RMC Auditor Workshop Charleston, SC - 22-23 July 2015 Registration Management Committee Company Confidential RMC Auditor Workshop Charleston, SC - 22-23.

Slides:



Advertisements
Similar presentations
ISO/IEC 17021:2011 Audit Process
Advertisements

Module N° 4 – ICAO SSP framework
Company Confidential Registration Management Committee (RMC) :2009 Revision Workshop Tony Marino The Boeing Company Other Party (OP) Assessor Workshop.
ISO 9001:2000 Documentation Requirements
Ensuring Better Services and Fair Value “Introduction and roadmap to implementation of ISO in Zambia’s water utilities” Kasenga Hara March 2015.
Environmental Management System (EMS)
Chapter 7: Key Process Areas for Level 2: Repeatable - Arvind Kabir Yateesh.
Company Confidential Registration Management Committee (RMC) Other Party (OP) Assessor Workshop San Diego, CA January 20, AS9104/2 Oversight Process.
Company Confidential Registration Management Committee (RMC) 1 Auditing Customer Requirements Atlanta, Georgia July 22-23, 2010 Roger Ritterbeck, QMI-SAI.
Corrective & Preventive Action Programme l Corrective and preventive action managed by one programme l Closely linked to the internal audit programme l.
Quality evaluation and improvement for Internal Audit
Purpose of the Standards
AUDITS AND INSPECTIONS
RC14001 ® Update GPCA Responsible Care Committee September 23, 2013.
Prepared by Long Island Quality Associates, Inc. ISO 9001:2000 Documentation Requirements Based on ISO/TC 176/SC 2 March 2001.
TS16949 requirements Subjects –Audit planning –Recertification audit requirements –Auditing Remote supporting functions.
FPSC Safety, LLC ISO AUDIT.
ASPEC Internal Auditor Training Version
Registration Management Committee Body of Knowledge (BoK) for Other Party (OP) Assessors David Day GE Aviation.
ISO 9000 Certification ISO 9001 and ISO
Quality Representative Training Version
4. Quality Management System (QMS)
TC176/IAF ISO 9001:2000 Auditing Practices Group.
4. Quality Management System (QMS)
CPA is a UKAS company The Assessment Process 2014 Seminars.
Company Confidential Registration Management Committee (RMC) 1 CB and Auditor Performance Expectations Boston, MA July 22, 2011 R. Darrell Taylor Raytheon.
Internal Auditing and Outsourcing
The OP Assessor Process
ISO 9001:2015 Revision overview December 2013
ISO 9001:2015 Revision overview - General users
ISO STANDARDS TRAINING & CONSULTING
Company Confidential Registration Management Committee 1 AS9104/1 Certification Structures - Client and CB Agreement July 17, 2014 Tim Lee Chair - IAQG.
Introduction to ISO New and modified requirements.
IAQG OPMT OP Assessor Training SMS, CBMC and OASIS Oversight Assessment February 2015 Module 16.
ISO 14001:2004, Environmental Management System
Visit us at E mail: Tele:
Lecture #9 Project Quality Management Quality Processes- Quality Assurance and Quality Control Ghazala Amin.
Company Confidential Improvement Opportunities for Audit Reporting Tony Marino and Rick Downs July 19-20, 2012 Registration Management Committee RMC Workshop.
Company Confidential Registration Management Committee (RMC) & Auditor Workshop 11 ‘Top Ten’ Things Auditors Should Know About 9104/1 OP Assessor Workshop.
ISO 9001: 2000 Certified Audit Process What to do.
Company Confidential Registration Management Committee 1 Completing Independent Assessments Robert Flaharty & John Horan January 17, 2013 OP Assessor Workshop.
Company Confidential Registration Management Committee 1 Industry Controlled Other Party (ICOP) Oversight Market Surveillance AS9104/2A Supplemental Oversight.
ISO 9001:2008 to ISO 9001:2015 Summary of Changes
Paul Hardiman and Rob Brown SMMT IF Planning and organising an audit.
Company Confidential Registration Management Committee (RMC) AS9104/2A Presentation San Diego, CA January 17, 2013 Tim Lee The Boeing Company 1 Other Party.
Other Party Management Team (OPMT) Status Briefing Americas Aerospace Quality Group (AAQG) Registration Management Committee (RMC) Tim Lee – Chair The.
Company Confidential Registration Management Committee RMC Auditor Workshop Charleston, SC July Supplemental Oversight AS9104/2A & Special.
Company Confidential Registration Management Committee RMC Auditor Workshop Charleston, SC July 2015 The OASIS Feedback Process Empowering Communication.
Hosted by AAQG RMC Certification Structures Impacts to Auditors Impacts to Stakeholders Transition.
1 ISO/PC 283/N 197 ISO Current status of development November 2015.
Company Confidential 1 AAQG RMC 9101:2009 Revision Workshop Prepared by IAQG 9101 Team 19 July, 2010 Atlanta Ga. “It’s All About Performing” Quality Management.
The common structure and ISO 9001:2015 additions
Company Confidential Registration Management Committee 1 AS9104/1 Certification Structures July 22, 2015 Tim Lee Chair - IAQG OPMT The Boeing Company RMC.
Internal Auditing ISO 9001:2015
TOTAL QUALITY MANAGEMENT
Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.
Company LOGO. Company LOGO PE, PMP, PgMP, PME, MCT, PRINCE2 Practitioner.
TC176/IAF ISO 9001:2000 Auditing Practices Group.
WORKSHOP ON ACCREDITATION OF BODIES CERTIFYING MEDICAL DEVICES INT MARKET TOPIC 9 CH 8 ISO MEASUREMENT, ANALYSIS AND IMPROVEMENT INTERNAL AUDITS.
Organizations of all types and sizes face a range of risks that can affect the achievement of their objectives. Organization's activities Strategic initiatives.
Harmonised use of accreditation for assessing the competence of various Conformity Assessment Bodies Dr Andreas Steinhorst, EA ERA workshop 13 April 2016,
WORKSHOP ON ACCREDITATION OF BODIES CERTIFYING MEDICAL DEVICES INT MARKET TOPIC 6 CH 5 ISO MANAGEMENT RESPONSIBILITY Philippe Bauwin Medical.
Convener – Wendy da Cruz SAATCA 13 th International Auditor Convention Global Methodologies and Tools.
AUDIT STAFF TRAINING WORKSHOP 13 TH – 14 TH NOVEMBER 2014, HILTON HOTEL NAIROBI AUDIT PLANNING 1.
Software Quality Control and Quality Assurance: Introduction
ISO/IEC
Auditor Training Module 1 – Audit Concepts and Definitions
ISO 9001:2015 Auditor / Registration Decision Lessons Learned
How to conduct Effective Stage-1 Audit
ACCREDITATION PROCESS
Presentation transcript:

