Successfully reported this slideshow.

ASQ CQA Part 1: Auditing Fundamentals

16

Share

ASQ Certified Quality Auditor (CQA)
Part 1: Auditing Fundamentals
Seetharam Kandarpa, ASQ CQA & ASQ CPGP
Chair- Healthcare...
Contents
• About Author
• Overview of Mentoring Classes for ASQ CQA
• Overview of ASQ CQA
• Part 1: Auditing Fundamentals
...
About Author
• Having 14+ years of versatile industrial experience in QA and Production functions at
API/ Formulation faci...

YouTube videos are no longer supported on SlideShare

View original on YouTube

Loading in …3
×
1 of 88
1 of 88

More Related Content

Related Books

Free with a 14 day trial from Scribd

See all

Related Audiobooks

Free with a 14 day trial from Scribd

See all

ASQ CQA Part 1: Auditing Fundamentals

  1. 1. ASQ Certified Quality Auditor (CQA) Part 1: Auditing Fundamentals Seetharam Kandarpa, ASQ CQA & ASQ CPGP Chair- Healthcare ASQ Mumbai LMC
  2. 2. Contents • About Author • Overview of Mentoring Classes for ASQ CQA • Overview of ASQ CQA • Part 1: Auditing Fundamentals – A. Types of quality audits – B. Purpose and scope of audits – C. Criteria to audit against – D. Roles and responsibilities of audit participants – E. Professional conduct and consequences for auditors • Q&A • Thank You
  3. 3. About Author • Having 14+ years of versatile industrial experience in QA and Production functions at API/ Formulation facilities (approved by various regulatory agencies USFDA, TGA, MHRA, WHO etc.) of top pharma companies in India such as Aurobindo Pharma Ltd., Mylan Laboratories Ltd., Dr. Reddy's Laboratories Ltd., Ipca Laboratories Ltd. and Abbott Healthcare Pvt. Ltd. • Having experience in handling Regulatory Inspections of USFDA, MHRA, WHO, TGA, KFDA and PMDA. • Having Training on Culture of Quality and Data Integrity Assurance by Dr. Ajaz S Hussain. • Having Training and certification on 'Cleaning Validation' by Destin A. Leblanc. Seetharam Kandarpa, ASQ CQA & ASQ CPGP Chief Manager Quality Assurance Abbott Healthcare Pvt. Ltd. http://seetharamkandarpa.webnode.in
  4. 4. OVERVIEW OF MENTORING CLASSES FOR ASQ CQA
  5. 5. Mentoring Classes for ASQ CQA • What? – Free mentoring classes to provide guidance on basics of ASQ CQA (Certified Quality Auditor) certification program and tips to pass the exam • Why? – To take a minute part, as a responsible individual, in a big mission of improving continuously quality of products/ services for society through mentoring professionals aspiring to become Certified Quality Auditor • Who? – Suitable to the professionals plan to become Certified Quality Auditor by ASQ • How & Where? – Through series of webinars – Keepings recordings at YouTube forever Continues…
  6. 6. Mentoring Classes for ASQ CQA • When? – As per below calendar For Timely Updates: • JOIN THE GOOGLE HANGOUT GROUP https://hangouts.google.com/group/mAWt5BYDGX9amObn1 • http://seetharamkandarpa.webnode.in/asq-cqa/ Back to Contents
  7. 7. OVERVIEW OF ASQ CQA (For complete details, refer my earlier presentation on Overview of ASQ CQA)
  8. 8. Basics • The Certified Quality Auditor is a professional who understands the standards and principles of auditing and the auditing techniques of examining, questioning, evaluating and reporting to determine a quality system's adequacy and deficiencies. • The Certified Quality Auditor analyzes all elements of a quality system and judges its degree of adherence to the criteria of industrial management and quality evaluation and control systems. • Quality Auditor Certification Brochure • Certified Quality Auditor Body of Knowledge For More Details: asq.org/cert/quality-auditor Continues…
  9. 9. Body of Knowledge For More Details: asq.org/cert/quality-auditor I. Auditing Fundamentals (27 Questions) • A. Types of quality audits B. Purpose and scope of audits • C. Criteria to audit against D. Roles and responsibilities of audit participants • E. Professional conduct and consequences for auditors II. Audit Process (42 Questions) • A. Audit preparation and planning B. Audit performance • C. Audit reporting D. Audit follow-up and closure III. Auditor Competencies (25 Questions) • A. Auditor characteristics B. On-site audit resource management • C. Conflict resolution D. Communication and presentation techniques • E. Interviewing techniques F. Team dynamics IV. Audit Program Management and Business Applications (30 Questions) • A. Audit program management B. Business and financial impact V. Quality Tools and Techniques (26 Questions) • A. Basic quality and problem-solving tools B. Process improvement techniques • C. Basic statistics D. Process variation • E. Sampling methods F. Change control and configuration management • G. Verification and validation H. Risk management tools Back to Contents
  10. 10. PART 1: AUDITING FUNDAMENTALS (27 QUESTIONS)
  11. 11. Body of Knowledge For More Details: Certified Quality Auditor Body of Knowledge I. Auditing Fundamentals (27 Questions) • A. Types of quality audits • B. Purpose and scope of audits • C. Criteria to audit against • D. Roles and responsibilities of audit participants • E. Professional conduct and consequences for auditors Back to Contents
  12. 12. A. TYPES OF QUALITY AUDITS
  13. 13. A. Types of Quality Audits 1. Method 2. Auditor-auditee relationship 3. Purpose 4. Common elements with other audits For More Details: Certified Quality Auditor Body of Knowledge Continues…
  14. 14. 1. Method Define, differentiate, and analyze various audit types by method: product, process, desk, department, function, element, system, management. (Analyze) For More Details: Certified Quality Auditor Body of Knowledge Continues…
