Internal Quality Audit FOR ISO 9001 : 2008

:Prepared By .Ashraf S. Youssef, Ph. D QA & Ind. Methods Manager S.M. ASQ, L.A. BSI, M. ELI, M. EMS

‫دورة تأهيل المراجعين الداخليين‬ ISO 9001 : 2008

Nov, 14-16, 2009

Course Structure • • • • Tutorial Sessions Case Studies Role Play Games

Learning Objectives
• To understand:
 Purpose, benefits and typical structure of a Quality Management System (QMS)  Plan-Do-Check Act (PDCA) methodology, and the process approach to Quality Management  The 8 principles of Quality Management and how they relate to the QMS and ISO 9001  Purpose, scope and uses of the ISO 9000 series standards  Auditing Process  Roles, responsibilities and competence requirements of auditors and lead auditors with reference to ISO 19011

Agenda
1. Purpose and structure of o a QMS, PDCA o and the 8 principles of quality management 2. ISOM 9001 Explored & Understood 3. Internal Quality Audit Steps 4. Auditor’s Skills & Responsibility

4

Course assessment • Continual assessment
You will be informed of progress as we go The exam

• Exam Pass Criteria
70% pass mark Open book

• Ask questions
It’s your tutors job to make problems go away

Session 1

Purpose and structure of a QMS, PDCA and the 8 principles of quality management

What is Quality?
• Q is fitness for use. • Q is conformance to requirements. • Q is conformance to customer/user requirements.
Meet/satisfy customer/user requirements, needs, and expectations.

Degree to which a set of inherent characteristics fulfills requirements. (ISO 9000 : 2005)

What is Audit? • Systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled

What is Audit Evidence?

• Records, statements of fact or other information, which are relevant to the audit criteria and verifiable

What is Audit Findings? • Results of the evaluation of the collected audit evidence against audit criteria.

What is Audit Client? • organization or person requesting an audit.

What is Auditee? • Organization being audited

What is Auditor? • Person with the competence to conduct an audit.

What is Technical Expert?
• person who provides specific knowledge or expertise to the audit team.

What is Audit Plan? • Description of the activities and arrangements for an audit.

What is Audit Scope?
• extent and boundaries of an audit.

What is Nonconformance?

Non-fulfillment of a requirement

What is Correction, and C & P Actions?
Correction: Action to eliminate a detected nonconformity Corrective Action: Action to eliminate the cause of a detected nonconformity Preventive Action: Action to eliminate the cause of a potential nonconformity or other undesirable potential situation

What is Ident., Trac. And Status?
Identification: To describe product/ raw material/ semi finish product etc. Example Batch #, Lot #, Code etc Traceability: Ability to trace the history, application or location of that which is under consideration Status: To identify the current status of product/ raw material with regard to inspection and test results. Tag/ sticker of HOLD, REWORK, SCRAP Identified areas.

Types of Audits
• First-party • Second-party • Third-party

The purpose of an audit is ... to collect objective evidence to permit an informed judgment about the status of the quality management system

Objectivity of Auditing
AUDIT CRITERIA AUDIT FINDINGS
Improvement Conformance Major Non-Conformance Minor

AUDIT EVIDENCE

AUDIT CONCLUSION
RECOMMENDATION FOR AUDIT

Audit Methods & Techniques

FORWARD TRACE
RECEIVE GOODS INSPECT STORES

BACKWARDS TRACE

What is ISO 9000:2008 QMS? • ISO = International Organization for Standards • 9000 = code to denote QMS Family • 2008 = year of last revision • Is a family of standards for implementing a Quality Management System (QMS)

ISO 9000:2008 Family
   

ISO 9000 ISO 9001 ISO 9004 ISO/DIS 19011

Only ISO 9001 can be used for certification purposes

The ISO 9001:2008 Model
Continual Improvement of the QMS Continual Improvement of the QMS
CUSTOMER REQUIREMENTS CUSTOMER SATISFACTION
clause 4 management info. flow management responsibility responsibility clause 5 clause 8 clause 6 meas, analysis resource info. flow meas, analysis resource improvement management improvement management clause 7 product product realization realization

Input
value adding activities

product product

Output

value adding activities

Clauses/Requirements
Clause 4. Quality Management System Clause 5. Management Responsibility Clause 6. Resource Management Clause 7. Product Realization Clause 8. Measurement, Analysis and Improvement Count the number of requirement categories.

Quality Management Principles
 Customer Focus  Leadership  Involvement of People  Process Approach  System Approach to Management  Continual Improvement  Factual Approach to Decision Making  Mutually Beneficial Supplier Relationships

1.

