ISO 9001:2015

INTERNAL AUDITOR
TRAINING

1
Purpose of Auditing

 Verify conformity
 Verify effectiveness
 Show opportunity to improve
 Meet regulatory requirements

Internal Audits - performed within an organization to measure

its own performance & determine conformance.

2
Plan & Be Prepared
Quality Administrator will send out
1. Audit schedule at the beginning of each year
2. “Audit Plan” cover sheet at the beginning of each
audit quarter.

3
Plan & Be Prepared
To access information needed for the audit:
•Use shortcut - Manufacturing-Distribution Home (Share Point), or
•Access page at: http://teamsites/supplychain/ManufacturingDistribution/SitePages/Home.aspx
•Go to panel on left side of screen & choose department you are auditing

4
Actions:
•Familiarize* with
list of documents for
department being
audited.

•Print & review

individual forms
(e.g., product
control plans, work
instructions)

*Print as preference

5
 Actions Cont’d:

•Locate previous audit report in

same file under “Internal Audit”
•Print copy & review, especially
any identified issues, before audit

6
For Production Departments:
•Locate the “Process Control Plan” by selecting
“Engineering” on left side of panel under the
“control plan” section.
•Choose the plans pertaining to the department to
be audited.

7
Production Departments Cont’d:

•Locate, print, & use

the correct “Internal
Audit Checklist” for
the audit.

•Choose “Quality” on
the left side panel,
under the “forms”
section of Quality.

8
Planning For The Audit

• Provide advanced notice (e.g., email) to associates involved

in audit to schedule & identify required support.
 Provides time for them to prepare for the audit.
 Confirms audit date is on their schedule.
• Define safety equipment requirements before the audit.
• Be respectful of associate time by completing efficient and
effective audit.

9
Auditor Requirements:

•Conduct yourself in a professional manner

 Use independent & unbiased judgment during audit.
 Ensure no personal or professional involvement w/associates.
• Use effective auditing strategies
 Complete walkthrough before interview session.
 Confirm priority checklist items during walkthrough.
 Follow the product process flow from input to shipping.
 Identify any issues for discussion during interview session.
 Ensure you have complete understanding of process & controls by
asking for clarification.
10
Auditor Requirements Cont’d:
 Completing the interview session
 State the purpose & objective of the audit.
 Put associate at ease & treat w/respect.
 Use checklist as your guide for questions.
 Take accurate, precise & legible notes.
 Identify important points (e.g., strengths, weaknesses).
 Closing the interview session
 Summarize audit findings & needed actions.
 Provide overview of audit findings to associates.
 End with “Thanks” for their cooperation & support
11
Auditor Guidance:
Ask Open-Ended Questions
Practice Art of Listening Open-ended vs Closed-ended Questions
 Eliminate distractions Open-Ended Questions Closed-Ended Questions
 Listen for content

How do you record the test results? Do you record the test results?
Suspend judgment
 Listening for themes What is the first thing you do? Do you set up the machine first?

 Seek clarification
 Re-direct discussions as
What is the standard procedure for When a customer calls, do you have to
responding to customer record the details?
complaints?
needed to stay focused
What do you do with the finished Do you pack the finished product in the
product? box?

12
Auditor Guidance Cont’d:
 Product Sampling:
 Complete random sampling due to limited time
 Auditor should select the sample
 Examine the sample in detail
 Cover relevant period
 Look @ control
• Verify Records & Documents
Procedures and work instructions should be current &
consistent w/processes
Records should be maintained, accessible, & sufficient

13
Auditor Guidance Cont’d:

•Validate Findings
 Ensure accuracy of information.
 Ask for information in different way for collaboration.
 Ensure evidence demonstrates activity performed as described.
 Ask several people the same question, as needed.
 Observe the activity in question being performed.
 Review evidence such as procedures, instructions & records.

