Part 1 Auditing Fundamentals PDF

ASQ Certified Quality Auditor (CQA)
Part 1: Auditing Fundamentals
Seetharam Kandarpa, ASQ CQA & ASQ CPGP

Chair- Healthcare
ASQ Mumbai LMC
Contents
• About Author
• Overview of Mentoring Classes for ASQ CQA
• Overview of ASQ CQA
• Part 1: Auditing Fundamentals

– A. Types of quality audits
– B. Purpose and scope of audits
– C. Criteria to audit against
– D. Roles and responsibilities of audit participants
– E. Professional conduct and consequences for auditors
• Q&A
• Thank You
About Author
Seetharam Kandarpa, ASQ CQA & ASQ CPGP
Chief Manager Quality Assurance
Abbott Healthcare Pvt. Ltd.
http://seetharamkandarpa.webnode.in
• Having 14+ years of versatile industrial experience in QA and Production functions at

API/ Formulation facilities (approved by various regulatory agencies USFDA, TGA,
MHRA, WHO etc.) of top pharma companies in India such as Aurobindo Pharma Ltd.,
Mylan Laboratories Ltd., Dr. Reddy's Laboratories Ltd., Ipca Laboratories Ltd. and
Abbott Healthcare Pvt. Ltd.
• Having experience in handling Regulatory Inspections of USFDA, MHRA, WHO, TGA,

KFDA and PMDA.
• Having Training on Culture of Quality and Data Integrity Assurance by Dr. Ajaz S
Hussain.
• Having Training and certification on 'Cleaning Validation' by Destin A. Leblanc.

OVERVIEW OF
MENTORING CLASSES FOR
ASQ CQA
Mentoring Classes for ASQ CQA
• What?
– Free mentoring classes to provide guidance on basics of ASQ CQA
(Certified Quality Auditor) certification program and tips to pass the
exam
• Why?
– To take a minute part, as a responsible individual, in a big mission of
improving continuously quality of products/ services for society through
mentoring professionals aspiring to become Certified Quality Auditor
• Who?
– Suitable to the professionals plan to become Certified Quality Auditor by
ASQ
• How & Where?

– Through series of webinars
– Keepings recordings at YouTube forever
Continues…
Mentoring Classes for ASQ CQA
• When?
– As per below calendar
For Timely Updates:

• JOIN THE GOOGLE HANGOUT GROUP
https://hangouts.google.com/group/mAWt5BYDGX9amObn1
• http://seetharamkandarpa.webnode.in/asq-cqa/ Back to Contents
OVERVIEW
OF
ASQ CQA
(For complete details, refer my earlier presentation on Overview of
ASQ CQA)
Basics
• The Certified Quality Auditor is a professional who understands the
standards and principles of auditing and the auditing techniques of
examining, questioning, evaluating and reporting to determine a
quality system's adequacy and deficiencies.
• The Certified Quality Auditor analyzes all elements of a quality

system and judges its degree of adherence to the criteria of industrial
management and quality evaluation and control systems.
• Quality Auditor Certification Brochure
• Certified Quality Auditor Body of Knowledge
For More Details: asq.org/cert/quality-auditor Continues…

Body of Knowledge
I. Auditing Fundamentals (27 Questions)
• A. Types of quality audits B. Purpose and scope of audits
• C. Criteria to audit against D. Roles and responsibilities of audit participants
• E. Professional conduct and consequences for auditors
II. Audit Process (42 Questions)
• A. Audit preparation and planning B. Audit performance
• C. Audit reporting D. Audit follow-up and closure
III. Auditor Competencies (25 Questions)
• A. Auditor characteristics B. On-site audit resource management
• C. Conflict resolution D. Communication and presentation techniques
• E. Interviewing techniques F. Team dynamics
IV. Audit Program Management and Business Applications (30 Questions)
• A. Audit program management B. Business and financial impact
V. Quality Tools and Techniques (26 Questions)

• A. Basic quality and problem-solving tools B. Process improvement techniques
• C. Basic statistics D. Process variation
• E. Sampling methods F. Change control and configuration management
• G. Verification and validation H. Risk management tools
For More Details: asq.org/cert/quality-auditor Back to Contents

