IQCS-QMSLA-01A Presentation Slides Apr2020 R23 (Protected)

CQI and IRCA Certified QMS
ISO 9001:2015 Lead Auditor

Course
(PR328 Course Specification)
(CQI and IRCA Reg. No.18126)
2/14/2022May 2012 IQCS/QMSLA/01A Issued April 2020 R23
1
Important Notes To All Tutors
• Tutors should not read from the slides during theory
based sessions
• The Presentation Slides shall only be used as a

reference from time to time to enhance students learning
process & to reinforce understanding
• See Tutor‘s Guide on use of slides in conjunction with AL

based presentation & Workshops
• Reference can be made to the course note according to the

chapter/section number as guidance.

2
Welcome!
From the Chartered Quality Institute and
International Register of Certificated Auditors

3
CQI and IRCA Course Certification
• You are attending a course certified by the CQI and IRCA
• This means that your training provider has voluntarily achieved the rigorous requirements set by CQI and IRCA to
provide you with confidence that:
• Your course content covers key knowledge and skills that you will need on your journey as a management
systems auditor
• Your tutors are experienced and competent auditors and trainers, who will use a variety of practical student-
focused learning techniques to help you learn and enjoy the course
• Your achievement of the learning objectives will be fairly assessed through monitoring and coaching and,
where required by CQI and IRCA, written examination
• You have access to a robust complaints process and recourse to complain to CQI and IRCA if you are
unable to resolve your complaint with the training provider and think that the course has not met the criteria
set down by CQI and IRCA
• You can verify the training organisations we approve and the courses we certify directly with CQI and IRCA at
www.quality.org.
• At the end of this course we will provide you with some useful information on what to do next, from becoming an
CQI and IRCA Certificated Auditor to finding a job.

4
Welcome
From Chartered Quality Institute and

International Register of Certificated
Auditors
www.quality.org
5
www.irca.org
This course is certified by the Chartered Quality Institute

(CQI) and International Register of Certificated Auditors
(IRCA)
The CQI is the chartered body for quality professionals. We improve the performance of organizations by developing their
capability in quality management.
With members all over the world, we are uniquely placed to define and lead the quality profession, setting the standards for its
capability and scope through the CQI Competency Framework. We encompass the whole quality community, including quality
management professionals (CQI members) and management systems auditors, through our specialist division IRCA (the
International Register of Certificated Auditors).
We represents over 10,000 registered auditors in 150 countries and every year, around 60,000 delegates attend an CQI and IRCA
approved training course.
Our Competency Framework helps:

• Quality professionals to plan and advance their careers
• Employers of quality professionals to support and develop their people
• The world understand what quality professionals do
• The profession face the challenge of putting quality at the heart of organisations in today's fast-paced business world
(read The New Quality Profession Challenge).
CQI and IRCA Certified Training is mapped to the Competency Framework, ensuring that learning is aligned to the skills and
knowledge called on by industry.
CQI membership and IRCA registration grades are assessed against the Competency Framework to ensure individuals are
recognised against the most relevant skills and competencies.
Find out more at www.quality.org
IQCS/QMSLA/01A Issued March 2019 R22

5
Learning Objectives
On successfully completing these modules
delegates will:
• have the knowledge to explain the purpose of a quality

management system, of quality management systems standards, of
management system audit, of third-party certification and the
business benefits of improved performance of the quality
management system
• have the knowledge to explain the role and responsibilities of an

auditor to plan, conduct, report and follow-up a quality
management system audit in accordance with ISO 19011, and
ISO/IEC 17021, as applicable
• have the skill to plan, conduct, report and follow-up an audit of a

quality management system to establish conformity (or otherwise)
with ISO 9001 and in accordance with ISO 19011, and ISO/IEC
17021, as applicable.
2/14/2022May 2012 IQCS/QMSLA/01A Issued April 2020 R23 67