  15. 15. 1. Method • Audit: – Systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled • Discrete Types of Audit: – Product audit (includes Services) – Process audit – System audit • Other Methods: – Desk audit or document review – Department of function audit – Management audit For More Details: Certified Quality Auditor Body of Knowledge Continues… System Audit Process Audit Product Audit
  16. 16. 1. Method • Product Audit – An examination of a particular product or service (hardware, processed material, software) to evaluate whether it conforms to requirements (specifications, performance standards, and customer requirements) – Audit performed on a service is Service Audit – A detailed inspection of a finished product performed prior to delivering the product to the customer. It is a test of both attribute and variable data. For More Details: Certified Quality Auditor Body of Knowledge Continues…
  17. 17. 1. Method • Product Audit (Contd.) – Results often provide information regarding the reliability and effectiveness of the overall quality system – Product audits are usually accomplished for one or more of the following reasons: • to estimate the outgoing quality level of the product or group of products; • to ascertain if the outgoing product meets a predetermined standard level of quality for a product or product line; • to estimate the level of quality originally submitted for inspection; • to measure the ability of the quality control inspection function to make quality decisions, and; • to determine the suitability of internal process controls For More Details: Certified Quality Auditor Body of Knowledge Continues…
  18. 18. 1. Method • Process Audit – Where the system audit is general in nature, the process audit is much more narrowly defined. Unlike the system audit, the process audit is "an inch wide but a mile deep“ – It revolves around verification of the manner in which: 1) people; 2) material; 3) machines, etc., mesh together to produce a product – Process audits are appraisal and analytical in nature For More Details: Certified Quality Auditor Body of Knowledge Continues… Appraisal Mode •Are personnel involved in the production process performing in accordance with company manufacturing process plans, procedures, work instructions, workmanship standards, etc.? Analytical Mode •Are procedures, work instructions, and so forth, used in support of the process(es) being audited • helpful or detrimental? • Thorough or sketchy? •Does duplication of effort exist between sub-functions?
  19. 19. 1. Method • System Audit – An audit conducted on a management system to verify that • applicable elements of the system are appropriate and effective and • have been developed, documented, implemented in accordance and in conjunction with specified requirements – The system audit addresses the who, what, where, when and how of the system used to produce its product – Think of the system audit in terms of "an inch deep but a mile wide" i.e., broad and general in nature rather than narrow and limited in scope For More Details: Certified Quality Auditor Body of Knowledge Continues…
  20. 20. 1. Method • Desk Audit or Document Review – A desk audit or document review is an audit of an organization’s documents – Can be at a desk since people are not interviewed and activities are not observed – Must be conducted prior to process or system audit – Findings help ensure that audit program resources are used efficiently – May be conducted periodically or when changes occurred to verify the adequacy For More Details: Certified Quality Auditor Body of Knowledge Back to Contents
  21. 21. 2. Auditor-auditee relationship Define, differentiate, and analyze various audit types by auditor- auditee relationship: first-party, second-party, third-party, internal and external. (Analyze) For More Details: Certified Quality Auditor Body of Knowledge Continues…
  22. 22. 2. Auditor-auditee Relationship • Classification of Audits – First-party Audit (Internal audit) – Second-party Audit (conducted by parties having an interest in the organization, such as customers, or by other persons on their behalf) – Third-party Audit (conducted by independent auditing organizations, such as regulators or those providing certification) For More Details: Certified Quality Auditor Body of Knowledge Continues… Classification of Audits Internal Audits External Audits First-party Audits Second-party Audits Third-party Audits
  23. 23. 2. Auditor-auditee Relationship • First-party Audit (Internal audit) – Performed within an organization to measure its strengths and weaknesses against own procedures against external standards adopted by (voluntary) or imposed on (mandatory) the organization – Conducted by auditors who are employed by organization but have no vested interest in the audit area to maintain independence – In many cases independence can be demonstrated by the freedom from responsibility for the activity being audited or freedom from bias and conflict of interest. – Companies may have separate audit group or hire (outsource) an audit organization For More Details: Certified Quality Auditor Body of Knowledge Continues…
  24. 24. 2. Auditor-auditee Relationship • Second-party Audit – External audit performed on a supplier by a customer or by a contracted organization on behalf of customer – Audits are subject to the rules of contract law as they are providing contractual direction from Customer to Supplier – More formal than first party audit because audit results could influence customer’s purchasing decisions – A Survey, sometimes called an assessment or examination, is a comprehensive evaluation that analyzes • facilities, resources, economic stability, technical ability, personnel, production capabilities, and performance • Entire management system For More Details: Certified Quality Auditor Body of Knowledge Continues…
