Student Notes - 02 - ISO 19011 IA PDF

4/8/2022
04
AU D I T P R O C E S S B A S E D
ON ISO 19011: 2018
GUIDELINES
COURSE OBJECTIVES
KNOWLEDGE SKILLS
 With reference to Plan-Do-Check-Act cycle,  Plan, conduct, report and follow-up an
explain the process-based quality internal audit of part of Quality Management
management system model for ISO 9001, System based on ISO 9001, and in
and the role internal audit in the maintenance accordance with ISO 19011
and improvement of quality management
systems.
 Explain the role and responsibilities of an
auditor to plan, conduct, report and follow up
an internal quality management system audit,
in accordance with ISO 1901.
© - Copyright Bureau Veritas ISO 9001: 2015 | INTERNAL AUDITOR 242
What is an audit?
systematic, independent and documented process (3.4.1)

for obtaining objective evidence (3.8.3) and evaluating it
objectively to determine the extent to which the audit
criteria (3.13.7) are fulfilled
1
4/8/2022
Types of audits
External
Second Party Audit

Second Party Audit
Our customer audits our
Our customer audits our supplier
organization Organization- Internal
Customer Audit
(organization audits its
Supplier
own system)
Third Party Audit

245
© - Copyright Bureau Veritas Our organization is audited by
ISO 9001: 2015 an independent
| INTERNAL AUDITOR organization 245
Internal and External Audits
Main Characteristics
Internal Audit External Audit
a) Independent of the activities audited (not of a) Totally independent of the audited

the organization) organization and its activities
b) Considers the effectiveness and efficiency of b) Only considers the effectiveness of the
the management system management system
c) Advisory role within the organization for c) No advisory role within the organizations
continual improvement (only general recommendations)
d) May be conducted ongoing d) Audit activity always planned in a timely
manner
246
The Actors
Who performs what?
Client Organization or person requesting the audit
Auditee Audited organization
Auditor Competent person conducting the audit
Expert Person who provides specific knowledge or expertise to the audit team
One or more auditors conducting an audit, supported if needed by technical

Audit Team experts
247
2
4/8/2022
Types of auditors
Internal Auditors
Employed by individual companies to investigate and
appraise the effectiveness of company operations for
management.
Reports directly to the president or board
Two primary effects:
• their existence and work may affect the nature, timing and
extent of audit procedures;
• external auditors may use them to provide direct
assistance in audit.
248
Types of auditors
External Auditors
Otherwise known as Independent auditors
Has primary responsibility to the performance of the audit

function on published financial statements.
Typically certified either by a professional organization or a
government agency
249
Principles of Auditing
1 integrity
2 fair presentation
3 due professional care
4 confidentiality
5 independence
6 evidenced-based approach
7 risk-based approach
3
4/8/2022
These principles are intended to:

 make the audit effective and reliable
 support an organization’s policies and
controls;
 provide audit information that can be used to
improve performance;
 provide relevant conclusion; and
 enable auditors to reach similar conclusions
under similar circumstances even while
working independently
1. integrity
 the foundation of professionalism
 perform their work ethically, with

honesty and responsibility;
 only undertake audit activities if
competent to do so;
 perform their work in an impartial
managing should
manner, i.e. remain fair and
unbiased in all their dealings;
 be sensitive to any influences that
programme
may be exerted on their judgement
while carrying out an audit.
2. fair presentation
 the obligation to report truthfully and
accurately
 Audit findings, audit conclusions and audit
reports should reflect truthfully and accurately
the audit activities.
 Significant obstacles encountered during the
audit and unresolved diverging opinions
between the audit team and the auditee
should be reported.
 The communication should be truthful,
accurate, objective, timely, clear and
complete
4
4/8/2022
3. due professional care