COURSE CONTENTS
Chapter 1: AUDITING THE ISO 9001 REQUIREMENTS
Chapter 2: PRINCIPLE OF QUALITY MANAGEMENT AND OTHER

BASIC QUALITY CONCEPTS
Chapter 3: QUALITY MANAGEMENT SYSTEM DOCUMENATATION
Chapter 4: PLANNING & CONDUCTING THE “PROCESS APPROACH” AUDIT

-THE RESPONSIBILITIES & ACTIVITIES

8
COURSE CONTENTS
Chapter 5: AUDIT CHECKLIST
Chapter 6: CORRECTIVE ACTION REQUEST & AUDIT REPORTING
Chapter 7: CERTIFICATION/REGISTRATION & ACCREDITATION
Chapter 8: IRCA CERTIFICATION SCHEME FOR AUDITORS

OF MANAGEMENT SYSYTEM

9
CHAPTER 1:
AUDITING THE
ISO 9001:2015
REQUIREMENTS

10
1.1 The Creation of ISO 9000 Series as
Harmonized Standards
• International Organization for

Standardization‘s technical committee,
ISO/TC 176 was formed in 1979.
• Before that, there were various national

and multinational quality systems
standards.

11
1.2 The Background and Origins of
ISO 9000
• ISO (1946) is a non-governmental organization based in

Geneva, Switzerland
• Promotes the development of international standards

and related activities to facilitate the exchange of
products and services globally.

12
1.2.1 ISO/TC 176
• ISO/TC 176 is in charge of finalizing QA requirements in

a wide international consensus.
Table 1: ISO Committee

13
QA Standards- The Milestones
1963 Mil-Q-9858A US Military
1969 AQAP NATO
1970 10CFR50 US Federal Regulation
1971 ANSI-N45-2 American Standard
1973 Defence Standard 05-21 UK version of AQAP
1975 CSAZ299 Canadian Standard
1979 BS 5750 British Standard
1979 ANSI-A.S.Q.C.Z1.15 Generic Standard
1985 CSAZ299 (Revision)
1987 ISO 9000 Series - Quality Assurance
1994 ISO 9000 Series 1st phase changes
2000 ISO 9000 Series 2nd phase changes – Quality management
2005 ISO 9000 Revision
2008 ISO 9001 Revision – Process approach
2009 ISO 9004 Revision
2015 ISO 9001:2015 - High level structure ( Annex SL)

14
1.3 Continuing Development of ISO 9000
Standards
• All standards reviewed approximately every five years.
• The purpose of this review is to ensure that it is usable

and remain applicable to all organizations regardless of
their size, industry or product.

15
16
1.3.1 Reasons For The Changes
 In the last 25 years, many other

Management Systems Standards have come
into use world wide.
 Organizations that use multiple

Management System Standards are
increasingly demanding a common format
and language that is aligned between those
standards.

17
Table 2: ISO CASCO Report 2014

18
1.4 Key Perspectives and Tasks
ISO 9001 needs to:
 Maintain relevance
 Integrate with other management systems
 Provide an integrated approach to organizational
management
 Provide a consistent foundation for the next 10 years
 Reflect the increasingly complex environments in which
organizations operate
 Ensure the new standard reflects the needs of all
potential user groups
 Enhance an organization's ability to satisfy its
customers
19
1.4.1 The main changes in the new version
of ISO 9001:2015 are:
 The adoption of the HLS as set  A requirement to define the
out in Annex SL of ISO boundaries of the QMS.
Directives Part 1.  Increased emphasis on
 An explicit requirement for risk- organizational context.
based thinking to support and  Increased leadership
improve the understanding and requirements.
application of the process  Greater emphasis on achieving
approach. desired outcomes to improve
 Fewer prescribed customer satisfaction
requirements.
 Less emphasis on documents.
 Improved applicability for
services.

20
1.5 Structure of ISO 9000 Series
• The Process-Based structure is consistent with the
Plan-Do-Check-Act improvement cycle.
• Consistent with other ISO management system

standards
• The quality management principles have been

identified to assist the achievement of quality.