  25. 25. 2. Auditor-auditee Relationship • Third-party Audit – Performed by an audit organization independent of the customer-supplier relationship and is free of any conflict • on behalf of auditee’s potential customers who cannot afford to survey • audit external organization themselves • Who consider third-party audit to be more cost-effective alternative • Mandatory audits on regulated industries by Government representatives to provide assurance of safety of public – Independence is key component – May result in certification, registration, recognition, award, license approval, citation, fine, penalty For More Details: Certified Quality Auditor Body of Knowledge Continues…
  26. 26. 2. Auditor-auditee Relationship • What is Inspection? – Inspection: • a tool to detect errors or defects before a product is approved for release or distribution • Normally part of manufacturing process • May form quality control department to manage and conduct inspection – Audits conducted by government (e.g. USFDA) are described as Inspection in regulatory documents For More Details: Certified Quality Auditor Body of Knowledge Back to Contents
  27. 27. 3. Purpose Define, differentiate, and analyze various audit types by purpose: verification of corrective action (follow-up) audits, risk audits, accreditation (registration) and compliance audits, surveillance and for-cause audits. (Analyze) For More Details: Certified Quality Auditor Body of Knowledge Continues…
  28. 28. 3. Purpose • Also common to refer an audit according to its purpose or objectives • An auditor may specialize in types of audits based on audit purpose such as to verify: – Compliance – Conformance or – Performance • Some audits have special administrative purpose such as auditing: – Documents – Risk – Performance – Follow up on completed corrective actions For More Details: Certified Quality Auditor Body of Knowledge Continues…
  29. 29. 3. Purpose • Certification Purposes: – Companies in certain high-risk categories (such as toys, pressure vessels, medical devises, pharmaceuticals) wanting to do business in Europe must comply with Conformite Euopeene Mark (CE Mark) requirements – One way to comply is to have management systems certified by third- party audit organizations to management system requirement criteria (such as ISO 9001) – Customer may require suppliers to conform to standards (like ISO 14001) – Third-party audits for system certification should be performed by organizations evaluated & accredited by an established accreditation board such as ANSI-ASQ National Accreditation Board (ANAB) For More Details: Certified Quality Auditor Body of Knowledge Continues…
  30. 30. 3. Purpose • Certification vs Registration vs Accreditation: For More Details: Certified Quality Auditor Body of Knowledge Continues… • Terms Certification and Registration are used interchangeably to refer to verifying the conformance of organization’s management systems to a standard or other requirements • Certification also refers to the process of validating and verifying the credentials of individuals such as auditors • Term Accreditation is used when validating or verifying the conformance of a certification body to requirements of national and/or international • Certification body (also known as Registrar) is a third-party company contracted to evaluate the conformance of organization’s management system to the requirements of appropriate standard and issue a certificate of conformance when warranted
  31. 31. 3. Purpose • Performance vs Compliance/ Conformance Audits: – Various authors use the terms to describe an audit purpose beyond compliance and conformance: • Value-added assessments • Management audits • Added value auditing • Continual improvement assessment – Key difference is collection of audit evidence – All types of audits can include a purpose to identify and report performance observations – Audits with this objective are more likely to be: • First-party • Process • System For More Details: Certified Quality Auditor Body of Knowledge Continues…
  32. 32. 3. Purpose • Follow-up Audit: – Since many corrective actions cannot be performed at the time of the audit, may require follow-up audit to verify: • Corrective action • Preventive action (opportunity for improvement of performance) – Normally combined with next scheduled audit however decision depends on importance and risk of the finding – May forward identified performance issues to management for follow-up For More Details: Certified Quality Auditor Body of Knowledge Back to Contents
  33. 33. 4. Common elements with other audits Identify elements such as audit purpose, data gathering techniques, tracing, etc., that quality audits have in common with environmental, safety, financial, and other types of audits. (Apply) For More Details: Certified Quality Auditor Body of Knowledge Continues…
  34. 34. 4. Common Elements with Other Audits • Regardless of the scope of a system or process audit, all audits have common elements • Audits can address almost any topic of interest where activities or outputs result from defined plans • Basically if activity or status is subject to planning or reporting, it can be audited – Product or service quality – Environmental, marketing, or promotional claims – Financial results and statements – Health and safety conditions – Equal opportunity compliance – Sarbanes oxley – Etc. For More Details: Certified Quality Auditor Body of Knowledge Continues…
  35. 35. 4. Common Elements with Other Audits • Audit-like inquiries that do not fulfill all technical requirements of audit (such as audit plan or avoiding conflicts of interest) are known as evaluation or assessment and these are fairly subjective audit-like activities • Evaluations are judgements • Assessments are estimates or determinations of significance or importance • Common type of assessment is ‘statutory and regulatory compliance audit’ where – auditors need to be careful avoid going beyond their competence in reporting – Interpretation of laws is often required and can be viewed as domain of lawyers who are members of the bar For More Details: Certified Quality Auditor Body of Knowledge Continues…