Customer Focus

CUSTOMER REQUIREMENTS

Know their current and future needs Meet their requirements Exceed their expectations Get their feedback

CUSTOMER SATISFACTION

• Organizations depend on their customers; therefore they should

2.

Leadership
management management responsibility responsibility

• Leaders create common purpose and direction; therefore they should
Maintain a healthy internal environment Inspire workforce to excel

3. Involvement of People
• People are the essence of an organization; therefore
They should be fully involved Their abilities should be used for organization benefits
resource resource management management

4. Process Approach
 Manage activities and related resources

as a PROCESS
Review Purchase Design Make
Order

Deliver
Product

“Turtle” Approach
?WITH WHAT
Materials /( )Equipment

?WITH WHO
Competence / Skills /( )Training

PROCESS
INPUTS

OUTPUTS

?HOW
Support Processes,( )Procedures & Methods

?OBJECTIVES/MEASURES
)Performance Indicators(

Example: Management, Responsibility
with what
Management Review forum Previous year’s results

with who
Management team Quality manager Team leaders

inputs
Internal audits Customer satisfaction trends Process/Product measures Faults/Complaints data

Management responsibility & objective setting

outputs
Annual plan Improvement objectives

measures
Results vs plan Customer surveys Milestones

support processes
IT systems Purchasing HR, Training

how
Implementation plan Resource allocation Roles & responsibilities Communications

5.

System Approach to Management

• Managing interrelated processes as a system helps the organization in achieving its objectives in an effective and efficient manner

6.

Continual Improvement:

PDCA Cycle

Continual Improvement of the QMS Continual Improvement of the QMS

Plan

management management responsibility responsibility

Act

resource resource management management Do

meas., analysis meas., analysis improvement improvement Check

product product realization realization

7.

Factual Approach to DecisionMaking • Effective decisions are based on the analysis of data and information
info. flow

CUSTOMER REQUIREMENTS

management management responsibility responsibility

meas., analysis meas., analysis improvement improvement

info. flow

product product realization realization

CUSTOMER SATISFACTION

8. Mutually Beneficial Supplier Relationship

• Interrelated • Win-Win
Supplier
product product realization realization

Session 2

ISO 9000 series explored and understood

Structure of ISO 9001:2008
• • • • • • • • • • • • 0.1 General 0.2 Process Approach 0.3 Relationship with ISO 9004 0.4 Compatibility with other standards 1 Scope 2Normative References 3 Terms & Definitions 4. Quality Management system 5. Management Responsibility 6. Resource Management 7. Product Realization 8. Measurement, Analysis & Improvement

4: Quality Management System
• General requirements (4.1)
– General requirements for approach & content of the QMS (e.g. for the adoption of the process approach) – Outsourcing

• Documentation requirements (4.2)
– – – – – Mandatory procedures Manual, Policy & Objectives General sufficiency of documentation and records System for Document Control System for Control of Records

5: Management Responsibility
• The areas where direct Top Management involvement is mandatory
– – – – – – – Demonstrating commitment Demonstrating customer focus Input into policy development & review Identification of objectives and input into the planning process Defining responsibilities, providing resources Ensuring internal communications are effective Involvement in management review

6: Resources
• Human Resources
Ensuring adequacy particularly in respect of training

• Infrastructure
Buildings, work space, equipment, vehicles, information systems etc

• Environmental controls (Aligned with ISO14000)
Heat, light, humidity, temperature, clean rooms In fact any controls that are applicable

7: Product Realisation
• Think of this as “Production” or “Service Delivery”
Control of the core day to day operations Operational planning (7.1) Handling contracts, enquiries & customer communication systems (7.2) Design (7.3) Management of supplies and suppliers (7.4) Operational controls (7.5) Calibration (7.6)

• Exclusions may apply

8: Measurement, Analysis & Improvement
• The collection and constructive use of data – Measuring product (conformity checks and inspection) – Measuring process (efficiency measures) – Customer satisfaction (Survey, Feedback, Complaint) – Internal audit – Control of quarantine/isolation activities – Analysis of data (you must do something with data) – Continual improvement (the standard encourages the application of the process approach to improvement) – Corrective action (Correction + Corrective Action) – Preventive action

Session 3

Internal Quality Audit Steps

Internal Quality Audit Steps
Initiation Preparation Evaluation Reporting Fixing

Internal Quality Audit Steps
STEPS 1. Request Audit 2. Identify Lead Auditor 3. Define Audit Scope RESPONSIBILITY Program Manager Program Manager Program Manager & Lead Auditor

Initiation

Importance of Preparation

Exercise: Initiation • Who is responsible for scheduling the audits? • When are internal audits scheduled? • How often are audits performed? • Who is responsible for selecting the auditors? • What criteria are important for selecting auditors?