14
Auditor Guidance Cont’d:

•Document Audit Findings

 Positive findings/strengths
 Opportunities for improvement/observation
 Nonconformities- major/minor
 Action items to be completed

15
Auditor Guidance Cont’d:
•Nonconformances
 Must be well-documented & have 3 parts
1. Requirement
2. Failure
3. Evidence
•Major Nonconformance
 The absence or total breakdown of a system
 Number of minor nonconformities against one clause
• Minor Nonconformance
 Failure to meet one requirement of the standard, or single
lapse in following one item of a company procedure
16
Auditor Guidance Cont’d:

Objective Evidence Observations

 Factual evidence:  Keep observing physical evidence
 Differences between procedures, audit  Products
criteria, & forms
 Equipment
 Differences between procedures &
 Instruments
working practices
 Lack of evidence:
 Conditions
 Supporting implementation  Operations
 Supporting continuous implementation

17
Auditor Guidance Cont’d:

Optional Content Not included in Audit Report

• Summary of audit process • Subjective opinions
 Identify uncertainties
• Deficiencies corrected during audit
 Identify obstacles could affect results
• Specific names of associates
• Confirm audit objective accomplished
• Recommend improvements associated with the findings
• Agree on follow up actions
• Identify action owners & targeted
closure dates

18
ISO9001:2015

The Standard
19
ISO 9001:2015

4.0 Context of the Organization (Completely New Section)

• Organizations - required to identify any internal & external issues that
may impact their quality management system’s ability to deliver its
intended results known as Risk.
• A tool that helps with identifying risk is called a SWOT Analysis . It
identifies strength, weaknesses, opportunities & threats of
organization & strategic planning.

20
ISO 9001:2015

4.1 Understanding Organization & its Context

 External connections includes: Cultural, social, political, legal,

financial, economic, natural & competitive environment

 Internal connections includes: Corporate culture, organizational

structure, roles & accountabilities, policies, objectives & strategies,
resources, information flows and decision-making processes

21
ISO 9001:2015

4.2 Understanding Needs & Expectations of Interested Parties

 Interested parties - any people or entities that believe they affect, are
affected, or could be affected by your organization
 Examples - are customers, suppliers, employees, owners, community,
law enforcement, emergency responders & news media.
 Attention - should be focused on those interested parties that can
impact the organization’s ability to consistently provide conforming
products and services.

22
ISO 9001:2015
4.3 Determining the Scope of the Quality Management System (Expanded)
• Organization - shall determine boundaries & relevance of the QMS and what must be
considered.

4.4 Quality Management System & its Processes (Similar, but more
thorough)
•Organizations shall determine:
 Inputs required & outputs expected
 Measurements & related performance indicators
 Responsibilities & authorities
 Risks & Opportunities; plan & implement actions

23
ISO 9001:2015

5.0 Leadership (Renamed from Management Responsibility)

• Top management - must manage quality, not delegate it.

• Removal - all references to role of ‘management representative.

• Quality management system - should be included in routine business

operations.

24
ISO 9001:2015

5.1 Leadership & Commitment

5.1.1 General (Similar with added requirements)
• Top management - shall demonstrate leadership &
commitment to QMS by:
 Ensuring policy & objectives are compatible with strategic direction
 Ensuring the quality policy is communicated, understood & applied
 Promoting awareness of the process approach
 Supporting other relevant management roles to demonstrate their
leadership

25
 ISO 9001:2015
5.1.1 General Continued
• Top management is also required to ensure that:
 Customer requirements are determined & met
 Risks & opportunities that can affect conformity are determined & addressed
 Meeting customer & applicable statutory & regulatory requirements
maintained
 Focus on enhancing customer satisfaction is maintained
5.1.2 Customer Focus (Equivalent w/addition of risk & opportunities)
• Customer focus is the awareness of
 who the customers are,
 their strategic importance, and
 their needs and expectations 26
ISO 9001:2015
5.2 Policy (Equivalent with minor additions)
• The quality policy shall:
 be available as documented information
 be communicated within the organization
 be available to interested parties, as appropriate

5.3 Organizational Roles, Responsibilities & Authorities (Equivalent)

• Top management - shall assign the responsibility & authority

27
ISO 9001:2015

6.0 Planning (No equivalent)

• Risk-based thinking & management
• Required elements of successful quality management system plan
 Measurement-based means to continually evaluate & update plan
 Implementing plan based on fulfilling agreed upon customer
requirements, & supporting effort w/appropriate resources &
repeatable processes
 Updating the plan based on measuring ongoing effectiveness & any
newly discovered risks or opportunities