 the application of diligence and judgement in
auditing
 Auditors should exercise due care in
accordance with the importance of the task
they perform and the confidence placed in
them by the audit client and other interested
parties.
 An important factor in carrying out their work
with due professional care is having the
ability to make reasoned judgements in all
audit situations.
4. confidentiality
 security of information
 Auditors should exercise discretion in the use
and protection of information acquired in the
course of their duties.
 Audit information should not be used
inappropriately for personal gain by the
auditor or the audit client, or in a manner
detrimental to the legitimate interests of the
auditee.
 This concept includes the proper handling of
sensitive or confidential information.
5. independence
 the basis for the impartiality of the audit and
objectivity of the audit conclusions
 Auditors should be independent of the activity
being audited wherever practicable, and
should in all cases act in a manner that is free
from bias and conflict of interest.
 For internal audits, auditors should be
independent from the function being audited if
practicable.
 Auditors should maintain objectivity
throughout the audit process to ensure that
the audit findings and conclusions are based
only on the audit evidence.
5
4/8/2022
6. evidence-based approach
 the rational method for reaching reliable and
reproducible audit conclusions in a
systematic audit process
 Audit evidence should be verifiable. It should
in general be based on samples of the
information available, since an audit is
conducted during a finite period of time and
with finite resources.
 An appropriate use of sampling should be
applied, since this is closely related to the
confidence that can be placed in the audit
conclusions.
7. risk-based approach
 an audit approach that considers risks and
opportunities
 The risk-based approach should
substantively influence the:
 planning,
 conducting and
 reporting of audits in order
to ensure that audits are focused on matters

that are significant for the:
 audit client, and
 for achieving the audit programme objectives.
Process flow for the management of an audit programme

PLAN DO CHECK ACT
5.2 Establishing audit programme

objectives
5 MANAGING AN
5.3 Determining and evaluating AUDIT PROGRAMME
5.7 Reviewing and improving
audit programme risks and
audit programme
opportunities
5.4 Establishing audit programme
5.5 Implementing audit

programme 5.6 Monitoring audit programme
6.2 Initiating audit

6 CONDUCTING AN
AUDIT
6.3 Preparing audit activities 6.4 Conducting audit activities 6.7 Conducting audit follow-up
6.5 Preparing and distributing

6.6 Completing audit
audit report
6
4/8/2022
5. Managing an audit programme

5.1 General

PLAN DO CHECK ACT

6 CONDUCTING AN
AUDIT

audit report
6. Conducting an audit
6.2 Initiating an audit
6.2.2 Establishing contact with auditee
 communication channels;
 authority to conduct the audit;
 audit objectives, scope, criteria, methods and audit team composition,
including any technical experts;
 confidential information, arrangements for audit schedule and
audit locations specific arrangement
team leader
 attendance
 other issues that may affect the conduct of the audit
7
4/8/2022
6.2 Initiating an audit
6.2.3 Determining the feasibility of audit

 provide reasonable confidence that the audit
objectives can be achieved
 factors to determine audit feasibility:
a) sufficient and appropriate information for planning
and conducting the audit;
b) adequate cooperation from the auditee;
c) adequate time and resources for conducting the
audit.
 alternatives should be made if not feasible

PLAN DO CHECK ACT

6 CONDUCTING AN
AUDIT

audit report
6.3 Preparing audit activities
6.3.1 6.3.4
Performing 6.3.3 Preparing
6.3.2
review of Assigning work documented
documented Audit planning
to audit team information for
information audit
8
4/8/2022
6.3.4
6.3.1 6.3.3
Performing review 6.3.2 Preparing
of documented Assigning work to documented
Audit planning
information audit team information for
audit
• management system
documents and records,
• previous audit reports
6.3.1 Performing review of documented information
The relevant management system documented

information of the auditee should be reviewed in
order to:
 gather information to understand the
auditee’s operations and to prepare audit
activities and applicable audit work
documents (see 6.3.4), e.g. on processes,
functions;
 establish an overview of the extent of the
documented information to determine
possible conformity to the audit criteria and
detect possible areas of concern, such as
deficiencies, omissions or conflicts.
6.3.4
6.3.1 6.3.3
Audit planning
audit
• management system • to facilitate the efficient
documents and records, scheduling and
• previous audit reports coordination of the audit
activities in order to
achieve the objectives
effectively
9
4/8/2022
Preparing the Audit Plan
 Prepared based on the information contained in the audit program

and in the documentation provided by the auditee
 Considers the effect of the audit activities on the auditee’s
processes
 Provide basis for the agreement among the audit client, audit team
and auditee regarding the conduct of audit
 Facilitates effective scheduling of audit activities
6.3.2 Audit planning
Audit planning should address or reference the following:
audit method,
establish audit
familiarize physical language of the audit,
objective, identify
and virtual location, risk and opportunities
audit scope and
processes related to the activity
criteria
to be audited
*Assign roles &