Annual Audit Plan • Considerations • Approvals

Exercise: Auditing the Training Activity

• Why is the audit performed? • What is being audited? • Which requirements?

SOLUTION: • Purpose:
To verify compliance with Quality Manual and ISO 9001:2000

• Audit Scope:
Training Activity

• Requirements:
As specified in
 ISO 9001:2008  EEICQM-01  EEICHR-P-01

Internal Quality Audit Steps

Initiation Preparation
STEPS RESPONSIBILITY 4. Select Audit Team Lead Auditor 5. Understand Org. Audit Team 6. Review Documentation Audit Team 7. Plan the Audit Lead Auditor 8. Prepare Checklist & Working Papers Audit Team

Audit Team • Consider team member qualifications • Consider activities being audited • Consider type and degree of experience of the auditors • Create a balanced team

Preparation Steps
review documents

initiation

get approvals

plan audit

Exercise: Review Documentation For the Training activity, which specific documents would you request to prepare your team for the audit?

Review Documentation
• • • • • Quality manual Procedures Forms Organization chart Facility floor plan • • • • Past audit performance Customer feedback Number of employees Working hours

Plan Audit • Confer with audit team members • Don’t forget the approvals

Audit Plan: December 22-23, 2001 Purpose: To verify compliance with Quality Manual and ISO 9001:2000 Audit Scope: Training Requirements: As specified in - ISO 9001:2008 - Quality Manual, - HR Procedure Overall Schedule: December 22, 2001 December 23, 2001 8:00-8:30 Opening Meeting 8:00-11:00 Field Activities 8:30-9:00 Audit Team Meeting 11:00-12:00 Audit Team Meeting 9:00-12:00 Field Activities 12:00-1:00 Exit Meeting 12:00-1:00 Audit Team Meeting 1:00-3:00 Field Activities 3:00-3:30 Daily Auditee Briefing Audit Team Members: Ms. Ashraf Youssef, Lead Auditor Mr. Wissam Toumeh, Auditor Mr. Nelson Tenorio, Auditor Approved: ________________ Mr. Ashraf Youssef Approved: ________________ Mr. Muntaser Kalahji.

Internal Quality Audit Steps

Initiation Preparation Evaluation
STEPS 9. Conduct Opening Meeting 10. Meet with Management 11. Interview & Observe 12. Assess Evidence RESPONSIBILITY Lead Auditor Audit Team Audit Team Audit Team

An auditor’s memory is .as sharp as his pencil

Focus of the Audit To collect objective evidence to permit an informed judgment about the status of the quality management system.

Objective evidence may be ... • • • • • • documented based on interview based on observation quantitative qualitative verifiable

Checklists & Working Papers
Checklists Audit Questions Audit Investigation Audit Findings

Checklists

Checklists plan the flow of questions

Checklists

Checklists guide the course of the audit

Checklists

Checklists define the sample

Checklists

Checklists help in writing the report

Checklist should … • Be based on information available before the audit • Be modified when necessary • Allow follow-up • Be balanced to cover priority areas • Be created by individual auditors

Checklist should NOT … • Restrict auditor’s inquiry • Be completely generic • Be yes/no lists

To Create a Checklist
What am I ?looking for Who do I want ?to talk to ?What will I ask

Documents Individual

Questions on checklist

What am I looking for?

What am I looking for?

RECORDS ARE THE MOST RELIABLE SOURCE OF INFORMATION

What am I looking for? Sample should be representative, although not necessarily statistically valid

Who do I talk to? • Talk to the right people
Those responsible for the activity Those doing the activity

Audit Team Meeting
• Informal briefings • Opportunity to share information • Discuss necessary adjustments to plan • Develop report • Helps keep communication lines open among audit team members

Opening Meeting • • • • Conduct before start of field activities Audit team members must be present Auditee contacts should be present Creates an atmosphere of cooperation between auditors and auditee

Opening Meeting • Sign-in sheet • Distribute detailed audit schedule • Address any auditee scheduling concerns • Revise schedule, if necessary

Daily Auditee Briefing • Review potential findings regularly with auditee • Opportunity for auditee to close a finding before the end of the audit • Helps strengthen communications • Audit becomes constructive

Interview & Observe • Asking questions • Observing activities • Examining documents & records • Examining facilities

Observing Activities

Confirm that  procedures are being followed

?how ?how

Observing Activities

Look for undocumented activities

?what ?what

Observing Activities

Confirm answers

?who ?who

Observing Activities • Auditee Reactions
Take over conversations Play “show & tell” Blame someone Act defensively Waste time Interrupt Provoke Bribe!