28
ISO 9001:2015

6.1 Actions to Address Risks & Opportunities (New)

• Will help the organization:
 Achieve its intended results
 Enhance a result
 Prevent a result the organization doesn’t want to occur
 Continually improve

29
ISO 9001:2015

6.1 Actions to Address Risks & Opportunities - Continued

• Actions are to be implemented to evaluate their effectiveness
•Options can include:
 Avoiding risk
 Eliminating the risk source
 Changing the likelihood or consequences
 Sharing the risk
 Retaining risk by informed decision

30
ISO 9001:2015

6.2 Quality Objectives & Planning to achieve them (Equivalent

w/addition of achieving objectives)
• The organization shall establish quality objectives at
appropriate functions, levels and processes that are
measurable & monitored.
• The organization shall determine what will be done, what
resources will be required, who will be responsible, when it
will be completed & how the results will be evaluated.

31
ISO 9001:2015

6.3 Planning of Changes (Equivalent with additional

requirements)
•Consider:
 The purpose & potential consequences
 The integrity of Quality Management System
 The availability of resources
 Responsibilities and authorities

32
ISO 9001:2015
7.0 Support Processes
7.1 Resources (Equivalent)
• For the purpose of establishing, implementing, maintaining, &
continual improving of the Quality Management System, they are:
•People needs
•Infrastructure, like buildings, utilities, equipment, hardware, software,
transport & communication
•Process environment-the conditions of the workplace
•Monitoring & measuring resources
•Organizational knowledge
33
ISO 9001:2015

7.2 Competence (Equivalent)

• Determine the necessary competence of person doing work
on the basis of appropriate education, training, or experience
• Take actions to acquire the necessary competence, &
evaluate the effectiveness
• Retain appropriate documented information as evidence of
competence

34
ISO 9001:2015

7.3 Awareness (Equivalent with minor additions)

•Persons doing the work should be aware of:
 the quality policy
 relevant quality objectives
 their contribution
 implications of not conforming

35
ISO 9001:2015
7.5 Documented Information (Renamed from
documents & records)
• Document: Living information that is used for
decision making or performing tasks.
 Subject to revision.
 Such things as, procedures, policies, instructions,
and blank checklists.
• Records: Historical information about things that
have already happened.
 Not subject to change.
36
ISO 9001:2015
7.5 Documented Information ….continued
•Ensure the following are present when creating & updating
documented information:
 Identification: titles, document numbers, or something that
represents identity
 Format: must be appropriate to the purpose and users, & the
media must be accessible & understandable.
 Review & Approval: signatures, initials, email approval,
electronic signatures, meeting minutes or click-box approval is
acceptable
37
ISO 9001:2015
8.0 Operation
8.1 Operational Planning & Control (Equivalent)
 Determine requirements
 Establish the processes & acceptance criteria
 Determine resources needed
 Implement control
 Retain documented information
 Plan Output in a suitable form
 Plan for expected & unexpected changes
 Control of outsourcing
38
ISO 9001:2015

8.2 Requirements for products and services (Equivalent)

• Customer Communication should be effective at all times
• Customer Requirements defined
• Customer Requirements how to meet them & reviewing them

39
ISO 9001:2015

8.3 Design & Development of products & services

(Equivalent)
The organization shall:
 Establish, Implement & Maintain
 Plan by determining the stages & controls
 Determine Inputs
 Document Outputs
 Identify, review & control (verify & validate) Changes

40
ISO 9001:2015

8.4 Control of externally provided processes, products & services

(Equivalent)
•This is basically concerning Purchasing which include:
 Raw Materials
 Products that a supplier provides directly to your customer
 Processes provided by subcontractors

41
ISO 9001:2015
8.5 Production & Service Provision (providing)
 Control
 Availability of specifications
 Availability & use of verification equipment
 Implementation of monitoring & measurement
 Effective infrastructure & environment
 Selection of competent people
 Validation of processes when outcomes cannot be verified
 Actions to remove human error
 Release, delivery & post-delivery activities