*Allocation of responsibilities of
resources for audit audit member, guide
and observer
6.3.2 Audit planning
audit plan:
 scope
 criteria
 dates and duration
 audit team
 detailed timetable
 audit team
requirements
 remember to cover
shifts
10
4/8/2022
6.3.4
6.3.1 6.3.3
Audit planning
audit
• management system • to facilitate the efficient • to assign to each team
documents and records, scheduling and member responsibility for
• previous audit reports coordination of the audit auditing specific
activities in order to processes, activities,
achieve the objectives functions or locations
effectively and, as appropriate,
authority for decision-
making.
Assigning auditors
Audit assignments should respect the independence of auditors and the effective use of
resources
1. Based on the audit mission
1
(e.g. objectives, scope, criteria)
3. Depending on the
auditor
(e.g conflicts of interest,
availability, etc.)
3 2 2. Based on the
audit team
08/04/2022 330
Selecting the audit team
 Main Characteristics
Each Auditor At least one per team

a) Ability to work as part of a a) Knowledge of the industry of
team the organization
b) Basic knowledge of the system b) Knowledge of the language of
under audit the auditee
c) Knowledge of audit standards/ c) Expertise in each domain to be
criteria, procedures and audited
techniques d) Legal and other requirements
d) Understanding of the main such as regulatory
processes in business requirements related to the
management auditee
e) Ability to communicate (oral
and written)
331
11
4/8/2022
6.3.4
6.3.1 6.3.3
Audit planning
audit
• management system • to facilitate the efficient • to assign to each team • to guide the auditor to
documents and records, scheduling and member responsibility for address adequate
• previous audit reports coordination of the audit auditing specific elements of the
activities in order to processes, activities, management system
achieve the objectives functions or locations when obtaining objective
effectively and, as appropriate, evidence to determine
authority for decision- conformance to the
making. criteria.
6.3.4 Preparing documented information for audit
May include the following:

 physical or digital checklist
 forms for recording information (e.g. supporting
evidence, audit findings and records of meetings)
 audit sampling details
 Should be retained at least until audit completion, or as
specified in audit plan
 Should be suitably safeguarded at all times
6.4 Conducting audit activities
Conducting the Communication Obtaining and

Audit activities are opening meeting during the audit verifying information
normally conducted in
a defined sequence.
Identifying and
Conducting the Preparing audit
recording audit
closing meeting conclusions
findings
Effectiveness of
Cause analysis of
Audit Report correction and
nonconformity corrective action
12
4/8/2022

a defined sequence.
Identifying and
recording audit
findings
Effectiveness of
Cause analysis of
nonconformity
corrective action
Approach to Audit
Team spirit and co-operation = successful audit

Auditors set the “TONE” for the audit.
Approach to Audit
Key success factor:

auditor attitude must be positive, value adding
 I really am here to help.

 I am not here to find fault.
 We are on the same team.
 Together we can find
opportunities.
 This benefits the business.
13
4/8/2022
Approach to Audit
Relations between auditors and auditees

are critical for a successful audit. The
auditor influences these relationships by:
1. Understanding the communications process

2. Minimizing barriers to communication
3. Creating the climate for good communications
4. “LISTENING” carefully to auditees
Approach to Audit
Communications Process
Sender
encodes
Message
Recipient
decodes
Feedback and
interprets
Approach to Audit
Barriers to effective communication
Physical
Intellectual
Psychological
14
4/8/2022
Approach to Audit
Create a Climate for Good Communications:
► Space (where are you auditing?)

► Timing (what time of day?)
► Eye contact (how much?)
► Body language (watch and control)
► Cultural sensitivities
Approach to Audit
70% of Communication is NON-VERBAL
Body Language
► Postures, gestures, facial expressions

► Communicates mass of information
► Uncontrolled messages may upset auditee
► Common meanings
► Cultural differences
Interviewing technique
Good Listening is ESSENTIAL

 eliminate distractions
 listen for content
 suspend judgement
 listen for themes
 use spare time
 seek clarification
15
4/8/2022
Approach to Audit
Bad habits to avoid (i.e. not listening)
 Faking attention
 Pre-occupation
 Over-reaction
 Interrupting the speaker ¡NO!
 Listening without looking
 Listening only to what we want to hear
 Using listening time to collect the thought
6.4.3 Conducting opening meeting
 opening meeting provide a short explanation
of how the audit activities will be undertaken.
 purpose of the opening meeting is:
 confirm the agreement of all participants (e.g.
auditee, audit team) to the audit plan;
 introduce the audit team and their roles;
 ensure that all planned audit activities can be

