Introduction The purpose of this session is to: Make audit trainees aware of the need for internal audits Describe the method for internal audits Train employees to become internal auditors Adherence to the following principles are considered to be a prerequisite for ensuring that the conclusions derived from the audit are accurate, objective and sufficient. It also allows auditors working independently from one another to reach similar conclusions when auditing in similar circumstances. The following principles relate to auditors. Ethical conduct; trust, integrity, confidentiality and discretion are essential Fair presentation; audit findings, conclusions and reports should be accurate Due professional care; auditors must exercise care in accordance with the importance of the task they perform. Having the necessary competence is an important factor Independence, auditors must be independent of the activity being audited Evidence-based; evidence must be verifiable and based on samples information
Introduction During this session we will look at: Why we need to perform internal audits What an internal audit is Who needs to be audited When audits are to be performed How to perform an internal audit Adherence to the following principles are considered to be a prerequisite for ensuring that the conclusions derived from the audit are accurate, objective and sufficient. It also allows auditors working independently from one another to reach similar conclusions when auditing in similar circumstances. The following principles relate to auditors. Ethical conduct; trust, integrity, confidentiality and discretion are essential Fair presentation; audit findings, conclusions and reports should be accurate Due professional care; auditors must exercise care in accordance with the importance of the task they perform. Having the necessary competence is an important factor Independence, auditors must be independent of the activity being audited Evidence-based; evidence must be verifiable and based on samples information
Defining the Internal Audit Periodic, independent , documented verification of: Activities Records Processes Performance To ensure the management system conforms to the requirements of ISO 9001. The internal audit is described as a systematic and documented verification process of objectively obtaining and evaluating evidence to determine whether an organization's quality management system conforms to the quality management system audit criteria set by the organization, and for communication of the results of this process to management. ISO 9001:2008 requires that audits are undertaken to ‘determine whether the quality management system conforms to the requirements of ISO 9001:2008 and that the quality management system has been effectively implemented and maintained’. Internal audits are a necessary tool to monitor and maintain the health of management systems. Audits are used to determine the extent management systems conform to requirements and whether they have been effectively implemented and maintained.
Benefits of Auditing Can facilitate continuous improvement Can Identify System Failures Provide feedback to Management regarding efficiency of the Quality System The internal audit is described as a systematic and documented verification process of objectively obtaining and evaluating evidence to determine whether an organization's quality management system conforms to the quality management system audit criteria set by the organization, and for communication of the results of this process to management. ISO 9001:2008 requires that audits are undertaken to ‘determine whether the quality management system conforms to the requirements of ISO 9001:2008 and that the quality management system has been effectively implemented and maintained’. Internal audits are a necessary tool to monitor and maintain the health of management systems. Audits are used to determine the extent management systems conform to requirements and whether they have been effectively implemented and maintained.
Audit Objectives To verify that the quality system: Conforms to ISO 9001 Processes conform to requirements Helps the organization to satisfy its customers To identify weakness in processes To acquire data and information To help make balanced decisions To help make decisions based on fact The internal audit is described as a systematic and documented verification process of objectively obtaining and evaluating evidence to determine whether an organization's quality management system conforms to the quality management system audit criteria set by the organization, and for communication of the results of this process to management. Audit objectives are based on: Management priorities Commercial intentions Management system/statutory/regulatory/contractual requirements Requirement for supplier evaluation Customer requirements Risks to the organization
Audit System Structure The internal audit process covers: Scheduling Planning Execution Reporting Follow-up According to ISO 9001, organizations are required to develop, document, and perform internal audits in line with the organization’s quality system objectives. The audits must be performed by personnel independent of responsibility for the process being audited. Findings reports and Corrective Action Requests must be documented.
Audit System Structure The system combines 3 functions required by ISO 9001: Management Representative schedules audits and maintains the audit system Internal Auditors perform audits and reports findings Management Review Team reviews the audit findings According to ISO 9001, organizations are required to develop, document, and perform internal audits in line with the organization’s quality system objectives. The audits must be performed by personnel independent of responsibility for the process being audited. Findings reports and Corrective Action Requests must be documented.
Audit Requirements Internal audits are required by ISO 9001 Must be conducted by personnel independent of responsibility for process being audited Results must be recorded Must follow organizational objectives Frequency is determined by organizational need To ensure impartiality and objectivity, the audit team must include personnel from departments not directly associated with the area/department being audited. The internal audits are often assigned to the financial manager. However the quality manager, as the management representative, will usually maintain responsibility for the development and implementation of the quality audit activity.
