Professional Documents
Culture Documents
Audit
Systematic, independent and
documented process for
obtaining audit evidence and
evaluating it objectively to
determine the extent to which
the audit criteria are fulfilled.
1
5/6/2020
Audit
Systematic,
independent and
documented process
for
obtaining audit evidence2 and
evaluating it objectively
to determine the extent to which the
audit criteria1 are fulfilled.
Audit Criteria
Set of policies, procedures or
requirements used as a
reference against which the
audit evidence is compared.
2
5/6/2020
Audit Criteria
Set of policies,
procedures or
requirements
used as a reference
against which the audit
evidence2 is compared.
Audit Evidence
Records, statement of facts or
other information which are
relevant to the audit criteria
and verifiable.
3
5/6/2020
Audit Evidence
Records,
statement of facts or
other information
4
5/6/2020
Types of Audits
Product Audit
Assessment of “fitness for
Product Audit use”
Products meet the design
Process Audit requirements
System Audit
10
5
5/6/2020
Process Audit
One specific process, activity or
function
Product Audit
To compare the actual process
with the documented
Process Audit requirements of the process.
11
System Audit
A comprehensive audit of
Product Audit multiple processes
Includes the interaction
Process Audit between processes
System Audit
12
6
5/6/2020
Process
Product
13
14
7
5/6/2020
15
16
8
5/6/2020
17
Second-party Audit
First-party Audit
Third-party Audit
18
9
5/6/2020
Certification Audit
The most common
certification audit (quality) is
ISO 9001.
ISO does not conduct these
audits.
Certification audits are
conducted by Certification
Bodies (CB).
19
Certification Audit
Certification Bodies (CB) are
accredited by a member of
International Accreditation
Forum (IAF) Member.
Many countries have formed
accreditation bodies to
authorize ("accredit") the
certification bodies.
20
10
5/6/2020
Certification Audit
21
Certification Audit
A typical ISO 9001 certificate
will have the logo of the
Certification Body, the
Accreditation Body and the
International Accreditation
Forum (IAF) logo.
Types of Audits
22
11
5/6/2020
23
24
12
5/6/2020
25
Audit Participants
Client – organization or person
requesting an audit.
Auditee – organization or
individual being audited
26
13
5/6/2020
Client - Responsibilities
Initiates audit
Determines audit purpose
and scope
Provide resources
Receives the audit report
Determine the report
distribution
27
Auditor - Responsibilities
Understand the purpose, scope and
audit criteria.
Plans the audit
Perform the audit
Collect audit evidences
Analyze audit evidences
Reports the audit
Follows up the action on audit
findings
28
14
5/6/2020
29
Auditee - Responsibilities
Inform the staff
Provide resources (interview
room, communications and
clerical support)
Assign a guide for the audit team
Show objective evidence
Co-operate
Determine and initiate corrective
actions
30
15
5/6/2020
Audit Participants - 2
Technical Expert – a person who
provides specific knowledge or
expertise to the audit team.
31
32
16
5/6/2020
Independence
Auditors are independent when they
render impartial and unbiased judgment
in the conduct of an audit.
Conflict of interest is a situation in which
an internal auditor has a competing
professional or personal interest.
Audit independence is essentially a state
of mind. Internal auditors can not be
physically independent of the
organization they are working for, but
they can always stay objective.
33
Objectivity
Objectivity is a mental attitude that
auditors should maintain while
performing engagements.
The auditor should have an impartial,
unbiased attitude and avoid conflict of
interest situations.
auditors are not to accept fees, gifts, or
entertainment that may create the
appearance that the auditor's objectivity
has been impaired.
34
17
5/6/2020
35
Auditing
Process 2c. Closing Meeting
3. Reporting
36
18
5/6/2020
37
Audit Scope
Extent and boundaries of the audit,
Satisfies the purpose of the audit
Audit Criteria
Reference against which conformity is
determined
38
19
5/6/2020
Audit Purpose
Two main purposes of an audit are:
Compliance
Improvement
Examples of audit purpose/ objective:
Conformity of the management system
Meeting relevant statutory and regulatory
requirements and other requirements to
which the organization is committed
Effectiveness of the management system
in meeting its intended results
Identifying opportunities for improvement
39
Audit Scope
Extent and boundaries of an audit
Clearly defining the audit scope is
important in determining the
budget, human resources, and
time required for the audit
The scope defines what is included
and what is excluded:
Location (Plant A only)
Functions (Materials Management)
Processes / Activities (From receiving a
material requisition to receipt of
material)
40
20
5/6/2020
Audit Criteria
Set of policies, procedures or
requirements used as a reference
against which audit evidences are
compared.