performed.
 should be held with the auditee’s management
and, where appropriate, those responsible for
the functions or processes to be audited
6.4.3 Conducting opening meeting
 small organizations – communicating that an
audit is being conducted and explaining the
nature of the audit.
 others - formal and records of attendance
should be retained
 opportunity to ask questions
16
4/8/2022
opening meeting agenda
introduction audit methods confirmation of presentation of information
• of the participants • to manage risks to the • audit objectives, scope and • method of reporting audit
(observers, guides, organization which may criteria findings (criteria for
interpreters, and an outline result from the presence of • audit plan grading, if any)
of their roles the audit team members. • formal communication • conditions under which the
channels (audit team and audit may be terminated
auditee) • how to deal with possible
• language to be used findings during the audit
• auditee being kept • any system for feedback on
informed of audit progress findings or conclusions of
during the audit the audit
• availability of resources
and facilities
• matters relating to
confidentiality and
information security
• access to: health and
safety, security, emergency,
etc.
• activities on site that can
impact the conduct of the
audit

a defined sequence.
Identifying and
recording audit
findings
Effectiveness of
Cause analysis of
nonconformity
corrective action
6.4.4 Communication during audit
 audit team should confer periodically to
exchange information, assess audit progress
and reassign work between the audit team
members, as needed.
 audit team leader should periodically
communicate the progress, any significant
findings and any concerns to the auditee and
audit client, as appropriate.
 evidence collected during the audit that
suggests an immediate and significant risk
should be reported without delay to the auditee
and, as appropriate, to the audit client.
 any concern about an issue outside the audit
scope should be noted and reported to the
audit team leader, for possible communication
to the audit client and auditee.
17
4/8/2022
Guides and observers may accompany the audit team with approvals
from;
 the audit team leader,
 audit client and/or
 auditee, if required
Guides responsibilities should include the following:
 assisting the auditors in identifying individuals to participate in
interviews and confirming timings and locations;
 arranging the rules are known and respected by the audit team
members and observers and any risks are addressed;
 witnessing the audit on behalf of the auditee, when appropriate;
 providing clarification or assisting in collecting information, when
needed.
Guides and observers should not influence or interfere with the conduct of the audit.

a defined sequence.
Identifying and
recording audit
findings
Effectiveness of
Cause analysis of
nonconformity
corrective action
6.4.7 Collecting and verifying information
Source of Collecting by Evaluating against

Audit evidence
information means of sampling audit criteria
Audit Conclusions Reviewing Audit findings
18
4/8/2022
6.4.7 Collecting and verifying information
Methods of collecting information include, but not
limited to the following:
 interviews
 observations
 review of documented information
INFORMATION based on scope and complexity of the
audit.
Approach to the Audit
Interviewing – A CRITICAL audit step

Interviews provide essential objective evidence.
Good communications are essential to good
interviews.
So, put the auditee AT EASE.
 Be Friendly.
 Explain why you are here.
 Ask for their help.
 Ask if they have questions.
 Show an interest in what THEY do.
 Explain your observations.
Approach to the Audit
Interviewing Technique
 interviews are not interrogations
 ask questions in conversational manner
 weave questions into general conversation
 do not cross question
 avoid question answer exercise
19
4/8/2022
Interview Tips
An effective audit interview must:
 put the person at ease prior to and during the interview;

 explain the reason for the interview;
 select type of questioning;
 summarize and review the results with the interviewed person;
 thank the interviewed person for their participation and
cooperation.
Questioning technique for interviews
Questions should: Three Question types:

 yield relevant information  open questions
 not suggest answers  closed and direct questions
 not contain emotive words or implications  clarifying questions
Avoid leading questions

Don’t ask antagonising questions
Questioning techniques
20
4/8/2022
Questioning techniques
Close questions
• Questions answerable by yes or no
Open questions
• Require a response that provides an auditor with information
Clarifying questions
• Questions to meet understanding
Auditor need to learn the art of good note taking.
Observations
Observation.
Auditor’s Proverb: “Seeing is believing”
Visit the field! See the 'real world'!!!
What to look for:
► emergency exits
 actual operations
► fire fighting equipment
 housekeeping
► communications postings
 barriers and guards
► signage
 behaviour
► awareness reminders
 adherence to PPE requirements
► calibration tags
 communication routes
► infrastructure
 evacuation routes
Document Review
IMS manual
 procedures
 work instructions
 other documents
 records
21
4/8/2022
Document review
Reviewing documents… while conducting the audit

Reasons behind its importance
• Determine conformity of the system, as far as documented, with audit criteria

