Effective Internal Audit Planning - 2008 10 PDF

Audit practices that add the most value!
Effective Internal Audit Planning:

ISO 9000 Users Group - ASQ Section 509,
Wednesday, January 20, 2010
By David Collingham, CQA/CQE
Jan. 20, 2010 By David Collingham, CQE/CQA IQR-TRG-012010 Rev. A

www.IQRCORP.com International Quality Registrars Corp. All Copy Rights Reserved by IQR.
Effective Internal Auditor Planning
Outline
Definitions of Key Audit Terms
Types of Audits
Nonconformance Types
ISO 9001:2008 Internal Audit Requirement
CommonNCR si s
suedbyRe gis
tra
rsrelat
e dtoAudi ts
Miss-Conceptions About Auditing
What does the Industry and Product/Process have to do with Planning an Audit?
How much do I invest in Auditing?
Why do we Audit?
First Party Audit Process Steps
Planning Audits
Typical Audit Schedules and Forms

Definitions of Key Audit Terms
Effective - producing or capable of producing an intended result or

having a striking effect
Planning - the act or process of drawing up plans or layouts for some

project or enterprise
Audit - a methodical examination or review of a condition or situation

Audit Types
First Party
When a Company uses an internal person to perform an Audit on itself.
Second Party
When a Company uses an internal person to perform an Audit
on its Supplier or an other organization.
Third Party
When a Company is Audited by a third party independent of the
Compa ny
sCustome r
.

Nonconformance Types
Major
When the Quality System exhibits a void where an element of the
system has not been documented, implemented or is not effective.
In addition, the nonconformance does risk the shipment or delivery
of nonconforming material to the Customer
Minor
When the Quality System is documented, implemented and effective, but
has exhibited a random nonconformance. The nonconformance does not
risk the shipment or delivery of nonconforming material to the Customer
Comment
When an Auditor identifies an improvement opportunity that is not
a major or minor

ISO 9001:2008 Key Elements
Key
4.0 Continual Improvement of
Value-adding activities the Quality Management System
Information flow
5.0
Management
Responsibility
Customers
6.0 8.0
Customers Measurement,
Resource Analysis and
Improvement Satisfaction
Management
7.0
Input Product Output
Requirements Realization Product

ISO 9001:2008 Internal Audit Requirement
8.0 Measurement,
Analysis and
Improvement
8.2.2 - Internal Audit

The organization shall conduct internal audits at planned intervals to determine whether the quality
management system:
a) conforms to the planned arrangements, to the requirements of this ISO Standard and to the quality
management system requirements established by the organization, and
b) is effectively implemented and maintained.
The audit program shall be planned, taking into consideration the status and importance of the processes and
areas to be audited, as well as the results of previous audits. The audit criteria, scope, frequency and
methods shall be defined. The selection of the auditors and conduct of audits shall ensure objectivity and
impartiality of the audit process. Auditors shall not audit their own work.

CommonNCR
sis
sue
dbyRe
gis
trar
sre
lat
edt
oAudi
ts
Audit Plan/Schedule does not address all elements (major paragraphs)
of the ISO 9001:2008 standard
Audit Plan/Schedule does not address multiple facility locations, work
shifts (shift 1, 2 & 3) or scope of business/registration
Audit plan/schedule is not approved
Audits are not completed as scheduled
Audits are performed by personnel who audited their own work
Audit results do not have written signature or electronic signature by
Auditor with date
Audits were not conducted in an effective manner
Auditor(s) received no internal auditor training

Miss-Conceptions About Auditing
There needs to be 35 Internal Audits performed for ISO 9001:2008 (i.e.4.1-4.2.2,
4.23, 4.24, 5.1, 5.2, 5.3, 5.4, 5.5, 5.6, 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.4.3, 7.5.1, 7.5.2, 7.5.3, 7.5.4, 7.5.5, 7.5.6,
7.6, 8.1, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.3, 8.4, 8.5.1, 8.5.2, 8.5.3)
I can not conduct 1 audit of the ISO 9001:2008 QMS each year
We must use an outside contractor to perform our audits
All the ISO 9001:2008 elements need to be audited every year
Ifyoudon tspend2-5 hours on each audit, then you are not doing your job
The Auditor must prepare a checklist list using his or her own questions in
order to perform an effective audit
I can use typed audit checklists with typed in results with typed in names and
dates (no written or electronic signature)
If the Audit Report does not weight 3 pounds, then it must not have been
performed correctly
Wec antuset herec eptionistorf i
nanc epersont oc onduc ta udi
ts ,because
she/he does not know what we do
What does the Industry and Product/Process have to do with
planning an Audit?
Critical, High Risk and High Exposure Industries/Products/Processes:

How much do I invest in Auditing?

