Professional Documents
Culture Documents
Effective Internal Audit Planning PDF
Effective Internal Audit Planning PDF
Outline
• Definitions of Key Audit Terms
• Types of Audits
• Nonconformance Types
• ISO 9001:2008 Internal Audit Requirement
• CommonNCR’ si s
suedbyRe gis
tra
rsrelat
e dtoAudi ts
• Miss-Conceptions About Auditing
• What does the Industry and Product/Process have to do with Planning an Audit?
• How much do I invest in Auditing?
• Why do we Audit?
• First Party Audit Process Steps
• Planning Audits
• Typical Audit Schedules and Forms
Audit Types
•First Party
When a Company uses an internal person to perform an Audit on itself.
•Second Party
When a Company uses an internal person to perform an Audit
on its Supplier or an other organization.
•Third Party
When a Company is Audited by a third party independent of the
Compa ny’
sCustome r
.
Nonconformance Types
•Major
When the Quality System exhibits a void where an element of the
system has not been documented, implemented or is not effective.
In addition, the nonconformance does risk the shipment or delivery
of nonconforming material to the Customer
•Minor
When the Quality System is documented, implemented and effective, but
has exhibited a random nonconformance. The nonconformance does not
risk the shipment or delivery of nonconforming material to the Customer
•Comment
When an Auditor identifies an improvement opportunity that is not
a major or minor
5.0
Management
Responsibility
Customers
6.0 8.0
Customers Measurement,
Resource Analysis and
Improvement Satisfaction
Management
7.0
Input Product Output
Requirements Realization Product
CommonNCR’
sis
sue
dbyRe
gis
trar
sre
lat
edt
oAudi
ts
• Audit Plan/Schedule does not address all elements (major paragraphs)
of the ISO 9001:2008 standard
• Audit Plan/Schedule does not address multiple facility locations, work
shifts (shift 1, 2 & 3) or scope of business/registration
• Audit plan/schedule is not approved
• Audits are not completed as scheduled
• Audits are performed by personnel who audited their own work
• Audit results do not have written signature or electronic signature by
Auditor with date
• Audits were not conducted in an effective manner
• Auditor(s) received no internal auditor training
• I can not conduct 1 audit of the ISO 9001:2008 QMS each year
• We must use an outside contractor to perform our audits
• All the ISO 9001:2008 elements need to be audited every year
• Ifyoudon’ tspend2-5 hours on each audit, then you are not doing your job
• The Auditor must prepare a checklist list using his or her own questions in
order to perform an effective audit
• I can use typed audit checklists with typed in results with typed in names and
dates (no written or electronic signature)
• If the Audit Report does not weight 3 pounds, then it must not have been
performed correctly
• Wec an’tuset herec eptionistorf i
nanc epersont oc onduc ta udi
ts ,because
she/he does not know what we do
Jan. 20, 2010 By David Collingham, CQE/CQA IQR-TRG-012010 Rev. A
www.IQRCORP.com International Quality Registrars Corp. All Copy Rights Reserved by IQR.
Effective Internal Auditor Planning
What does the Industry and Product/Process have to do with
planning an Audit?
• Critical, High Risk and High Exposure Industries/Products/Processes:
Point 2 •
High Maintenance
•
High Failure/Reject Rate
Appraisal/
Prevention
Investment;
Audits
•
Low Risk
•
Low Complexity
•
Not Critical to End Mission
Point 1
•
Low Maintenance (*) Graph
•
Low Failure/Reject Rate not to scale
1 2 3 4 5 6 7 8 9 10
Risk Level High
Why do we Audit?
•s
Planning Audits
Example 1 (continued)
•s
Procedure