  36. 36. 4. Common Elements with Other Audits • Key concept – Audits are processes For More Details: Certified Quality Auditor Body of Knowledge Continues… Inputs • Competent auditors • Authorizing supportive client • Cooperative auditees • Defined audit plans and procedures • Purpose and scope • Reference documents • Administrative and infrastructure support Outputs • Accumulated data that are transformed into useful actionable information • Presenting formal report to client and auditee • Follow-up of CAPA implementation to support improvement and mutual benefit Audit Process Planned sequence of audit activities
  37. 37. 4. Common Elements with Other Audits • Some common audit elements: – Purpose and scope – Documentation review – Preparation for review – On-site or remote data collection (the audit) – Formal audit report – Audit follow-up For More Details: Certified Quality Auditor Body of Knowledge Back to Contents
  38. 38. B. PURPOSE AND SCOPE OF AUDITS Continues…For More Details: Certified Quality Auditor Body of Knowledge
  39. 39. B. Purpose and Scope of Audits 1. Elements of purpose and scope 2. Benefits of audits For More Details: Certified Quality Auditor Body of Knowledge Continues…
  40. 40. 1. Elements of purpose and scope Describe and determine how the purpose of an audit can affect its scope. (Apply) For More Details: Certified Quality Auditor Body of Knowledge Continues…
  41. 41. 1. Elements of Purpose and Scope • Audit Purpose: – Client’s responsibility to determine the purpose statement – Regular audits, well defined and well known by all parties For More Details: Certified Quality Auditor Body of Knowledge Continues…
  42. 42. 1. Elements of Purpose and Scope • Audit Purpose: (Contd.) – First-party audit is to : • Assure management that audited area is in compliance with particular standards and goals & strategies of organization are being met • Identify opportunities for improvement • Assess The progress of management system toward meeting the requirements of regulatory or standards • Identify process efficiencies for delivery of product or service • Report organizational risks to management for evaluation For More Details: Certified Quality Auditor Body of Knowledge Continues… First-party Audits
  43. 43. 1. Elements of Purpose and Scope • Audit Purpose: (Contd.) – Process performance audit is to: • Determine if the system design is adequate to achieve organization objective • Identify performance weaknesses and strengths • Verify process responsiveness to customer and organization needs • Identify process risks and areas to be optimized – Risk-based audit: • Allocate resources specifically to areas that have been problematic or that are high risk and could include – product characteristics – product or process hazards – Personnel or process safety – Environmental controls For More Details: Certified Quality Auditor Body of Knowledge Continues… Process Performance Audit Risk-based Audit
  44. 44. 1. Elements of Purpose and Scope • Audit Purpose: (Contd.) – Second-party audit is to: • Either assess a supplier to verify that the contract requirements are being followed or assess a potential supplier’s capability of meeting specific requirements for a product or service • Get the confidence in the quality of goods and services being delivered • Identify the possible cause of recent nonconformities • Verify that supplier has an active environmental abatements and safety improvement program that meets customer requirements – Audit program, Engineering and Technology departments, or Purchasing department determines the purpose and communicates to the auditee For More Details: Certified Quality Auditor Body of Knowledge Continues… Second-party Audits
  45. 45. 1. Elements of Purpose and Scope • Audit Purpose: (Contd.) – Third-party audit: • Performed by auditing organizations to determine the compliance or conformance of auditee’s system with agreed-upon criteria • In case of an audit for certification, an auditor examines auditee’s systems for conformity with a specific standard (e.g.: ISO 9001) or cGMP. • In case of inspection performed for regulatory purposes, – Regulatory agency examines the compliance of the auditee’s systems with regulations or laws – May have penalties associated with them (fine, jail or both), so very serious – Focus to ensure that companies are protecting the environment, the public and their employees For More Details: Certified Quality Auditor Body of Knowledge Continues… Third-party Audits
  46. 46. 1. Elements of Purpose and Scope • Audit Scope: – According to ISO 19011, the audit scope is the extent and boundaries of an audit – Scope has been defined as the breadth of the audit and may specify areas not to be included in the audit – Normally includes a description of • Physical locations • Organizational units • Product, systems • Activities and processes • Areas excluded from audit • Applicable standards, contracts, regulations, codes and other legal documents • Time period covered – Any changes in scope should be informed to participants and documented in audit plan For More Details: Certified Quality Auditor Body of Knowledge Back to Contents
  47. 47. 2. Benefits of audits Analyze how audits can be used to provide an independent assessment of system effectiveness and efficiency, risks to the bottom line, and other organizational measures. (Analyze) For More Details: Certified Quality Auditor Body of Knowledge Back to Contents
