall consist of an initial audit and recertification audit of all sites. 2. In surveillance audits, 30% of sites, rounded up to the whole number, shall be covered in a calendar year. 3. Each audit will include the central function. 4. The sites selected for the second surveillance audit will normally be different from the sites selected for the first surveillance audit. 5. The audit programme shall be designed to ensure that all processes covered by the certification scope are audited over each cycle.
Multisite Organisation – Sampling Approach QUESTION???? “There might be some scenario where the Multi-site Organizations Includes a Combination of Sites that can be Sampled and Other Sites that Cannot be Sampled. I such cases what shall be the stand of a Certification Body ?” ANSWER: The audit programme shall be established using first methodology for those sites that can be sampled and 2nd methodology for the remaining part of the organization where site sampling as per 1st methodology is not appropriate. Lets now learn the Applicability of MD1 requirements for Multisite Organisations site sampling for all the certification processes…………NEXT SLIDES
Application and Application Review The Certification Body during Application Review shall obtain necessary information concerning the applicant organization to:  Confirm that a single management system is deployed across the organization;  determine the scope of the management system being operated and the requested Scope of certification and, if applicable, sub-scopes;  Understand the legal and contractual arrangements for each site; Understand “what happens where” i.e. processes/activities provided at each site and identify the central function;  Determine the degree of centralization of process/activities which are delivered to all sites (e.g. purchasing);  Determine interfaces between the different sites;  Determine which sites may be applicable for sampling (i.e. where very similar processes/activities are provided) and those that are not eligible;  Take into consideration other relevant factors (ex. IAF MD 4, IAF MD 5, IAF MD 11)  Determine the audit time for the organization;  Determine the audit team(s)’ competence required; and  Identify the complexity and scale of the processes/activities (e.g. one or many) covered by the management system.
The Audit Programme The Audit Programme shall be prepared as per requirement of ISO/IEC 17021-1:2015 clause 9.1.3. In addition the audit programme shall at least include or refer to the following: 1. processes/activities provided on each site (Refer the CR Template) Sr. No. Site Name Site Address Scope / Activity - specific to each Site 1 HO 1 2 3 SINGLE SITE MULTI SITE 2. Identification of those sites which are liable to be sampled, and which are not; and 3. Identification of sites which are covered by sampling, and which are not. Where a team of Auditors Involved in any audit events , the certification body along with Team Leader of the audit shall ensure technical competence required for each part of the audit and for each site and to allocate appropriate team members for each part of the audit.
Calculation of Audit Time  An organization may consist of sites that can be sampled, sites that cannot be sampled or a combination of both. The audit time must be sufficient to undertake an effective audit irrespective of the makeup of the organization.  Please note that unless precluded by specific schemes, the reduction of audit time per sampled site shall not be greater than 50%.  For example, 30% is the maximum reduction in audit time allowed by IAF MD 5 while 20% is to be considered the maximum reduction allowed for the single management system processes performed by the central function and any potential centralised processes (e.g. purchasing)  The audit time per selected sites including elements of the central function if applicable, shall be calculated for each site using the applicable IAF MD5 for quality, environmental and OH&S management systems, IAF MD 11 for integrated management systems) and, where necessary, any applicable sector scheme requirements for the calculation of man-days.
Audit Plan While preparing the Audit Plan, the Team Leader shall at least consider : 1. Certification scope and sub-scopes for each site;  2. Management system standard for each site, if multiple management system standards are being considered;  3. Processes/activities to be audited;  4. Audit time for each site and allocated audit team.  DURING STAGE 1 AUDIT Audit Team shall Confirm:  The audit programme;  Plan Stage 2, taking into account the processes/ activities to be audited in each site;  Confirm that the Stage 2 audit team has the required competence. DURING STAGE 2 AUDIT At the outcome of the initial audit, the audit team shall document which processes were audited on each site visited. This information will be used to amend the audit programme and audit plans for subsequent surveillance audits.
Nonconformities and Certification  When Nonconformities are found at a particular site during their internal audit or 3rd party certification body audit, The organisation shall investigate its impacts on the other sites as well.  Hence, as a Certification Body we shall require the organization to review the nonconformities to determine whether or not they indicate an overall system deficiency applicable to other sites  If they are found so, corrective action shall be performed and verified both at the central function and at the individual affected sites.  If they are found not so, the organization shall be able to demonstrate proper justification for limiting these actions.  Based on above outcomes, the Certification body shall increase it sample size and/or frequency until it is satisfied that control is re-established.  At the time of the decision-making process, if any site has a major nonconformity, certification shall be denied to the whole multi-site organization of listed sites pending satisfactory corrective action.  It shall not be admissible that, to overcome the obstacle raised by the existence of a nonconformity at a single site, the organization seeks to exclude from the scope the "problematic" site during the certification process.
Multisite Certificate Following are the requirements for the Certificate issues in Multisite certification:  The certificate shall reflect the scope of certification and the sites and /legal entities (where applicable) covered by the multi-site certification.  It shall contain the name and address of all the sites, reflecting the organization to which the certificate issued.  The certificate shall reflect the site specific scope. When temporary sites are shown on the Certificate, such sites shall be identified as temporary.  If the Certificate is issued for one site then, It shall include: a. that it is the management system of the whole organization which is certified; b. the activities performed for that specific site / legal entity which are covered by this certification; c. traceability with the main certificate, e.g. a code; and d. a statement saying “the validity of this certificate depends on the validity of the main certificate”. Under no circumstances, can this Certificate be issued to the name of a particular site or legal entity amongst all sites. Also It shall not include a declaration of conformity of the site specific processes/activities. The Certificate will be withdrawn in its entirety if any of the sites does not fulfil the necessary provisions for the maintenance of the certification
SHAPING A WORLD OF TRUST W W W. B U R E A U V E R I T A S . C O M

Recommended

Informe orden hymenoptera
Informe orden hymenopteraInforme orden hymenoptera
Informe orden hymenopteraalex102190
 
Automation The Key To Success Ppt V5 (4)
Automation The Key To Success Ppt V5 (4)Automation The Key To Success Ppt V5 (4)
Automation The Key To Success Ppt V5 (4)SandraKeaveny
 
