GMP & HACCP and

ISO 9001:2015 Audit

Why do we have to audit???

 Step 11, Principles 6 of HACCP

 ISO 9001:2015 Clause Requirements
 To ensure & maintain the effectiveness of QMS
implementation
 Evaluate the QMS effectiveness & search for
opportunities for improvement
 One of the tools for continuous improvement

Reference

ISO 19011:2011 Guidelines for auditing management system

Why do we have to do the audit & verification??

Verification VS Audit

Verification Audit
•Plan
•Compare the results against target
• can do in some part of work • all QMS system
• Daily operation control • informal
• Solve the daily problem • PDCA
• can verify ourselves • Independence
What should be kept in mind during audit:

 Identification of recur non conformance

 How to deal “not accept the audit results” problem
 The necessary to issue “CAR”
 How to solve chronic problem with P-D-C-A cycle
Why we have to the audit ???

 Management control measures

 One of the tools for continuous improvement
 Help identify non conforming and make the corrective
action
 Ensure that the QMS is going on and complied with the
requirements
Definitions:
Audit:
systematic, independent and documented process for obtaining audit evidence
and evaluating it objectively to determine the extent to which the audit criteria
are fulfilled

Audit Evidence
Records, statement of fact or other information which are relevant to the audit
criteria and Verifiable

Audit Criteria
Set of policies, procedures, requirements

Audit finding
Result of the evaluation of the collected “audit evidence” against “audit
criteria”
Note: audit finding can indicate either conformity or nonconformity with audit
criteria or opportunities for improvement
Definitions:
Auditor:
Person who conducts an audit

Auditee:
Organization being audit

Competence:
(audit) demonstrated personal attributes and demonstrated ability to apply
knowledge and skills

Non-Conformity:
Non-fulfillment of a requirement

Conformity:
Fulfillment of a requirement
Definitions:
Corrective action request:
Record or report establish by auditor to auditee for corrective action

Corrective action:
Action to eliminate the cause of detected nonconformity or other undesirable
solution
 Principles of Audit:
Related to the auditor
1. Integrity: the foundation of professionalism
2. Fair presentation: the obligation to report truthfully and accurately
3. Due professional care: the application of diligence and Judgment in
auditing
4. Confidentiality: security of information
5. Independence: the audit conclusions the basis for the impartiality of
the audit and objectivity of the audit conclusions
6. Evidence-based approach: the rational method for reaching
reliable and reproducible audit conclusions in a systematic audit process
Related to the audit process
Type of Audit
1. First Party Audit
 Internal Audits

• To get the evidence of system compliance

• To obtain useful information for improvement
• Management tools to evaluate the effectiveness of Quality System

2. Second Party Audit

 Customer/ Supplier
3. Third Party Audit
 Certification Body
 Regulatory Authority
Audit Methods

2 type of audit methods

1. System audit
2. Compliance audit
 Audit Methods
1. System Audit

• Review related document against requirements

•First Stage of audit

Must be done
Before compliance
audit

Use the basic

Analyze related knowledge of
Documents the business
 Audit Methods
2. Compliance Audit

Actual work VS document Sampling by observe the related activities

Interview the
operator Perform by independence obtain the evidence
auditor
Audit Program Management

Planning
Appoint the auditor
 Audit

Audit program 20xx 1 Planning

Empowerment
2. Execute the program

KPI
Improve the process
Capability of auditor

Audit process
How to manage the
Audit process 3. Report
4. Follow up
Planning

1.1 Establish documented procedure for Internal audit process

1.2 Establish audit program
1.3 Preparation before audit
1.1 Procedure : Internal Audit

•Documented the audit process

•Scope of audit must cover all activities in QMS
•Criteria for determine the audit frequency
1.2 Establish audit program

Audit scope must cover all activities and area

Every area must be audit at least once a year
Frequency of audit depends on ; the important of
that area and previous audit result
Audit program must be approved by authorize persons
before use
 1. Audit according to flow process

Audit Trial

2
1 Production 3
Purchase Storage & distribute

Department A Department B Department C

Forward Trace
Backward Trace
 1. Audit by activity

Audit Trial

2
1 production
Purchase 3
Storage & Distribution

Department A Department B Department C

 Internal audit schedule 20xx by activities / area
Area Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec

FMR activity

Production

R&D

Warehouse

Audit schedule Audit re-schedule X Audit performed Audit performed

with CAR no CAR

Follow up Follow up Follow up

schedule X incomplete all CAR closed out

Prepared by ………………………………/…/….. Approved by ………………………………/…/…..

 Internal audit schedule 20xx by activities / area
Area Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec

QMR activity

Production

R&D X

Warehouse X

Audit schedule Audit re-schedule X Audit performed Audit performed

with CAR no CAR

Follow up Follow up Follow up

schedule X incomplete all CAR closed out

Prepared by ……Mr. Bean……/…/….. Approved by ………Mrs. Bean…/…/…..