PART 1:
AUDITING FUNDAMENTALS
(27 QUESTIONS)
Body of Knowledge
I. Auditing Fundamentals (27 Questions)
• A. Types of quality audits
• B. Purpose and scope of audits
• C. Criteria to audit against
• D. Roles and responsibilities of audit participants
• E. Professional conduct and consequences for auditors
For More Details: Certified Quality Auditor Body of Knowledge Back to Contents
A. TYPES OF QUALITY AUDITS
A. Types of Quality Audits
1. Method
2. Auditor-auditee relationship
3. Purpose
4. Common elements with other audits
For More Details: Certified Quality Auditor Body of Knowledge Continues…

1. Method
Define, differentiate, and analyze
various audit types by method:
product, process, desk, department,
function, element, system,
management. (Analyze)

1. Method
• Audit:
– Systematic, independent and documented process for obtaining
audit evidence and evaluating it objectively to determine the
extent to which the audit criteria are fulfilled
System
Audit
• Discrete Types of Audit:
– Product audit (includes Services) Process
– Process audit Audit
– System audit
Product
• Other Methods: Audit
– Desk audit or document review
– Department of function audit
– Management audit
1. Method
• Product Audit
– An examination of a particular product or service (hardware,

processed material, software) to evaluate whether it conforms to
requirements (specifications, performance standards, and
customer requirements)
– Audit performed on a service is Service Audit
– A detailed inspection of a finished product performed prior to

delivering the product to the customer. It is a test of both attribute
and variable data.

1. Method
• Product Audit (Contd.)
– Results often provide information regarding the reliability and

effectiveness of the overall quality system
– Product audits are usually accomplished for one or more of the

following reasons:
• to estimate the outgoing quality level of the product or group of products;
• to ascertain if the outgoing product meets a predetermined standard level of
quality for a product or product line;
• to estimate the level of quality originally submitted for inspection;
• to measure the ability of the quality control inspection function to make quality
decisions, and;
• to determine the suitability of internal process controls

1. Method
• Process Audit
– Where the system audit is general in nature, the process audit is

much more narrowly defined. Unlike the system audit, the process
audit is "an inch wide but a mile deep“
– It revolves around verification of the manner in which: 1) people;

2) material; 3) machines, etc., mesh together to produce a product
– Process audits are appraisal and analytical in nature

Appraisal Mode Analytical Mode
•Are personnel involved in the •Are procedures, work instructions, and

production process performing in so forth, used in support of the
accordance with company process(es) being audited
manufacturing process plans, • helpful or detrimental?
procedures, work instructions, • Thorough or sketchy?
workmanship standards, etc.? •Does duplication of effort exist
between sub-functions?

1. Method
• System Audit
– An audit conducted on a management system to verify that

• applicable elements of the system are appropriate and effective and
• have been developed, documented, implemented in accordance and in
conjunction with specified requirements
– The system audit addresses the who, what, where, when and how
of the system used to produce its product
– Think of the system audit in terms of "an inch deep but a mile
wide" i.e., broad and general in nature rather than narrow and
limited in scope

1. Method
• Desk Audit or Document Review
– A desk audit or document review is an audit of an organization’s

documents
– Can be at a desk since people are not interviewed and activities

are not observed
– Must be conducted prior to process or system audit
– Findings help ensure that audit program resources are used

efficiently
– May be conducted periodically or when changes occurred to verify

the adequacy
2. Auditor-auditee relationship
various audit types by auditor-
auditee relationship: first-party,
second-party, third-party, internal
and external. (Analyze)

2. Auditor-auditee Relationship
• Classification of Audits
– First-party Audit (Internal audit)

– Second-party Audit (conducted by parties having an interest in
the organization, such as customers, or by other persons on their
behalf)
– Third-party Audit (conducted by independent auditing
organizations, such as regulators or those providing certification)
Classification of Audits
Internal Audits External Audits
First-party Audits Second-party Audits Third-party Audits

• First-party Audit (Internal audit)
– Performed within an organization to measure its strengths and

weaknesses against own procedures against external standards adopted
by (voluntary) or imposed on (mandatory) the organization
– Conducted by auditors who are employed by organization but have no

vested interest in the audit area to maintain independence
– In many cases independence can be demonstrated by the freedom from

responsibility for the activity being audited or freedom from bias and
conflict of interest.
– Companies may have separate audit group or hire (outsource) an audit

organization

• Second-party Audit
– External audit performed on a supplier by a customer or by a contracted
organization on behalf of customer
– Audits are subject to the rules of contract law as they are providing
contractual direction from Customer to Supplier
– More formal than first party audit because audit results could influence
customer’s purchasing decisions
– A Survey, sometimes called an assessment or examination, is a

comprehensive evaluation that analyzes
• facilities, resources, economic stability, technical ability, personnel, production
capabilities, and performance
• Entire management system