Examples of Audit Criteria include:
National or international standards
Industry codes and standards
Laws and regulations
Contracts
Purchase orders
Customer specifications
41
Audit Criteria
ISO 9000:2015
Quality management systems - Fundamentals
and vocabulary
ISO 9001:2015
Quality management systems Requirements
ISO 9004:2018
Quality management - Quality of an
organization - Guidance to achieve sustained
success
ISO 19011:2018
Guidelines for auditing management systems
42
21
5/6/2020
43
44
22
5/6/2020
45
Audit Program
Audits are planned and
documented
Formal and systematic
Are never informal
46
23
5/6/2020
Audit Plan
Lead Auditor prepares the plan
Communicate plan to
Client
Auditee
Other Stakeholders
47
Audit Plan
Audit planning should address or
reference the following:
Audit objectives
Audit scope … functions, and processes
to be audited
Audit criteria … ISO 9001:2015
Locations, dates, expected time and
duration of the audit
Audit team members
48
24
5/6/2020
Audit Plan
Formal audit notification required
for second-party or third-party
audit.
Generally, advance notification is
provided.
Communicate the plan to:
Client
Auditee
Other stakeholders as applicable
49
50
25
5/6/2020
51
52
26
5/6/2020
Auditor Competencies
Factors to consider:
Auditing Knowledge
Audit principles, procedures and methods
Management system
Technical Knowledge
Contractual requirements
Codes and standards
Discipline / Sector-specific
Personal Behavior
53
54
27
5/6/2020
55
56
28
5/6/2020
57
Auditing Strategies
Trace forward
Trace backward
Random selection
58
29
5/6/2020
59
60
30
5/6/2020
61
62
31
5/6/2020
63
64
32
5/6/2020
65
66
33
5/6/2020
67
68
34
5/6/2020
Forms
69
Quality Manual
ISO 9001:2015 does not require a
Quality Manual
Manual based on ISO 9001
standard vs manual based on
processes.
70
35
5/6/2020
Procedures
Procedures provide a high-level
overview of the process
Procedures do not include the
“detailed how” component of the
process
Procedures are generally multi-
discipline
71
Work Instructions
Step by step instructions, how the
work is done.
72
36
5/6/2020
Forms
To record the compliance
The terms documents and records
have now been changed to
“documented information” in ISO
9001:2015
73
74
37
5/6/2020
Pre-audit Information
Most organizations have electronic
copies of documentation and the
information can be shared
electronically.
Auditee might not want to share a
copy of some confidential
documents.
At this stage, the audit team needs
limited information for the
preparation purpose only.
75
76
38
5/6/2020
77
78
39
5/6/2020
79
80
40
5/6/2020
81
82
41
5/6/2020
Audit Checklist
Developed by Lead auditor or
auditor
Based on audit purpose and scope
Include open-ended questions
Should have space to record
response
Send it to auditee prior to the
audit, along with the audit
notification
83
Specific Checklists
Prepared for a specific use.
84
42
5/6/2020
Non-scoring checklists:
Good for continuous improvement and
are flexible
85
86
43
5/6/2020
87
Opening Meeting
Audit Interviews and Data Collection
88
44
5/6/2020
89
90
45
5/6/2020
91
Opening Meeting
Audit Interviews and Data Collection
92
46
5/6/2020
Interviewing
Observation / Measurement
Document and Record review
93
Interviewing Techniques
Establish suitable climate
Put auditee at ease
Ask questions in a conversational
manner
Questions should:
Yield the relevant information
Should not suggest answers
Should not contain emotional words
94
47
5/6/2020
95
Open-ended Questions
Start with … What? Why? Where?
Who? When? How?
Advantage: Yield informative
answer
Limitation: May lead to
conversation get side-tracked!
One way to keep the audit on track
is: ….. Show me!
96
48
5/6/2020
Closed-ended Questions
Closed-ended questions
answer: Yes/No
Open questions
answer: a few words and explanation
Intended to yield very specific
information
Disadvantages:
Do not bring much information
If used too often may create the
impression of cross-examination
97
Clarifying Questions
Intended to clarify, retrieve full
information and prevent
misunderstanding
Disadvantages:
If used too often may create impression
that you were not listening
Are time-consuming
If you are not prepared to listen in full
don’t ask them
98
49
5/6/2020
Interviewing Tips
Generally use open-ended
questions and sparingly closed-
ended questions
Focus on the process and not the
individual
Take proper notes (drawing
number/rev. number, part number,
record reference)
Share potential findings before
leaving the interview
99
Interviewing
Observation / Measurement
Document and Record review
100
50
5/6/2020
Observations
Typical observations include:
What is it used for?
Does this need to be calibrated?
Was it calibrated?
Is there a record?
What is the reading?
Is the reading within the acceptable
range?
What if this is not in the acceptable
range?
Identification and traceability?
Storage location & conditions?