How to select and appoint the auditor

1.Competency Education Training Experience Skill

2. Personal Characteristics

…..Auditor must not be appointed to audit

his/ her own work………
Auditor Should…..
 Ethical conduct
 Open mind
 Dealing skill
 Be observant
 Understand the process
 Agility
 Precision
 Decision making
 self confidence

Auditor Should not…..

Aggressive Assertive Passive

The audit process

Step 1. Planning and preparation for audit

Step 2. Executing the Audit

Step 3. Report the audit results

Step 4. Follow up
Step 1. Planning and prepare for audit
Step 1. Planning and prepare for audit
Preparation for audit:

Contact Auditee,
Review the documents
Confirm the audit schedule

Prepare audit schedule for Prepare audit check list

Each activities (document)
Step 1. Planning and prepare for audit

Contact Auditee, Review the documents

Confirm the audit schedule

• Audit criteria
Benefit of schedule preparation • Document related to audit
operation
• Clarify the audit objectives • records
• Transparency • Problem, CAR that occur
• ensure that the audit cover all before (if any)
concern activities
• Efficiency
Step 1. Planning and prepare for audit

Prepare audit schedule for Each activities (document)

• Planning the audit for each area

• Prepare the work for each auditor
• Review the important issue
Step 1. Planning and prepare for audit

Prepare audit check list

Objectives of checklist:

• Scope the audit activities

• Control the audit plan & time use
• reference for establish
• Record

How to Prepare audit check list

Checklist should help auditor to:

 Where and what we are going to see

 What issue we are going to ask
 Who we are going to talk to
 Why we have to get the information
Essentials Tools for Auditor

Checklist
Audit Schedule
Audit report form
Note book
Reference
Pen
Writing board etc.
 Sample of Checklists
Auditee Department: HR Process to be Audit…Training…

Important issue Your Audit Evidence Audit

of the process to question Findings
be audit Audit Criteria
Information Related C NC O
Documents

Process to ensure
the staff
competency

How to measure
the effectiveness
of the process

How to ensure
staff awareness
Workshop
Step 2. Executing The Audit
Step 2. Executing The Audit

 Opening Meeting
 Audit
 Closing Meeting

Opening Meeting
Objectives:

Meeting with responsible manager in that manager

Transparency
Describe audit process
Confirm Schedule
Answer Question….(if any)
Step 2. Executing The Audit

How we start opening meeting ????

Opening Meeting Practice help :19011:2011

Introduce your self and responsibility

Confirm objectives, scope, criteria
Confirm schedule
Describe the audit process, use of evidence
Confirm communication channel, etc
Step 2. Executing The Audit

Audit

Searching for information & evidence that reflect the

organization activities by:

Review the documents Interview the operator Observe the process

Step 2. Executing The Audit

Sources of Information

Interview the operator

 Observe the activities, status and environment
 Review documents and records
• KPI
• Information sources
Step 2. Executing The Audit

Auditor responsibilities:

 Ask question
 Listen to the answer
 Observe the process
 Review the finding
 Make records
 Ask for corrective action (if any)….
Step 2. Executing The Audit

3 Types of the question to ask during the audit…

? Opened Questions
? Probing Questions
? Closed Questions

Using the topic in the checklist as a guideline…..

Step 2. Executing The Audit

Opened Questions

Let the auditee explain his/her job to you…

? How he/she does the job …

? What is the important part to control job quality…

You have to control the length of the answer…

Begin the question with: What is it to be done? How?
Who, Where, When, Why
Step 2. Executing The Audit

Probing Questions

Continue from the last question

To find out the issue in details
For example

? Would you please explain more about ..... ?

? In case that this thing happened, what will you do?
? Please show me the record.............
 Step 2. Executing The Audit

Closed Questions

 To confirm your understanding to the answer

 aim to make sure that it is “Yes” or “No”
“Have” or “Not have” …

? Did you record in this form after you finish

this job?
 Step 2. Executing The Audit
Please avoid to use the following type of question:

Question that is not related to the objectives or scope of audit

 Question that lead to your desire answer or your understanding
 Unclear question
 Containing more than one question in one sentence…

Active Listening:

Pay attention to the answer

Friendly act
Ask the auditee to make conclusion if the answer is too long…
Concentrate to the answer
Do not interrupt auditee
Give suitable time for the answer
Review your understanding again before making conclusion
Step 2. Executing The Audit

Working procedure Material

Observe
Environment

M/C, equipment, operator Law / Regulation

 Step 2. Executing The Audit
How to confirm the finding:
Review the related record
Ask more than one person and compare the answer
Observe the activity
Mock up the situation

 Use checklist as a guideline and record in the checklist

 Record all necessary related information for example…
– Name and position of the interviewed person
– the answer ( in short form)
– type, name of document / document status
– device, equipment and ID number
– number of the sampling unit
– time and location
– requirement for the controlled environment (if any)
 Step 2. Executing The Audit
Conducting interviews:

 Interview the right person

 do it during the normal working environment
 Build the friendly situation before
 describe the reason of the interview and explain why you have to make record
 can begin by letting he/she explain her job
 always review the your conclusion with auditee
 say “Thank you for your kind cooperation” every time
 Step 2. Executing The Audit
Conducting interviews:

Tip…

 ask the right person  select related sample

 use Checklists  inform auditee immediately
 record when non conform was found
 be steady and calm  humor
 search for the truth Be honesty
 Step 2. Executing The Audit
If non conform is found during the audit,
auditor has to inform the auditee immediately !!!