  48. 48. 2. Benefits of Audits • Audits can verify ongoing conformance to requirements and promote improvement of organization’s effectiveness and efficiency • Management can utilize objective data to make informed decisions regarding achievement of organization objectives • Verification of conformance to requirements • Identification of risks and monitoring of risk treatments • Identification of opportunities for improvement • Determination of readiness for new products and processes • Verification of system effectiveness • Identification of inefficiencies and ineffective controls • Verification of CAPA • Identification and reporting of best practices • Advancing the achievement of organizational objectives For More Details: Certified Quality Auditor Body of Knowledge Continues…
  49. 49. 2. Benefits of Audits • Management review should consider recurring nonconformities • Auditing starts to provide the information needed for the ‘Check’ step in Plan- Do-Check-Act (PDCA) cycle • Management is better prepared to move forward with more-informed decisions • The universe of opportunities expands as new knowledge and theories are developed • System and process auditing can provide new knowledge, if understood and properly applied For More Details: Certified Quality Auditor Body of Knowledge Back to Contents
  50. 50. C. CRITERIA TO AUDIT AGAINST Back to ContentsFor More Details: Certified Quality Auditor Body of Knowledge Define and distinguish between various audit criteria, such as external (industry, national, international) standards, contracts, specifications, quality awards, policies, internal quality management system (QMS), sustainability, social responsibility, etc. (Analyze)
  51. 51. C. Criteria to Audit Against • Audit Criteria: – A universal term that describes the reference used by an auditor against which the evidence collected during the audit can be compared – ISO 19011,clause 3.2 states that criteria are set of policies, procedures, or requirements used as a reference against which audit evidence is compared – ISO9000 vocabulary standard explains that requirements may be generated by various stakeholders or interested parties. Requirements may be specified or they may be generally implied, such as customs or common practice For More Details: Certified Quality Auditor Body of Knowledge Not all requirements can be specified Continues…
  52. 52. C. Criteria to Audit Against • Audit Criteria: – May be referred to as a system or process requirements, rules that the auditee follows, or a specific named standard or regulation – Assigned auditors must be: • Knowledgeable of the audit criteria, document, or standard that the organization is being evaluated against • Competent, and part of that competency is knowledgeable of the audit criteria and their interpretations For More Details: Certified Quality Auditor Body of Knowledge Continues…
  53. 53. C. Criteria to Audit Against • Audit Requirements: – Audits of programs (such as quality or environmental programs) normally require reference standard against which to judge the adequacy of plans and these may include: • National and international standards • Customer and corporate specifications • Contract and customer requirements • Local and national statutes and regulations • Industry codes and standards • Guides, handbooks, and so on For More Details: Certified Quality Auditor Body of Knowledge Continues…
  54. 54. C. Criteria to Audit Against • Audit Requirements: – Performance standards: the documents that contain the norms or criteria against which an activity is measured. There are 4 levels: For More Details: Certified Quality Auditor Body of Knowledge Continues… 1. Policies • Corporate policies • Quality system standards • Regulatory standards • Business sector standards 2. Manuals • Corporate • plant • Function or department • Division 3. Procedural Documents • Step-by-step requirements for doing job 4. Detailed Documents • Drawings, Purchase orders • Specifications & inspection plan • Specific instructions
  55. 55. C. Criteria to Audit Against For More Details: Certified Quality Auditor Body of Knowledge Audit Basis 1. Management system, product, or process standards (e.g.: ISO 9001,ISO 14001) 2. Contracts (reference to specific standard like ANSI/ ASTM) 3. Specifications 4. Organization policies and objectives 5. Laws or regulations If there are no criteria to compare with, the investigation may be called a survey or review Back to Contents
  56. 56. D. ROLES AND RESPONSIBILITIES OF AUDIT PARTICIPANTS Define and describe the functions and responsibilities of various audit participants, including audit team members, lead auditor, client, auditee, etc. (Apply)
  57. 57. D. Roles and Responsibilities of Audit Participants • Audit Participants: – Audit client: Organization or person requesting an audit – Auditor: Person who conducts an audit – Lead Auditor: Auditor responsible for managing the audit – Auditee: Organization being audited • Escort: Person assigned to escort the audit team members • Coordinator: Person in contact with the lead auditor or the audit program manager in order to arrange for the audit – Audit Program Manager: Person responsible for the audit program For More Details: Certified Quality Auditor Body of Knowledge Continues…
  58. 58. D. Roles and Responsibilities of Audit Participants • Audit Participants: For More Details: Certified Quality Auditor Body of Knowledge Continues… External Audit: Organization desires recognition or approval of its capability to meet standard ISO 9001 Participant Role Client Top management of organization desiring certification/ registration Auditee The organization desiring certification/ registration Auditing organization The organization granting certification/ registration using an auditor employed by the auditing organization or hired to conduct the audit External Audit: Customer Organization desires to evaluate a supplier Participant Role Client The interested purchasing agent, purchasing manager, or engineer Auditee The potential or existing supplier Auditing organization Member(s) of the customer organization staff or auditors under contract to customer organization