• Gather information to support the audit activities
May be combined with the other audit activities
Continue throughout the audit
Should inform audit team leader if documents cannot be provided within the time frame
(decision will be made, depending on the audit objectives and scope)
Performing an Audit
Why Prepare a “Checklist” before an Audit?
► to assist memory
► to ensure covering all issues and control points
► to ensure depth and continuity of the audit
► help in time management
► organise note taking
► part of audit report
Performing an Audit
Check item Evidence and

Checklist Format Results
 Leave space for notes Risk Assessments

Check availability and the
 Allow space for time control and issue status of the hazard and
risk procedure.
recording Does it cover:
Routine and non routine

 Reference the requirements of activities?
audit criteria Activities of all personnel

including subcontractors and
visitors
 Reference the control Is the hazard identification and
risk assessment:
documents
Defined with respect to
scope, nature and timing?
 Reference verifying documents Does it provide for:
(records) Classification of risk?

Identify risks to be eliminated
or controlled?
22
4/8/2022
Performing an Audit
Checklists should: Checklists should NOT:

 Be specific for a given  Narrow the vision or limit
Management System. evaluation.
 Be prepared using Management  Obstruct communication.
System documentation.  Be too strict or constraining.
 Be clear about evaluation  Be a script of exact questions.
criteria.
 Restrict auditor’s inquiry.
 Note documents to review.
 Be yes/no lists.
 Identify records to sample (and
sample size).  Be completely generic.
 Identify key people to interview.
 Include some key questions for
interviews.
 Note physical evidence you
expect to see.
Audit Trail
 As you audit you will find interesting

opportunities for follow-up (audit trails).
 Pick promising audit trails:
►Follow it through
►Interact with team
Audit trail
 A systematic approach to collecting evidence based on specific

samples, that the output of a series of inter-related processes
meets expected outcomes.
 Evidence-based records that chronologically catalog events or

procedures to provide support documentation and history that is
used to authenticate operational actions, or mitigate challenges.
23
4/8/2022
COLLECTING AND VERIFYING INFORMATION

CONTROL THE AUDIT
 Do not:
►Be side-tracked
►Be led or misled
►Get “bogged down”
►Let auditee dictate the pace of the audit
►Make assumptions or presumptions

CONTROL THE AUDIT
 Do
►Be prepared
►Be punctual
►Insist on person questioned answers for

themselves
►As little talking as necessary
►Avoid misunderstandings
►Keep questions clear and concise
►Be polite and calm
►Thank the auditee

CONTROL THE AUDIT
 Be aware of:
►Aggressive auditees
►Timid auditees
►Missing people
►Missing documents
►Pre-prepared samples (choose your own)
►Special cases
►Local issues and cultural customs
►Emotional blackmail
24
4/8/2022
Performing an Audit
Time management
 Time is always short

 Plan well
 Do not allow your audit to get
side-tracked
 Do not dig too much (beware false
audit trails)
 Do not focus on trivia
 Remember an audit is a sampling
6.4.8 Generating audit findings
Audit findings can be:

Conformity or Opportunities for
Observation
nonconformance improvement
OBJECTIVE EVIDENCE based on

Audit Criteria Documented Practices
• International Standard information • Nonconforming
• Statutory and • Policy outputs
regulatory • Objective • Working conditions
• Procedure • Facilities
• Process • Records
Nonconformity and Corrective Action
What is nonconformity?
‘non-fulfilment of a requirements’
Objective evidence exists showing that:

► a requirement has not been addressed (intent)
► practice differs from the defined system
(implementation)
► Objectives of the process are not achieved
(effectiveness)
25
4/8/2022
WIRITING NONCONFORMITY
THREE PARTS OF A WELL DOCUMENTED NONCONFORMITY REPORT
STATEMENT OF NONCOFORMITY - (What is the problem in the QMS?)
AUDIT EVIDENCE - to support auditor findings (What is seen during the audit)
CLAUSE NO. AND REQUIREMENT AGAINST WHICH THE NONCONFORMITY IS

DETECED - against which the nonconformity is detected (Example: What is deviated
from ISO 9001? What is the specific shall or shall’s of the clause?)
Example:
Non-conformance and
Corrective Action
Request Form
Note area for corrective action

review. What should be
entered here? By who?
Nonconformity Report Must Also Be...
Factual
Precise
Objective
Traceable
Concise
Will someone else be able to trace back and find the same
evidence you found, based on what you wrote?
26
4/8/2022
Definition of a Major Nonconformance