High Risk
High $
High Complexity
Industry/Product/Process
Critical to End Mission
Point 2
High Maintenance

High Failure/Reject Rate
Appraisal/
Prevention
Investment;
Audits

Low Risk

Low Complexity

Not Critical to End Mission
Point 1

Low Maintenance (*) Graph

Low Failure/Reject Rate not to scale
1 2 3 4 5 6 7 8 9 10
Risk Level High

Why do we Audit?
Provides Senior Management an independent examination of business

processes
To identify improvement opportunities in processes/products/services
Proactive approach to prevent/reduce the risk of producing defective
product/services
To identify needs for training, tools/fixtures, methods, etc.
Enhances communication and training
Provides a means for operator feedback

First Party Audit Process Steps
Audit Process Steps:

A - Prepare Audit Schedule and Obtain Management Approval
B - Schedule the Audit(s)
C - Obtain Audit Requirements
D - Examine prior Audit Results and Corrective Actions
E - Prepare Audit Check List(s) and Any Other Support Questions
F - Conduct Audit Investigation
G - Record Audit Finds and Obtain Auditee Acknowledgment
H - Prepare Audit Report
I - Obtain Corrective Action(s)
J - Follow-Up On Corrective Action(s)

Planning Audits
What is the budget for conducting audits? Hours? Dollars?
How many audits do we need to do?
HowI
mIgoi ngt obeva lue-added?
What does Senior Management feel is critical to the business success?
Gain a clear understanding of what is expected from conducting the audits?
If we spend money from the Overhead Budget for conducting audits, what is
expected for the investment?
What are the critical processes/products that need to be examined?
What does our past internal audit results tell us to focus on?
Do we have any new areas/processes/staffing/equipment/vendors that requires
more focus than other areas?
What facility locations, functions, processes/products and work shifts need to
be included in the schedule?
What is the best time to conduct the audits? High Volume? Low Volume?
Before Lunch? After Lunch? At the end of work shift? Etc.
Example 1
Planning Audits
(continued)
Approved By: Jim Brown Date: 01/14/10

Planning Audits
Example 1 (continued)

Planning Audits

Planning Audits
s

Planning Audits
(continued)
Example 1


AUDIT FORMS & RECORDS
Schedule
Procedure

(continued)

Audit Summary Audit Checklist

(continued)

Audit Summary
Example


Effective Internal Audit Planning - 2008 10 PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Effective Internal Audit Planning - 2008 10 PDF

Uploaded by

Copyright:

Available Formats

Audit practices that add the most value!

Effective Internal Audit Planning:

By David Collingham, CQA/CQE

Jan. 20, 2010 By David Collingham, CQE/CQA IQR-TRG-012010 Rev. A

Jan. 20, 2010 By David Collingham, CQE/CQA IQR-TRG-012010 Rev. A

Definitions of Key Audit Terms

Effective - producing or capable of producing an intended result or

Planning - the act or process of drawing up plans or layouts for some

Audit - a methodical examination or review of a condition or situation

Jan. 20, 2010 By David Collingham, CQE/CQA IQR-TRG-012010 Rev. A

Jan. 20, 2010 By David Collingham, CQE/CQA IQR-TRG-012010 Rev. A

Jan. 20, 2010 By David Collingham, CQE/CQA IQR-TRG-012010 Rev. A

Jan. 20, 2010 By David Collingham, CQE/CQA IQR-TRG-012010 Rev. A

8.2.2 - Internal Audit

Jan. 20, 2010 By David Collingham, CQE/CQA IQR-TRG-012010 Rev. A

Jan. 20, 2010 By David Collingham, CQE/CQA IQR-TRG-012010 Rev. A

Jan. 20, 2010 By David Collingham, CQE/CQA IQR-TRG-012010 Rev. A

Jan. 20, 2010 By David Collingham, CQE/CQA IQR-TRG-012010 Rev. A

Provides Senior Management an independent examination of business

Jan. 20, 2010 By David Collingham, CQE/CQA IQR-TRG-012010 Rev. A

First Party Audit Process Steps

Audit Process Steps:

Jan. 20, 2010 By David Collingham, CQE/CQA IQR-TRG-012010 Rev. A

Approved By: Jim Brown Date: 01/14/10

Jan. 20, 2010 By David Collingham, CQE/CQA IQR-TRG-012010 Rev. A

Approved By: Jim Brown Date: 01/14/10

Approved By: Jim Brown Date: 01/14/10

Jan. 20, 2010 By David Collingham, CQE/CQA IQR-TRG-012010 Rev. A

Approved By: Jim Brown Date: 01/14/10

Jan. 20, 2010 By David Collingham, CQE/CQA IQR-TRG-012010 Rev. A

Approved By: Jim Brown Date: 01/14/10

Jan. 20, 2010 By David Collingham, CQE/CQA IQR-TRG-012010 Rev. A

Typical Audit Schedules and Forms

Jan. 20, 2010 By David Collingham, CQE/CQA IQR-TRG-012010 Rev. A

AUDIT FORMS & RECORDS

Jan. 20, 2010 By David Collingham, CQE/CQA IQR-TRG-012010 Rev. A

AUDIT FORMS & RECORDS

Jan. 20, 2010 By David Collingham, CQE/CQA IQR-TRG-012010 Rev. A

You might also like