The document provides information on conducting internal audits, including: 1) It discusses auditor competence and responsibilities, such as being objective, ethical, and maintaining confidentiality. 2) It explains how to manage an audit program, including establishing objectives and procedures, scheduling audits, and maintaining records. 3) It describes the audit process, from planning and document review, to conducting on-site activities like interviews and observations, and preparing the audit report.

1. The British Standards Institutionraising standards worldwide TMIssue 1 December, 2008 QMS-030-01-EN-GX © 2008 BSI Management Systems

2. ISO Internal Auditor Compliance ManagementPrepared &Presented by Yamin K Hajeej

3. 15Introduction to AuditingAuditor Competence and Responsibilities2364Table of ContentThe Process Approach and Process AuditingManaging an Audit ProgramAudit ActivitiesConclusion

4. Introduction toAuditing

5. AuditingWhat is an audit?Systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled (ISO19011: 2002 clause 3.1)Why audit?Requirement of ISO 9001:2008

6. Monitor and measure the management system

7. Promote continuous improvement of the management systemPrinciples of Auditing4.0Principles relating to auditors:Ethical conduct

8. Fair presentation

9. Due professional carePrinciples relating to audit:Independence

10. Evidence-based approachNote: reference toISO 19011:2002Clause number

11. Benefits of AuditingVerifies conformity to requirementsIncreases awareness and understandingProvides a measurement of effectiveness of the management system to top managementReduces risk of management system failureIdentifies improvement opportunitiesContinuous improvement if performed regularly

12. Types of AuditRegistration / CertificationProductCustomer contractGap assessment / Pre-assessmentSurveillanceCombined audit / joint audit

13. The Process Approach and Process Auditing

14. Process ApproachThe process approach emphasize the importance of:Understanding and meeting requirementsLooking at processes in terms of added valueObtaining results of process performanceContinual improvement of process

15. PlanYourProcessActDoCheckPDCA (Plan-Do-Check-Act)The Plan-do-Check-Act (PDCA) methodology applies to all processesDeploy and conform with plan

16. Activities

17. Controls

18. Documentation

19. Resources

20. ObjectivesContinualImprovementAnalyze/review

21. Decide/change

22. Improve effectiveness

23. Measure and monitor for conformity and effectivenessManagement System Standards and the Process ApproachISO 9001:2008:Is based upon the PDCA cycle which can be applied to processes

24. Applies the PDCA cycle to implementing, operating, monitoring, exercising, maintaining and improving the effectiveness of a QMSISO 19011:2002 does not explicitly mention process audits, but is written for application to all management system audits

25. Applying the Process Approach to AuditingAuditors can apply the process approach to auditing by ensuring the auditee:Can define the objectives, inputs, outputs, activities, and resources for its processesAnalyzes, monitors, measures, and improves its processesUnderstands the sequence and interaction of its processes

26. Process Auditing ApproachesIndividual Process:Input / Output / Value-added ActivityPlan-Do-Check-ActResourcesRelationship with other processes:Flow / Sequence / Linkage / CombinationInteraction / CommunicationEvidenceCustomer and supplier contract(s)

27. Process Auditing “Turtle Diagram”With what?ResourcesWith who?PersonnelInputsFrom Whom/WhereOutputsToWhom/WhereProcess(specific value-added activities)What results?PerformanceindicatorsHow done?Methods/Documentation

28. Process Auditing ExampleWith what?Order processing systemWith who?Customers

29. Competent sales and processing staffInputsCustomer requirementsSales staffOutputsProduction/Service DeliveryContractReviewWhat results?Order processing timeNumber or orders

30. Value of orders

31. Contract accuracyHow done?IT system

32. Processing system

33. Terms and conditions

34. Contract review procedureManaging an Audit Program

35. Managing an Audit Program Process Flow5.1PLANDOCHECKACTAUTHORIZEMONITOR &REVIEWESTABLISHIMPLEMENTIMPROVE SCHEDULE AUDITS

36. EVALUATE

37. AUDITORS

38. SELECT TEAMS

39. DIRECT ACTIVITIES

40. MAINTAIN RECORDS

41. OBJECTIVES

42. EXTENT

43. ROLES

44. RESOURCES

45. PROCEDURES

46. MONITOR

47. REVIEW

48. IDENTIFY NEED FOR CA/PA IDENTIFY OPPORTUNITIES TO IMPROVEAUDITORCOMPETENCE& EVALUZATIONSPECIFIC AUDITACTIVITIES

49. Audit Activities

50. Typical Audit Activities6.1Initialing the AuditPLANConducting Document ReviewPreparing for On-site ActivitiesConducting for On-site ActivitiesDOPreparing, Approving, Distributing Audit ReportCompleting the AuditCHECKConducting Audit Follow-upACT

51. Audit ProgramTop management should authorize responsibility for program management to:Establish, implement, review, and improve the audit program

52. Identify the necessary resources and ensure they are provided

53. Organization should develop audit program processes

54. Program should be managed by a member of the organization

55. Keep appropriate audit records to monitor and review the audit programAudit Program ResponsibilitiesTop management should authorize responsibility for program managementThose assigned responsibility should:Establish, implement, review, and improve the audit program

56. Identify the necessary resources and ensure they are providedInitiating the Audit6.2Initiating the audit includes:Appointing the audit team leaderDefining audit objectives, scope, criteriaDetermining feasibility of the auditSelecting the audit teamEstablishing initial contact with the auditee

57. Defining Audit Objectives, Scope, Criteria6.2.2Audit Objectives may include:Determining of the extent of conformity of auditee`s QMS with audit criteriaEvaluation of capability of QMS to ensure compliance with statutory, regulatory, and contractual requirementsEvaluation of effectiveness of the QMS to meet its objectivesIdentification of areas of improvement

58. Selecting the Audit Team6.2.4For Team size and competence, consider:Audit objectives, scope, criteria, and durationWhether audit is combined or jointCompetence of team to meet objectivesStatutory, regulatory, contractual and accreditation/certification requirementsIndependence of the team

59. Auditor Competence and Responsibilities

60. Auditor Competence7.1Auditor competence is based on:Personal attributes

61. Application of knowledge and skillsCompetence is to be developed, maintained, and improved

62. PersonalAttributesOpen-mindedDecisivePerceptiveEthicalObservantDiplomaticVersatileTenaciousSelf-reliantAuditor CompetencePersonal Attributes7.2

63. Auditor CompetenceGeneric Knowledge and skills7.3.1Auditor skills and competence could include:Audit principles, procedures, and techniquesManagement system and reference documentsOrganizational situationsLaws, regulations, and other requirements

64. Auditor CompetenceSpecific Knowledge and skills7.3.3Specific knowledge and skills for quality auditors could include:Quality methods and techniquesQuality terminologyQuality management tools and their applicationProcesses and products/services specific to the sector being audited

65. Auditor ResponsibilitiesArrive on timeMaintain confidentialityBe objective and ethicalSupport the audit team and team leaderPlan and prepare work documentsInform auditees of the audit processDocument and support all findingsKeep auditee informedSafeguard all documentsPrepare the audit report

66. Audit Activities(Continued)

67. Audit PlanningDetermine the objective of the auditIdentify specified requirementsDetermine audit duration and resources neededSelect the teamContact the auditee – agree the date(s)Draw up audit planBrief the teamPrepare work documents

68. Conducting Document Review6.3A review of documentation:Should be conducted prior to on-site audit activities unless deferring review is not detrimental to the effectiveness of the auditMay include relevant QMS documents, records, and previous audit reportsMay include a preliminary site visit

69. Prepare Work DocumentsPrepare work documentsUse as a reference and for recording audit proceedingsInclude checklists, sampling plans and forms, ISO 9001:2008 standard, etc.Keep checklists flexible to allow changes resulting from information collected during the auditSafeguard any confidential and proprietary informationRetain work documents and records

70. Checklists PreparationOne Approach is to:Identify audit scope and process(es) within scopeIdentify applicable factors (inputs, outputs, measures, resources, etc.)Use these points and other requirements (ISO 9001-2008, system documentation, etc.) to:Plan what to look at

71. Plan what to look for (audit evidence) Prepare checklist

72. Checklists StructureAudit checklist structure:

73. Conduct on-Site Audit Activities6.5Conduct opening meetingCommunicate during the auditExplain roles and responsibilities of participantsCollect and verify informationGenerate audit findingsPrepare audit conclusionsConduct closing meeting

74. Opening Meeting6.5.1Hold opening meeting with auditee top management and those responsible for processes auditedMeeting may be informalChaired by team leaderAudit team presentPurpose is to confirm all prior arrangements