Professional Documents
Culture Documents
COMMITTEE-IN-CONFIDENCE
Reference number of working document: ISO/TC 176/SC 3/WG 7 N94
Date: 1998-02-27
Working Draft: WG 7-WD 3
Committee identification: ISO/TC 176/SC 3/WG 7
SC 3 Secretariat: NN1
WG 7 Convenership: SAA
Foreword.............................................................................................................................3
Introduction..........................................................................................................................5
1.1 Scope..........................................................................................................................6
SECTION 2: AUDITING
3.1 General.....................................................................................................................26
ANNEX B: EXAMPLES.....................................................................................................35
International Standards are drafted in accordance with the rules given in the ISO/IEC
Directives, Part 3.
Draft International Standards adopted by the technical committees are circulated to the
member bodies for voting. Publication as an International Standard requires approval by
at least 75 % of the member bodies casting a vote.
This draft revision of ISO 10011 prepared by ISO/TC 176/SC 3/WG 7 covers the scope of
the existing three parts of the Standard, and proposes a single document having three
sections and four informative Annexes.
It proposes a more generic approach to auditing based on the competence required for
successful audit, and which needs to be considered in planning and managing audits.
Competence requirements differ significantly between audits, and the draft presents a
step-by-step approach to identifying requirements and ensuring that the necessary
competence and resources are available in the audit team. (However, readers need to be
aware that in many cases the audit ‘team’ will be one person who has the necessary
competence for the particular audit: Typical examples of a one-person audit team could
include internal audit of a small business or a third-party certification audit of a medium
sized enterprise.)
The ISO 9000 series emphasizes the importance of quality audit as a key management
tool for achieving the objectives set out in an organization's policy. The quality system
audit also provides objective evidence concerning the need for the reduction, elimination
and, especially, prevention of non-conformities.
Any organization which has an ongoing need to carry out audits of quality systems should
establish a capability to provide overall management and performance of the entire
process.
ISO 10011, Auditing, provides guidelines for managing and performing an audit of a
quality management system of any organization. It allows users to adjust the guidelines
described to suit their needs and contains the qualification criteria for auditors to ensure
that the audit is carried out effectively and consistently.
1.1 Scope
This International Standard provides the general principles of auditing. It describes how a
series of audits is managed, provides guidelines for performing quality audits, and
describes criteria by which quality auditors are able to demonstrate their competence.
This standard is applicable to quality management system audits specifically, and is
sufficiently general in nature to allow its use in many different types of audits, including
audits of integrated management systems.
1.2 Normative references
The following normative documents contain provisions, which through reference in this
text, constitute provisions of this International Standard. For dated references, subsequent
amendments to, or revisions of, any of these publications do not apply. However, parties
to agreements based on this International Standard are encouraged to investigate the
possibility of applying the most recent editions of the normative documents indicated
below. For undated references, the latest edition of the normative document referred to
applies. Members of IEC and ISO maintain registers of currently valid International
Standards.
For the purposes of this International Standard, the terms and definitions given in
ISO 8402 and the following apply:
NOTE 1: See also the Glossary, Annex D, for the ISO 8402 definition and further
explanation of quality audits and their applications.
1.3.3 Auditor A person who has the qualification and competence to perform an
audit.
Audits also examine and evaluate the controls associated with systems, activities
or processes. This evaluation will determine if these controls are meeting stated
objectives. Audits evaluate conformity to planned arrangements, activities and
related results; their effectiveness and their ability to meet stated objectives.
2.1.3.1 Audit team members and audit management staff are qualified and
competent.
2.1.3.2 Audit team members abide by a code of ethics and are independent
of the function audited.
A code of ethics may include auditor behaviour, integrity, confidentiality and other
attributes. Audit team members should be objective and free from bias and conflict
of interest throughout the process. (See Annex B.)
Authority for the audit may result from legislation, regulation, contract, company
policy, or at the request of management.
Prior to conducting an audit, the audit is planned to ensure that it is carried out in
an efficient, effective, and organized manner.
It is essential that audits are managed to ensure, for example, that resources are
appropriate and the results are consistent and credible. The following guidance is
appropriate to all organizations who need to manage one or more series of audits.
Organizations may manage one or more series of the following types of audits:
-0 external systems audits (second and third party),
-1 internal systems audits, (first party)
-2 process audits,
-3 product audits, (including service audits)
The relationship of some different types of audit is illustrated in Figure 2, and further
explanation of audit terms and applications is provided in the Glossary, Annex D.