  59. 59. D. Roles and Responsibilities of Audit Participants • Audit Participants: For More Details: Certified Quality Auditor Body of Knowledge Continues… External Audit: Regulatory organization verifies that supplier or operator is in compliance with requirements Participant Role Client Regulatory agency Auditee The potential supplier or operator Auditing organization Employee(s) of the regulatory agency or auditors under contract to the agency Internal Audit: Organization desires to determine the degree of conformity of its own organization elements of to a predetermined management system Participant Role Client Upper management team of the organization desiring to use auditing as a management tool Auditee The department/ function(s) of the organization to be evaluated Auditing organization Employee(s) of the organization or individuals hired to conduct audit
  60. 60. D. Roles and Responsibilities of Audit Participants • Roles and Responsibilities: – Client: • Determines the need for an audit • Determines the audit organization to be used • Determines the audit purpose • Determines overall audit scope and may confer with the audit program manager or lead auditor to define specifics • Addresses budget issues • May determine the audit team leader or delegate the responsibility to the audit program manager • May choose to attend audit process meetings such as the exit meeting • Receives the audit report • Determines and directs the distribution of the audit report • Determines the need for follow-up actions • Supports the audit initiative • Follows organizational procedures regarding the audit process For More Details: Certified Quality Auditor Body of Knowledge Continues…
  61. 61. D. Roles and Responsibilities of Audit Participants • Roles and Responsibilities: – Auditor: • Understands the purpose and scope of the audit • Understands the audit criteria being audited against • Prepares for the audit • Performs the audit to collect evidence to verify conformance or nonconformance to the audit criteria • Records the results of the investigation (perhaps on a checklist) • Attends the opening and exit meetings • Reports findings to the lead auditor • Verifies the correction of previous nonconformities if directed to do so • Provides input to the formal report if directed to do so by the lead auditor or client • Maintains confidentiality of the audit information • Reports conflicts of interest to the lead auditor • Is ethical and adheres to an organization code of conduct or the principles of auditing as listed in ISO 19011 For More Details: Certified Quality Auditor Body of Knowledge Continues…
  62. 62. D. Roles and Responsibilities of Audit Participants • Roles and Responsibilities: – Lead Auditor/ Audit Team Leader: • Is responsible for communication with the client, auditor, auditor program management, and the auditee representative • Provides audit team selection input if requested to do so • Communicates audit plan and requirements to auditee • Ensure that necessary resources are available to audit team • Ensures the team has appropriate working papers • Plans the audit and directs the audit team • Conducts audit process meetings • Prepares audit report • Manages the audit process and involves conflicts of interest or other personnel issues • Ensures reports and records are properly files and safeguarded For More Details: Certified Quality Auditor Body of Knowledge Continues…
  63. 63. D. Roles and Responsibilities of Audit Participants • Roles and Responsibilities: – Auditee: • Coordinates audit with the lead auditor • Informs employees of the pending audit purpose and scope • Addresses logistical issues with the lead auditor • Provides adequate space and privacy for the opening and exit meetings • Attends the opening and exit meetings • Provides area for auditors to work and meet if requested • Cooperates with the auditors • Provides access to areas included in the audit scope • Acknowledges audit results • Takes corrective action on audit findings For More Details: Certified Quality Auditor Body of Knowledge Continues…
  64. 64. D. Roles and Responsibilities of Audit Participants • Roles and Responsibilities: – Audit Program Manager: • Assign auditors to scheduled audits • Ensures availability of resources (budgeting) • Establishes a reporting relationship that ensures objective and impartial audits • Qualifies auditors (Knowledge, experience, and skills) • Establishes controls (procedures, criteria, plans, and objectives) for an effective and efficient audit program • Creates, distributes, and maintains audit program schedules • Reports audit program progress to management • Monitors auditor performance • Determines audit program objectives and creates plans to accomplish the objectives • Keeps and safeguards audit program information • Promotes ethical behavior on the part of auditors and those involved in managing the audit program For More Details: Certified Quality Auditor Body of Knowledge Back to Contents
  65. 65. E. PROFESSIONAL CONDUCT AND CONSEQUENCES FOR AUDITORS
  66. 66. E. Professional Conduct and Consequences for Auditors 1. Professional conduct and responsibilities 2. Legal consequences 3. Audit credibility For More Details: Certified Quality Auditor Body of Knowledge Continues…
