We will cover:
• The role of auditing in the implementation, development, and continuous improvement of a QMS based on ISO 9001
• Best audit practices
• The shift towards risk based auditing with the advent of the 2015 version of the ISO 9001 Standard
Presenter:
This webinar will be presented by Jacob Alexander McLean, the Principal Consultant and Managing Director of Kaizen Training & Management Consultants Limited.
The Criticality of Auditing in Maintaining Certified Quality Management
1. The Criticality of Auditing in
Maintaining a Certified Quality
Management System
Jacob A. McLean
PECB Certified Trainer & ISO
9001/14001 Lead Auditor, M.Sc., MBA,
CSP, QEP, CET
1
2. Session Contents
• Overview of Management Systems Auditing
• Audit Criteria
• Maximizing Audit Value Through Risk-based Thinking
• Risk in the ISO FDIS 9001:2015 Standard
• Risk-based Quality Auditing
• Principles of Auditing
• Competence in Auditing
• Purpose of Quality Management System Auditing
• Benefits of Auditing
• Summary of Key Points
• References
2
3. Management System
Auditing
• ISO 19011:2011 defines an audit as a
systematic, independent and documented
process for obtaining audit evidence and
evaluating it objectively to determine the
extent to which the audit criteria are fulfilled
• Audits are independent, unbiased, fact-finding
exercises that provide information for decision
making
3
4. Management System
Auditing
• External Audits
– include second and third party audits
Second party audits are conducted by
parties having an interest in the
organization, such as customers, or by other
persons on their behalf
Third party audits are conducted by
independent auditing organizations, such as
regulators or those providing certification
4
5. Management System
Auditing
• Combined Audit:
– two or more management systems of different
disciplines audited together (e.g. quality,
environmental, occupational health and safety)
5
6. Management System
Auditing
• Process Audit:
– Verification that process procedures exist, are
correct and being followed
– Checks whether process is in conformance with
requirements
– May be used to investigate an entire process or
an action
– Boundaries for process audits are strictly defined
6
7. Management System
Auditing
• Internal Audits
–Sometimes called first party audits, are
conducted by the organization itself, or on
its behalf for management review and
other internal purposes
–For example to confirm the effectiveness of
the management system or obtain
information for its improvement
7
8. Audit Criteria
• Can be:
– Conformance to requirements
– Project milestones
– Results of improvement initiatives
– Adherence to procedures, timelines, etc.
8
10. Audit Criteria
Categories:
– Reference standards: external to the organization
such as regulations, contracts, ISO standards that
establish minimum requirements
– Performance standards: internal documents such
as standard operating procedures, work
instructions, drawings or other documents which
describe how requirements will be met
10
11. Maximizing Audit Value Through
Risk-based Thinking
• ISO 31000 defines risk as the effect of
uncertainty on objectives
• Risk management is coordinated activities to
manage risks within an organization
11
12. Maximizing Audit Value Through
Risk-based Thinking
• A risk management process is the systematic
application of management policies,
procedures and practices to the activities of
communicating, consulting, establishing the
context, and identifying, analyzing, evaluating,
treating, monitoring and reviewing risk.
12
13. Risk in the
ISO/FDIS 9001:2015 Clauses
13
Process Approach, Leadership, Planning:
• In Clause 4 the organization is required to determine
the risks which can affect its ability to meet these
objectives
• In Clause 5 top management are required to commit
to ensuring Clause 4 is followed
• In Clause 6 the organization is required to take action
to address risks and opportunities
14. Risk in the
ISO/FDIS 9001:2015 Clauses
14
Operation, Evaluation, Improvement:
• Clause 8 - the organization is required to have
processes which identify and address risk in its
operations
• Clause 9 the organization is required to monitor,
measure, analyse and evaluate the risks and
opportunities
• In Clause 10 the organization is required to improve
by responding to changes in risk
15. Risk-based Quality Auditing
• Risk based quality Auditing occurs in three
levels, based on maturity of organization :
• Level 1 – Planning and reporting based on
risk – occurs naturally within most audit
programs
15
16. • Level 2 – Evaluating how well risk
management is incorporated into individual
quality management system processes
• Level 3 – Determining enterprise-level risks
relating to quality management system
processes
16
Risk-based Quality Auditing
17. • Maturity of QMS determines level of risk
management organization implements
• Integrating risk management formally into
internal audit process:
– Changes to annual audit plan based on areas of
concern/opportunity identified in management
review and use of risk-based methodologies
17
Risk-based Quality Auditing
18. – Utilizing definitions and methodology for classifying
audit findings based on previously determined risk
assessment matrix
– Reporting audit results and recommendations
based on audit findings that reflect risk
assessments determined during the audit process
18
Risk-based Quality Auditing
19. Principles of Auditing
• Integrity: the foundation of professionalism
• Fair presentation: the obligation to report
truthfully and accurately
• Due professional care: the application of
diligence and judgement in auditing
• Confidentiality: security of information
19
20. Principles of Auditing
• Independence: the basis for the impartiality of
the audit and objectivity of the audit
conclusions
• Evidence-based approach: the rational
method for reaching reliable and reproducible
audit conclusions in a systematic audit process
20
21. Competence in Auditing
• Auditing requires competence (knowledge
and skills)
• Certification of auditors is based on relevant
training and experience
• To be effective, auditors must engage in
continual improvement through study and
practice
21
22. Purpose of Quality Management
System Auditing
• Fundamental auditing questions:
– Are requirements being met?
– Are there opportunities for improvement?
• Determination of implementation and
effectiveness of management system
22
23. Purpose of Quality Management
System Auditing
• Provision of leading indicator of performance
• Promotion of early detection of problems and
identification of root causes
• Provides management with objective
feedback leading to informed decisions
23
24. Specific Auditing Purposes
• Ensures:
– Fitness of products for use
– Adequate written procedures exist and are utilized
– Compliance with legal and regulatory
requirements
– Identification of deficiencies in products or the
management system
– Conformance with specifications
24
25. Specific Auditing Purposes
• Ensures:
– Corrective action is taken and results verified as
effective
– Information to identify and reduce risks is
obtained
– organization’s resources are effectively and
efficiently used
– Existence of standardized organizational practices
and continual improvement
25
26. Benefits of Auditing
• Organizational effectiveness
– Information for management decisions
– Potential risks identified
– Assessment of resource capabilities (e.g. people and
equipment)
– Identification of cost reduction opportunities
– Maintenance of customer goodwill
• Business performance
– Cost control
– Opportunity identification
– Risk management
– Continual improvement
26
27. Benefits of Auditing
• Improvement in system effectiveness
– Discovery of potential efficiencies in interrelated processes
• Improvement in process effectiveness
– Through examination of interactions with other processes
and resources and controls utilized
• Improvement in performance measurement
– Provision of timely information to top management
– Facilitation of changes that lead to greater effectiveness
• Establishment of trusting relationships internally and
externally
27
28. • Audits determine if requirements are being
met and if there are opportunities for
improvement
• Audits are a prime risk assessment tool
• Audits are indispensable in maintenance and
continual improvement of management
systems
28
Summary of Key Points
29. Anderson, P. & Worthman, B (1994). Quality
auditor primer. Terre Haute, IN.
ASQ. (2014). Certified HACCP, auditor (CHA)
Certification preparation
Coleman, L.B. (2015). Advanced quality auditing.
Milwaukee, WI: ASQ.
ISO 9001:2015 FDIS
ISO 19011:2011 Guidelines for Auditing Management
Systems
Parsowith, B.S. (1995). Fundamentals of quality
auditing. Milwaukee, WI : ASQ.
29
References