Management of Audits
(procedures, resources, personnel)
A small organization
Individual
may only need to Audits
implement one series
of audits
The organization should first establish the authority for managing audits.
Authority for managing internal audits is granted by executive management. Authority for
managing external audits is obtained from executive management, the client and the
auditee, as appropriate.
Objectives should be identified to assist in planning and implementing the types of audits
to be conducted.
The scope or extent of activities to be audited should be defined, considering factors such
as:
a)0types of audits;
b) business, industry or economic sectors of operation;
c) the number, nature and locations of the organization’s activities and sites to be
audited, (including, for example, locations in other countries);
d)0legal and regulatory issues;
d)1potential needs for accreditation and registration/certification;
d)2operational performance feedback; and
d)3organizational policy.
2.2.3.1 Responsibilities
The responsibilities for managing and conducting audits, as described in this International
Standard, may be performed by one or more individuals, for example audit manager, lead
auditor and auditor. In some organizations there may be only one individual responsible
for managing, coordinating and conducting audits, and this individual may have other
responsibilities and perform other tasks within the organization.
The resources needed to manage and conduct audits should be identified and provided.
Depending on the size of the organization, this may involve only the identification of costs
associated with auditing time requirements and providing the necessary training to
maintain auditor competence.
Auditors require specific attributes, knowledge and skills, as described in Section 2 of this
International Standard. A documented process for identifying and recording the necessary
competence should be developed and implemented.
2.2.3.4 Procedures
The procedures for managing and conducting audits should be documented and
maintained.
A series of audits (e.g. a cycle of supplier evaluation audits, or a yearly cycle of internal
audits) should be established by performing a review with the client to determine, among
other considerations, the:
The objectives and scope should be clearly defined in such a manner as to describe the
intent of the audit outcome necessary to meet the client’s needs and take into account the
results of previous audits.
For a series of internal audits, this review process may be greatly reduced and result in
the documentation of an agreed audit schedule indicating management approval.
The progress and results should be reported to and reviewed with the client at defined
intervals. Action should be taken to assure the suitability and effectiveness of the reporting
activities. Changes in the reporting process should be agreed and documented.
Each series of audits should be reviewed for effectiveness and suitability in achieving
objectives, and for possible improvements such as methods, economy and efficiency.
Means of identifying opportunities for improvement in audit management can include:
a)0 overall evaluation of the methods and effectiveness of the audit organization,
by internal audit and other means;
a)1 evaluation of auditor performance ;
a)2 review of the audit reporting process and records retained;
a)3 examining complaints, appeals and other feedback, e.g. from clients and
auditees;
a)4 reviewing the requirements of external organizations, where applicable;
a)5 assessing the results of the audits on the management system;
a)6 evaluating effect of the audit outcome on the auditee’s product;
a)7 determining mechanisms by which consistency of audits are achieved;
a)8 examining other guidance as defined in this standard.
2.2.6 Records
Audit completion
Follow up
Each individual audit should be based on clearly defined objectives and scope. Examples
of audit objectives are
The audit scope may describe the system elements, processes, products, sites and
activities to be audited. It should also consider the depth and focus of the audit. Where
concurrent audits are planned to be performed by different organizations or quality system
audits are combined with other types of audits (such as Environmental Management
System audits, safety audits), care should be taken to clearly define the objectives and
scope.
The objectives and scope should be communicated to the auditee prior to the on-site audit
activities.
Responsibility for the audit includes determining feasibility. Where the audit is feasible, a
team leader should be selected and notified. In consultation with the client, the audit team
leader identifies the overall resources necessary such as the audit team members, and
makes provision for any other resources required. Where the audit is not feasible, a
solution acceptable to the client should be proposed in consultation with all the
participating parties.
When deciding the size and composition of the audit team, consideration should be given
to the following:
The technical or other expert provides additional understanding of any specific issues and
guidance on the significance of any observations.
The relationship between the audit scope, objectives and requirements and the decisions
to be made by management in establishing the audit team is illustrated in Figure 4.
Managing Audits
(assemble team to meet
the input requirements)
Expert
Audit team member competence - technical
- industry sector - service competence
- manufacturing - design
- regulatory
Figure 4
The audit team leader should contact the auditee to establish communication channels,
request documentation and historical records, if needed, and to initiate the arrangements
for the audit. The need for accompanying persons such as auditors-in-training, observers,
or guides for the auditor should be agreed with the auditee.
2.3.1.6 Initial review
The auditee's quality system documentation necessary for the audit, previous audit
reports and any other relevant documents should be subject to an initial review.
