The document outlines a training course for internal auditors on quality management systems in accordance with ISO 9001:2015, focusing on understanding the auditing process and key concepts such as customer focus, leadership, and risk-based thinking. It emphasizes the importance of planning audits, conducting them effectively, and reporting findings, including non-conformities and corrective actions. The content also covers communication skills necessary for auditors, managing difficult situations, and understanding the audit process to ensure compliance and improvement in quality management practices.

1. Internal Auditors
Training Course on QMS
as per ISO 9001:2015
Management Systems Training
Welcomes Delegates to this Course

2. Welcome !
2

3. 3
Delegate Introductions
Delegate Introductions
• Name
• Job role
• ISO 9001:2015 understanding (1 to 10)
• Understanding of Quality function (1 to 10)
• Course expectations

4. 4
Course Aim
• Understanding the working with ISO
9001:2015 system.
• Acquiring knowledge and skills to carry out
internal audits for the quality management
system.

5. Key Concept 1: Quality Management Principles
Customer
Focus
Leadership
Engagement
of People
Process
Approach
Improvement
Evidence
based
decision
making
Relationship
Management

6. Key Concept 2: PDCA structure of standard
6
Leadership
(5)
Support and
Operation
( 7,8)
Improvement
(10)
Planning (6)
Performance
evaluation (9)
Plan Do
Check
Act
Quality Management System (4)
Organization and
its context (4)
Customer
requirements
Needs and
expectations
of relevant
interested
parties (4)
Customer
satisfaction
Products and
services
Results of
the QMS

7. Key Concept 3: Leadership and commitment
7

8. Key Concept 4: Customer focus
8

9. Key Concept 5: Risk based thinking
9

10. Key Concept 6: Process approach
10
With what?
Resources
Outputs
To whom/
where
What results?
Performance
indicators
Inputs
From
whom/
where
How done?
Methods/
Documentation
With Who?
Personnel
Process
(specific value-
added activities)

11. Key Concept 7: Organizational knowledge
11

12. Desing and Development
12
User
Needs
Design
Inputs
Design
Output
Designed
Product
Design
Process
Review
meetings
Verification
Validation

13. The Audit Process: ISO 19011:2018

14. Why do we do audit
• Purpose of auditing
• We can’t audit our own activities
• Auditor and auditee have a common goal
• Auditor cannot add personally to the requirements
• Auditor does not provide solution but aids auditee
to discover solution
14

15. 15
Auditing systems
Why do we assess systems?
• Conformance
• Effectiveness
• Improvement

16. Find & Compare
What is
supposed to be
happening
What is
actually
happening
Know it before
the audit
Get to know
during the audit
Fulfillment is compliance
Gaps are the non-conformities

17. 17
Definition
Audit
Systematic, independent and documented process
for obtaining audit evidence and evaluating it
objectively to determine the extent to which audit
criteria are fulfilled.

18. 18
Types of audits
• First Party
• Second Party
• Third Party
Internal Audit -
on own
organisation
Organisation
External
on another eg
supplier
Organisation
Third Party -
independent

19. 19
Auditing standard – ISO 19011
• ISO 19011 – Guidelines for auditing management
systems
• The principles of auditing
• Guidance on managing audit programmes
• Guidance on conducting audits
• Guidance on the competence needed by an auditor

20. Principles of auditing
• Integrity: the foundation of professionalism
• Fair presentation: the obligation to report truthfully and accurately
• Due professional care: the application of diligence and judgement
in auditing
• Confidentiality: security of information
• Independence: the basis for the impartiality of the audit and
objectivity of the audit conclusions
• Evidence-based approach: the rational method for reaching reliable
and reproducible audit conclusions in a systematic audit process
• Risk based auditing
20

21. 21
Audit Scheduling
• Scheduling the audit programme is the
responsibility of the person leading the audit
process (the program manager)
• Audits are required to be scheduled based on
 The results of risk assessments
 The results of previous audits
 Changes in operations/ activities

22. 22
Planning Audit Schedule
• When planning audits schedule, the following
needs to be considered
 Scope – the departments, processes, activities
 Criteria – the requirements
 Objective – the audit purpose
 Date & Duration – timing of audit areas
 Method – vertical (process), horizontal (theme)
 Competence – auditor experience, skills, knowledge
 Risk – areas of potential concern/high importance