  67. 67. 1. Professional conduct and responsibilities • Define and apply the ASQ Code of Conduct, concepts of due diligence and due care with respect to confidentiality and conflict of interest, and appropriate actions in response to the discovery of illegal activities or unsafe conditions. (Apply) For More Details: Certified Quality Auditor Body of Knowledge Continues…
  68. 68. 1. Professional Conduct and Responsibilities • ASQ Code of Ethics For More Details: Certified Quality Auditor Body of Knowledge Continues… Fundamental Principles ASQ requires its members and certification holders to conduct themselves ethically by: Being honest and impartial in serving the public, their employers, customers, and clients. Striving to increase the competence and prestige of the quality profession, and Using their knowledge and skill for the enhancement of human welfare. Members and certification holders are required to observe the tenets set forth below: Relations With the Public Article 1 – Hold paramount the safety, health, and welfare of the public in the performance of their professional duties. Relations With Employers, Customers, and Clients Article 2 – Perform services only in their areas of competence. Article 3 – Continue their professional development throughout their careers and provide opportunities for the professional and ethical development of others. Article 4 – Act in a professional manner in dealings with ASQ staff and each employer, customer or client. Article 5 – Act as faithful agents or trustees and avoid conflict of interest and the appearance of conflicts of interest. Relations With Peers Article 6 – Build their professional reputation on the merit of their services and not compete unfairly with others. Article 7 – Assure that credit for the work of others is given to those to whom it is due.
  69. 69. 1. Professional Conduct and Responsibilities • The Institute of Internal Auditors Code of Ethics For More Details: Certified Quality Auditor Body of Knowledge Continues…
  70. 70. 1. Professional Conduct and Responsibilities • The Institute of Internal Auditors Code of Ethics (Contd.) For More Details: Certified Quality Auditor Body of Knowledge Continues…
  71. 71. 1. Professional Conduct and Responsibilities • Conflicts of Interest: Situations sometimes encountered prior to and during audits include: – Previous employment of the auditor (or close relative) by the auditee or a major competitor of the auditee, regardless of the reason for separation – Holding of significant amounts of stocks or bonds in the auditee’s business or that of major competitor – Previous or current close working relationship with the organization – Prior involvement by the auditor in developing the quality program or procedures used by the group being audited – Close relationships within the group being audited – Offer by auditee of money, goods, of services in the nature of a bribe, kickback, or secret commission – Acceptance of gift (money, gratuity, or other thing of value) with more than a nominal value, or involvement in auditee-sponsored sales promotions or other activities that may represent or be constructed as a conflict of interest – Performance of outside work for the auditee that might adversely effect the auditor’s performance or judgement on the job For More Details: Certified Quality Auditor Body of Knowledge Continues…
  72. 72. 1. Professional Conduct and Responsibilities • When a Conflicts of Interest Exists: – The auditor must relay this information to audit program management or decline to conduct the audit, whichever is more appropriate – Actions that management and audit team leader can take include: • Ensuring that sufficient time has passed to eliminate the conflict • Assigning a different auditor to cover the specific area of conflict • Removing the audit or the audit team leader from the team For More Details: Certified Quality Auditor Body of Knowledge Continues…
  73. 73. 1. Professional Conduct and Responsibilities • Confidentiality: – The auditor must maintain confidentiality, but not to the point of performing an inadequate audit – Each auditor needs to be prepared to sign agreement or utilize techniques for working around a proprietary area – Auditors normally are not authorised to obligate their organizations – Conduct: • Proprietary information should never divulged in a sharing situation with other auditors • Even body language could disclose proprietary information For More Details: Certified Quality Auditor Body of Knowledge Continues…
  74. 74. 1. Professional Conduct and Responsibilities • Confidentiality: (Contd.) – Techniques: • When auditing in an undisclosed area, the auditor can relay on memory and not write audit notes • Auditor must respect the auditee’s wishes and audit around the undisclosed area • Remove personnel from undisclosed area for interview • Ask auditee to certify that the procedure does exist and covers the relevant process – Security: • Companies in certain highly sensitive industries may require that auditors have or obtain security clearances • Alternatively to be constantly escorted – Trust: • Auditors are expected to exercise due care while performing activities For More Details: Certified Quality Auditor Body of Knowledge Continues…
  75. 75. 1. Professional Conduct and Responsibilities • Discovery of Illegal or Unsafe Conditions or Activities: – When Unsafe Activities are Observed: • Auditor must not ignore it • Internal audit- Immediately inform an auditee representative and audit team leader, who will inform auditee manager • External audit- Must immediately inform the auditee and create a record of the situation • If anyone of audit team is endangered, the audit must be stopped and auditors returned to a safe area For More Details: Certified Quality Auditor Body of Knowledge Continues…