The documentation should be reviewed for adequacy taking into account the size and
complexity of the organization, and its products and processes, in order to determine
2.3.2.1 Audit plan
The audit team leader should prepare the audit plan, which should be reviewed and
accepted by the client. This plan provides detailed information to the audit team, auditee
and client and facilitates scheduling and coordination of further audit activities.
Where a defined level of confidence is required in the outcome of the audit, the use of
adequate statistical techniques should be considered to control the depth and focus of the
audit and this level of confidence should be included in the audit plan.
The amount of detail provided may differ between internal and external audit situations
and also between initial and subsequent audits. Detail should also be adapted to suit the
size and complexity of the auditee’s organization.
The audit plan should be sufficiently flexible to permit changes, such as any changes in
emphasis which may become necessary as the on-site auditing activities progress. (Such
changes may need to be reviewed and approved by the client.)
The audit team leader or any other appropriate party should prepare any audit logistics
(such as travel arrangements) needed.
2.3.2.4 Work documents
a)0 audit procedures, sampling plans defined in documented procedures or in the audit
plan;
a)1 checklists;
a)2 forms for recording information, supporting evidence, records of meetings and audit
findings;
The use of work documents, such as checklists and proformas, should not restrict the
scope of audit activities.
2.3.3.1 Opening meeting
The following list of items may be considered for discussion at the opening meeting.
In many instances a simplified approach may be taken depending on the audit objectives
and scope.
The guide should assist the audit team, act on request of the auditor and witness the
performance of the audit on behalf of the auditee. Guides may also have additional duties,
for example, ensuring that rules concerning safety procedures are known and respected
by the auditor on site. Care should be taken to ensure that the guide does not exercise
undue influence or interference.
2.3.3.3 Collecting information
Information may be obtained in different ways from several sources such as:
a)0 interviews;
a)1 observations of activities and the surrounding work environment and conditions;
a)2 internal documentation, for example, plans, customer feedback, internal audit
reports, documented procedures, instructions, specifications, drawings;
a)3 records, such as inspection records, meeting minutes, reports or logbooks;
a)4 data summaries and analyses;
a)5 reports from other sources, for example, external laboratory reports and vendor
ratings.
Interviews are an important means of collecting information and should be carried out in a
manner adapted to the situation and person interviewed. However, the following should be
considered by the auditor:
a)0 in order to obtain representative information, persons from different levels within the
auditee’s organization may be interviewed during the audit, especially those
persons performing activities or tasks under consideration;
a)1 the interview should be performed at the normal workplace of the interviewed
person, if possible;
a)2 every attempt should be made to put the interviewed person at ease prior to the
actual interview;
a)3 the reason for the interview and any note taking should be explained;
a)4 the interviewed persons should be asked to describe the nature of their work and
how it is carried out, or to describe a particular issue under consideration;
C:WD2N841.doc Page 21 (10)
ISO/TC 176/SC 3/WG 7 N94 – rev 3
a)5 the results from the interview should be summarized and any conclusions drawn
should be verified where possible; and
a)6 the interviewed persons should be thanked for their co-operation during the
interview.
The information collected during the audit should be verified or confirmed by the auditors,
using alternative sources where possible. Such information, after verification, can be
considered to be objective evidence, which should then be evaluated for significance
relative to the specified requirements. Information which appears relevant but cannot be
verified should be identified and recorded.
Should a significant concern arise which is outside the scope of the audit, it should be
noted and reported to the audit team leader, for possible communication to the client and
auditee. Any need for major changes in emphasis which may become apparent as an-site
auditing activities progress (e.g. as a result of identifying nonconforming activities) should
be reviewed with (and possibly approved by) the client.
Where the available evidence indicates that the audit objectives are unattainable, the
audit team leader should report the reasons to the client and the auditee to determine the
appropriate action, which may include termination of the audit or a change in the objective
of the audit.
The information collected during an audit will inevitably be only a sample of the
information available, since an audit is conducted during a limited period of time and with
limited resources. There is thus an element of uncertainty inherent in all audits, and users
of the result of audits should be aware of this uncertainty.
2.3.3.5 Audit findings
The audit team should review their findings at suitable stages during the audit, and in
particular prior of the closing meeting with the auditee.
The audit team should confer prior to the closing meeting in order to:
However, in many instances such as internal audits, a simplified approach may be taken
for the audit team review and the subsequent closing meeting.
A closing meeting should be held with the auditee's management and those responsible
for the functions audited. The purpose of this meeting is to present audit findings in such a
manner as to ensure that they are clearly understood and acknowledged by the auditee.
