Paul Hardiman and Rob Brown SMMT IF Planning and organising an audit

Objectives How to: –Effectively plan an audit based on organization processes –Best utilize the audit time available –Process what you see during an audit to make decisions –Analyze and synthesize data / metrics –Modify priorities based on situational awareness

Background ISO/TS16949 auditor qualification and development uses six essential auditing criteria, defined in an “auditor competency criteria booklet:

Essential auditing criteria Process Approach Demonstrates priority is given to questioning the organisation’s identification of processes, their sequence and interactions, and performance against the objectives / measures defined, with focus on the processes which directly impact the customer Customer, regulatory, industry requirements Demonstrates that these requirements are integrated into a process based audit. Effectively audit the organisation’s process for gathering, communicating and implementing these requirements.

Essential auditing criteria Prioritisation Demonstrates priority is given to questioning the process objectives and performance, and focus on issues that have the greatest impact on the customer Focus on performance Identifies issues/trails around the organisation’s process for setting objectives/ targets, what plans are in place to ensure targets are met, and corrective action plans where objectives/targets are not being met

Essential auditing criteria Knowledge/Application of AS9100, AS9110 and AS9120 requirements (and associated checklists) Demonstrates knowledge and application of the requirements within a process based audit Analyse and Synthesize data Demonstrates the ability to collect and analyse data, and draw accurate conclusions based upon the data. Synthesize isolated but connected data in order to draw conclusions.

Audit plan outputs: ISO17021 the audit objectives; the audit criteria and reference documents; the audit scope, including identification of the organizational and functional units and processes to be audited; the dates and locations where the on-site audit activities are to be conducted including visits of temporary sites as appropriate; the expected time and duration of on-site audit activities, including meetings with the client’s management and audit team meetings; the roles and responsibilities of the audit team members and accompanying persons; and the allocation of appropriate resources.

Audit plan: ISO17021 The audit plan information may be contained in a single document or in several documents Any objections to the audit plan by the client should be resolved between the certification body, the audit team leader and the client. Any revised audit plan should be agreed among the parties concerned before continuing the audit. PLANNING APPLIES TO ALL TYPES OF AUDITS (Stage 1, stage 2, surveillance and recertification)

ISO17021 Stage 1 Purpose the client’s preparedness for stage 2 audit; gather information to help plan the stage 2 audit establish the sufficiency of the audit program and resources Also can be used to gather knowledge of types of regulatory requirements that apply

ISO17021 Stage 2 Purpose the implementation of the management system; the capability of the management system to be effective in ensuring continual compliance with customer, statutory and regulatory requirements and in meeting its specified objectives; and the extent of conformity of the client’s management system with the requirements of the management system standard within a defined scope.

Planning an effective process based audit What information you would need to gather prior to the audit to help you effectively plan an audit Give examples

Audit planning The audit programme shall be planned taking into consideration: status and importance of the processes and areas to be audited results of previous audits

Process Approach 0.2 Process approach This International Standard promotes the adoption of a process approach when developing, implementing and improving the effectiveness of a quality management system, to enhance customer satisfaction by meeting customer requirements.

INPUT Customer who has a need OUTPUT Customer who has a need met Input Step 1 Step 2 Step 3 Step “N” Output Processes

Plan audit based on processes not departments PLANNING Department prepare medium term plan Set up the production program plan capacities organize planning operation Set up budget SALES Department Visit prospective customers manage orders negotiate contract forecast sales Understand requirements PRODUCTION Department Supply Operator maintenance Manufacture Inspection SHIPPING Department Approve transporters Control delivery quality Organize delivery Manage stock input Negotiate supplier contract GENERAL MANAGEMENT Methods Remote Supporting Function Customer receives product Customer needs product Plan to audit interaction with support processes Design & Development Requirement Definition & Communicate Risk - Determine & Communicate Configuration Control V & V Approach Producibility

Sales Planning Engineering Purchasing Production Inspection Shipping Sales Planning Engineering Purchasing Production Inspection Shipping Customer Organisation Auditing customer- organisation - supplier interactions Suppliers RISK!

Case study “First contact”

Best practice in audit planning

Approach « Top-Down » P D A C PDCA feedback system The «V » cycle and the audit

Strategy Risk analysis Planning the activities Improvement actions Analysis/ review Improvement actions Reporting Collect and analyse Information Operations and recording Top management Process owners Policy Objectives Resources Participants The « V » cycle Top management Process owners Participants

Site Audit

Preparing to audit a process With WHAT? ( EQUIPMENT/ INSTALLATIONS ) With WHO? (TRAINING, KNOWLEDGE, SKILLS) REQUIREMENTS SATISFACTION INPUTOUTPUT PROCESS What Results? (PERFORMANCE INDICATORS) HOW ? ( INSTRUCTIONS, PROCEDURES METHODS ) Customer Who has a Need Customer Who has a Need Met INCLUDING SUPPORT PROCESSES ?

Act Plan Do Check PHILOSOPHY Continual Improvement

The CAPDo approach to auditing C Start with a questions about performance, what is expected, what are the process objectives, what is the actual performance? A How is data being analysed and what improvement actions are being taken? Do Is the process being carried out as planned? Has the quality system been implemented at all levels Select samples based on performance/risk Is the process being carried out as planned? Has the quality system been implemented at all levels Select samples based on performance/risk P How is the control of the process planned within the quality system. How are the controls reviewed when problems are encountered?

With WHAT? ( EQUIPMENT/ INSTALLATIONS ) With WHO? (TRAINING, KNOWLEDGE, SKILLS) REQUIREMENTS SATISFACTION INPUTOUTPUT PROCESS HOW ? ( INSTRUCTIONS, PROCEDURES METHODS ) Customer Who has a Need Customer Who has a Need Met INCLUDING SUPPORT PROCESSES ? Start With Performance

Case study “On-site”

Summary Audit plans should be based on the organisation’s processes Audit plans should consider process sequence and interaction Gather essential information prior to audit Audit plans should be reviewed/updated when changes occur/ are identified Modify priorities based on performance data

Information for audit planning Scope of activities (product range, design responsibility etc) Site details and any remote support functions Site layout Number of employees (by site and remote location)/ audit days Customers Organization’s identified processes Process owners Objectives (Key performance indicators) Current performance data Last external audit findings (if applicable)

Information for audit planning Internal audit findings, and management review results Regulatory/Statutory requirements Significant risks For surveillance and recertification any information on: Organisation changes including organisation structure, new capabilities, staffing levels, customer base changes (aviation, defence, space), and contract volumes Customer Satisfaction/ Perception Status (Returns, Complaints, etc.) New Risks