BV Definition
►A failure of the clients system to address a specified

requirement of the standard.
►A frequent or purposeful failure to follow specified requirement
written within the company system.
►A failure to achieve the fundamental aim of a system
requirement.
►A failure to achieve legal or statutory requirements.
►Multiple minor nonconformities within the same requirement of
the standard or company system.
►A purposeful failure of the company to correct nonconformities.
What is a Minor Nonconformance?
►Minor indicates the issue is not significant

►The system is not threatened
►“Noise in the system”
►Isolated instance where a requirement has not been
fulfilled
►If it is not a MAJOR NC then it is a Minor NC.
EXERCISE
Evaluate the scenario and write a nonconformity report
27
4/8/2022
AUDIT SCENARIO
AUDIT SITUATION 1
You are auditing an electronic component manufacturer. They have a process for dealing with customer
complaints that require them to investigate and take corrective action.
Documented information (records) show that several customers have recently complained about faulty
components being delivered. The customers returned the faulty components to the organisation. The
organisation then repaired them and returned them back to their customers.
Documented information (records) show that an investigation report found the cause to be that two new
employees were undergoing training and had been assigned to tasks where they should have been
supervised. Due to staff shortages however, no supervision was provided.
Following the investigation, records show their training had been completed and the employees were
assessed as being competent.
There was no evidence of any further investigation or corrective action being carried out and the report had
been closed.
AUDIT SCENARIO
NONCONFORMITY REPORT 1(1)
Nonconformity
Description of Nonconformity
Corrective action has not been implemented effectively to evaluate the need for action to eliminate the cause(s) of the nonconformity,
in order that it does not recur or occur elsewhere and to review the effectiveness of any corrective action taken.
Evidence
Two new employees in the inspection department had been deployed without adequate supervision before they were assessed as
being fully competent. This resulted in faulty components being delivered to customers followed by a series of customer complaints.
Although they were subsequently trained and assessed as being competent, no corrective action was implemented to prevent a
recurrence of personnel being deployed unsupervised, prior to them being assessed as fully competent.
ISO 9001:2015 clause and requirement:
10.2.1 When a nonconformity occurs, including any arising from complaints, the organisation shall:
b) evaluate the need for action to eliminate the cause(s) of the nonconformity, in order that it does not recur or occur elsewhere, by:
1) reviewing and analysing the nonconformity
2) determining the causes of the nonconformity
3) determining if similar nonconformities exist, or could potentially occur
AUDIT SCENARIO
NONCONFORMITY REPORT 1(2)
Nonconformity
Description of Nonconformity
The organisation has failed to provide the persons necessary for the effective implementation of its QMS and the operation of
its processes.
Evidence
Two new employees in the inspection department had been deployed without adequate supervision before they were
assessed as being fully competent. This resulted in faulty components being delivered to customers, followed by a series of
customer complaints. Although they were subsequently trained and assessed as being competent, no corrective action was
implemented to prevent a recurrence of personnel being deployed unsupervised, prior to them being assessed as fully
competent.
ISO 9001:2015 clause and requirement:
7.1.2 The organisation shall determine and provide the persons necessary for the effective implementation of its QMS and for
the operation and control of its processes.
28
4/8/2022
Auditor Auditee
Identify, note
and communicate Agreement
Acknowledge
Prepare
Prepare NCR
NCR
and investigate
Explain Cause/Propose
Agreement
Corrective Action
Review Implement,
effectiveness verify and notify
NON-CONFORMITY REPORTS
COMMUNICATING FINDINGS OF NONCONFORMANCE
 Do not view non-conformance in a negative way. This is NOT like a speeding fine. It is NOT a
punishment.
 Uncovering a non-conformance is a previously undiscovered opportunity for improvement.
 Be positive, be professional, be precise.
DETERMINING AUDIT CONCLUSION
The audit Team Leader of the audit team:

►review the audit findings;
►agree upon the audit conclusions;
►agree any necessary follow-up actions;
►confirm the appropriateness of the audit program, and/or
►identify any modification required for future audits.
29
4/8/2022
DETERMINING AUDIT CONCLUSION
Auditors should:
►apply professional judgement during the audit process
and;
►avoid concentrating on the specific requirements of each
clause of the standard at the expense of achieving the
intended outcome of the management system,
especially in auditing the organization’s approach to
determination of risks and opportunities.
AUDIT MANAGEMENT
CLOSING MEETING AGENDA
Report the
Thank the auditee and Recap reason, scope Review audit plan and
observations, positive
reintroduce the team & criteria methods
& negative
Corrective actions &