The audit team leader should present the audit team's conclusions in line with stated audit
objectives and scope. Any outstanding diverging opinions between the audit team and the
auditee should be discussed and if possible resolved. If not resolved, both opinions should
be recorded.
If required by audit objectives, scope or documented procedures, the audit team leader
may present the team's recommendations for improvements to the quality system,
emphasizing that recommendations are not binding. The auditee should determine the
extent, the way and means of actions to improve the quality system.
The audit team leader is responsible for the preparation, accuracy and completeness of
the audit report.
An audit report should provide all interested parties with an accurate record of the audit
findings and conclusions. These can include whether
-0 the quality system conforms to the specified audit requirements,
-1 the system is properly implemented and maintained and
-2 the implemented quality system is effective in meeting stated policy and
objectives.
The audit report should be issued within the agreed time period. If this is not possible, the
reasons for the delay should be formally communicated to both the client and the auditee
and a revised issue date agreed.
The report should be dated and signed by the audit team leader and reviewed and/or
approved as defined in appropriate documented procedures.
The audit report should be sent to the client, whose responsibility is to provide the auditee
with a copy of the audit report, and to decide, in consultation with the auditee, upon any
distribution outside the auditee's organization.
The audit report is the property of the client and confidentiality should be respected and
appropriately safeguarded by the auditors and all report recipients.
2.3.4.4 Record retention
Work documents and draft and final reports pertaining to the audit should be retained by
agreement between the participating parties, and in accordance with any applicable
requirements.
The audit is completed when all activities in the audit plan have been concluded, including
the distribution of the approved audit report.
2.3.6 Follow up
The auditee is responsible for determining and initiating any corrective action needed to
deal with a nonconformity. Corrective action and subsequent follow up actions, which may
include audits, should be completed within an agreed time period. The auditee should
keep the client informed of the status of corrective action activities.
3.1 General
The use of predetermined minimum levels of education, specific training and amounts of
work experience to define generic auditor qualifications is only appropriate for the initial
qualification of potential auditors, and should not be applied indiscriminately to all audit
situations. The assignment of auditors for a specific audit requires a more detailed
evaluation of the competence required to meet the particular audit objectives.
The concept contained within this standard is that the specific audit competence
requirements needed to meet particular audit objectives are first identified and defined,
and then evaluated and compared with the competence possessed by individual auditors,
as a basis for selecting a team to perform the audit (a ‘team’ being one or more auditors
posessing the necessary competences).
This information can also be used as a basis for continual improvement, e.g. to further
develop the auditing capability of an organization, or to identify weaknesses in the
education, training and work experience of individual auditors and thus form the basis for
their further professional development.
3.2.1 Prerequisites
Fundamental abilities for an auditor, i.e. those which are essential in all audit situations,
include, for example, the ability to plan and organize audit activities and perform in a
timely manner, to interact, communicate and obtain objective evidence effectively. Further
guidance is provided in Annex C, are examples are listed in Clause C.2.1.
The personal attributes which an auditor should possess in order to achieve effective use
of these fundamental abilities include interpersonal skills such as tact, open-mindedness,
and maturity, and characteristics such as tenacity, decisiveness, self reliance and sound
judgement. Further guidance is provided in Annex C, and examples are listed in Clause
C.2.2.
Auditors require good communication skills, i.e. they need the ability to communicate
clearly and concisely in writing, the ability to read and comprehend audit documentation,
to be articulate, and to be able to listen and ask questions effectively during an audit.
In complex situations the auditor should also have the ability to understand operations
from a broad perspective, e.g. to understand the role of individual units within the overall
organization
These core competence requirements are an integral part of the audit team competence
as shown in Table X, Audit Team / Auditor Selection (see Clause 3.3) .
3.3.1 General
Managers of audit activities should define the core competence requirements for auditors
who are to perform audits. These should include initial qualification requirements for
potential auditors, including auditors in training, and any education, training and work
experience necessary to meet ongoing competence requirements.
Auditor, audit team leader and audit team competence should be subject to a documented
evaluation process, and to ongoing periodic evaluation.
The process for evaluating audit team and auditor competence needs to be planned to
provide an outcome that is consistent, fair and reliable. Determination and evaluation of
competence requires the following steps:
This method can be used as a tool to evaluate potential auditors, for the ongoing
professional development of individual auditors and for audit team selection. Evaluation
can be undertaken by a competent person or a panel as assigned by those responsible
for the management of the audit.