Rethinking Test Automation: The Case for Moving Beyond the User Interface
Rethinking Test Automation: The Case for Moving Beyond the User InterfaceRethinking Test Automation: The Case for Moving Beyond the User Interface
Rethinking Test Automation: The Case for Moving Beyond the User InterfaceCognizant
 
What are the common Test Environment today
What are the common Test Environment todayWhat are the common Test Environment today
What are the common Test Environment todayDoris Robinson
 
293504541-ict-its4-03-0811-assist-with-policy-development-for-client-support-...
293504541-ict-its4-03-0811-assist-with-policy-development-for-client-support-...293504541-ict-its4-03-0811-assist-with-policy-development-for-client-support-...
293504541-ict-its4-03-0811-assist-with-policy-development-for-client-support-...kndnewguade
 
SaaS System Validation, practical tips on getting validated for go-live and t...
SaaS System Validation, practical tips on getting validated for go-live and t...SaaS System Validation, practical tips on getting validated for go-live and t...
SaaS System Validation, practical tips on getting validated for go-live and t...Steffan Stringer
 
As9100 interpretations
As9100 interpretationsAs9100 interpretations
As9100 interpretationsoziel2015
 
Dimension data pursuing compliance in public cloud white paper
Dimension data pursuing compliance in public cloud white paperDimension data pursuing compliance in public cloud white paper
Dimension data pursuing compliance in public cloud white paperJason Cumberland
 

Recommended

Informe orden hymenoptera
Informe orden hymenopteraInforme orden hymenoptera
Informe orden hymenopteraalex102190
 
Automation The Key To Success Ppt V5 (4)
Automation The Key To Success Ppt V5 (4)Automation The Key To Success Ppt V5 (4)
Automation The Key To Success Ppt V5 (4)SandraKeaveny
 
Rethinking Test Automation: The Case for Moving Beyond the User Interface
Rethinking Test Automation: The Case for Moving Beyond the User InterfaceRethinking Test Automation: The Case for Moving Beyond the User Interface
Rethinking Test Automation: The Case for Moving Beyond the User InterfaceCognizant
 
What are the common Test Environment today
What are the common Test Environment todayWhat are the common Test Environment today
What are the common Test Environment todayDoris Robinson
 
293504541-ict-its4-03-0811-assist-with-policy-development-for-client-support-...
293504541-ict-its4-03-0811-assist-with-policy-development-for-client-support-...293504541-ict-its4-03-0811-assist-with-policy-development-for-client-support-...
293504541-ict-its4-03-0811-assist-with-policy-development-for-client-support-...kndnewguade
 
SaaS System Validation, practical tips on getting validated for go-live and t...
SaaS System Validation, practical tips on getting validated for go-live and t...SaaS System Validation, practical tips on getting validated for go-live and t...
SaaS System Validation, practical tips on getting validated for go-live and t...Steffan Stringer
 
As9100 interpretations
As9100 interpretationsAs9100 interpretations
As9100 interpretationsoziel2015
 
Dimension data pursuing compliance in public cloud white paper
Dimension data pursuing compliance in public cloud white paperDimension data pursuing compliance in public cloud white paper
Dimension data pursuing compliance in public cloud white paperJason Cumberland
 
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 CA CISA Jayjit Biswas
 
Sedex Members Ethical Trade Audit (SMETA) Measurement Criteria
Sedex Members Ethical Trade Audit (SMETA) Measurement CriteriaSedex Members Ethical Trade Audit (SMETA) Measurement Criteria
Sedex Members Ethical Trade Audit (SMETA) Measurement Criteriamilos639
 
Information about auditing
Information about auditingInformation about auditing
Information about auditingPractice Eye
 
Lecture 17 sas framework internal control - james a. hall book chapter 3
Lecture 17 sas framework internal control - james a. hall book chapter 3Lecture 17 sas framework internal control - james a. hall book chapter 3
Lecture 17 sas framework internal control - james a. hall book chapter 3Habib Ullah Qamar
 
Learning in the Cloud for Regulated Industries
Learning in the Cloud for Regulated IndustriesLearning in the Cloud for Regulated Industries
Learning in the Cloud for Regulated IndustriesBhupesh Chaurasia
 
17. Process: ocp cfops integration
17. Process: ocp cfops integration17. Process: ocp cfops integration
17. Process: ocp cfops integrationssusereb347d
 
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.gueste080564
 
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.renetta
 
Technology Controls in Business - End User Computing
Technology Controls in Business - End User ComputingTechnology Controls in Business - End User Computing
Technology Controls in Business - End User Computingguestc1bca2
 
Test scenario preparation_approach_document & estimates
Test scenario preparation_approach_document & estimatesTest scenario preparation_approach_document & estimates
Test scenario preparation_approach_document & estimatesvishalbali0
 
MOC2016_v2
MOC2016_v2MOC2016_v2
MOC2016_v2Sean Cull
 
The Complete Web Application Security Testing Checklist
The Complete Web Application Security Testing ChecklistThe Complete Web Application Security Testing Checklist
The Complete Web Application Security Testing ChecklistCigital
 
IEMA ISO14001 - External Auditors viewpoint
IEMA ISO14001 - External Auditors viewpoint IEMA ISO14001 - External Auditors viewpoint
IEMA ISO14001 - External Auditors viewpoint Lloyd's Register - Management Systems
 
A Project to Automate Inventory Management in a Fast Food, Cas.docx
A Project to Automate Inventory Management in a Fast Food, Cas.docxA Project to Automate Inventory Management in a Fast Food, Cas.docx
A Project to Automate Inventory Management in a Fast Food, Cas.docxransayo
 
Plm co e_sap_ec_v1.0
Plm co e_sap_ec_v1.0Plm co e_sap_ec_v1.0
Plm co e_sap_ec_v1.0najuor
 
The tasks You are assumed to be one of the software consultants .docx
The tasks You are assumed to be one of the software consultants .docxThe tasks You are assumed to be one of the software consultants .docx
The tasks You are assumed to be one of the software consultants .docxsarah98765
 