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee Company Confidential RMC Auditor Workshop Charleston, SC July 2015 Effective Audit Planning Using Available Data/Risks Charlestown, SC July 22 and 23, 2015 Jim Collins Plexus International 1

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee Effective Audit Planning Using Available Data/Risks Audit Planning extracts are provided in this presentation for reference. Most of this material will be touched on very lightly Our FOCUS today will be on the used of data and risks as a way to “bias your sample” for audit planning. 2

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee AUDIT PLAN How do I prepare an effective Audit Plan?

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee 9101E Extract 4.2 Common Audit Activities Audit planning, on-site auditing, and audit reporting are common activities linked with Stage 1, Stage 2, surveillance, recertification, and special audits. Nonconformity management is common for Stage 2, surveillance, and recertification audits… 4 This discussion today will primarily consider audit planning appropriate for Stage 2, surveillance, and recertification audits.

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee 5 FIGURE 1 – OVERVIEW OF AUDIT PROCESS FLOW (see ISO/IEC – Figure E.1)

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee 6

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee 9101E Extract Audit Planning The requirements of ISO/IEC clauses thru apply. In addition, the audit plan shall be based on the processes defined by the organization and documented in the QMS Process Matrix Report (see Form 2). The audit team leader shall use the organization's customer feedback requests, including those received through the OASIS database (see 9104/1 clause 14.2), to assist with audit planning for surveillance and recertification audits. The audit activities shall be prioritized based upon performance data for business risks that could impact the customer (i.e., customer concerns, customer special statuses) and on processes that are not achieving planned results.