• Third-party Audit
– Performed by an audit organization independent of the customer-supplier
relationship and is free of any conflict
• on behalf of auditee’s potential customers who cannot afford to survey
• audit external organization themselves
• Who consider third-party audit to be more cost-effective alternative
• Mandatory audits on regulated industries by Government representatives to
provide assurance of safety of public
– Independence is key component
– May result in certification, registration, recognition, award, license

approval, citation, fine, penalty

• What is Inspection?
– Inspection:
• a tool to detect errors or defects before a product is approved for
release or distribution
• Normally part of manufacturing process
• May form quality control department to manage and conduct
inspection
– Audits conducted by government (e.g. USFDA) are described as

Inspection in regulatory documents
3. Purpose
various audit types by purpose:
verification of corrective action
(follow-up) audits, risk audits,
accreditation (registration) and
compliance audits, surveillance and
for-cause audits. (Analyze)

3. Purpose
• Also common to refer an audit according to its purpose or
objectives
• An auditor may specialize in types of audits based on

audit purpose such as to verify:
– Compliance
– Conformance or
– Performance
• Some audits have special administrative purpose such as

auditing:
– Documents
– Risk
– Performance
– Follow up on completed corrective actions

3. Purpose
• Certification Purposes:
– Companies in certain high-risk categories (such as toys, pressure
vessels, medical devises, pharmaceuticals) wanting to do business in
Europe must comply with Conformite Euopeene Mark (CE Mark)
requirements
– One way to comply is to have management systems certified by third-

party audit organizations to management system requirement criteria
(such as ISO 9001)
– Customer may require suppliers to conform to standards (like ISO 14001)
– Third-party audits for system certification should be performed by

organizations evaluated & accredited by an established accreditation
board such as ANSI-ASQ National Accreditation Board (ANAB)

3. Purpose
• Certification vs Registration vs Accreditation:
• Terms Certification and • Term Accreditation is used when

Registration are used validating or verifying the
interchangeably to refer to conformance of a certification body
verifying the conformance of to requirements of national and/or
organization’s management international
systems to a standard or other
requirements • Certification body (also known as
Registrar) is a third-party company
• Certification also refers to the contracted to evaluate the
process of validating and verifying conformance of organization’s
the credentials of individuals such management system to the
as auditors requirements of appropriate
standard and issue a certificate of
conformance when warranted

3. Purpose
• Performance vs Compliance/ Conformance Audits:
– Various authors use the terms to describe an audit purpose beyond
compliance and conformance:
• Value-added assessments
• Management audits
• Added value auditing
• Continual improvement assessment
– Key difference is collection of audit evidence
– All types of audits can include a purpose to identify and report

performance observations
– Audits with this objective are more likely to be:

• First-party
• Process
• System

3. Purpose
• Follow-up Audit:
– Since many corrective actions cannot be performed at the time of

the audit, may require follow-up audit to verify:
• Corrective action
• Preventive action (opportunity for improvement of performance)
– Normally combined with next scheduled audit however decision

depends on importance and risk of the finding
– May forward identified performance issues to management for

follow-up
4. Common elements with other
audits
Identify elements such as audit
purpose, data gathering techniques,
tracing, etc., that quality audits have in
common with environmental, safety,
financial, and other types of audits.
(Apply)

4. Common Elements with Other Audits
• Regardless of the scope of a system or process audit, all audits have
common elements
• Audits can address almost any topic of interest where activities or

outputs result from defined plans
• Basically if activity or status is subject to planning or reporting, it can

be audited
– Product or service quality
– Environmental, marketing, or promotional claims
– Financial results and statements
– Health and safety conditions
– Equal opportunity compliance
– Sarbanes oxley
– Etc.

• Audit-like inquiries that do not fulfill all technical requirements of audit
(such as audit plan or avoiding conflicts of interest) are known as
evaluation or assessment and these are fairly subjective audit-like
activities
• Evaluations are judgements
• Assessments are estimates or determinations of significance or

importance
• Common type of assessment is ‘statutory and regulatory compliance

audit’ where
– auditors need to be careful avoid going beyond their competence in reporting
– Interpretation of laws is often required and can be viewed as domain of lawyers
who are members of the bar

• Key concept – Audits are processes
Inputs Outputs
• Competent auditors • Accumulated data that
• Authorizing supportive are transformed into
client useful actionable
• Cooperative auditees Audit information
• Defined audit plans and • Presenting formal
procedures Process report to client and
• Purpose and scope auditee
• Reference documents Planned sequence • Follow-up of CAPA
• Administrative and implementation to
of audit activities
infrastructure support support improvement
and mutual benefit