23. ISO 19011 Audit Process
6.3 Preparing audit activities
6.2 Initiating audit
6.5 Preparing and distributing audit report
6.4 Conducting audit activities
6.6 Completing audit
6.7 Conducting audit follow-up
6.2.1 General (audit Team Leader responsibility)
6.2.2 Establishing contact with auditee
6.2.3 Determining feasibility of audit
6.3.1 Performing review of documented information
6.3.2 Audit planning
6.3.2.1 Risk-based approach to planning
6.3.2.2 Audit planning details
6.3.3 Assigning work to audit team
6.3.4 Preparing documented information for audit
6.4.1 General (sequence may be varied)
6.4.2 Assigning roles and responsibilities of guides and observers
6.4.3 Conducting opening meeting
6.4.4 Communicating during audit
6.4.5 Audit information availability and access
6.4.6 Reviewing documented information while conducting audit
6.4.7 Collecting and verifying information
6.4.8 Generating audit findings
6.4.9 Determining audit conclusions
6.4.9.1 Preparation for closing meeting
6.4.9.2 Content of audit conclusions
6.4.10 Conducting closing meeting
6.5.1 Preparing audit report
6.5.2 Distributing audit report
NOTE:
Subclause numbering
refers to the relevant
subclauses of this
International Standard.

24. Audit Process
6.2 Initiating the audit
• 6.2.1 General (audit Team Leader responsibility)
• 6.2.2 Establishing contact with auditee
• 6.2.3 Determining feasibility of audit
24

25. Audit Process
6.3 Preparing audit activities
• 6.3.1 Performing review of documented information
• 6.3.2 Audit planning
• 6.3.2.1 Risk-based approach to planning
• 6.3.2.2 Audit planning details
• 6.3.3 Assigning work to audit team
• 6.3.4 Preparing documented information for audit
25

26. Audit Process
6.4 Conducting the audit activities
• 6.4.1 General (sequence may be varied)
• 6.4.2 Assigning roles and responsibilities of guides and observers
• 6.4.3 Conducting opening meeting
• 6.4.4 Communicating during audit
• 6.4.5 Audit information availability and access
• 6.4.6 Reviewing documented information while conducting audit
• 6.4.7 Collecting and verifying information
• 6.4.8 Generating audit findings
• 6.4.9 Determining audit conclusions
• 6.4.9.1 Preparation for closing meeting
• 6.4.9.2 Content of audit conclusions
• 6.4.10 Conducting closing meeting
26

27. Audit Process
6.5 Preparing and distributing the audit report
• 6.5.1 Preparing audit report
• 6.5.2 Distributing audit report
27

28. Audit Process
6.6 Completing the audit
6.7 Conducting audit follow-up
(if specified in the audit plan)
28

29. 29
P. E. R. C.
• Plan
• Execute
• Report
• Close out
Plan
Execute
Report
Close out

30. Identifying Requirements

31. 31
Audit Planning
• From the schedule, audits need to be planned to
ensure that they are carried out effectively making
efficient use of time
• Flexibility should be designed into an audit plan to
ensure audit trails can be followed to ensure
effective depth of the audit

32. Document Review
32

33. 33
Requirements (Criteria)
• Requirements come from
 ISO 9001:2015
 Legislations
 Design documents, codes of practices, guidance documents
 Management priority
 Business requirements
 The documented management system
 Product/service/customer requirements
 Other related standards, e.g., IS standards
 Other requirements, e.g., voluntary commitments
What else ?

34. 34
Audit Planning
• Avoiding problems
 Plan the audit carefully, based on scope and criteria
 Communicate the plan before the audit
 Keep the plan flexible (build in flex)
 Copy in department management
 Ensure importance of audit is understood
 Ensure objective of audit is understood
 Ensure plan is focussed on risk

35. Internal Audit Plan
Purpose of audit.....................................................................................................................
Date of audit:.........................................................................................................................
Department to be audited......................................................................................................
Name of auditor/s: ...............................................................................................................
Criteria of audit.....................................................................................................................
Prepared by auditor...............................................................................................................
35
Duration
(from..to)
Area, Process, Activity to be audited Comments (sup.
To be available)
Name of auditor

36. Group Exercise 1
Make an audit plan for the department and within
allotted time which your group would be auditing
36
30 minutes

37. 37
Checklists
• The output of the plan is preparation of audit
checklists
• Checklists are used
 As a memory aid
 For structure
 As a means of recording findings

38. 38
Checklists
• Checklists can be prepared in a variety of styles
 Bullet points
 List of questions
 List of requirements
 Mind maps/spider diagrams
• Checklists should form a logical flow as an aid to
memory to ensue all important elements are
covered during the audit

39. Work documents example
Requirement Source of
information
Evidence Notes on
how to
follow up
1 ISO 9001
requirement
What to
‘look at’
What to
‘look for’
How to
follow up
2 Process
requirement
3 Other
requirement
4
39

40. 40
Group Exercise: 2
Prepare a checklist for an audit of the department
you have been asked to audit.
Group 1
Group 3
Group 5
Group 2
Group 4
30 minutes

41. The audit evidence triangle
41
Documented information
Human interaction
By observation
Other ways: work place spot sampling, in-process sampling,
simulating a control to verify its reliability, CCTV info, IOT
(if relevant) etc.

