3. TYPES OF AUDIT:
3
Internal Audits
• Performed within an
organization
• Also known as Self Audits
• Internal audit conducted by
auditors who are employed
by the organization being
audited.
2nd party audits
• External audit performed
on a Vendor by a Customer
• Second-party audits are
subject to the boundaries
of contract law such as
defined scope, criteria,
inclusions and exclusions.
• Outcome of audit
influences the Customer’s
purchasing decision
3rd party audits
• Performed by an audit
organization independent
of the Customer-Vendor
relationship
• Third-party audits may
result in certification,
registration, recognition,
an award, license approval,
a citation, a fine, or a
penalty issued by the third-
party organization or an
interested party
4. TYPES OF AUDIT: 3RD PARTY AUDITS
4
Type 1
• Mutually acceptable to Customer and Vendor
• E.g.: ISO certifications
Type 2
• Driven by Organization for their own benefit
• E.g.: Class A and EXCiPACT certifications
5. DIFFERENCE BETWEEN ASSESSMENT
AND AUDIT
Assessment
Only done 1st time
No rating is given after the
assessment (pass/ fail criteria not
present)
When Customer wants to go for the
business but not without assessing
Vendor and providing direction for
improvement
Audit
Performed routinely
Rating is given to the Vendor after
audit (A/ B/ C)
Audit is to compare against a specific
standard, and find specific gaps that
should be corrected.
5
7. FLOW OF AUDIT PROCESS
7
Audit Planning
and Scheduling
Arrival of audit
team on site
Audit
observations
report sent
Receive CAPA
Close audit
Follow Up
12. 1. AUDIT COORDINATOR
•Central Audit Coordinator:
• Confirms audit date, agenda and
scheduling
(Divya – Global Quality Assurance)
• Arranges for auditor details, auditor
travel and stay
(Sales Representative – Domestic/
Export)
•Site Audit Coordinator
• Interprets auditor needs
• Informs the site on where the auditor is
going next
• Shadows the auditor
• Admin team member
12
13. • The person who will be
accompanying the auditor during
the entire audit
• Need not be more than 1 or 2
people
• Admin personnel till the
presentation room and then QA for
the entire plant detail
• If from QA, not plant QA head. Coz
this represents the line of defense.
13
2. ESCORT
14. 3. SCRIBE
14
Records each and every detail asked
by the auditor
Interprets what might be asked next
Informs to the Runner on the details
and records asked by the auditor
15. 4. RUNNERS
•Runner is responsible to
take requests for
documents from the
Scribes to the respective
persons
15
17. 1. LISTEN AND THEN RESPOND
• Listen to their full question
and do not interrupt.
Wait till the question is
completed.
• Ask to repeat if the
question is not understood
• Answer only the
question asked (and no
more).
• If you don’t know the
answer, don’t guess.
17
18. 1. LISTEN AND THEN RESPOND
18
Do not irritate the auditor with irrelevant
answers!
19. 19
WOCKHARDT 483
DR. REDDY’S 483
MISLEADING THE AUDITORS OR WASTING THE AUDITOR’S TIME IS
A NON-CONFORMANCE IN ITSELF
1. LISTEN AND THEN RESPOND
20. 1. LISTEN AND THEN RESPOND
20
Answer only to the point
23. 2. CORRECT BODY LANGUAGE – EYE
CONTACT
23
What do you think when you see this?
24. 24
What do you think when you see this?
2. CORRECT BODY LANGUAGE – EYE
CONTACT
25. 25
What do you think when you see this?
2. CORRECT BODY LANGUAGE – EYE
CONTACT
26. •Maintain eye contact
•But avoid staring as you
might make them
uncomfortable
•Maintaining low level of
eye contact or wandering
eyes indicates you are
either lying or not confident
26
2. CORRECT BODY LANGUAGE – EYE
CONTACT
28. •Do not just nod your head.
•Makes unclear
communication about what
is to be conveyed
•It is best to keep all
communication verbal and
clear.
28
2. CORRECT BODY LANGUAGE –
HEAD NOD
30. • Do not talk in a language that is not understood
by the auditor
• Do not whisper
• Both these signify hiding of information
• Do not have a group discussing the correct
answer. Do not answer all at once.
• If it is not your area, do not answer. Point out the
correct person. Let the right person talk
30
3. LANGUAGE
Internal & external audits: first-, second-, and third-party audits
A first-party audit is performed within an organization to measure its strengths and weaknesses against its own procedures or methods and/or against external standards adopted by (voluntary) or imposed on (mandatory) the organization. A first-party audit is an internal audit conducted by auditors who are employed by the organization being audited but who have no vested interest in the audit results of the area being audited.
A second-party audit is an external audit performed on a Vendor by a Customer or by a contracted organization on behalf of a Customer. A contract is in place, and the goods or services are being, or will be, delivered. Second-party audits are subject to the rules of contract law, as they are providing contractual direction from the Customer to the Vendor. Second-party audits tend to be more formal than first-party audits because audit results could influence the Customer’s purchasing decisions.
A third-party audit is performed by an audit organization independent of the Customer-Vendor relationship and is free of any conflict of interest. Independence of the audit organization is a key component of a third-party audit. Third-party audits may result in certification, registration, recognition, an award, license approval, a citation, a fine, or a penalty issued by the third-party organization or an interested party.