• Some common audit elements:
– Purpose and scope
– Documentation review
– Preparation for review
– On-site or remote data collection (the audit)
– Formal audit report
– Audit follow-up
B. PURPOSE AND SCOPE OF
AUDITS

B. Purpose and Scope of Audits
1. Elements of purpose and scope
2. Benefits of audits

1. Elements of purpose and scope
Describe and determine how the
purpose of an audit can affect its
scope. (Apply)

1. Elements of Purpose and Scope
• Audit Purpose:
– Client’s responsibility to determine the purpose

statement
– Regular audits, well defined and well known by all

parties

• Audit Purpose: (Contd.)
First-party Audits
– First-party audit is to :
• Assure management that audited area is in compliance with particular
standards and goals & strategies of organization are being met
• Identify opportunities for improvement
• Assess The progress of management system toward meeting the
requirements of regulatory or standards
• Identify process efficiencies for delivery of product or service
• Report organizational risks to management for evaluation

Process Performance
– Process performance audit is to: Audit
• Determine if the system design is adequate to achieve organization
objective
• Identify performance weaknesses and strengths
• Verify process responsiveness to customer and organization needs
• Identify process risks and areas to be optimized
– Risk-based audit:
• Allocate resources specifically to areas that have been problematic or
that are high risk and could include
– product characteristics
– product or process hazards Risk-based Audit
– Personnel or process safety
– Environmental controls

Second-party Audits
– Second-party audit is to:
• Either assess a supplier to verify that the contract requirements are
being followed or assess a potential supplier’s capability of meeting
specific requirements for a product or service
• Get the confidence in the quality of goods and services being
delivered
• Identify the possible cause of recent nonconformities
• Verify that supplier has an active environmental abatements and
safety improvement program that meets customer requirements
– Audit program, Engineering and Technology departments, or Purchasing

department determines the purpose and communicates to the auditee

Third-party Audits
– Third-party audit:
• Performed by auditing organizations to determine the compliance or

conformance of auditee’s system with agreed-upon criteria
• In case of an audit for certification, an auditor examines auditee’s
systems for conformity with a specific standard (e.g.: ISO 9001) or
cGMP.
• In case of inspection performed for regulatory purposes,
– Regulatory agency examines the compliance of the auditee’s systems with
regulations or laws
– May have penalties associated with them (fine, jail or both), so very serious
– Focus to ensure that companies are protecting the environment, the public and their
employees

• Audit Scope:
– According to ISO 19011, the audit scope is the extent and
boundaries of an audit
– Scope has been defined as the breadth of the audit and may
specify areas not to be included in the audit
– Normally includes a description of
• Physical locations
• Organizational units
• Product, systems
• Activities and processes
• Areas excluded from audit
• Applicable standards, contracts, regulations, codes and other legal documents
• Time period covered
– Any changes in scope should be informed to participants and
documented in audit plan
2. Benefits of audits
Analyze how audits can be used to
provide an independent assessment of
system effectiveness and efficiency,
risks to the bottom line, and other
organizational measures. (Analyze)
2. Benefits of Audits
• Audits can verify ongoing conformance to requirements and promote
improvement of organization’s effectiveness and efficiency
• Management can utilize objective data to make informed decisions regarding
achievement of organization objectives
• Verification of conformance to requirements
• Identification of risks and monitoring of risk treatments
• Identification of opportunities for improvement
• Determination of readiness for new products and processes
• Verification of system effectiveness
• Identification of inefficiencies and ineffective controls
• Verification of CAPA
• Identification and reporting of best practices
• Advancing the achievement of organizational objectives

2. Benefits of Audits
• Management review should consider recurring nonconformities
• Auditing starts to provide the information needed for the ‘Check’ step in Plan-
Do-Check-Act (PDCA) cycle
• Management is better prepared to move forward with more-informed
decisions
• The universe of opportunities expands as new knowledge and theories are
developed
• System and process auditing can provide new knowledge, if
understood and properly applied
C. CRITERIA TO AUDIT
AGAINST
Define and distinguish between various audit
criteria, such as external (industry, national,
international) standards, contracts,
specifications, quality awards, policies,
internal quality management system (QMS),
sustainability, social responsibility, etc.
(Analyze)
C. Criteria to Audit Against
• Audit Criteria:
– A universal term that describes the reference used by an auditor
against which the evidence collected during the audit can be
compared
– ISO 19011,clause 3.2 states that criteria are set of policies,

procedures, or requirements used as a reference against which
audit evidence is compared
– ISO9000 vocabulary standard explains that requirements may be

generated by various stakeholders or interested parties.
Requirements may be specified or they may be generally implied,
such as customs or common practice
Not all requirements can be specified