In Table X, column 1 contains a set of core competencies. Column 2 should define the
specific competence requirements necessary for the potential auditor or auditor in
training, auditor and/or audit team leader as required. Column 3 should define the
indicators to be used to measure performance. Column 4 identifies the method by which
performance is to be evaluated and column 5 how the evaluation method is to be applied.
1) Identify the method (or methods) most appropriate to evaluate each specific
competence and the competence indicators. This will complete column 4 of Table X. The
method chosen should take into account the desired level of reliability for the evaluation
process.
2) Identify the specific application or way in which the evaluation is to be made, for each
core competence and competence indicator. This will complete column 5 of Table X.
General auditing
skills
Knowledge and
understanding of
reference
documents
Understanding of
organisational
situations
Sector specific
knowledge
Audit teams should be selected by those responsible for managing the audit after
identifying competence requirements for the audit, and based on the specific audit
objectives, scope and criteria. Audit team competence can be evaluated using the method
documented in 3.3.2. and the competence of available auditors to undertake the audit can
compared against the team requirements.
Selection of audit team members will also depend on planning to estimate the duration of
the audit and the number of auditor-days required.
Managers of audit activities should ensure that all audit team competence requirements
are met either by a single auditor, multiple auditors or in combination with technical or
other experts.
Auditors should maintain their knowledge of any new standards or requirements relevant
to the audit situations which they are expected to encounter, and the current
interpretations associated with those requirements.
Auditors should maintain their knowledge of audit practices and the most current
application of those practices to sustain their auditing effectiveness.
Auditing involves the use of unique combinations of technical skills, interpersonal skills
and communications skills which requires continual use in order to maintain effectiveness.
Auditors should therefore maintain their auditing skills through regular practice to ensure
those skills are current.
3.5.4 Awareness of current issues
Auditors should keep abreast of current issues related to quality auditing through training,
reading, and professional contacts. This awareness may be satisfied through more formal
refresher training or special courses as judged necessary.
Auditors should adhere to a strict code of ethics. The following example of a typical code
of ethics for third-party auditors is provided as a model, and can be freely adapted,
particularly with respect to internal audit situations. However, a code of ethics should
reflect the principles set out in the model. Each person in charge of managing a series of
audits should adopt an appropriate documented code and obtain a formal undertaking
from the auditors to respect the code.
2.0 Striving to increase the competence and prestige of the profession and aiding the
professional development and advancement of those in the auditor’s employ or under
the auditor’s supervision.
4.0 Disclosing conflicting or competing interests that may be in conflict with the interests of
a client, an employer, or an auditee. These interests include:
4.1 Auditing a competitor of an organization, division, or business unit by which the
auditor is employed or
4.2 Auditing an organization in which the auditor has a consulting arrangement in effect
unless written approval is received from both parties.
4.3 Auditing an organization where the auditor may have business connections,
interest, affiliations that might influence the auditor’s judgement or impair the
equitable character of the auditor’s services, including, financial, familial, or
personal; such restrictions to apply for one year after the termination of the
interest or affiliation.
8. Not accepting compensation from more than one party for the same service
without the consent of all parties. If employed, the auditor shall engage in supplementary
auditing or consulting employment only with the consent of the auditor’s employer.
9. In the event of any alleged breach of this code, cooperating fully in any formal
inquiry process.
Annex B:
(Informative)
EXAMPLES
Introduction
Gropper Gloves is an SME making an exclusive brand of lead gloves for the fishing
industry. The organisation has 8 employees and uses old technology presses to wrap the
gloves on to steel fingers. The finished gloves are then removed, visually inspected,
tested for leaks, pained green and packed in paper bags for despatch to the customer.
The organisation is certified to ISO 9002.
Audit Objective
Audit Scope
The scope of the audit limited to ISO 9002, Clause 4.9 (part).
Audit Requirements
Introduction
Banque de Credit Launder is a well established bank catering for a wide range of
international clients seeking to deposit large sums of cash for short periods and then
withdrawing their funds in other forms of currency such as bonds, negotiable notes,
gold and other non traceable securities. The bank has a strong investment division
but does not offer insurance or superannuation services as this is not favoured by
their particular client base. The Banks headquarters are located in the Crook Islands
and it operates a number of branches located in key international cities around the
world. Most transactions are performed electronically through a numbered banking
account system and personal contact with clients is rarer. Clients are generally
represented by a third party with appropriate power of attorney. The bank is certified
to ISO 9001 for design as its customers require an innovative range of investment
portfolios in order to ensure that their funds are secure from taxation and other
restrictive regulatory practices.