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee ISO/IEC 17021:2011: Audit plan General The certification body shall ensure that an audit plan is established for each audit identified in the audit programme to provide the basis for agreement regarding the conduct and scheduling of the audit activities. This audit plan shall be based on documented requirements of the certification body Determining audit objectives, scope and criteria The audit objectives shall be determined by the certification body. The audit scope and criteria, including any changes, shall be established by the certification body after discussion with the client. 8

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee The audit objectives shall describe what is to be accomplished by the audit and shall include the following: a) determination of the conformity of the client's management system, or parts of it, with audit criteria; b) evaluation of the ability of the management system to ensure the client organization meets applicable statutory, regulatory and contractual requirements; NOTE A management system certification audit is not a legal compliance audit. c) evaluation of the effectiveness of the management system to ensure the client organization is continually meeting its specified objectives; d) as applicable, identification of areas for potential improvement of the management system. 9

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee The audit scope shall describe the extent and boundaries of the audit, such as physical locations, organizational units, activities and processes to be audited. Where the initial or re-certification process consists of more than one audit (e.g. covering different locations), the scope of an individual audit may not cover the full certification scope, but the totality of audits shall be consistent with the scope in the certification document. NOTE Annex F lists additional items that can be considered when preparing or revising the audit scope The audit criteria shall be used as a reference against which conformity is determined, and shall include: the requirements of a defined normative document on management systems; the defined processes and documentation of the management system developed by the client. 10

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee Preparing the audit plan The audit plan shall be appropriate to the objectives and the scope of the audit. The audit plan shall at least include or refer to the following: a) the audit objectives; b) the audit criteria; c) the audit scope, including identification of the organizational and functional units or processes to be audited; d) the dates and sites where the on-site audit activities are to be conducted, including visits to temporary sites, as appropriate; e) the expected time and duration of on-site audit activities; f) the roles and responsibilities of the audit team members and accompanying persons. NOTE 1 The audit plan information can be contained in more than one document. NOTE 2 Annex F lists additional items that can be considered when preparing or revising the audit plan. 11

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee Audit team selection and assignments The certification body shall have a process for selecting and appointing the audit team, including the audit team leader, taking into account the competence needed to achieve the objectives of the audit. If there is only one auditor, the auditor shall have the competence to perform the duties of an audit team leader applicable for that audit In deciding the size and composition of the audit team, consideration shall be given to the following: a) audit objectives, scope, criteria and estimated time of the audit; b) whether the audit is a combined, integrated or joint audit; c) the overall competence of the audit team needed to achieve the objectives of the audit; d) certification requirements (including any applicable statutory, regulatory or contractual requirements); e) language and culture; f) whether the members of the audit team have previously audited the client's management system. 12

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee The necessary knowledge and skills of the audit team leader and auditors may be supplemented by technical experts, translators and interpreters who shall operate under the direction of an auditor. Where translators or interpreters are used, they are to be selected such that they do not unduly influence the audit. NOTE The criteria for the selection of technical experts are determined on a case-by-case basis by the needs of the audit team and the scope of the audit Auditors-in-training may be included in the audit team as participants, provided an auditor is appointed as an evaluator. The evaluator shall be competent to take over the duties and have final responsibility for the activities and findings of the auditor-in-training The audit team leader, in consultation with the audit team, shall assign to each team member responsibility for auditing specific processes, functions, sites, areas or activities. Such assignments shall take into account the need for competence, and the effective and efficient use of the audit team, as well as different roles and responsibilities of auditors, auditors-in-training and technical experts. Changes to the work assignments may be made as the audit progresses to ensure achievement of the audit objectives. 13

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee Determining audit time The certification body shall have documented procedures for determining audit time, and for each client the certification body shall determine the time needed to plan and accomplish a complete and effective audit of the client's management system. The audit time determined by the certification body, and the justification for the determination, shall be recorded. In determining the audit time, the certification body shall consider, among other things, the following aspects: a) the requirements of the relevant management system standard; b) size and complexity; c) technological and regulatory context; d) any outsourcing of any activities included in the scope of the management system; e) the results of any prior audits; f) number of sites and multi-site considerations; g) the risks associated with the products, processes or activities of the organization; h) when audits are combined, joint or integrated. Where specific criteria have been established for a specific certification scheme, e.g. ISOTTS or ISO/IEC 27006, these shall be applied. 14

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee The time spent by any team member that is not assigned as an auditor (i.e. technical experts, translators, interpreters, observers and auditors-in-training) shall not count in the above established audit time. NOTE The use of translators, interpreters can necessitate additional audit time Multi-site sampling Where multi-site sampling is utilized for the audit of a client's management system covering the same activity in various locations, the certification body shall develop a sampling programme to ensure proper audit of the management system, The rationale for the sampling plan shall be documented for each client. 15