Formal Verification of Distributed Checkpointing Using Event-B
Formal Verification of Distributed Checkpointing Using Event-BFormal Verification of Distributed Checkpointing Using Event-B
Formal Verification of Distributed Checkpointing Using Event-Bijcsit
 
CaseStudy_MOC_PX_2015_LI
CaseStudy_MOC_PX_2015_LICaseStudy_MOC_PX_2015_LI
CaseStudy_MOC_PX_2015_LISean Cull
 
IBM Maximo HSE Solution Presentation.pdf
IBM Maximo HSE Solution Presentation.pdfIBM Maximo HSE Solution Presentation.pdf
IBM Maximo HSE Solution Presentation.pdfPhanThnh52
 
HTBLGUKv2 - How to Buy a LIMS Guide
HTBLGUKv2 - How to Buy a LIMS GuideHTBLGUKv2 - How to Buy a LIMS Guide
HTBLGUKv2 - How to Buy a LIMS GuideJohn Boother
 
一比一定制加拿大新喀里多尼亚学院毕业证(UofL毕业证书)学位证书
一比一定制加拿大新喀里多尼亚学院毕业证(UofL毕业证书)学位证书一比一定制加拿大新喀里多尼亚学院毕业证(UofL毕业证书)学位证书
一比一定制加拿大新喀里多尼亚学院毕业证(UofL毕业证书)学位证书egfdgfd
 
AI for Smart Vehicles - A quick overview
AI for Smart Vehicles - A quick overviewAI for Smart Vehicles - A quick overview
AI for Smart Vehicles - A quick overviewNavaneethakrishnan Ramanathan
 

More Related Content

Similar to MD_1___Audit_Time_Determination.pptx

Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 CA CISA Jayjit Biswas
 
Sedex Members Ethical Trade Audit (SMETA) Measurement Criteria
Sedex Members Ethical Trade Audit (SMETA) Measurement CriteriaSedex Members Ethical Trade Audit (SMETA) Measurement Criteria
Sedex Members Ethical Trade Audit (SMETA) Measurement Criteriamilos639
 
Information about auditing
Information about auditingInformation about auditing
Information about auditingPractice Eye
 
Lecture 17 sas framework internal control - james a. hall book chapter 3
Lecture 17 sas framework internal control - james a. hall book chapter 3Lecture 17 sas framework internal control - james a. hall book chapter 3
Lecture 17 sas framework internal control - james a. hall book chapter 3Habib Ullah Qamar
 
Learning in the Cloud for Regulated Industries
Learning in the Cloud for Regulated IndustriesLearning in the Cloud for Regulated Industries
Learning in the Cloud for Regulated IndustriesBhupesh Chaurasia
 
17. Process: ocp cfops integration
17. Process: ocp cfops integration17. Process: ocp cfops integration
17. Process: ocp cfops integrationssusereb347d
 
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.gueste080564
 
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.renetta
 
Technology Controls in Business - End User Computing
Technology Controls in Business - End User ComputingTechnology Controls in Business - End User Computing
Technology Controls in Business - End User Computingguestc1bca2
 
Test scenario preparation_approach_document & estimates
Test scenario preparation_approach_document & estimatesTest scenario preparation_approach_document & estimates
Test scenario preparation_approach_document & estimatesvishalbali0
 
The Complete Web Application Security Testing Checklist
The Complete Web Application Security Testing ChecklistThe Complete Web Application Security Testing Checklist
The Complete Web Application Security Testing ChecklistCigital
 
A Project to Automate Inventory Management in a Fast Food, Cas.docx
A Project to Automate Inventory Management in a Fast Food, Cas.docxA Project to Automate Inventory Management in a Fast Food, Cas.docx
A Project to Automate Inventory Management in a Fast Food, Cas.docxransayo
 
Plm co e_sap_ec_v1.0
Plm co e_sap_ec_v1.0Plm co e_sap_ec_v1.0
Plm co e_sap_ec_v1.0najuor
 
The tasks You are assumed to be one of the software consultants .docx
The tasks You are assumed to be one of the software consultants .docxThe tasks You are assumed to be one of the software consultants .docx
The tasks You are assumed to be one of the software consultants .docxsarah98765
 
Formal Verification of Distributed Checkpointing Using Event-B
Formal Verification of Distributed Checkpointing Using Event-BFormal Verification of Distributed Checkpointing Using Event-B
Formal Verification of Distributed Checkpointing Using Event-Bijcsit
 
CaseStudy_MOC_PX_2015_LI
CaseStudy_MOC_PX_2015_LICaseStudy_MOC_PX_2015_LI
CaseStudy_MOC_PX_2015_LISean Cull
 
IBM Maximo HSE Solution Presentation.pdf
IBM Maximo HSE Solution Presentation.pdfIBM Maximo HSE Solution Presentation.pdf
IBM Maximo HSE Solution Presentation.pdfPhanThnh52
 
HTBLGUKv2 - How to Buy a LIMS Guide
HTBLGUKv2 - How to Buy a LIMS GuideHTBLGUKv2 - How to Buy a LIMS Guide
HTBLGUKv2 - How to Buy a LIMS GuideJohn Boother
 

Similar to MD_1___Audit_Time_Determination.pptx (20)

Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
 
Sedex Members Ethical Trade Audit (SMETA) Measurement Criteria
Sedex Members Ethical Trade Audit (SMETA) Measurement CriteriaSedex Members Ethical Trade Audit (SMETA) Measurement Criteria
Sedex Members Ethical Trade Audit (SMETA) Measurement Criteria
 
Information about auditing
Information about auditingInformation about auditing
Information about auditing
 
Lecture 17 sas framework internal control - james a. hall book chapter 3
Lecture 17 sas framework internal control - james a. hall book chapter 3Lecture 17 sas framework internal control - james a. hall book chapter 3
Lecture 17 sas framework internal control - james a. hall book chapter 3
 
Learning in the Cloud for Regulated Industries
Learning in the Cloud for Regulated IndustriesLearning in the Cloud for Regulated Industries
Learning in the Cloud for Regulated Industries
 