Audit Objective
Audit Scope
The scope of the audit will be a full ISO 9001 system audit to be conducted at the
banks head office.
Audit Requirements
The requirements will be those specified in ISO 9001, the sector application guide
developed by the relevant banking association and Banque de Credit Launder’s own
quality policy and procedures manuals.
TABLE B3 Audit Team/Auditor Selection: Example 3
Ability to conduct Acted as an audit Demonstration Observation of Performed ten full Performed four full
quality auditors to team member in audits system audits in system audits in
ISO 9001 audits of financial banks and acted banks and
institutions for a as a lead auditor in insurance
minimum of four four full system organisations.
full system audits audits
and as an audit
team leader for
two audits
Audit Team Competence Auditor Evaluation Potential Team Members
(Section 3) (Section 3.3) (Section 3.4)
Introduction
This can be done on the basis of a generic set of defined prerequisites in order to
simplify the selection process of audit teams for each individual audit.
The defined generic prerequisites may reflect the organisations scope and extend of
activities.
EXAMPLE
Generic:
Specific:
From this list a number of generic (minimum) prerequisites can be identified based
on the fundamental similarities in all situations.
Prior to each audit, the specific competencies must be identified and used for the
assessment of the audit team competence.
Minimal Objectives
Minimal Scope
Core competences specific competences competence indicators Method Application Auditor A B etc.
Knowledge and skill of Practical knowledge of At least a degree or Records
quality principles and application of quality equivalent. A minimum of 4
techniques principles years work experience after
the degree
General auditing skills Ability to perform a third Completed an international Records
party quality audit recognised quality lead-
auditor training course.
Observe two complete
audits. Records
Successfully carry out Demonstratio
twenty mandays auditing n/Records
under supervision and
guidance of the Team
Leader
Ability to lead a third Successfully participate at Demonstratio
party audit team least five times as Team n/Records
Leader under supervision
and guidance of an
experienced team leader
Audit organisations culture Fit within the audit Successfully pass the Demonstratio
organisers specified organisations human n/Records
personal attributes and resources selection process
skills
Knowledge and High level of knowledge Completed ISO 9001 Records
understanding of reference of ISO 9001 in multiple training course.
documents applications Practical experience with Records
the establishment of quality
management system based
on ISO 9001/2
Understanding of Knowledge and A minimum of 2 years Records
Organisational situations understanding of management experience
managing an
organisation
Sector specific knowledge
1 2 3 4 5 6 7 8
Annex B - Example 4 (Scenario: Exploration vehicle development and
manufacture)
Introduction
Egocentric Dynamics is a large single organisation involved with the design and
manufacture of a remote controlled explorer vehicle used for rock evaluation on the
planet Zog.
The organisation has 1,500 employees and uses advanced technology to produce
special vehicles.
Audit Objective
The objective of this audit is for Bestever Quality Assurance which is a Third Party
Certification Body/Registrar to determine the degree of conformity of Egocentric
Dynamics quality management system with ISO 9001.
Audit Scope
Audit Requirements
Core Competence Specific Competence Indicators Method Application Auditor A Auditor B Auditor C
competence for
this audit
Knowledge and Practical Successfully completed Examination Review the results Completion of this Completion of this Completion of this
skills of quality knowledge of the a training course in of a training course course course course
principles and application of quality assurance and
techniques quality principles in management principles
the automotive specific to the
industrial sector. automotive sector.
Implemented and/ or Records Interviews, Implemented a
maintained a reference checking certified quality
certified/registered and testimonials system in a major
quality management used to confirm Automotive plant
system preferably within work experience designing and
the automotive industrial gained manufacturing xxx
sector.
General Auditing Ability to Completed an externally Examination Review the results Completed as Completed an Completed an
Skills understand the recognised auditor of external training internationally internationally internationally
applications of ISO training course course recognised quality recognised quality recognised quality
9001 in a very lead auditor auditor training auditor training
specialised and training course course course
high technology
environment within
the automotive
sector.
Ability to lead/ Acted as an auditor team Demonstration Two complete Completed 420 Completed 27 third Completed 15 third
conduct third party member in third party audits subject to third party audits party audits as a party audits in the
quality system audits in the automotive independent as team leader in support auditor in automotive sector
audits to ISO 9001 industrial sector for a witnessed the automotive the automotive and 180 in the
minimum of ten full assessment with sector sector computer software
system audits and as an the remainder sector
audit team leader for five monitored by more
audits. All audits subject experienced
to witnessed members of the
assessment. team.