• Audit Criteria:
– May be referred to as a system or process requirements, rules

that the auditee follows, or a specific named standard or
regulation
– Assigned auditors must be:

• Knowledgeable of the audit criteria, document, or standard that the
organization is being evaluated against
• Competent, and part of that competency is knowledgeable of the audit criteria
and their interpretations

• Audit Requirements:
– Audits of programs (such as quality or environmental programs)
normally require reference standard against which to judge the
adequacy of plans and these may include:
• National and international standards
• Customer and corporate specifications
• Contract and customer requirements
• Local and national statutes and regulations
• Industry codes and standards
• Guides, handbooks, and so on

• Audit Requirements:
– Performance standards: the documents that contain the norms
or criteria against which an activity is measured. There are 4
levels:
1. Policies 3. Procedural
• Corporate policies
Documents
• Quality system standards
• Step-by-step requirements
• Regulatory standards
for doing job
• Business sector standards
2. Manuals 4. Detailed
• Corporate
Documents
• plant • Drawings, Purchase orders
• Function or department • Specifications & inspection
• Division plan
• Specific instructions
Audit Basis
1. Management system, product, or process standards (e.g.: ISO
9001,ISO 14001)
2. Contracts (reference to specific standard like ANSI/ ASTM)
3. Specifications
4. Organization policies and objectives
5. Laws or regulations
If there are no criteria to compare with, the

investigation may be called a survey or review
D. ROLES AND
RESPONSIBILITIES OF AUDIT
PARTICIPANTS
Define and describe the functions and
responsibilities of various audit participants,
including audit team members, lead auditor,
client, auditee, etc. (Apply)
D. Roles and Responsibilities of Audit Participants
• Audit Participants:
– Audit client: Organization or person requesting an audit
– Auditor: Person who conducts an audit
– Lead Auditor: Auditor responsible for managing the audit
– Auditee: Organization being audited

• Escort: Person assigned to escort the audit team members
• Coordinator: Person in contact with the lead auditor or the audit program manager in
order to arrange for the audit
– Audit Program Manager: Person responsible for the audit program

External Audit:
Organization desires recognition or approval of its capability to meet standard ISO 9001
Participant Role
Client Top management of organization desiring certification/ registration
Auditee The organization desiring certification/ registration
Auditing The organization granting certification/ registration using an auditor employed
organization by the auditing organization or hired to conduct the audit
External Audit:
Customer Organization desires to evaluate a supplier
Participant Role
Client The interested purchasing agent, purchasing manager, or engineer
Auditee The potential or existing supplier
Auditing Member(s) of the customer organization staff or auditors under contract to
organization customer organization

External Audit:
Regulatory organization verifies that supplier or operator is in compliance with requirements
Participant Role
Client Regulatory agency
Auditee The potential supplier or operator
Auditing Employee(s) of the regulatory agency or auditors under contract to the agency
organization
Internal Audit:
Organization desires to determine the degree of conformity of its own organization elements
of to a predetermined management system
Participant Role
Client Upper management team of the organization desiring to use auditing as a
management tool
Auditee The department/ function(s) of the organization to be evaluated
Auditing Employee(s) of the organization or individuals hired to conduct audit
organization

• Roles and Responsibilities:

– Client:
• Determines the need for an audit
• Determines the audit organization to be used
• Determines the audit purpose
• Determines overall audit scope and may confer with the audit program
manager or lead auditor to define specifics
• Addresses budget issues
• May determine the audit team leader or delegate the responsibility to the audit
program manager
• May choose to attend audit process meetings such as the exit meeting
• Receives the audit report
• Determines and directs the distribution of the audit report
• Determines the need for follow-up actions
• Supports the audit initiative
• Follows organizational procedures regarding the audit process


– Auditor:
• Understands the purpose and scope of the audit
• Understands the audit criteria being audited against
• Prepares for the audit
• Performs the audit to collect evidence to verify conformance or
nonconformance to the audit criteria
• Records the results of the investigation (perhaps on a checklist)
• Attends the opening and exit meetings
• Reports findings to the lead auditor
• Verifies the correction of previous nonconformities if directed to do so
• Provides input to the formal report if directed to do so by the lead auditor or
client
• Maintains confidentiality of the audit information
• Reports conflicts of interest to the lead auditor
• Is ethical and adheres to an organization code of conduct or the principles of
auditing as listed in ISO 19011