3 Types of audits
Product audit – An examination of a particular product or service (hardware, processed material, software) to evaluate whether it conforms to requirements (that is, specifications, performance standards, and Customer requirements).
Process audit – A verification that processes are working within established limits. It evaluates an operation or method against predetermined instructions or standards to measure conformance to these standards and the effectiveness of the instructions. Such an audit may:
Check conformance to defined requirements such as time, accuracy, temperature, pressure, composition, responsiveness, amperage, and component mixture.
Examine the resources (equipment, materials, people) applied to transform the inputs into outputs, the environment, the methods (procedures, instructions) followed, and the measures collected to determine process performance.
Check the adequacy and effectiveness of the process controls established by procedures, work instructions, flowcharts, and training and process specifications.
System audit – An audit conducted on a management system. It can be described as a documented activity performed to verify, by examination and evaluation of objective evidence, that applicable elements of the system are appropriate and effective and have been developed, documented, and implemented in accordance and in conjunction with specified requirements.
A quality management system audit evaluates an existing quality program to determine its conformance to company policies, contract commitments, and regulatory requirements.
Similarly, an environmental system audit examines an environmental management system, a food safety system audit examines a food safety management system, and safety system audits examine the safety management system.
Internal & external audits: first-, second-, and third-party audits
A first-party audit is performed within an organization to measure its strengths and weaknesses against its own procedures or methods and/or against external standards adopted by (voluntary) or imposed on (mandatory) the organization. A first-party audit is an internal audit conducted by auditors who are employed by the organization being audited but who have no vested interest in the audit results of the area being audited.
A second-party audit is an external audit performed on a Vendor by a Customer or by a contracted organization on behalf of a Customer. A contract is in place, and the goods or services are being, or will be, delivered. Second-party audits are subject to the rules of contract law, as they are providing contractual direction from the Customer to the Vendor. Second-party audits tend to be more formal than first-party audits because audit results could influence the Customer’s purchasing decisions.
A third-party audit is performed by an audit organization independent of the Customer-Vendor relationship and is free of any conflict of interest. Independence of the audit organization is a key component of a third-party audit. Third-party audits may result in certification, registration, recognition, an award, license approval, a citation, a fine, or a penalty issued by the third-party organization or an interested party.
3 Types of audits
Product audit – An examination of a particular product or service (hardware, processed material, software) to evaluate whether it conforms to requirements (that is, specifications, performance standards, and Customer requirements).
Process audit – A verification that processes are working within established limits. It evaluates an operation or method against predetermined instructions or standards to measure conformance to these standards and the effectiveness of the instructions. Such an audit may:
Check conformance to defined requirements such as time, accuracy, temperature, pressure, composition, responsiveness, amperage, and component mixture.
Examine the resources (equipment, materials, people) applied to transform the inputs into outputs, the environment, the methods (procedures, instructions) followed, and the measures collected to determine process performance.
Check the adequacy and effectiveness of the process controls established by procedures, work instructions, flowcharts, and training and process specifications.
System audit – An audit conducted on a management system. It can be described as a documented activity performed to verify, by examination and evaluation of objective evidence, that applicable elements of the system are appropriate and effective and have been developed, documented, and implemented in accordance and in conjunction with specified requirements.
A quality management system audit evaluates an existing quality program to determine its conformance to company policies, contract commitments, and regulatory requirements.
Similarly, an environmental system audit examines an environmental management system, a food safety system audit examines a food safety management system, and safety system audits examine the safety management system.
Assessment Eg: If you want to buy a plant somewhere, you cannot fail it. So you assess it to understand the level of the plant and get it to your standards.
These kinds of roles and responsibilities are used for successful regulatory audits
Every organization is different and hence might have a different approach towards handling audits
Today, everyone would be doing this, but not acknowledging it
We don’t want to distract/ disturb what’s going on. What we can do it, look at it and see if this is useful and if we can improve or not. If everything is already equipped, then great; If not, we got you. :P
The site audit coordinator shall convene an opening meeting with the Inspector to discuss the purpose and scope of the Inspection and shall introduce the head of departments and the Inspection support team to the Inspector(s) after welcoming the Inspector.
The site audit coordinator may then either make a presentation or present hard copies of documents giving a short description of the site as per details given in Section 6.1.7
The site audit coordinator may brief the Inspector about the company policies regarding shift timings, area restrictions (if any), cafeteria facilities, general restrictions (if any), etc. so that he may plan his Inspection itinerary accordingly
Scribes’ must make notes of the inspection proceedings including (but not limited to) the Inspector’s questions, responses given to the Inspector’s questions, documents presented to the Inspector, participant details, etc. These may be noted in notebooks or formats.
They must also make a list of the documents requested by the Inspector. These document requests are to be handed over to the ‘runner’.
Auditors understand when anyone tries to take them for a round. It can also be considered as an NC if you give irrelevant answers. It indicates that you to do not know your topic.
Senior managent – Email are subject to audit (regulators) – diaries/ drawers etc. Dustbin/ drawers should be cleam.
People need to answer. Not their managers.
Auditors are trained to learn the local language.
Treat all auditors same. Treat auditors very well and with respect. This includes internal auditors. More points – more chances at improvement.
Just because auditor is saying, don’t accept point blank. It is important to defend your systems. If the auditor still persists, take the point and explain it in justifications. If there are grey areas that you know is a problem, show that there is an action