17. Process: ocp cfops integration
17. Process: ocp cfops integration17. Process: ocp cfops integration
17. Process: ocp cfops integration
 
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
 
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
 
Technology Controls in Business - End User Computing
Technology Controls in Business - End User ComputingTechnology Controls in Business - End User Computing
Technology Controls in Business - End User Computing
 
Test scenario preparation_approach_document & estimates
Test scenario preparation_approach_document & estimatesTest scenario preparation_approach_document & estimates
Test scenario preparation_approach_document & estimates
 
MOC2016_v2
MOC2016_v2MOC2016_v2
MOC2016_v2
 
The Complete Web Application Security Testing Checklist
The Complete Web Application Security Testing ChecklistThe Complete Web Application Security Testing Checklist
The Complete Web Application Security Testing Checklist
 
IEMA ISO14001 - External Auditors viewpoint
IEMA ISO14001 - External Auditors viewpoint IEMA ISO14001 - External Auditors viewpoint
IEMA ISO14001 - External Auditors viewpoint
 
A Project to Automate Inventory Management in a Fast Food, Cas.docx
A Project to Automate Inventory Management in a Fast Food, Cas.docxA Project to Automate Inventory Management in a Fast Food, Cas.docx
A Project to Automate Inventory Management in a Fast Food, Cas.docx
 
Plm co e_sap_ec_v1.0
Plm co e_sap_ec_v1.0Plm co e_sap_ec_v1.0
Plm co e_sap_ec_v1.0
 
The tasks You are assumed to be one of the software consultants .docx
The tasks You are assumed to be one of the software consultants .docxThe tasks You are assumed to be one of the software consultants .docx
The tasks You are assumed to be one of the software consultants .docx
 
Formal Verification of Distributed Checkpointing Using Event-B
Formal Verification of Distributed Checkpointing Using Event-BFormal Verification of Distributed Checkpointing Using Event-B
Formal Verification of Distributed Checkpointing Using Event-B
 
CaseStudy_MOC_PX_2015_LI
CaseStudy_MOC_PX_2015_LICaseStudy_MOC_PX_2015_LI
CaseStudy_MOC_PX_2015_LI
 
IBM Maximo HSE Solution Presentation.pdf
IBM Maximo HSE Solution Presentation.pdfIBM Maximo HSE Solution Presentation.pdf
IBM Maximo HSE Solution Presentation.pdf
 
HTBLGUKv2 - How to Buy a LIMS Guide
HTBLGUKv2 - How to Buy a LIMS GuideHTBLGUKv2 - How to Buy a LIMS Guide
HTBLGUKv2 - How to Buy a LIMS Guide
 

Recently uploaded

一比一定制加拿大新喀里多尼亚学院毕业证(UofL毕业证书)学位证书
一比一定制加拿大新喀里多尼亚学院毕业证(UofL毕业证书)学位证书一比一定制加拿大新喀里多尼亚学院毕业证(UofL毕业证书)学位证书
一比一定制加拿大新喀里多尼亚学院毕业证(UofL毕业证书)学位证书egfdgfd
 
一比一原版英国哈珀亚当斯大学毕业证如何办理
一比一原版英国哈珀亚当斯大学毕业证如何办理一比一原版英国哈珀亚当斯大学毕业证如何办理
一比一原版英国哈珀亚当斯大学毕业证如何办理AS
 
Why Won't My Mercedes Key Fob Function After A Battery Swap
Why Won't My Mercedes Key Fob Function After A Battery SwapWhy Won't My Mercedes Key Fob Function After A Battery Swap
Why Won't My Mercedes Key Fob Function After A Battery SwapDreamcars Auto Repair
 
How Do I Know If My Volvo Has Throttle Position Sensor Problems
How Do I Know If My Volvo Has Throttle Position Sensor ProblemsHow Do I Know If My Volvo Has Throttle Position Sensor Problems
How Do I Know If My Volvo Has Throttle Position Sensor ProblemsHeynneman European
 
一比一定制加拿大安大略理工大学毕业证(UOIT毕业证书)学位证书
一比一定制加拿大安大略理工大学毕业证(UOIT毕业证书)学位证书一比一定制加拿大安大略理工大学毕业证(UOIT毕业证书)学位证书
一比一定制加拿大安大略理工大学毕业证(UOIT毕业证书)学位证书egfdgfd
 
一比一原版(UC毕业证书)加拿大卡尔加里大学毕业证成绩单原件一模一样
一比一原版(UC毕业证书)加拿大卡尔加里大学毕业证成绩单原件一模一样一比一原版(UC毕业证书)加拿大卡尔加里大学毕业证成绩单原件一模一样
一比一原版(UC毕业证书)加拿大卡尔加里大学毕业证成绩单原件一模一样rgthdgf
 
What Could Cause Your Audi To Keep Cutting Out
What Could Cause Your Audi To Keep Cutting OutWhat Could Cause Your Audi To Keep Cutting Out
What Could Cause Your Audi To Keep Cutting OutEuroautomotive
 
5 Signs Your VW Key Fob Battery Needs Replacement
5 Signs Your VW Key Fob Battery Needs Replacement5 Signs Your VW Key Fob Battery Needs Replacement
5 Signs Your VW Key Fob Battery Needs ReplacementSanta Barbara Autowerks
 
一比一原版(Cumbria毕业证书)英国坎布里亚大学毕业证成绩单学位证书
一比一原版(Cumbria毕业证书)英国坎布里亚大学毕业证成绩单学位证书一比一原版(Cumbria毕业证书)英国坎布里亚大学毕业证成绩单学位证书
一比一原版(Cumbria毕业证书)英国坎布里亚大学毕业证成绩单学位证书AD
 
Preparing for Transportation Electrification: The Electric Coop Perspective
Preparing for Transportation Electrification: The Electric Coop PerspectivePreparing for Transportation Electrification: The Electric Coop Perspective
Preparing for Transportation Electrification: The Electric Coop PerspectiveForth
 