Interviewing

Interviewing
• Introduce yourself • Explain why you are there • Investigate to depth necessary • Ask, Listen, Verify • Interview the right people
Those responsible for the activity Those doing the activity

• Hearsay is not evidence

Interviewing

• Interview for:
elaboration corroboration perspective basis for evidence

Interviewing
• Two eyes • Two ears • One mouth • Ratio of use:
One of speaking to four receiving

Interviewing

why why what what who who

when when how how where where

When Something Seems Wrong

When Something Seems Wrong • • • • Is it really wrong? Does he know it is wrong? What is his explanation? Is it an isolated event, or a symptom of a deeper problem? • Why didn’t quality system detect it? • What lapse in the quality system allows this to happen?

Nonconformity Nonconformity refers to a failure to meet a specified requirement:
Quality Manual Policies Procedures ISO 9001:2000 req. Government Regulations

or more of processes can be improved 90% by modifying organizational systems a management responsibility) rather) than attempting to modify an .individual employee’s performance

W. Edwards Deming

What if nothing seems to be wrong?
• No problems … don’t panic • Move on • Don’t keep looking for something wrong

ROLE PLAY:

• Auditing role play

Internal Quality Audit Steps

Initiation Preparation Evaluation Reporting
STEPS RESPONSIBILITY 13. Write Nonconformities Audit Team 14. Conduct Closing Meeting Audit Team 15. Write a Summary Report Lead Auditor

Do I have a Nonconformity?

YES if you have objective evidence that: • A requirement is not addressed • Practice differs from defined system • System is not effective

Major or Minor Nonconformity • Major
System element is missing System element is not implemented System element is not effective

• Minor
A single/isolated lapse in the system

EXERCISE: Nonconformity or Not • For each situation, identify whether
major nonconformity, Minor nonconformity, or nothing.

Nonconformity Statement • State the evidence
What is it?

• State the requirement
What is it against?

Writing a Nonconformity: The 4 C’s • • • • Clear … Simple language Correct … Objective Complete … Traceable Concise
What happened? What should happen?

Writing Nonconformity: Steps

1. Write (informally) the nonconformity on the spot. 2. Explain to auditee manager promptly. 3. Review with team members. 4. Write nonconformity statement on the NCR. 5. Get auditee manager signature.

Closing Meeting Keys • • • • Informal setting Report the results to management Agree on follow-up Entertain questions

Agenda of Closing Meeting
1. 2. 3. 4. 5. 6. Introduction & purpose of meeting Thanks for cooperation Distribute list of attendees Review audit purpose and scope Explain nature of sampling Summarize results: Good observations, no. of NCRs, overall weakness, recommendations, repeat good observations 7. Summary from each auditor 8. When to expect written report 9. Agreement on follow-up 10. Questions & Clarifications

Audit Summary Report
• • • Prepared by Lead Auditor Sent promptly to MR Sent promptly to Heads of audited area

Audit Report Content • Audited area • Lead Auditor and members • Audit date • Audit scope • Audit criteria (list of key documents) • Summary of findings • Good practices • Total number of nonconformities • Descriptions and discussion of nonconformities • Conclusion

Internal Quality Audit Steps
Initiation Preparation Evaluation Reporting Fixing
STEPS RESPONSIBILITY 16. Take Corrective Actions Auditee 17. Verify Corrective Actions Audit Team

Follow-Up Flowchart
Identify Identify NC, issue NCR NC, issue NCR Agree on need Agree on need for CA, sign it for CA, sign it

?Agree ?Agree OK Verify CA Verify CA & & Close NCR Close NCR

not OK

Propose CA Propose CA plan plan

Implement Implement CA CA

Session 4

Auditor’s Skills & Responsibilities

Auditor’s Responsibilities • • • • • • • Communicating Planning and executing Documenting Reporting Verifying Safeguarding Cooperating

Auditor’s Qualifications • • • • • Education Training Experience Personal Attributes Management Skills

Auditor Skills • Communication skills • Interpersonal skills • Analytic skills

Auditor Ethics “I will inform each client or employer of any business connections, interests, or affiliations that might influence my judgment or impair the equitable character of my services.” ASQ Code of Ethics

Internal Auditor

• Acts as a consultant

‫كككككك‬ ‫كك‬
‫511‬

Sign up to vote on this title
UsefulNot useful