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee Communication of audit team tasks The tasks given to the audit team shall be defined and shall be made known to the client organization, and shall require the audit team to a) examine and verify the structure, policies, processes, procedures, records and related documents of the client organization relevant to the management system, b) determine that these meet all the requirements relevant to the intended scope of certification, c) determine that the processes and procedures are established, implemented and maintained effectively, to provide a basis for confidence in the client's management system, and d) communicate to the client, for its action, any inconsistencies between the client's policy, objectives and targets (consistent with the expectations in the relevant management system standard or other normative document) and the results. 16

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee Communication concerning audit team members The certification body shall provide the name of and, when requested, make available background information on each member of the audit team, with sufficient time for the client organization to object to the appointment of any particular auditor or technical expert and for the certification body to reconstitute the team in response to any valid objection Communication of audit plan The audit plan shall be communicated and the dates of the audit shall be agreed upon, in advance, with the client organization. 17

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee 9101E Extract Audit Planning (continued) Audit planning shall take into account: a. the sequence and interactions of the organization's processes; b. the criticality of products and processes, including special processes; c. the risks associated with product or process maturity (e.g., new product introduction, new process equipment or facilities); d. product related safety issues (e.g., airworthiness issues, reporting to customer and/or authorities); e. results of internal audits; f. previous audit findings (e.g., CBs, customers, regulatory authorities) g. performance measures and trends for quality and OTD (e.g., KPIs, scorecards, dashboards)

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee 9101E Extract Audit Planning (continued) Audit planning shall take into account (continued): h. previous management review results; i. customer requirements; j. statutory/regulatory requirements; k. customer satisfaction/performance data; l. certification structure [i.e., single site, multiple site, campus, several sites, complex organization (see 9104/1)]; m. integrated and/or combined audits (see 9104/1 clause 8.2.3); n. use of Advanced Surveillance and Recertification Procedures (ASRP) (see 9104/1 clause 8.9); o. use of CAAT (see 9104/1 clause 8.10); and p. the proportion of aviation, space, and defense business each customer represents.

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee 9101E Extract Audit Planning (continued) NOTE: The audit team leader should ensure that the amount of audit time planned on auditing any one customer’s specific QMS requirements is consistent (approximately) with the proportion of aviation, space, and defense business each customer represents (e.g., if customer X has 20% of the business, the audit team should not spend 80% of their time verifying customer X's specific QMS requirements).

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee 9101E Extract Audit Planning (continued) The audit team leader shall use the organization’s customer feedback requests, including those received through OASIS, to assist with audit planning for surveillance and recertification audits. The audit activities shall be prioritized based upon performance data for business risks that can impact the customer (i.e., customer concerns, customer special statuses) and on low performing processes. 21

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee 22

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee An audit plan, at least, should include (17021)... the audit objectives, the audit scope, including processes and organizational and functional units, the audit criteria and any reference documents, the locations, dates, expected times and duration of audit activities, the audit methods to be used, the roles and responsibilities of the audit team members, as well as guides and observers the allocation of appropriate resources 23

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee An audit plan, at least, should be based on (9101E)... a. the sequence and interactions of the organization's processes; b. the criticality of products and processes, including special processes; c. the risks associated with product or process maturity (e.g., new product introduction, new process equipment or facilities); d. product related safety issues (e.g., airworthiness issues, reporting to customer and/or authorities); e. results of internal audits; f. previous audit findings (e.g., CBs, customers, regulatory authorities) g. performance measures and trends for quality and OTD (e.g., KPIs, scorecards, dashboards) 24

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee An audit plan, at least, should include (9101E)... h. previous management review results; i. customer requirements; j. statutory/regulatory requirements; k. customer satisfaction/performance data; l. certification structure [i.e., single site, multiple site, campus, several sites, complex organization (see 9104/1)]; m. integrated and/or combined audits (see 9104/1 clause 8.2.3); n. use of Advanced Surveillance and Recertification Procedures (ASRP) (see 9104/1 clause 8.9); o. use of CAAT (see 9104/1 clause 8.10); and p. the proportion of aviation, space, and defense business each customer represents. 25

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee Discussion