42
ISO 9001:2015

8.5 Production & Service Provision……continued

 Identification & Traceability- most common types are labels,
stickers, tickets, bar codes, tags, serial numbers, travelers & work
orders & location identification

 Must control the processes that produce your goods & services

 Property belonging to customers & external providers

 Preservation-during handling, packaging & storage

43
ISO 9001:2015
8.5 Production & Service Provision…….continued
• Post-delivery activities covering
 associated risks(potential problems),
 statutory & regulatory requirements,
 application & lifecycle,
 customer requirements & customer feedback

• Control of changes includes,

 results of reviewing the changes,
 who authorized the change and
 any necessary action from the review- go back to the old way or
establish the change as the new benchmark
44
ISO 9001:2015
8.6 Release of Products & Services (Equivalent)
• Before releasing something: test, inspect, review, patrol, examine or
assess.
8.7 Control of nonconforming outputs (Equivalent)
• Identification of nonconforming product or service
• Controlling nonconforming outputs
• Nonconforming outputs detected after delivery or use
• Dealing with nonconforming outputs
• Re-verifying after correction
• Retained documented information
• Connection to corrective action 45
ISO 9001:2015
9.0 Performance Evaluation
9.1 Monitoring, measurement, analysis and evaluation (Equivalent)
• What needs to be monitored & measured?
• What method will be used?
• When will it be performed?
• When will results be analyzed & evaluated?
• Evaluate the performance & effectiveness of the QMS
• Retain documented information
• Customer satisfaction
• Analysis and evaluation of data

46
ISO 9001:2015
9.2 Internal Audit
The organization shall conduct internal audits at planned
intervals to provide information on whether the quality
management system:
• Conforms to the organization’s own requirements for its
quality management system
• The requirements of this international standard are
effectively implemented and maintained.

47
ISO 9001:2015
9.2 Internal Audit….continued
The organization shall:
• Plan, establish, implement and maintain an audit program including
frequency, methods, responsibilities, planning requirements and
reporting, which shall take into consideration the importance of the
processes concerned, changes affecting the organization, and the
results of previous audits
• Define the audit criteria and scope for each audit
• Select auditors and conduct audits to ensure objectivity and the
impartiality of the audit process
48
ISO 9001:2015

9.2 Internal Audit….continued

• Ensure that the results of the audits are reported to relevant
management
• Take appropriate correction and corrective actions without undue
delay
• Retain documented information as evidence of the
implementation of the audit program and the audit results

4
9
ISO 9001:2015

9.3 Management Review

• Requirements
 External & internal issues relevant to QMS & strategic direction

• Information on the quality performance, including trends & indicators for:

Monitoring & measurement results
Issues concerning external providers and other relevant interested
parties
Adequacy of resources
Effectiveness of actions taken to address risk & opportunities
50
ISO 9001:2015
10 Improvement
• General
• Implement actions to meet customer requirements and
enhance customer satisfaction, by:
 Improving processes to prevent nonconformities
 Improving products and services to meet known and
predicted requirements
 Improving quality manage system results
 May include breakthrough improvements, innovation,
transformation etc.

51
ISO 9001:2015
10 Improvement…..continued
• Nonconformity and corrective action
• When a nonconformity occurs, the organization shall:
 React to the nonconformity, and as appropriate
• Take action to control and correct it and
• Deal with the consequences
 Evaluate the need for action to eliminate the causes of the
nonconformity, in order that it does not reoccur or occur
elsewhere, by:
• Reviewing the nonconformity
• Determining the causes of the nonconformity and
• Determining if similar nonconformances exist, or could
potentially occur 52
ISO 9001:2015
10 Improvement…..continued
• implement any action needed
• review the effectiveness of any corrective action taken,
and
• make changes to the quality management system, if
necessary
• Consider outputs of analysis and evaluation, and outputs
from management review, to identify areas of
underperformance or opportunities for improvement
• Select and utilize appropriate tools and methods for
investigation of the causes of underperformance and for
supporting continual improvement
53