– Lead Auditor/ Audit Team Leader:
• Is responsible for communication with the client, auditor, auditor program
management, and the auditee representative
• Provides audit team selection input if requested to do so
• Communicates audit plan and requirements to auditee
• Ensure that necessary resources are available to audit team
• Ensures the team has appropriate working papers
• Plans the audit and directs the audit team
• Conducts audit process meetings
• Prepares audit report
• Manages the audit process and involves conflicts of interest or other
personnel issues
• Ensures reports and records are properly files and safeguarded


– Auditee:
• Coordinates audit with the lead auditor
• Informs employees of the pending audit purpose and scope
• Addresses logistical issues with the lead auditor
• Provides adequate space and privacy for the opening and exit meetings
• Attends the opening and exit meetings
• Provides area for auditors to work and meet if requested
• Cooperates with the auditors
• Provides access to areas included in the audit scope
• Acknowledges audit results
• Takes corrective action on audit findings


– Audit Program Manager:
• Assign auditors to scheduled audits
• Ensures availability of resources (budgeting)
• Establishes a reporting relationship that ensures objective and impartial audits
• Qualifies auditors (Knowledge, experience, and skills)
• Establishes controls (procedures, criteria, plans, and objectives) for an
effective and efficient audit program
• Creates, distributes, and maintains audit program schedules
• Reports audit program progress to management
• Monitors auditor performance
• Determines audit program objectives and creates plans to accomplish the
objectives
• Keeps and safeguards audit program information
• Promotes ethical behavior on the part of auditors and those involved in
managing the audit program
E. PROFESSIONAL CONDUCT
AND CONSEQUENCES FOR
AUDITORS
E. Professional Conduct and Consequences for Auditors
1. Professional conduct and responsibilities
2. Legal consequences
3. Audit credibility

1. Professional conduct and responsibilities
• Define and apply the ASQ Code of Conduct,
concepts of due diligence and due care with
respect to confidentiality and conflict of
interest, and appropriate actions in response
to the discovery of illegal activities or unsafe
conditions. (Apply)

1. Professional Conduct and Responsibilities
• ASQ Code of Ethics
Fundamental Principles
ASQ requires its members and certification holders to conduct themselves ethically by:
Being honest and impartial in serving the public, their employers, customers, and clients.
Striving to increase the competence and prestige of the quality profession, and
Using their knowledge and skill for the enhancement of human welfare.
Members and certification holders are required to observe the tenets set forth below:
Relations With the Public

Article 1 – Hold paramount the safety, health, and welfare of the public in the performance of their professional duties.
Relations With Employers, Customers, and Clients

Article 2 – Perform services only in their areas of competence.
Article 3 – Continue their professional development throughout their careers and provide opportunities for the
professional and ethical development of others.
Article 4 – Act in a professional manner in dealings with ASQ staff and each employer, customer or client.
Article 5 – Act as faithful agents or trustees and avoid conflict of interest and the appearance of conflicts of interest.
Relations With Peers

Article 6 – Build their professional reputation on the merit of their services and not compete unfairly with others.
Article 7 – Assure that credit for the work of others is given to those to whom it is due.

• The Institute of Internal Auditors Code of Ethics

• The Institute of Internal Auditors Code of Ethics (Contd.)

• Conflicts of Interest: Situations sometimes encountered prior to and
during audits include:
– Previous employment of the auditor (or close relative) by the auditee or a major
competitor of the auditee, regardless of the reason for separation
– Holding of significant amounts of stocks or bonds in the auditee’s business or that
of major competitor
– Previous or current close working relationship with the organization
– Prior involvement by the auditor in developing the quality program or procedures
used by the group being audited
– Close relationships within the group being audited
– Offer by auditee of money, goods, of services in the nature of a bribe, kickback, or
secret commission
– Acceptance of gift (money, gratuity, or other thing of value) with more than a
nominal value, or involvement in auditee-sponsored sales promotions or other
activities that may represent or be constructed as a conflict of interest
– Performance of outside work for the auditee that might adversely effect the
auditor’s performance or judgement on the job
• When a Conflicts of Interest Exists:
– The auditor must relay this information to audit program

management or decline to conduct the audit, whichever is more
appropriate
– Actions that management and audit team leader can take include:
• Ensuring that sufficient time has passed to eliminate the conflict
• Assigning a different auditor to cover the specific area of conflict
• Removing the audit or the audit team leader from the team