  76. 76. 1. Professional Conduct and Responsibilities • Discovery of Illegal or Unsafe Conditions or Activities: (Contd.) – When Illegal or Unethical Activities are Detected: • Auditor has ethical duty to bring the matter to the attention of the client and appropriate management for action • Keep a re cord of such matters, safeguard the evidence, and obtain copies of pertinent documents and records • Should be aware of their legal responsibilities and rights under the law, including whistle-blower laws • Verify and inform the audit team leader, who will inform the auditee and/ or client For More Details: Certified Quality Auditor Body of Knowledge Continues…
  77. 77. 1. Professional Conduct and Responsibilities • Social and Cultural Considerations: – Auditor must be familiar with local customs so that potentially unethical situations can be interpreted correctly and responded to appropriately – The auditor’s awareness and willingness to work with different cultures will help avoid misunderstandings and ensure the effectiveness of the audit For More Details: Certified Quality Auditor Body of Knowledge Continues…
  78. 78. 1. Professional Conduct and Responsibilities • Overcoming Language and Literacy Barriers: – Audit personnel must either be fluent in the language in which the audit is to be conducted or have the support of a technical expert with the necessary technical language skills – Auditor may need to ask extremely simple questions to overcome a lack of language skills For More Details: Certified Quality Auditor Body of Knowledge • Avoiding Internal Conflict- of-Interest Problems: – Auditor will not be assigned to audit an area of previous employment – Must maintain confidentiality Back to Contents
  79. 79. 2. Legal consequences Identify potential legal and financial ramifications of improper auditor actions (carelessness, negligence, etc.) in various situations, and anticipate the effect that certain audit results can have on an auditee’s liability. (Apply) For More Details: Certified Quality Auditor Body of Knowledge Continues…
  80. 80. 2. Legal Consequences • Personal and Corporate Liability: – Each company and each auditor accepts liability for the decisions made regarding whether to grant certification/registration – Court of law could be called in for the final decision – If an auditor provides guidance, even if the guidance fixes the problem, the auditor still owns the solution. If the recommended solution is not the best, there may be malicious compliance that will reflect back on the auditor – Registrar/ Certification organizations and their auditors face a special liability during the audit and after registration/ certification • Audit Record Disclosure: – Audit records must be treated as confidential information and should not be disclosed to internal or outside entities without prior approval of the client and auditee – Copies of the audit report must be sent to client and/or auditee For More Details: Certified Quality Auditor Body of Knowledge Back to Contents
  81. 81. 3. Audit credibility Identify and apply various factors that influence audit credibility, such as auditor independence, objectivity, and qualifications. (Apply) For More Details: Certified Quality Auditor Body of Knowledge Continues…
  82. 82. 3. Audit Credibility • Auditor Conduct: – Professionalism is defined as the aims and qualities that characterize a profession or a professional person For More Details: Certified Quality Auditor Body of Knowledge Continues… General Standards of Internal Auditing 1. Independence 2. Professional proficiency 3. Scope of work 4. Performance of audit work 5. Management of the internal auditing department
  83. 83. 3. Audit Credibility • Communicating with the Auditee: – Auditor’s temperament is often the key to a successful audit – Should find an acceptable balance – Can establish good rapport with an auditee early in the audit by being respectful, courteous, and appreciative of any special arrangements made for auditor’s comfort and convenience – Maintaining open communication channels throughout an audit is essential – Should avoid naming names and should emphasize the purpose of the assessment of the product, process, or system – For audits that represent a high risk of false claims, or when auditor feels uncomfortable: • A second person check should be scheduled to work with the auditor • Use recording device • Escort should be present to witness interview For More Details: Certified Quality Auditor Body of Knowledge Continues…
  84. 84. 3. Audit Credibility • Audit Ethics: – ISO 19011 contains six principles of auditing that are ‘Prerequisites for providing audit conclusions that are relevant and sufficient for enabling auditors working independently from one another to reach similar conclusions in similar circumstances For More Details: Certified Quality Auditor Body of Knowledge Continues… Auditing Principles Integrity Fair Presentation Due Professional Care Confidentiality Independence Evidence- based Approach
  85. 85. 3. Audit Credibility • Audit Function Credibility: – Credible audit is a meaningful audit – Competent individuals who gather and handle all information pertaining to the audit in an unbiased and ethical manner provide a credible audit – Using a knowledgeable, experienced, skilled, capable, and well- trained auditor is the most effective way to enhance the credibility of the audit function – A good auditor does not have to be an expert in the area being audited, but the auditor does need to be knowledgeable in the discipline of auditing – Able to communicate effectively, both orally and in writing – Interviewing- ask intelligent, proper questions and listen carefully For More Details: Certified Quality Auditor Body of Knowledge Back to Contents
  86. 86. Q&A Back to Contents
  87. 87. Thank You Back to Contents

×