21
1.6 ISO 9000 Core Standards
Standard Title
ISO 9000 Quality Management Systems –
Fundamentals and Vocabulary
ISO 9001 Quality Management Systems –
Requirements
ISO 9004 Managing for the sustained success of an
organization — A quality management
approach
Figure 1.2: ISO 9000 Series of Standards
• The 9000 series consists of 3 standards, namely ISO

9000, ISO 9001 and ISO 9004.
22
Core Standards
ISO 9004
Non-contractual
Supporting Standards
Standards
Guidelines
ISO 19011
ISO 9000
Contractual
Standard
Reference
Guidelines on
Auditing
ISO 9001
Requirements
Figure 1.3: Family of ISO 9000 Standards

23
• The family consists of conformance standards, reference
standards, guidelines standards and supporting
standards.
• ISO 9001 is the sole auditable or conformance standard.
• Auditable or conformance standard  ―contains only

those requirements that may be objectively audited for
certification/registration purposes and/or self declaration
purposes".

24
1.7 ISO 9000 Supporting Standards
1.7.1 ISO 19011:2018
• Guidelines for auditing management systems
• Replaces ISO 19011 : 2011 Guidelines on

Quality and Environmental Auditing.

25
1.8 ISO Directives 1 and 2
„„ The
biggest
event from
ISO
9001:2015‟‟

26
1.8 ISO Directives 1 and 2
 The procedures used to develop this document
and those intended for its further maintenance are
described in the ISO/IEC directives, part 1.
 In particular the different approval criteria needed

for the different types of ISO documents should
be noted.
 This document was drafted in accordance with

the editorial rules of the ISO/IEC directives, part 2
(see www.iso.org/directives).
ANNEX SL
ISO GUIDE 83
27
1.8.1 High Level Structure – Common Text
Annex SL
 Mandated by ISO‘s Technical Management Board
(TMB).
 High level structure, identical core text and common
terms and core definitions for use in all Management
System Standards.
 Purpose - Enhance the consistency and alignment of
different management system standards.
 Organizations who implement a single system
addressing multiple standards (e.g. QMS, EMS, ISMS
etc) will see the most potential benefit.

28
Annex SL - What is it?
High Level It is an annex within ISO/IEC
Directive Part 1, 6th Edition,
Structure that addresses the common
structure of a management
system.
a new common format has been developed for use in
all management system standards
o standardized core text and structure
o standardized core definitions
Organizations implementing multiple management
systems (e.g. quality, environmental, information security)
can achieve better integration and easier implementation
The high level structure and common text is public
information and can be found in Annex SL of the
www.iso.org/directives
29
1.9 ISO 9000 Certification / Registration
1.9.1 Reasons for Certification / Registration
• Certification by any accredited registrars can

replace second party audits by customers.
• Beneficial to customers whose suppliers are

located overseas.
• To enhance the company‘s quality image
• To ensure continual improvement

30
1.9.2 Benefits of Certification /
Registration
 To satisfy customer contractual requirements
 To reduce the number of second party audits
 To gain a competitive advantage by improving

the quality of products and services through ISO
9001.
 To improve communications between all levels

of personnel
31
1.10 ISO 9001:2015 QMS Requirements
Fig. 1.4 Process Approach Model of QMS

32
KEY AUDIT
REQUIREMENTS OF
ISO 9001:2015
STANDARD

33
CLAUSE 1 SCOPE
Applicability – Exclusions
 This International Standard does not refer to
―exclusions‖ in relation to the applicability of its
requirements to the organization‘s quality
management system.
 However, an organization can review the applicability

of requirements due to the size or complexity of the
organization, the management model it adopts, the
range of the organization‘s activities and the nature of
the risks and opportunities it encounters.

34
Applicability – Exclusions
 The requirements for applicability are addressed in
4.3, which defines conditions under which an
organization can decide that a requirement cannot
be applied to any of the processes within the scope
of its quality management system.
 The organization can only decide that a

requirement is not applicable if its decision will not
result in failure to achieve conformity of products
and services.

35
CLAUSE 4 CONTEXT OF THE
ORGANIZATION
One Interesting Sample from CQI and IRCA?

36
CLAUSE 5 LEADERSHIP
5.1 Leadership and
commitment
 Auditors must seek evidence that top management has a
―hands-on‖ approach to the management of their quality
management system.
 Auditors must understand which ISO 9001:2015

requirements top management can delegate and which
they cannot.