Auditors meeting after audit:

 Review the evidence and collect the idea

 Discuss the unclear issues
 Make the conclusion
 Prepare the information for writing the audit report
 Prepare to inform the audit result to auditees
 Sources of information

Collecting: interview
observe, review doc.

Audit Evidence, verify

Evaluate against
Audit Criteria

Audit Findings Conform

Conclusion of audit
Reviewing Non Conform
Process from collecting
Inform to
The information to Audit Conclusion do the
The conclusion… Corrective action
Step 2. Executing The Audit

Audit conclusion:

 Compliance to the criteria in the audited area

 Effectiveness of the system, maintenance & improvement
 Competence of the reviewing system by management to ensure the maintenance
of the system (suitable, effective, continual improvement.

Audit Conclusion
Step 3. Report the audit result
Step 3. Report the audit result
Classified type of audit finding

•Non-conformity, NC CA
Performance that is not complied with the audit
criteria or not complied with the document in
quality management system

•Observations, O PA

Performance that is not NC but has potential to

become NC if there is no action taken
Step 3. Report the audit result

Not comply Not comply Affect the Affect to Has potential

with process with ISO quality of effectiveness to become
in 9001:2008 product of QMS NC
procedure, criteria
WI, etc in
QMS
NC/CAR NC/CAR NC/CAR NC/CAR O/ PAR
Step 3. Report the audit result

How to issue CAR

At packaging storage
L Location room, “Packaging
inspection record
(REC/WH-01)” date
E Evidence 20/5/2013 did not
record the inspection
result of package sp-01

N Nature of NC which is not complied

with inspection process
inWI-WH-01 and ISO 9001
Clause 7.4.1
R Requirement
Workshop
Step 3. Report the audit result

Corrective action request, CAR

√The audit finding that is identified as NC must be report to auditee

immediately and discuss until the issue is clarified
√ after auditor meeting, audit finding must be report to area manager
√ focus on process not person
√ area manager has to sign in audit report/ CAR/ PAR
Step 3. Report the audit result
Closing Meeting (with area manager)
For :-
•Report audit results and conclusion
•Let management have direct information
•Discuss the unclear issue,

Should covered:

Meeting between the auditor before making the report

Conclude the overall of audit finding
Closing meeting to describe the results of audit finding
Next step to be taken by auditor, auditee
Step 3. Report the audit result

Corrective & Preventive Action

 Searching for the root cause(s)

 use of P-D-C-A
 Analysis of related information
 Planning for the problem solving
 Execution of the plan
 Evaluation the effectiveness
Step 3. Report the audit result

Audit Conclusion

Information from audit process that is already

classified, grouped to determine the
Effectiveness of QMS

Corrective action
Trend of implementation 4C
Correct
Complete
Clear
Concise
Step 3. Report the audit result

Topic to be review the audit result

•The evidence : clear and traceable
• Determination : precise & concise
• Report writing : easy to understand
• review of non-agree NC
Step 4. The Follow up
Step 4. The Follow up

•Audited area must completed corrective action before the follow up

•The follow up activities are :

Review the corrective action activities
Review the results of the corrective action : records,documents
that is changed from the action taken
Step 4. The Follow up

CAR Closed

The corrective actions results

is effective enough to ensure
that the same problem will
not occur again
Auditor records in CAR and close
the issue
Audit follow up that can not close
Corrective action results is not effective or there is no action taken
 Record
 Submit to QMR or management

Effective audit should……..

Clear objective
Auditor is well trained
Audit plan is well prepared
Open, not a surprise audit
Agree on audit results
All NC are reviewed between Auditor/ auditee
The audit result is used for adjust the audit frequency
Improvement of auditor competency

Internal meeting,
sharing the
Knowledge and
experience
Re-Training

Observe the Persuade to do the job

Audit
Activity
Of other organization
Audit follow up that can not close
Corrective action results is not effective or there is no action taken
 Record
 Submit to QMR or management

Effective audit should……..

Clear objective
Auditor is well trained
Audit plan is well prepared
Open, not a surprise audit
Agree on audit results
All NC are reviewed between Auditor/ auditee
The audit result is used for adjust the audit frequency