原版定做(ncl学位证书)英国纽卡斯尔大学毕业证文凭学历证书-国外学历学位认证
原版定做(ncl学位证书)英国纽卡斯尔大学毕业证文凭学历证书-国外学历学位认证原版定做(ncl学位证书)英国纽卡斯尔大学毕业证文凭学历证书-国外学历学位认证
原版定做(ncl学位证书)英国纽卡斯尔大学毕业证文凭学历证书-国外学历学位认证eehzz
 
出售伯明翰大学毕业证研究生文凭证书原版质量
出售伯明翰大学毕业证研究生文凭证书原版质量出售伯明翰大学毕业证研究生文凭证书原版质量
出售伯明翰大学毕业证研究生文凭证书原版质量kthcah
 
一比一原版(Auburn毕业证书)奥本大学毕业证原件一模一样
一比一原版(Auburn毕业证书)奥本大学毕业证原件一模一样一比一原版(Auburn毕业证书)奥本大学毕业证原件一模一样
一比一原版(Auburn毕业证书)奥本大学毕业证原件一模一样AS
 
Vina Score and Vin Min for almost all the models 2024
Vina Score and Vin Min for almost all the models 2024Vina Score and Vin Min for almost all the models 2024
Vina Score and Vin Min for almost all the models 2024jipohal318
 
Auto Glass Repair in Redwood City What to Do When Disaster Strikes.pdf
Auto Glass Repair in Redwood City What to Do When Disaster Strikes.pdfAuto Glass Repair in Redwood City What to Do When Disaster Strikes.pdf
Auto Glass Repair in Redwood City What to Do When Disaster Strikes.pdfDuran's Auto Glass
 
Why Is The Glow Plug Light Flashing In My VW & What Does It Indicate
Why Is The Glow Plug Light Flashing In My VW & What Does It IndicateWhy Is The Glow Plug Light Flashing In My VW & What Does It Indicate
Why Is The Glow Plug Light Flashing In My VW & What Does It IndicateWoodinville Sports Cars
 
Charging Forward: Bringing Electric Vehicle Charging Infrastructure to Rural ...
Charging Forward: Bringing Electric Vehicle Charging Infrastructure to Rural ...Charging Forward: Bringing Electric Vehicle Charging Infrastructure to Rural ...
Charging Forward: Bringing Electric Vehicle Charging Infrastructure to Rural ...Forth
 
一比一原版北雷克斯学院毕业证成绩单原件一模一样
一比一原版北雷克斯学院毕业证成绩单原件一模一样一比一原版北雷克斯学院毕业证成绩单原件一模一样
一比一原版北雷克斯学院毕业证成绩单原件一模一样CC
 
Access to Rural Charging by David Skakel
Access to Rural Charging by David SkakelAccess to Rural Charging by David Skakel
Access to Rural Charging by David SkakelForth
 

Recently uploaded (20)

一比一定制加拿大新喀里多尼亚学院毕业证(UofL毕业证书)学位证书
一比一定制加拿大新喀里多尼亚学院毕业证(UofL毕业证书)学位证书一比一定制加拿大新喀里多尼亚学院毕业证(UofL毕业证书)学位证书
一比一定制加拿大新喀里多尼亚学院毕业证(UofL毕业证书)学位证书
 
AI for Smart Vehicles - A quick overview
AI for Smart Vehicles - A quick overviewAI for Smart Vehicles - A quick overview
AI for Smart Vehicles - A quick overview
 
一比一原版英国哈珀亚当斯大学毕业证如何办理
一比一原版英国哈珀亚当斯大学毕业证如何办理一比一原版英国哈珀亚当斯大学毕业证如何办理
一比一原版英国哈珀亚当斯大学毕业证如何办理
 
Why Won't My Mercedes Key Fob Function After A Battery Swap
Why Won't My Mercedes Key Fob Function After A Battery SwapWhy Won't My Mercedes Key Fob Function After A Battery Swap
Why Won't My Mercedes Key Fob Function After A Battery Swap
 
How Do I Know If My Volvo Has Throttle Position Sensor Problems
How Do I Know If My Volvo Has Throttle Position Sensor ProblemsHow Do I Know If My Volvo Has Throttle Position Sensor Problems
How Do I Know If My Volvo Has Throttle Position Sensor Problems
 
一比一定制加拿大安大略理工大学毕业证(UOIT毕业证书)学位证书
一比一定制加拿大安大略理工大学毕业证(UOIT毕业证书)学位证书一比一定制加拿大安大略理工大学毕业证(UOIT毕业证书)学位证书
一比一定制加拿大安大略理工大学毕业证(UOIT毕业证书)学位证书
 
一比一原版(UC毕业证书)加拿大卡尔加里大学毕业证成绩单原件一模一样
一比一原版(UC毕业证书)加拿大卡尔加里大学毕业证成绩单原件一模一样一比一原版(UC毕业证书)加拿大卡尔加里大学毕业证成绩单原件一模一样
一比一原版(UC毕业证书)加拿大卡尔加里大学毕业证成绩单原件一模一样
 
What Could Cause Your Audi To Keep Cutting Out
What Could Cause Your Audi To Keep Cutting OutWhat Could Cause Your Audi To Keep Cutting Out
What Could Cause Your Audi To Keep Cutting Out
 
5 Signs Your VW Key Fob Battery Needs Replacement
5 Signs Your VW Key Fob Battery Needs Replacement5 Signs Your VW Key Fob Battery Needs Replacement
5 Signs Your VW Key Fob Battery Needs Replacement
 
一比一原版(Cumbria毕业证书)英国坎布里亚大学毕业证成绩单学位证书
一比一原版(Cumbria毕业证书)英国坎布里亚大学毕业证成绩单学位证书一比一原版(Cumbria毕业证书)英国坎布里亚大学毕业证成绩单学位证书
一比一原版(Cumbria毕业证书)英国坎布里亚大学毕业证成绩单学位证书
 
Preparing for Transportation Electrification: The Electric Coop Perspective
Preparing for Transportation Electrification: The Electric Coop PerspectivePreparing for Transportation Electrification: The Electric Coop Perspective
Preparing for Transportation Electrification: The Electric Coop Perspective
 