Disclaimer Overall summary Questions & answers
time-scale
Recommendation Follow-up
Ref:ISO 19011-6.4.9
Preparing the audit report
ISO 19011, clause 6.5.1

The audit team leader must be responsible for the
preparation and the content of the audit report
Audit report must provide a clear, accurate, concise and
complete picture of the audit
Must be a written report
30
4/8/2022
Preparing the audit report
ISO 19011, clause 6.5.1

The audit report must include or make reference to the following elements:
Audit objectives
Audit scope
Identification of the audit client
Identification of audit team and auditee’s participants in the audit
Dates and conclusions where the audit activities were conducted
Audit criteria
Audit findings and related evidence
Audit conclusions
A statement on the extent of the conformity to the audit criteria
AUDIT REPORT
The audit report contains:

a) a statement on the conformity and the effectiveness of
the management system together with a summary of
the evidence relating to:
• the capability of the management system to meet applicable

requirements and expected outcomes;
• the internal audit and management review process;
b) a conclusion on the appropriateness of the internal audit
scope;
c) confirmation that the audit objectives have been fulfilled.
CORRECTIVE ACTION PROCESS
CORRECTIONS AND CORRECTIVE ACTIONS SUBMITTED

BY AUDITEE ARE EFFECTIVE WHEN AUDITOR:
 reviews the:
►corrections,
►identified causes and;
►corrective actions
 verifies its effectiveness

 records evidence obtained to support the resolution of
nonconformities.
 informs client of the result of the review and verification
31
4/8/2022
CORRECTIVE ACTION PROCESS
DISTRIBUTING THE REPORT
The audit report is distributed to the recipients:
 within an agreed period of time,

 if it is delayed, the reasons should be communicated to the auditee
and the person managing the audit program
 dated, reviewed and approved, as appropriate, in accordance with
audit program procedures; and
 interested parties defined in the audit program or audit plan.
When distributing the audit report, appropriate measures to ensure

confidentiality should be considered.
COMPLETING THE AUDIT
Person managing the audit program ensures these activities are

performed:
 review and approval of audit reports;

 review of root cause analysis and the effectiveness of corrective
actions;
 distribution of audit reports to the top management;
 determination of the necessity for any follow-up audit.
32
4/8/2022
Completing the audit
ISO 19011, clause 6.6

The audit is complete when all the activities described in the audit
plan have been performed and approved and when the audit
report is distributed
Appropriate to archive, return or destroy documents related to the
audit as agreed by participating parties
Lessons learned from the audit can identify risks and
opportunities for the audit program and the auditee
Audit Follow-up
ISO 19011, clause 6.7

Based on the audit conclusions, the auditor may have to
conduct a follow-up audit before the organization is
recommended for certification
Verification of action plans and corrective measures related to
the non-conformities identified in the audit report
usually major non-conformity should involve a follow-up audit.
Alternatives to follow-up audits
Internal audit and surveillance audit

The verification of action plans and corrective measures can be
included in a future surveillance audit or be the object of a specific
visit
The auditor can rely on the internal auditors to ensure a follow-up
of the action plans before the next surveillance audit
In some cases, the verification can be done remotely
33
4/8/2022
AUDIT FOLLOW-UP
 FOLLOW-UP ACTION
►At agreed time
►Review of documentary evidence  DOCUMENTARY EVIDENCE

►Re-audit on the site
►Records
►Only review of corrective actions ►Training certificates
►Don’t start it all over again
►Amended procedures
►Photographs
►Videos
Ref: ISO 19011-6.7
AUDIT FOLLOW-UP
AUDIT TEAM LEADER to:

 determine if correction is
acceptable,
AUDITEE submits:
 verify effective
 corrections; implementation of the
corrective action on set
 identified causes; and
follow-up audit;
 corrective actions  close the audit if
corrective action to
nonconformity is
effectively implemented
AUDITORS’ PERSONAL BEHAVIOR
ETHICAL • i.e. fair, truthful, sincere, honest and discreet;
OPEN-MINDED • i.e. willing to consider alternative ideas or points of view;
DIPLOMATIC • i.e. tactful in dealing with individuals;
OBSERVANT • i.e. actively observing physical surroundings and activities;
34
4/8/2022
PERCEPTIVE
• i.e. aware of and able to understand
situations;
VERSATILE • i.e. able to readily adapt to different situations;
TENACIOUS • i.e. persistent and focused on achieving objectives;
• i.e. able to reach timely conclusions based on logical reasoning and