Audit Team Competence Auditor Evaluation Potential Team Members
(Section 3) (Section 3.3) (Section 3.4)
Core Competence Specific Competence Indicators Method Application Auditor A Auditor B Auditor C
competence for
this audit
Ability to apply Been part of an audit Demonstration As above Automotive sector Automotive sector Computer software
automotive and/or team for at least five
computer software audits using automotive
sector application and computer software
guides to third sector application
party audit guidance.
situations.
IRCA or similar auditor Records Check registration IATCA Registered RAB Registered IRCA Registered
registration card or verify by Lead Auditor Auditor Tick IT Auditor
contacting the
Registration Body
Knowledge and High level of Successfully completed Examination Review result of Completion of this Completion of this Completion of this
understanding of knowledge of ISO an ISO 9001 training training course training course training course training course
reference 9001 in multiple module with an
documents applications automotive bias
Detailed Received on the job Examination Review results of Completion of Completion of completion of
knowledge of the training in the application training course training course training course training course
automotive sector of the sector guides
applications guide
and supplementary
requirements
specific to the
automotive
industry.
Detailed Successfully completed Examination Review results of N/A N/A Completion of
knowledge of ISO a Tick IT auditor training training course training course and
9000-3 and other course some participation
documentation in the development
relevant to of the sector guide
computer software
sectoral schemes
such as Tick IT
1 2 3 4 5 6 7 8
Audit Team/Auditor Selection
Core Competence Specific Competence Indicators Method Application Auditor A Auditor B Auditor C
competence for
this audit
Understanding of High level of Previous employment within Records Interviews, Over 30 years Former employee Although not
organisational understanding of the automotive industry or reference experience in the of this company originally from this
situations the modern and similar is essential for at least checking and automotive many years sector, he has
advanced one member of the team testimonials used industry regularly previous as a acquired
organisational to confirm work keeping abreast technician significant
management experienced with new apprentice knowledge of the
systems in the gained meets developments by automotive
automotive industry requirements membership and industry in recent
attendance at years. Gained
meetings of the mainly through
Automotive training and from
societies and also auditing
by reading experience within
journals this sector
Well versed in At least 2 years practical Records
Project experience of Project
Management Management through
techniques and participation as a member of
modern methods of the team
procurement
Familiar with This can be gained through Records
functional/ cellular in-house cascade training or
group working from recent work related or
styles now endemic auditing experience
throughout this
industry
Awareness of This can similarly be attained Records
cultural working through in-house training or
practises and from recent work related or
demarcation issues auditing experience within the
specific to the automotive sector
automotive sector
Audit Team Competence Auditor Evaluation Potential Team Members
(Section 3) (Section 3.3) (Section 3.4)
Core Competence Specific Competence Indicators Method Application Auditor A Auditor B Auditor C
competence for
this audit
Sector specific Detailed knowledge Hold a degree or equivalent Examination and Interviews, Chartered
knowledge of design on in mechanical engineering records reference mechanical
development of with 5 years design checking and engineer - 20
special purpose experience of motor vehicles testimonials used years working
tracked vehicles to confirm with design of
experience main battle tanks
and tracked
armoured
recovery vehicles
Detailed knowledge Hold a degree or equivalent Examination and Interviews, Technician
of design and in electrical engineering with records reference engineer with 15
development of 5 years experience in checking and years electrical
remote controlled Electrical and electronic testimonials used design
vehicle electric equipment to confirm experience with
motors and experience NASA on the
associated electrical similar lunar
and electronic remote vehicle
control equipment project
Highest level of Hold a degree or equivalent Examination and Interviews, Software engineer
experience with in computer science with 4 records reference with 6 years
hands-on years experience in safety checking and experience in the
development of critical software development testimonials used aerospace sector
safety critical to confirm and 3 years
software including experience acquired
subsequent testing experience in the
automotive
industry gained
through audits
Audit Team Competence Auditor Evaluation Potential Team Members
(Section 2.3) (Section 2.4) (Section 2.5)
Core Competence Specific Competence Indicators Method Application Auditor A Auditor B Auditor C
competence for
this audit
Advanced Hold a degree or Examination and Interviews, Gained a
standard of equivalent in mechanical records reference checking supplementary
technical engineering, metallurgy, and testimonials degree in materials
knowledge for or materials science with used to confirm science as a
selection and a minimum of 4 years experience mature student.
processing of a experience Acquired
wide range of experience through
materials and 9 years auditing
special processes.