原版定做(ncl学位证书)英国纽卡斯尔大学毕业证文凭学历证书-国外学历学位认证
原版定做(ncl学位证书)英国纽卡斯尔大学毕业证文凭学历证书-国外学历学位认证原版定做(ncl学位证书)英国纽卡斯尔大学毕业证文凭学历证书-国外学历学位认证
原版定做(ncl学位证书)英国纽卡斯尔大学毕业证文凭学历证书-国外学历学位认证
 
出售伯明翰大学毕业证研究生文凭证书原版质量
出售伯明翰大学毕业证研究生文凭证书原版质量出售伯明翰大学毕业证研究生文凭证书原版质量
出售伯明翰大学毕业证研究生文凭证书原版质量
 
一比一原版(Auburn毕业证书)奥本大学毕业证原件一模一样
一比一原版(Auburn毕业证书)奥本大学毕业证原件一模一样一比一原版(Auburn毕业证书)奥本大学毕业证原件一模一样
一比一原版(Auburn毕业证书)奥本大学毕业证原件一模一样
 
Vina Score and Vin Min for almost all the models 2024
Vina Score and Vin Min for almost all the models 2024Vina Score and Vin Min for almost all the models 2024
Vina Score and Vin Min for almost all the models 2024
 
Auto Glass Repair in Redwood City What to Do When Disaster Strikes.pdf
Auto Glass Repair in Redwood City What to Do When Disaster Strikes.pdfAuto Glass Repair in Redwood City What to Do When Disaster Strikes.pdf
Auto Glass Repair in Redwood City What to Do When Disaster Strikes.pdf
 
Why Is The Glow Plug Light Flashing In My VW & What Does It Indicate
Why Is The Glow Plug Light Flashing In My VW & What Does It IndicateWhy Is The Glow Plug Light Flashing In My VW & What Does It Indicate
Why Is The Glow Plug Light Flashing In My VW & What Does It Indicate
 
Charging Forward: Bringing Electric Vehicle Charging Infrastructure to Rural ...
Charging Forward: Bringing Electric Vehicle Charging Infrastructure to Rural ...Charging Forward: Bringing Electric Vehicle Charging Infrastructure to Rural ...
Charging Forward: Bringing Electric Vehicle Charging Infrastructure to Rural ...
 
一比一原版北雷克斯学院毕业证成绩单原件一模一样
一比一原版北雷克斯学院毕业证成绩单原件一模一样一比一原版北雷克斯学院毕业证成绩单原件一模一样
一比一原版北雷克斯学院毕业证成绩单原件一模一样
 
Access to Rural Charging by David Skakel
Access to Rural Charging by David SkakelAccess to Rural Charging by David Skakel
Access to Rural Charging by David Skakel
 