Scheduling Audits All QMS processes are subject to auditing Each process is audited at minimum once in a 12 month period Audit scheduling is performed by the Quality Management Representative The schedule is issued to Auditors & Auditees The audit schedule is a living document and should not be cast in stone, but instead, it should be allowed to evolve organically with the needs of the business. Be sure to communicate the audit schedule and scope to all parties involved as well as to top management as this will help reinforce your mandate.
Audit Scope Full audit of the entire Quality System Partial How many auditors will be needed How will responsibilities be divided Appoint a lead auditor to keep the audit focused Partial Which departments or processes Which clause of the standard
Audit Overview The typical audit cycle will include: Arranging a time and date for the audit A preparation stage Performing the audit on the scheduled date Compilation of the audit report Summary of non-conformance reports Review of any corrective actions proposed Verification of any corrective actions implemented
How Audits are Conducted Upstream starting with the final process and working backward to the beginning Downstream starting with the first process and flowing forward Horizontal across similar processes, e.g. auditing document control across all departments
Performing an Audit Audit arrangement Audit preparation Performance of the audit Compilation of the audit report Non-conformances and observations Minor/Major non-conformances Observations (opportunities for improvement) Maintain control As the auditor, you are in control of everything that happens You are in control of who you speak to, the records you look at, and how much time to spend Don’t resolve problems during the audit, suggestions for improvement may be made after the audit is completed Be aware of your body language, the interviewee’s body language, and what is around you (much of the information comes from what is going on around you and not from what is heard) Ask good questions Ask open-ended questions to get more information Avoid using rhetorical questions, assumptive questions, or leading questions as much as possible Try using hypothetical questions These types of questions can make the interviewee more comfortable and can lead to discussions During the interview Minimize note taking – if a note is needed, write down a key word during the interview and fill in the rest after the interview Don’t jump to conclusions – verify what you understood by repeating what you heard back to the interviewee Get the information and get out of the area as quickly as possible so as to disrupt the normal activity as little as possible Avoid trying to understand the process – the auditor is there to make sure the interviewee understands the process Record observations Write down observations as clearly as possible while also keeping it brief Make sure to state the paragraph of the associated ISO standard next to the observation Follow up Nothing will change if the audit is done but no follow up happens. Management must be held accountable and need to be followed up with to make sure corrective action has been taken. Make the audit a learning experience for everyone involved.
Steps to a Successful Audit Review results of previous audits Determine priorities Develop the checklist Perform the audit Record findings Follow-up Review of corrective actions Verification of non-conformances
Develop the Audit Checklist Become familiar with: The processes being audited Documentation to be audited Make notes of possible questions List items to look for and observe Note the clause being checked Leave space to record observations The audit checklist is just one of the many tools which are available from the auditor’s toolbox that help ensure the audit addresses the necessary requirements. It stands as a reference point before, during and after the audit process and if developed for a specific audit and used correctly will provide the following benefits: • Ensures the audit is conducted systematically • Ensures a consistent audit approach • Serves as an aide memoire to reference objective evidence • Provides a repository for notes collected during the audit process • Ensures uniformity in the performance of different auditors
Audit Questions Use open questions to ensure you get full answers: What are outputs does this process create? How do you know which document to use? Who is responsible for this process? When something goes wrong, what do you do? Where do you find work instructions and procedures? Open questions keep the auditee talking Avoid questions that illicit a ‘yes’ or ‘no’ response. These basic audit questions will help guide the audit in the right direction since the answers they provide often unlock the doors to information the auditor requires in order to accurately assess the particulars of a process. Audits are not designed to: Catch people out Make your job difficult Assign blame for problems If we DO what we say we are GOING to do, the audit is not a problem! Finally, quality management system audits are not surprise audits! They are planned and everyone should know when they happen and what processes or departments will be audited. There should be no surprises, as this tends to foster mistrust towards the audit process, and a feeling of ‘them versus us’.
Recording Observations Record location of observation List the names of interviewees and their position Notes on non-conformances should be short to the point thorough
Non-conformances Issue a Corrective Action Request Make sure it is thorough Note process ownership Note the paragraph of the standard that has been violated State requirements of resolutions
Reporting to Management Reports must be thorough and specific objective evidence based reviewed by management
Summary Audits are important because they: Provide transparency Give a means for continual improvement Prove that standards are being followed Promote effective control Increase efficiency
End of Presentation Thank you for your time.