101
Observations
Make sure you are not obstructing
the work
Be aware of safety requirements
Consider taking pictures only if it is
permitted and agreed with the
auditee organization
102
51
5/6/2020
Interviewing
Observation / Measurement
Document and Record review
103
104
52
5/6/2020
105
106
53
5/6/2020
107
Opening Meeting
Audit Interviews and Data Collection
108
54
5/6/2020
Notes Taking
Make your notes:
Comprehensive
Accurate
Precise
Legible
109
Notes Taking
Documents:
Title and document number
Revision number
Issue date
Location where the document was seen
Part:
Part description
Identification number
Person:
Name
Title
Department
110
55
5/6/2020
Corroboration
To strengthen with other evidence,
to make more certain.
More important for
data/information which could be
questionable/doubtful.
Confirming or verifying using
multiple sources.
111
Opening Meeting
Audit Interviews and Data Collection
112
56
5/6/2020
113
114
57
5/6/2020
115
116
58
5/6/2020
117
Audit Report
A formal audit report needs to be
provided to the auditee.
The audit report might need the
approval of auditor management.
The report should be sent timely,
as agreed in the exit meeting.
The distribution of the report is
decided by the Client.
118
59
5/6/2020
119
120
60
5/6/2020
121
122
61
5/6/2020
123
Nonconformities Classification
Nonconformities and their
supporting audit evidence should
be recorded.
Nonconformities could be graded
depending on the level of risk.
Typically third-party auditors
classify them as the minor or major
NCR (Non-conformance Report)*
Nonconformities identified should
be discussed with the audit team
during team meetings.
124
62
5/6/2020
Nonconformities Classification
Impact (or Severity)
Nonconformities are classified as
major or minor based on: Very Low Medium High Very
Severity Low High
Frequency
125
126
63
5/6/2020
127
Correction
action to eliminate a detected
nonconformity
A correction can be made in
advance of, in conjunction with or
after a corrective action.
A correction can be, for example,
rework or regrade.
128
64
5/6/2020
Corrective Actions
action to eliminate the cause of a
nonconformity and to prevent
recurrence.
There can be more than one cause for a
nonconformity.
Corrective action is taken to prevent
recurrence whereas preventive action is
taken to prevent occurrence.
129
Corrective Actions
When a nonconformity is
identified in the audit report, the
auditee needs to take two actions:
Correction (remedial or
containment actions)
Corrective Action (to prevent
recurrence)
130
65
5/6/2020
131
Preventive Actions
ISO 9001:2015 does not have
requirements related to the
Preventive Action
The concept of Preventive Actions
is addressed using the “Risk-Based
Thinking” concept.
132
66
5/6/2020
133
134
67
5/6/2020
135
136
68
5/6/2020
137
Why to Sample?
Sampling Types of Sampling
Sampling Risk/Errors
138
69
5/6/2020
Why Sampling?
139
Probability Samples
Everyone in the population has an
equal chance of being selected
Non-Probability Samples
Where the probability of selection
can't be accurately determined.
Sample may not be (generally isn’t)
representative of the general
population
Types of
Sampling
140
70
5/6/2020
Cluster Sampling
Judgemental Sampling
Sampling
71
5/6/2020
72
5/6/2020
Cluster Sampling
Sometimes it is more cost-effective to select
respondents in groups ('clusters'). Sampling
is often clustered by geography, or by time
periods.
Example: Survey all customers visiting
particular stores on particular days.
Simple Random Sampling
Convenience Sampling
The researcher selects whom ever is
convenient. The samples are being drawn
from that part of the population which is
close to hand
Example: A researcher at the mall selects
the first five people who walk by to get
their opinion of a product.
73
5/6/2020
Judgmental Sampling
The researcher chooses the sample based
on who they think would be appropriate for
the study.
Example: Auditor selects a sample based on
the concerns he/she had in the earlier audit
Quota Sampling
A quota is established and auditor are free
to choose any sample they wish as long as
the quota is met.
Example: 2% of the calibration records.
74
5/6/2020
1000 pieces
Accept the lot if 3 or less
Check 80 pieces
are defective
Reject the lot if 4 or more
are defective
Standards
Attribute Sampling MIL-STD-105 (withdrawn)
ANSI/ASQ Z1.4
Pass/Fail Dodge-Romig
149
Attribute Sampling
You need to decide
Level (e.g. I, II, III, S1, S2, S3 or S4)
AQL (Acceptable Quality Limit) – e.g. 1.5%
Single, Double or Multiple Sampling Plan
Reduced, Normal or Tightened inspection
Acceptance
Sampling Plans
150
75
5/6/2020
Attribute Sampling
Example
• Lot size : 1,000, General inspection level
II
• Acceptable Quality Limit(AQL): 1.5%
• Take 80 random samples:
• Accept the lot if 3 or less are
rejected.
• Reject the lot if 4 or more rejected.
151
152
76
5/6/2020
Level of Significance
Type I error (alpha) Type II error (beta)
or Type I Error:
Name Producer’s risk/ Consumer’s risk
α = 1 – C (0.10, 0.05, Significance level
0.01) 1 minus error is
called
Confidence level Power of the test
153
77