MD_1___Audit_Time_Determination.pptx

  • 1. SHAPING A WORLD OF TRUST A G L O B A L L E A D E R I N T E S T I N G , I N S P E C T I O N & C E R T I F I C A T I O N S E R V I C E S
  • 2. CHAPTER - 2 IAF MD 1: 2018 IAF Mandatory Document for the Audit and Certification of a Management System Operated by a Multi-Site Organization
  • 3. Note to the Self Learner This mandatory document is for the audit and, if appropriate, the certification of management systems of organizations with a number of sites with a single management system. Depending on the certification scheme, there may be specific requirements related to permissible sampling, particularly sampling of sites. The aim of this document is to ensure that the audit provides adequate confidence in the implementation of the management system to the relevant standard across all sites listed on the certification document and that the audit is both practical and feasible in economic and operative terms. This mandatory document is intended to be applied to multi-site organizations. It calls up other relevant IAF mandatory documents, notably IAF MD 5: Determination of Audit Time of Quality, Environmental and Occupational Health & Safety Management Systems. INTRODUCTION
  • 4. Definition Multi-site Organization : An organization covered by a single management system comprising an identified central function (not necessarily the headquarters of the organization) at which certain processes/activities are planned and controlled, and a number of sites (permanent, temporary or virtual) at which such processes/activities are fully or partially carried out. Central Function : The function that is responsible for and centrally controls the management system Virtual Site : Virtual location where a client organization performs work or provides a service using an on-line environment allowing persons from different physical locations to execute processes. Sub-scope : The scope of a single site. Note: The scope of a single site might be the same as the full scope of the multi-site organization but may also be only a small part of the multi-site organization’s scope.
  • 5. Multi Site Approach- Applicability to Sites  This means that the central function has rights to require that the sites implement corrective actions when needed in any site. Where applicable this should be set out in the formal agreement between the central function and the sites.  where processes/activities are under the control of an organization including storage facilities of raw materials, by-products, intermediate products, end products and waste material, and any equipment or infrastructure involved in the processes/activities, whether or not fixed. Alternatively, where required by law, definitions laid down in national or local licensing regimes shall apply.  Where it is not practicable to define a location (e.g. for services), the coverage of the certification should take into account the organization’s headquarters processes/activities as well as delivery of its services. Where relevant, the Certification Body may decide that the certification audit will be carried out only where the organization delivers its services. In such cases all the interfaces with its central function shall be identified and audited.  A multi-site organization need not be a unique legal entity, but all sites shall have a legal or contractual link with the central function of the organization and be subject to a single management system, which is laid down, established and subject to continuous surveillance and internal audits by the central function. Multisite of an organisation is considered for all the sites ;
  • 6. Multisite – Sampling Approach There may be different sampling approach based on the activities and Management system Scope of multiple sited covered under one management system. In a multi-site organization, where each site is performing very similar processes/activities, there may be a clear case to be made for appropriate “site sampling” (e.g. a chain of franchise stores or a bank branch network, Food retail chain, Educational Institute). There may be a case where such site sampling may not be appropriate. This can be due to various reasons such as  all the sites perform significantly different processes/activities in connection with the management system scope;  the client requests each site to be audited; or  there is a sector scheme or regulatory requirement stipulating that each site is to be audited systematically. Between these two extreme cases mentioned above, there are many multi-site organizations with part of their sites performing similar processes/activities while other sites are dedicated to very specific processes not performed elsewhere in the organization. This leads to permit sampling only between sites having very similar processes/activities
  • 7. MD1- Multisite Organisation AN ORGANISATION IS ELIGIBLE OF A MULTI-SITE ORGANIZATION CERTIFICATION ,  The organization shall have a single management system  The organization shall identify its central function. The central function is part of the organization and shall not be subcontracted to an external organization  The central function shall have organizational authority to define, establish and maintain the single management system.  The organization’s single management system shall be subject to a centralized management review  All sites shall be subject to the organization’s internal audit programme  The central function shall be responsible for ensuring that data is collected and analyzed from all sites and shall be able to demonstrate its authority and ability to initiate organizational change as required in regard PROVIDED……….
  • 8. Multi site Organisation- Site sampling  Sampling of a set of sites is permitted only where the sites are each performing very similar processes/activities Kindly Note that,  Not all management systems standards are suitable for consideration for multi-site certification.  The certification Body shall restrict sampling where the site sampling does not give confidence of system effectiveness. Such restriction can caused due to’ a. scope sectors or processes/activities; b. size of sites eligible for multi-site audit ; c. Variation in system implementation or different contractual or regulatory systems & d. Use of Temporary sites even if they are not documented in Certification Docs.  The sample shall be partly selective based on the various factors mentioned in the next slide and partly random, and shall result in a representative range of different sites being selected, ensuring all processes covered by the scope of certification will be audited  At least 25% of the sample shall be selected at random
  • 9. Multi site Organisation- Site sampling The site selection shall consider the following factors beside other factors learnt in previous slides. They are, 1. results of previous Internal Audits and Management Reviews 2. nature of complaints and effect of its redressal amongst site 3. significant variations in the size of the sites 4. variations in shift patterns and work procedures 5. complexity of the management system and processes conducted at the sites 6. modifications since the last certification audit 7. maturity of the management system and knowledge of the organization 8. Internal & External Issues and its associated risk and/or opportunities 9. differences in culture, language and regulatory requirements 10. geographical dispersion 11. whether the sites are permanent, temporary or virtual  This selection does not have to be done at the start of the audit process. It can also be done once the audit of the central function has been completed. In any case, the central function shall be informed of the sites to be included in the sample. This can be on relatively short notice, but shall allow adequate time for preparation for the audit.  The size or frequency of the sample shall be increased based on above factors.
  • 10. (1st ) Methodology for Auditing of a Multi-site Organization Using Site Sampling Please note that the certification body shall have proper documented information on the application of sampling for each site of multisite organisation adhering to the requirements of IAF MD1 When applied Sampling, the minimum number of sites to be visited per audit is calculated as : INITIAL AUDIT the size of the sample shall be the square root of the number of sites: (y=√x), rounded up to the next whole number, where y = number of sites to be sampled and x = total number of sites. Example 1: ABC PVT LTD is Electrical Equipment Manufacturing Company with the scope of QMS as “Manufacture of High Voltage distribution Transformers” having following sites Central Location (CL): India (New Delhi), Works Sites: 13 geographical locations in India Then the sampling shall be determined as , Y= CL+(√13), = CL+3.6, = CL+ 4 Total sites to be sampled is Critical Location + 4 Location with this random representative sample.
  • 11. Multi site Organisation- Sample Size Example 2: Alfha PVT LTD is an Oil & Gas company with the scope of QHSE as “Supply of LPG and LNG through cross country Pipe Line Network” having following sites  Central Location (CL): India (Mumbai)  Works sites:  24 Sites in Saudi Arabia(6 are Compressor Stations + 16 Pumping Station + 2 maintenance Base)  15 Sites in India (4 Compressor Stations + 8 Pumping Stations + 3 Maintenance base) Then the sampling shall be determined as , Y= CL+[(√6+ √16 +√2)+(√4+√8+ √3)], = CL +[(2.45+ 4+1.4)+(2+2.8+ 1.7] Y= CL+[3+ 4+2)+(2+3+ 2)] Total sites to be sampled are: Critical Location + Saudi Arabia (3 Compressor Stations, 4 Pumping Stations & 2 Maintenance bases)+ India (2 Compressor Stations, 3 Pumping Stations & 2 Maintenance bases) With the above example you can very well see a clear reflection of REPRESENTATIVE RANDOM SAMPLING METHODOLOGY