DECISIVE
analysis;
• i.e. able to act and function independently while interacting

SELF-RELIANT
effectively with others;
• i.e. able to act responsibly and ethically, even though these actions may
ABLE TO ACT WITH FORTITUDE not always be popular and may sometimes result in disagreement or
confrontation;
OPEN TO IMPROVEMENT • i.e. willing to learn from situations;
CULTURALLY SENSITIVE • i.e. observant and respectful to the culture of the auditee;
• i.e. effectively interacting with others, including audit team members and
COLLABORATIVE the auditee’s personnel.
35

Student Notes - 02 - ISO 19011 IA PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Student Notes - 02 - ISO 19011 IA PDF

Uploaded by

Copyright:

Available Formats

4/8/2022

© - Copyright Bureau Veritas ISO 9001: 2015 | INTERNAL AUDITOR 242

systematic, independent and documented process (3.4.1)

© - Copyright Bureau Veritas ISO 9001: 2015 | INTERNAL AUDITOR 244

Second Party Audit

Third Party Audit

Internal and External Audits

Internal Audit External Audit

a) Independent of the activities audited (not of a) Totally independent of the audited

Who performs what?

Client Organization or person requesting the audit

Auditee Audited organization

Auditor Competent person conducting the audit

One or more auditors conducting an audit, supported if needed by technical

Two primary effects:

Has primary responsibility to the performance of the audit

3 due professional care

© - Copyright Bureau Veritas ISO 9001: 2015 | INTERNAL AUDITOR 271

These principles are intended to:

© - Copyright Bureau Veritas ISO 9001: 2015 | INTERNAL AUDITOR 272

 perform their work ethically, with

© - Copyright Bureau Veritas ISO 9001: 2015 | INTERNAL AUDITOR 273

© - Copyright Bureau Veritas ISO 9001: 2015 | INTERNAL AUDITOR 274

3. due professional care

© - Copyright Bureau Veritas ISO 9001: 2015 | INTERNAL AUDITOR 275

© - Copyright Bureau Veritas ISO 9001: 2015 | INTERNAL AUDITOR 276

© - Copyright Bureau Veritas ISO 9001: 2015 | INTERNAL AUDITOR 277

© - Copyright Bureau Veritas ISO 9001: 2015 | INTERNAL AUDITOR 278

 reporting of audits in order

to ensure that audits are focused on matters

 for achieving the audit programme objectives.

© - Copyright Bureau Veritas ISO 9001: 2015 | INTERNAL AUDITOR 279

Process flow for the management of an audit programme

5.2 Establishing audit programme

5.4 Establishing audit programme

5.5 Implementing audit

6.2 Initiating audit

6.5 Preparing and distributing

© - Copyright Bureau Veritas ISO 9001: 2015 | INTERNAL AUDITOR 287

5. Managing an audit programme

© - Copyright Bureau Veritas ISO 9001: 2015 | INTERNAL AUDITOR 288

Process flow for the management of an audit programme

6.2 Initiating audit

6.5 Preparing and distributing

© - Copyright Bureau Veritas ISO 9001: 2015 | INTERNAL AUDITOR 317

6.2.2 Establishing contact with auditee

© - Copyright Bureau Veritas ISO 9001: 2015 | INTERNAL AUDITOR 318

6.2.3 Determining the feasibility of audit

 alternatives should be made if not feasible

© - Copyright Bureau Veritas ISO 9001: 2015 | INTERNAL AUDITOR 319

Process flow for the management of an audit programme

6.2 Initiating audit

6.5 Preparing and distributing

© - Copyright Bureau Veritas ISO 9001: 2015 | INTERNAL AUDITOR 321

© - Copyright Bureau Veritas ISO 9001: 2015 | INTERNAL AUDITOR 322

© - Copyright Bureau Veritas ISO 9001: 2015 | INTERNAL AUDITOR 323

The relevant management system documented

© - Copyright Bureau Veritas ISO 9001: 2015 | INTERNAL AUDITOR 324

© - Copyright Bureau Veritas ISO 9001: 2015 | INTERNAL AUDITOR 325

Preparing the Audit Plan

 Prepared based on the information contained in the audit program

© - Copyright Bureau Veritas ISO 9001: 2015 | INTERNAL AUDITOR 326

Audit planning should address or reference the following: