This document provides an introduction to quality management system audits. It defines an audit as a systematic, independent and documented process for evaluating evidence objectively to determine if audit criteria are fulfilled. Audits are required by ISO 9001:2008 and help monitor/measure the management system, identify improvement opportunities, and promote continuous improvement. The benefits of auditing include increased awareness, reduced risk of failure, and achievement of planned results. The document then describes the types of audits, principles for auditors and audits, the PDCA methodology, elements of quality management system audits, typical audit activities from initiation to follow up, and techniques for collecting evidence and generating findings.

1. IMTIAZ UR REHMAN
17.06.2015
QUALITY
MANAGEMENT SYSTEM
AUDIT -INTRODUCTION

2. Presenter’s Name
01.01.15
Auditing
What is an audit?
Systematic, independent and documented process for obtaining
evidence and evaluating it objectively to determine the extent to
which audit criteria are fulfilled
Why audit?
Requirement of ISO 9001:2008
Monitor and measure the management system
Measurement for adequacy / gap
Measurement for performance
Promote continuous improvement of the management system

3. Principles relating to auditors:
Ethical conduct
Fair presentation
Due professional care
Principles relating to audit:
Independence
Evidence-based approach

4. •Identifies improvement
opportunities
•Continuous improvement
if performed regularly
•achieves planned results
and yields continual
improvement of
processes.
Verifies conformity to
requirements
Provides a
measurement of
effectiveness of the
management system to
top management
BENEFITS OF AUDITING
Increases awareness
and understanding
Reduces risk of
management system
failure

6. Types of Audits
 Registration / Certification: The initial audit to get an
organization's system certified
 Surveillance : ongoing periodic review of an organization's
quality management system, by a third party registrar
 Product: often referred to as a quality audit -- is an inspection
of a final product before delivering it to a supplier or a customer
• Customer contract Audit: ensures that the agreement is being
executed in accordance with the intent of all parties to the
contract
 Gap assessment / Pre-assessment: comparison of actual
performance with potential or desired performance
 Combined audit / joint audit: of a firm/country by two different
entities simultaneously having some common interests.

7. Your
Process
Act
DoPlan
Check
PDCA (Plan-Do-Check-Act)
Continual
Improvement
The Plan-do-Check-Act (PDCA) methodology applies
to all processes
• Deploy and conform with plan
• Activities
• Controls
• Documentation
• Resources
• Objectives
• Analyze/review
• Decide/change
• Improve effectiveness
• Measure
and monitor for
conformity and
effectiveness

8. Process Auditing “Turtle Diagram”
With what?
Resources With who?
Personnel
What results?
Performance
indicators
Outputs
To
Whom/
Where
Inputs
From
Whom/
Where
How done?
Methods/
Documentation
Process
(specific value-added
activities)

9. Process Auditing Example
With what?
• Order processing
system
With who?
• Customers
• Competent sales and
processing staff
What results?
• Order processing
time
• Number or orders
• Value of orders
• Contract accuracy
Outputs
Production/Service
Delivery
Inputs
• Customer
requirements
• Sales staff
How done?
• IT system
• Processing system
• Terms and conditions
• Contract review procedure
Contract
Review

10. Elements of Quality Management System Audit

11. Typical Audit Activities

12. Typical Audit Activities
1
2
4
Initiating the Audit
3
Conducting Document Review
Preparing for On-site Activities
Conducting for On-site Activities

13. Typical Audit Activities
5
6
8
Preparing & Reviewing Audit Report
7
Distributing Audit Report
Corrective Actions Report
Conducting Audit Follow-up

14. Initiating the audit includes:
Appointing the audit team leader
Defining audit objectives, scope, criteria
Determining feasibility of the audit
Selecting the audit team
Establishing initial contact with the auditee
8.2.2

15. Selecting the Audit Team
For Team size and competence, consider:
Audit objectives, scope, criteria, and duration
Whether audit is combined or joint
Competence of team to meet objectives
Statutory, regulatory, contractual and
accreditation/certification requirements
Independence of the team

16. Personal
Attributes
Ethical
Diplomatic
Open-
minded
Auditor Competence
Personal Attributes
Observant
Perceptive
Versatile
Determined
Decisive
Self-reliant

17. A review of documentation includes:
Should be conducted prior to on-site audit activities unless deferring
review is not detrimental to the effectiveness of the audit
May include relevant QMS documents, records, and previous audit
reports
May include a preliminary site visit
4.2.3

18. One Approach is to:
oIdentify audit scope and process(es) within scope
oIdentify applicable factors (inputs, outputs, measures,
resources, etc.)
oUse these points and other requirements
(ISO 9001-2008, system documentation, etc.) to:
Plan what to look at
Plan what to look for (audit evidence)
• Prepare checklist

19. Audit checklist structure:
Process/Activity Audited:
Requirement Source Evidence Notes
ISO 9001:2008
Clause # or other
requirement
What to
“look at”
What to
“look for”
Notes

20. Conduct opening meeting
Communicate during the audit
Explain roles and responsibilities of participants
Collect and verify information
Generate audit findings
Prepare audit conclusions
Conduct closing meeting

21. Opening Meeting
Hold opening meeting with auditee top management and
those responsible for processes audited
Meeting may be informal
Chaired by team leader
Audit team present
Purpose is to confirm all prior arrangements

22. Review
Sources of
information
Collect by
appropriate
sampling &
verification
Evaluate against
audit criteria
Collecting and Verifying Information
Audit Conclusions

23. Auditing Process
 Collect information relevant to:
 Audit objectives, scope, and criteria
 interfaces between functions, activities and processes
 Collect audit evidence by appropriate sampling and verify and record
it
 Be aware on sampling limitations, if acting on the audit conclusion
 Use only information that is verifiable as audit evidence
 Interview:
 Personnel that manage, perform, and verify activities
 Also ensure they are responsible for the activity being audited
 Listen carefully to responses
 Observe:
 Identity, status, condition, processes, equipment, activities,
environment, and people
Auditing Techniques

24. During Interview……..
 Show interest
 Be tactful and polite
 Show patience and understanding
 Remember to say please and thank you
 Ask the right person
 Don`t say you understand when you do not
 Put auditee at ease
 Ask short questions and listen
 Reflect right attitude, tone of voice, body
language, and facial expressions
 Smile and show eye contact
 Avoid interruptions
 Avoid insulting and arrogant remarks
 Give praise when appropriate
Empower Teams
Respect Individuals
Maintain Agility
Own Decisions
Maintain Agility
Enjoy Work

25. Questioning Techniques
Open question
Using why, who, what, where, when, or how gets more than a yes
or no answer
Expansive question
Further elaborates the current point
Opinion question
Asks opinion about current point
Non-verbal
Uses body language, for example: raise eye-brow to elicit further
information
AVOID (or minimum)
 Repetitive question
 Repeats back response in form of a question
 Hypothetical question
 Uses what if, suppose that, etc.
 Closed questions as they draw answers in yes or no

26. • Audit focus must be on conformity and effectiveness, NOT
on finding nonconformities
• The auditee must be given the benefit of any doubt where
there is insufficient audit evidence
• Evaluate audit evidence against audit criteria to generate
audit findings
• Indicate if findings are conformities, nonconformities or
opportunities for improvement
• Meet (audit team) to review findings
• Specify (with supporting evidence) or summarize conformity
by location, function, or processes, as required by audit plan

27. Nonconformity
 Non-fulfillment of a specified requirement:
 Not doing it
 Partially doing it
 Doing it the wrong way
 Specified requirement:
 Conditions of the customer contract
 Quality standard (ISO 9001:2008)
 Quality management system
 Statutory or regulatory requirements
Nonconformity (Minor)
Failure to comply with a requirement which (based on judgment
and experience) is not likely to result in QMS failure
Examples:
A two month lapse in the internal audit program
A training record not available
No actions taken to improve system based on previous
result findings

28. • Issue within agreed time period
• If delayed, provide reasons and agree on new issue date
• Report must be dated, reviewed, and approved as per
procedures
• Distribute to recipients designated by audit client
• Report is property of audit client
• Recipients and audit team must respect the confidentiality
of the report
• Maintain confidentiality of audit documents, information,
and report
• Notify audit client and auditee ASAP if disclosure of audit
information is required

29. 1. Audit conclusions may require corrective, preventive, or
improvement actions
2. Auditee receives the nonconformity report
3. Auditee decides and carries out these actions within
agreed timeframe
4. Auditee prepares a corrective action plan
5. Auditee submits the plan to auditors
6. Auditors evaluate and approve the plan
7. Auditee implements the approved corrective action plan

30. 1. Auditor verifies the implementation and effectiveness
2. Audit team number should verify completion and
effectiveness of actions taken
3. This verification may be part of a subsequent audit
4. Records of all actions taken by auditor and auditee

31. Questions?

32. Thank you