  • 12. Multi site Organisation- Sample Size  Surveillance audit: the size of the annual sample shall be the square root of the number of sites with 0.6 as a coefficient (y=0.6 √x), rounded up to the next whole number.  Re-certification audit: the size of the sample shall be the same as for an initial audit. Nevertheless, where the management system has proved to be effective over the certification cycle, the size of the sample could be reduced to, y=0.8 √x, rounded up to the next whole number. Similarly for Surveillance & Recertification Audit the following approach shall be followed: Please Note that the central Location/function shall be audited during the initial certification and every recertification audit and at least once a calendar year as part of surveillance.
  • 13. Multi site Organisation- Sampling When the organization has a hierarchical system of branches (e.g. head (central) office, national offices, regional offices, local branches), the sampling model for initial audit as defined above applies to each level Example: 1 head office: visited at each audit cycle (initial or surveillance or recertification) 4 national offices: Total sample would be 2 locations (with 1 selection at random ) 27 regional offices: Total sample would be 6 locations (with 2 selection at random ) 1700 local branches: Total sample would be 42 locations (with 11 selection at random ) Please Note that; 1. The sample of regional offices should include at least one regional office controlled by each national office. 2. The sample of local branches should include at least one local branch controlled by each regional office As per the above mentioned notes, it needs to learn here that this may result in the sample size at each level exceeding the minimum sample size calculated what we learnt in previous slides. The Certification Body shall review the sampling at planning stage of all events during the certification cycle (Initial, Routine Surveillance, Recertification Audits) in order to establish the need to adjust the sample size prior to auditing the sample with a view to maintaining certification
  • 14. (2nd )Methodology for Auditing of Multi-site Organizations Where Site Sampling learnt before is not Appropriate There might be a scenario where site sampling methodology learnt in previous slides could not be followed as this may be inappropriate in such cases. It is because of various factors which do not provide confidence of system effectiveness. Hence recently learnt methodology is restricted and for such scenario a different methodology is required. (2nd )Methodology for Auditing of Multi-site Organizations Where Site Sampling learnt before is not Appropriate Following Golden Rules Applies………… 1. The audit programme shall consist of an initial audit and recertification audit of all sites. 2. In surveillance audits, 30% of sites, rounded up to the whole number, shall be covered in a calendar year. 3. Each audit will include the central function. 4. The sites selected for the second surveillance audit will normally be different from the sites selected for the first surveillance audit. 5. The audit programme shall be designed to ensure that all processes covered by the certification scope are audited over each cycle.
  • 15. Multisite Organisation – Sampling Approach QUESTION???? “There might be some scenario where the Multi-site Organizations Includes a Combination of Sites that can be Sampled and Other Sites that Cannot be Sampled. I such cases what shall be the stand of a Certification Body ?” ANSWER: The audit programme shall be established using first methodology for those sites that can be sampled and 2nd methodology for the remaining part of the organization where site sampling as per 1st methodology is not appropriate. Lets now learn the Applicability of MD1 requirements for Multisite Organisations site sampling for all the certification processes…………NEXT SLIDES
  • 16. Application and Application Review The Certification Body during Application Review shall obtain necessary information concerning the applicant organization to:  Confirm that a single management system is deployed across the organization;  determine the scope of the management system being operated and the requested Scope of certification and, if applicable, sub-scopes;  Understand the legal and contractual arrangements for each site; Understand “what happens where” i.e. processes/activities provided at each site and identify the central function;  Determine the degree of centralization of process/activities which are delivered to all sites (e.g. purchasing);  Determine interfaces between the different sites;  Determine which sites may be applicable for sampling (i.e. where very similar processes/activities are provided) and those that are not eligible;  Take into consideration other relevant factors (ex. IAF MD 4, IAF MD 5, IAF MD 11)  Determine the audit time for the organization;  Determine the audit team(s)’ competence required; and  Identify the complexity and scale of the processes/activities (e.g. one or many) covered by the management system.
  • 17. The Audit Programme The Audit Programme shall be prepared as per requirement of ISO/IEC 17021-1:2015 clause 9.1.3. In addition the audit programme shall at least include or refer to the following: 1. processes/activities provided on each site (Refer the CR Template) Sr. No. Site Name Site Address Scope / Activity - specific to each Site 1 HO 1 2 3 SINGLE SITE MULTI SITE 2. Identification of those sites which are liable to be sampled, and which are not; and 3. Identification of sites which are covered by sampling, and which are not. Where a team of Auditors Involved in any audit events , the certification body along with Team Leader of the audit shall ensure technical competence required for each part of the audit and for each site and to allocate appropriate team members for each part of the audit.
  • 18. Calculation of Audit Time  An organization may consist of sites that can be sampled, sites that cannot be sampled or a combination of both. The audit time must be sufficient to undertake an effective audit irrespective of the makeup of the organization.  Please note that unless precluded by specific schemes, the reduction of audit time per sampled site shall not be greater than 50%.  For example, 30% is the maximum reduction in audit time allowed by IAF MD 5 while 20% is to be considered the maximum reduction allowed for the single management system processes performed by the central function and any potential centralised processes (e.g. purchasing)  The audit time per selected sites including elements of the central function if applicable, shall be calculated for each site using the applicable IAF MD5 for quality, environmental and OH&S management systems, IAF MD 11 for integrated management systems) and, where necessary, any applicable sector scheme requirements for the calculation of man-days.
  • 19. Audit Plan While preparing the Audit Plan, the Team Leader shall at least consider : 1. Certification scope and sub-scopes for each site;  2. Management system standard for each site, if multiple management system standards are being considered;  3. Processes/activities to be audited;  4. Audit time for each site and allocated audit team.  DURING STAGE 1 AUDIT Audit Team shall Confirm:  The audit programme;  Plan Stage 2, taking into account the processes/ activities to be audited in each site;  Confirm that the Stage 2 audit team has the required competence. DURING STAGE 2 AUDIT At the outcome of the initial audit, the audit team shall document which processes were audited on each site visited. This information will be used to amend the audit programme and audit plans for subsequent surveillance audits.
  • 20. Nonconformities and Certification  When Nonconformities are found at a particular site during their internal audit or 3rd party certification body audit, The organisation shall investigate its impacts on the other sites as well.  Hence, as a Certification Body we shall require the organization to review the nonconformities to determine whether or not they indicate an overall system deficiency applicable to other sites  If they are found so, corrective action shall be performed and verified both at the central function and at the individual affected sites.  If they are found not so, the organization shall be able to demonstrate proper justification for limiting these actions.  Based on above outcomes, the Certification body shall increase it sample size and/or frequency until it is satisfied that control is re-established.  At the time of the decision-making process, if any site has a major nonconformity, certification shall be denied to the whole multi-site organization of listed sites pending satisfactory corrective action.  It shall not be admissible that, to overcome the obstacle raised by the existence of a nonconformity at a single site, the organization seeks to exclude from the scope the "problematic" site during the certification process.
  • 21. Multisite Certificate Following are the requirements for the Certificate issues in Multisite certification:  The certificate shall reflect the scope of certification and the sites and /legal entities (where applicable) covered by the multi-site certification.  It shall contain the name and address of all the sites, reflecting the organization to which the certificate issued.  The certificate shall reflect the site specific scope. When temporary sites are shown on the Certificate, such sites shall be identified as temporary.  If the Certificate is issued for one site then, It shall include: a. that it is the management system of the whole organization which is certified; b. the activities performed for that specific site / legal entity which are covered by this certification; c. traceability with the main certificate, e.g. a code; and d. a statement saying “the validity of this certificate depends on the validity of the main certificate”. Under no circumstances, can this Certificate be issued to the name of a particular site or legal entity amongst all sites. Also It shall not include a declaration of conformity of the site specific processes/activities. The Certificate will be withdrawn in its entirety if any of the sites does not fulfil the necessary provisions for the maintenance of the certification
  • 22. SHAPING A WORLD OF TRUST W W W. B U R E A U V E R I T A S . C O M