42. Audit Evidence
42
Documented info
Observation
Verbal
Objective evidence
- Coming from
outside to person
Subjective
evidence
- Coming from within
or getting modified
with auditor’s past
mental impressions
Interpretated by
auditor’s past
experience
Assumptions
Presumptions
Prejudices

43. 43
Audit Method
Vertical Process
Horizontal
Themed

44. Audit Methodology
44
Presence at site
Auditee
Presence
Auditor at site
Auditee Present with him
Auditor at site
Auditee not present
Auditor not at site
Auditee Present with him
Auditor not at site
Auditee not present

45. 45
Sampling
• Sampling is undertaken as we cannot assess
every aspect of all activities
• Samples are taken from numbers of
 Personnel
 Records, documents
 Plant, equipment
 Areas, locations etc

46. 46
Sampling
• The extent of samples is determined through a
process of identifying
 Risk
 Extent
 Importance
 Findings

47. 47
Audit Trails
• Logical audit trails develop from the responses to
initial ‘trigger’ questions
• Audit trails are the questions auditors ask to
determine
 Conformity
 Effectiveness
 Control
 Competence

48. Collecting and verifying information
Audit conclusion
Reviewing
Audit findings
Evaluating against audit criteria
Verification to ensure true audit evidence
Collection by appropriate sampling
Source of information
48

49. 49
Group Exercise 3
1. What key personal attributes does an auditor
need to conduct an effective audit?
2. What key personal skills does an auditor need?
3. What knowledge does an auditor need to
assess a QMS?
4. How could an auditor develop their level of
competence?
25 minutes

50. Auditors Responsibilities
50
Time keeping
Confidentiality
Objective
and
Ethical
Support
the
audit team
Work
documents
Inform auditee
of audit process
Document and
support findings
Keep auditee
informed
Safeguard
all
documents
Prepare the
audit report

51. Group discussion
• Please go through the Internal Audit procedure of
your site and discuss with other participants on
understanding, agreement or comments if any
51
20 minutes

52. Communicating during Audit

53. 53
Questioning
Some basic points
 Ask the right person
 Recognize the individual
 Understand why you are asking the question
 Ask simple questions
 Give time to answer
 Don’t be judgemental

54. 54
Questioning
Tell the auditee
 What you are going to do
 Why you are there
 What you are asking
 What your findings may be
 And then, what your findings are

55. Type of questions
 Open ended - starting with a ‘who, what, where, when, why, or
how
 Specific
 Leading
 Closed ended
 Hypothetical
 Probing
 Reflective - can I just confirm
 Rhetorical
55

56. 56
Questioning – Funnel Approach
OPEN
CLOSED
Gathering
Probing
Verifying
Finding
Parroting

57. 57
Communication model
• Communication is not simply logical - it is
psychological
• It is what we do to give and get understanding

58. 58
Communication Rules
The sender is
responsible for
accurate
communication
It is not important
what A says, but
what B
understands You cannot not
communicate

59. 59
Keys to active listening
Show open
body language
Use commenting
words/expressions
Keep eye
contact
Use
paraphrasing
……showing you are interested and
want to understand

60. 60
Listening
• Hear – hear the ‘raw’ data
• Listen – focus attention on the speaker
• Understand – assign a meaning
• Evaluate – begin to analyse
• Respond – feedback to auditee

61. 61
Listening
Listen
Understand
Evaluate
Respond
Hear

62. What's your body telling you
62
Body language: The gestures, poses, movements,
and expressions that a person uses to
communicate.
• 7 % VERBAL (Conveyed through words)
• 38 % VOCAL (intonation , pitch, pauses , etc)
• 55 % NON VERBAL (body language)

63. Rubbing Hands
63
Positive
expectation

64. &
Closed Attitude Open Attitude

65. Evaluation
Boredom

66. Improving the personal effect
Specific
Situation
Posture
Expression
Gesture
Appearance
Voice
Eye-Contact
Information
Language
A good rapport can be built through reaction and similarity in:

67. Friendly nature
1. What makes a person most likeable is sincere
interest in others.
2. A warm, genuine smile attracts other to you
3. Be an open up person. People when they are
uncomfortable have a tendency to close off
4. Use your eyes.
5. What your body is projecting
6. Approach others
67

68. Perceptual Positions
The art of seeing events through
the eyes of others
• ‘the way I see it’
• ‘If I were you I would’
• ‘taking into account both views
it seems like this'

69. Overcoming negativeness
• Persist in your positive-ness
• Be strong in your positive-ness
• Assert your positive-ness
• Ask the auditee to consider the positive side of
logic
• Persevere if required
• Never give in
• You would succeed – partially or fully
69