This will include
fusion welding of
highly
sophisticated non-
ferrous metals and
their associated
testing
1 2 3 4 5 6 7 8
ANNEX C AUDITOR FUNDAMENTAL ABILITIES,
PERSONAL ATTRIBUTES AND
COMPETENCE REQUIREMENTS.
C.1 General
This International Standard recognizes that that there are certain prerequisites for
effective audit, which include those fundamental abilities required in all audit situations,
certain personal attributes of the auditor, and core competencies which need to be
available in all audit teams if the audit is to be conducted effectively. Section 3 describes
their application to the qualification and competence of quality auditors and audit teams.
This Appendix provides further guidance on these fundamental abilities, personal
attributes and competence requirements as an expansion of the guidance in Section 3,
and may be of assistance when using the tables in Section 3.
In complex situations the auditor should have the ability to understand operations from a
broad perspective, e.g. to understand the role of individual units within the overall
organization
Auditors also require good communication skills, i.e. they need the ability to communicate
clearly and concisely in writing, the ability to read and comprehend audit documentation,
to be articulate, and to be able to listen and ask questions effectively during an audit.
C.2.2 Personal Attributes
In order to achieve effective use of the fundamental abilities, the auditor should possess
personal attributes that include, but are not limited to the following:
C.3.1 General
Core competence requirements are an integral part of the audit team and auditor
selection and assignment process, as described in Clause 3.3. Typical requirements
which may need to be considered in determining auditor competence are:
-0
-1 knowledge and skills of quality principles and techniques
-2 general auditing skills
-3 knowledge and understanding of reference documents
-4 understanding of organizational situations
-5 sector specific knowledge
Knowledge and skills of quality principles and techniques is necessary to enable the
auditor to examine the quality systems and determine that it is being properly applied.
Typical areas of competence necessary to achieve this objective include:
-0 Quality terminology;
-1 Structure and function of quality management systems;
-2 Practical knowledge of the application of basic quality system practices and
processes;
-3 Understanding the application of quality tools used by auditors and auditees;
-4 Evaluation of the significance of collected information and their impact on quality.
Sector specific knowledge is necessary to enable the auditor to understand the application
of quality within particular business, industry, or economic sector, business, government
and service sectors. Knowledge of the following may be required:
This Glossary is intended to explain the terms used in this document which are specific to
auditing, in order to augment and summarize the application of the term in the text.
Terms from ISO 8402 have been included where relevant, however terms used in this
document may have a broader application in an audit context than the definition given in
ISO 8402 as applicable to ISO 9000.
NOTES:
1.0 The quality audit typically applies to, but is not limited to, a quality system or elements thereof,
to processes, to products or to services. Such audits are often called `quality system audit',
`process quality audit', product quality audit' or `service quality audit'.
1.1 Quality audits are carried out by staff not having direct responsibility in the areas being audited
but, preferably, working in cooperation with the relevant personnel.
1.2 One purpose of a quality audit is to evaluate the need for improvement or corrective action. And
audit should not be confused with quality surveillance or inspection activities performed for
the purposes of process control or product acceptance.
1.3 Quality audits can be conducted for internal or external purposes.
NOTES:
1.0 The quality system should be as comprehensive as needed to meet the quality objectives.
1.1 The quality system of an organization is designed primarily to satisfy the internal managerial needs of
the organization. It is broader than the requirements of a particular customer, who evaluates only
the relevant parts of the quality system.
1.2 For contractual or mandatory quality assessment purposes, demonstration of the implementation of
identified quality system elements may be required.
Notes: A quality evaluation may be used to determine supplier quality capability. In this
case, depending on specific circumstances, the result of quality evaluation may used for
qualification, approval, registration, certification or acreditation purposes.
An additional qualifier may be used with the term ‘quality evaluation’ depending on the
scope[e.g. rocess, personnel, system], and timing (e.g. precontract) of the quality evaluation,
such as ‘precontract process quality evaluation’.
An overall supplier quality evaluation also may include an appraisal of financial and
technical resources.
Alternative (or audit conclusion?) Statement after evaluation of the collected evidence compared
against the agreed requirements, and which provides the basis for the audit report.
Audit resources personnel, material, documents, financial means and facilities provided for
an audit.
Auditor competence ability of an auditor to apply knowledge and skill to an audit task or
assignment (see also definition, Clause 1.3. 5).
Follow-up activities related to an audit after the audit report is submitted and the audit
completed, as determined by the client.
Level of confidence degree of trust and reliance on the audit result.
Process audit audit of a set of activities that transform inputs (resources) into specified
outputs.