• Confidentiality:
– The auditor must maintain confidentiality, but not to the point of

performing an inadequate audit
– Each auditor needs to be prepared to sign agreement or utilize
techniques for working around a proprietary area
– Auditors normally are not authorised to obligate their
organizations
– Conduct:
• Proprietary information should never divulged in a sharing situation with other
auditors
• Even body language could disclose proprietary information

• Confidentiality: (Contd.)
– Techniques:
• When auditing in an undisclosed area, the auditor can relay on memory and
not write audit notes
• Auditor must respect the auditee’s wishes and audit around the undisclosed
area
• Remove personnel from undisclosed area for interview
• Ask auditee to certify that the procedure does exist and covers the relevant
process
– Security:
• Companies in certain highly sensitive industries may require that auditors
have or obtain security clearances
• Alternatively to be constantly escorted
– Trust:
• Auditors are expected to exercise due care while performing activities
• Discovery of Illegal or Unsafe Conditions or
Activities:
– When Unsafe Activities are Observed:

• Auditor must not ignore it
• Internal audit- Immediately inform an auditee representative and audit team
leader, who will inform auditee manager
• External audit- Must immediately inform the auditee and create a record of the
situation
• If anyone of audit team is endangered, the audit must be stopped and auditors
returned to a safe area

• Discovery of Illegal or Unsafe Conditions or
Activities: (Contd.)
– When Illegal or Unethical Activities are Detected:

• Auditor has ethical duty to bring the matter to the attention of the client and
appropriate management for action
• Keep a re cord of such matters, safeguard the evidence, and obtain copies of
pertinent documents and records
• Should be aware of their legal responsibilities and rights under the law,
including whistle-blower laws
• Verify and inform the audit team leader, who will inform the auditee and/ or
client

• Social and Cultural Considerations:
– Auditor must be familiar with local customs so that potentially

unethical situations can be interpreted correctly and responded to
appropriately
– The auditor’s awareness and willingness to work with different
cultures will help avoid misunderstandings and ensure the
effectiveness of the audit

• Overcoming Language and • Avoiding Internal Conflict-
Literacy Barriers: of-Interest Problems:
– Audit personnel must either be – Auditor will not be assigned

fluent in the language in which to audit an area of previous
the audit is to be conducted or employment
have the support of a technical – Must maintain confidentiality
expert with the necessary
technical language skills
– Auditor may need to ask
extremely simple questions to
overcome a lack of language
skills
2. Legal consequences
Identify potential legal and financial
ramifications of improper auditor actions
(carelessness, negligence, etc.) in various
situations, and anticipate the effect that certain
audit results can have on an auditee’s liability.
(Apply)

2. Legal Consequences
• Personal and Corporate Liability:
– Each company and each auditor accepts liability for the decisions made
regarding whether to grant certification/registration
– Court of law could be called in for the final decision
– If an auditor provides guidance, even if the guidance fixes the problem,
the auditor still owns the solution. If the recommended solution is not the
best, there may be malicious compliance that will reflect back on the
auditor
– Registrar/ Certification organizations and their auditors face a special
liability during the audit and after registration/ certification
• Audit Record Disclosure:

– Audit records must be treated as confidential information and should not
be disclosed to internal or outside entities without prior approval of the
client and auditee
– Copies of the audit report must be sent to client and/or auditee
3. Audit credibility
Identify and apply various factors that influence
audit credibility, such as auditor independence,
objectivity, and qualifications. (Apply)

3. Audit Credibility
• Auditor Conduct:
– Professionalism is defined as the aims and qualities that
characterize a profession or a professional person
General Standards of Internal Auditing

1. Independence
2. Professional proficiency
3. Scope of work
4. Performance of audit work
5. Management of the internal auditing department

• Communicating with the Auditee:
– Auditor’s temperament is often the key to a successful audit

– Should find an acceptable balance
– Can establish good rapport with an auditee early in the audit by being
respectful, courteous, and appreciative of any special arrangements
made for auditor’s comfort and convenience
– Maintaining open communication channels throughout an audit is
essential
– Should avoid naming names and should emphasize the purpose of the
assessment of the product, process, or system
– For audits that represent a high risk of false claims, or when auditor feels
uncomfortable:
• A second person check should be scheduled to work with the auditor
• Use recording device
• Escort should be present to witness interview