70. How to influence positively
• Bring awareness
• Show an example
• Generate imagination of positive results
• Encourage in right efforts
• Col-laborate
70

71. Group Exercise 4
• Discuss in your group – how one can enhance
auditor’s personal attribute of being diplomatic
• First 3 minutes – think alone
• Next 3 minutes – think 2 together
• Next 9 minutes – think all together
71
15 minutes

72. Managing difficult situations
1. Auditor own HOD does not make him fully free to do
job with focused attention
2. Senior auditee ignore you
3. Frequent interruptions such that auditee is not
available. Time is wasted.
4. Coordinators only answers all the questions
72

73. Managing difficult situations
5. Activity which you wanted to observe is not
happening on the day. Or the person you
wanted to meet is not available that day.
6. Auditor is insulted by group of auditees and
coerced to not write certain findings.
7. Auditees does not accept genuine findings –
opposes
73

74. 74
Opening Meeting
• All audits commence with an opening meeting,
either
 Formal or
 Informal

75. 75
Group Exercise 5
• Conducting the audit
120 minutes

76. Audit Findings and Reporting

77. 77
Audit Findings
• Audit findings can be classified into four main areas
 Positive – areas working well that could be used as best-
practice improvements elsewhere
 Conformity – the process(es) assessed conform(s) to
requirements and is effective
 Nonconformity – there is a deviation from a requirement
 Observation – the process(es) is/are conforming but could
be improved to become more effective

78. 78
Nonconformity
A nonconformity should be
• CLEAR – No ambiguities
• FACTUAL – Based on facts from the audit
• ACCURATE – Include the correct information
• COMPLETE – Including all identifiers/references
A nonconformity needs two elements
• A requirement
• A deficiency

79. 79
NC categorization
Minor
An isolated deviation from requirements(s) not
resulting in a significant impact on the organisation
Major
A deviation from requirement(s) resulting in a
significant impact on the organisation (potential or
actual), or a number of linked minor NCs

80. Audit Scenario
You are auditing the design and development process in an organisation that
designs and manufactures industrial equipment. They are currently dealing with
a serious customer complaint relating to faulty safety mechanisms. They have
sent engineers to this customer to repair some equipment they designed,
manufactured and supplied two years earlier for contract number A123. You find
a recent note on file that states that the engineers are currently having difficulty
in repairing the equipment. They have been issued with the latest drawings for
the equipment (serial number X134, revision 3). The drawings do not contain a
modification to the safety mechanism that was made prior to delivery and
installation of the equipment. You confirm with the Design Manager that revision
3 is the current version of the drawings and that revision 3 does not include the
change to the safety mechanism. You ask the Design Manager why the
modification to safety mechanism was not made to the drawing and he replies
that the change was reviewed and considered to be minor with no impact on the
equipment and it didn’t affect the customer’s contract specification.
80

81. NC Statement
The organization has not adequately conducted a review before
committing to supply products to a customer, to include requirements
not stated by the customer, but necessary for the specified or
intended use, when known.
Evidence - Drawings, X 134 revision 3, supplied with contract A123
and found to the final version, do not show changes to the electronic
safety mechanisms made prior to delivery and installation of the
equipment.
Clause No. 8.2.3.1
81

82. Group Exercise 6
• Delegate to write NC’s, as identified by them
during audit conduct on the NC format
82
30 minutes

83. 83
Closing Meeting
• As with the opening meeting, the closing meeting
can be either informal or formal

84. 84
Reporting
• Audit reports should include
 Summary – objective, scope, criteria, overview
 Findings – positive findings, conformity, NC,
observations
 Action – summary of agreed actions required, including
timescales/responsibilities

85. 85
Corrective Action Plan (CAP)
• Timely and effective action is needed for all
nonconformities
• Actions should be planned by auditee
• Proposed actions should investigate to the root
cause and address the same
• Auditor should approve CAP
• Actions should be implemented by auditee
• Action should be evaluated by auditee
• Action should be verified by auditor

86. Close out of Audit
• A non-conformity can be closed if the corrective
actions planned have been implemented and it is
working effectively.
• Auditor needs to check whether corrective action plan
addresses all the root causes.
• Evidences to be seen for authorization, and
implementation.
• If implantation required changes in documentation
or/and training to concerned persons – these have
been imparted satisfactorily.
86

87. 87
thanks you for your participation
Website: https://ensafetech.in/
Email: ensafetech@gmail.com
Mobile: +91 9871292020, +91 9871191114
Ensafe Technologies
B-503, Palm Court Apartments
Sector 19 B, Plot No. 3, Dwarka
New Delhi – 110075. India