• Audit Ethics:
– ISO 19011 contains six principles of auditing that are ‘Prerequisites for providing
audit conclusions that are relevant and sufficient for enabling auditors working
independently from one another to reach similar conclusions in similar
circumstances
Integrity
Evidence- Fair
based
Approach Presentation
Auditing
Principles
Due
Independence Professional
Care
Confidentiality

• Audit Function Credibility:
– Credible audit is a meaningful audit

– Competent individuals who gather and handle all information
pertaining to the audit in an unbiased and ethical manner
provide a credible audit
– Using a knowledgeable, experienced, skilled, capable, and well-
trained auditor is the most effective way to enhance the credibility
of the audit function
– A good auditor does not have to be an expert in the area being
audited, but the auditor does need to be knowledgeable in the
discipline of auditing
– Able to communicate effectively, both orally and in writing
– Interviewing- ask intelligent, proper questions and listen carefully
Q&A
Back to Contents
Thank You
Back to Contents

Part 1 Auditing Fundamentals PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Part 1 Auditing Fundamentals PDF

Uploaded by

Copyright:

Available Formats

ASQ Certified Quality Auditor (CQA)

Part 1: Auditing Fundamentals

Seetharam Kandarpa, ASQ CQA & ASQ CPGP

• Part 1: Auditing Fundamentals

• Having 14+ years of versatile industrial experience in QA and Production functions at

• Having experience in handling Regulatory Inspections of USFDA, MHRA, WHO, TGA,

• Having Training and certification on 'Cleaning Validation' by Destin A. Leblanc.

• How & Where?

For Timely Updates:

• The Certified Quality Auditor analyzes all elements of a quality

• Quality Auditor Certification Brochure

• Certified Quality Auditor Body of Knowledge

For More Details: asq.org/cert/quality-auditor Continues…

V. Quality Tools and Techniques (26 Questions)

For More Details: asq.org/cert/quality-auditor Back to Contents

4. Common elements with other audits

For More Details: Certified Quality Auditor Body of Knowledge Continues…

For More Details: Certified Quality Auditor Body of Knowledge Continues…

– An examination of a particular product or service (hardware,

– Audit performed on a service is Service Audit

– A detailed inspection of a finished product performed prior to

For More Details: Certified Quality Auditor Body of Knowledge Continues…

– Results often provide information regarding the reliability and

– Product audits are usually accomplished for one or more of the

For More Details: Certified Quality Auditor Body of Knowledge Continues…

– Where the system audit is general in nature, the process audit is

– It revolves around verification of the manner in which: 1) people;

– Process audits are appraisal and analytical in nature

•Are personnel involved in the •Are procedures, work instructions, and

For More Details: Certified Quality Auditor Body of Knowledge Continues…

– An audit conducted on a management system to verify that

For More Details: Certified Quality Auditor Body of Knowledge Continues…

– A desk audit or document review is an audit of an organization’s

– Can be at a desk since people are not interviewed and activities

– Must be conducted prior to process or system audit

– Findings help ensure that audit program resources are used

– May be conducted periodically or when changes occurred to verify

For More Details: Certified Quality Auditor Body of Knowledge Continues…

– First-party Audit (Internal audit)

Internal Audits External Audits

First-party Audits Second-party Audits Third-party Audits

For More Details: Certified Quality Auditor Body of Knowledge Continues…

– Performed within an organization to measure its strengths and

– Conducted by auditors who are employed by organization but have no

– In many cases independence can be demonstrated by the freedom from

– Companies may have separate audit group or hire (outsource) an audit

For More Details: Certified Quality Auditor Body of Knowledge Continues…

– A Survey, sometimes called an assessment or examination, is a

For More Details: Certified Quality Auditor Body of Knowledge Continues…

– Independence is key component

– May result in certification, registration, recognition, award, license

For More Details: Certified Quality Auditor Body of Knowledge Continues…

– Audits conducted by government (e.g. USFDA) are described as

For More Details: Certified Quality Auditor Body of Knowledge Continues…

• An auditor may specialize in types of audits based on

• Some audits have special administrative purpose such as

For More Details: Certified Quality Auditor Body of Knowledge Continues…

– One way to comply is to have management systems certified by third-

– Customer may require suppliers to conform to standards (like ISO 14001)

– Third-party audits for system certification should be performed by

For More Details: Certified Quality Auditor Body of Knowledge Continues…

• Terms Certification and • Term Accreditation is used when

For More Details: Certified Quality Auditor Body of Knowledge Continues…