37
5.1 Leadership and
commitment
 Auditors must ensure that they are equipped to challenge
top management in respect of their commitment to their
quality management systems. Auditing at this level is likely
to be a new experience for many.
 To be effective and gain the respect of top management,

auditors will need to have a good understanding of
management activities, be able to engage with top
management on a range of subjects, and speak the
language of top management.

38
CLAUSE 6 PLANNING
The main objectives of ISO 9001:
 Give assurance that the QMS can achieve its
intended result(s)
 Enhance desirable effects
 Prevent, or reduce, undesirable effects
 Achieve improvement
The goal of RISK MANAGEMENT is to

protect organizations from being
vulnerable
39
What is “risk-based thinking”?
 Risk-based thinking is something we all do automatically
and often sub-consciously
 The concept of risk has always been implicit in ISO
9001 – this revision makes it more explicit and builds it
into the whole management system
 Risk-based thinking is already part of the process
approach
 Risk-based thinking makes preventive action part of the
routine
 Risk is often thought of only in the negative sense. Risk-
based thinking can also help to identify opportunities.
This can be considered to be the positive side of risk
40
The RISK – new requirements
 Identification and management of risk is being viewed
as a new system wide strategy in much the same light
that Continual Improvement was when ISO 9001:2000
was published.
 Borrows heavily from the concept of Preventive Action
(clause 8.5.3 in ISO 9001:2008.)
 Preventive Action isn‘t going anywhere! (the standard
itself)
 Expands the idea of Risk aversion to one that affects all
of the various areas of the Quality Management
System.
41
Risk in the clauses - Process
Approach, Leadership, Planning
 Clause 4 - the organization is required to
determine the risks which can affect its ability to
meet these objectives
 Clause 5 - top management are required to
commit to ensuring Clause 4 is followed
 Clause 6 - the organization is required to take
action to address risks and opportunities

42
Risk in Clauses – Operation,
Evaluation, Improvement
 Clause 8 - the organization is required to have
processes which identify and address risk in its
operations
monitor, measure, analyse and evaluate the
risks and opportunities
improve by responding to changes in risk

43
Risk Based thinking
Intuition isn‘t always enough.
What if ….

44
Use of risk based thinking
• By considering risk based thinking throughout the organization the
likelihood of achieving stated objectives is improved, output is more
consistent and customers can be confident that they will receive the
expected product or service.
• Risk-based thinking therefore:
– builds a strong knowledge base
– establishes a proactive culture of improvement
– assures consistency of quality of goods or services
– improves customer confidence and satisfaction

45
Auditor‟s answer on Risk
Based Thinking
 A way of understanding reality that emphasizes the
relationships among a system‘s parts, rather than the parts
themselves and their relationship to a functioning whole
 Systems Thinking is the only good answer and concept

auditor need to implement during preparation and audit
executions
 What are alternatives – pushing audit clients to used RM

methodologies auditor likes or familiar (SWOT, Delphi
Technique, Preliminary Hazard Analysis (PHA), HAZOP ,
Business impact Failure Modes and Effects Analysis
(FMEA) and Failure Modes and Effects and Criticality
analysis (FMECA) , Fault Tree Analysis (FTA) or others).
46
Define
Requirements
Retirement,
Disposal &
Investigate
Replacement The system Alternatives
life cycle
Operation,
Maintenance
& Evaluation Full-Scale
Design
Integration
& Test Implementation

47
SOURCES INFORMATION MANAGEMENT USERS
Analytics Visualization
Data Visualization
Reporting
z z
Common Repository
Data Management
With the ISO 9001:2015 “Risk-Based Management System”

requirement, a traditional data management & reporting system is
no longer sufficient…companies require a more advanced system to
manage their risks & opportunities
Source – SAS’ Visual Analytics
48
To manage an effective Risk-Based-Thinking System,
companies are required to analyse all their business related
data so as to visualise their future market risks &
opportunities…
Source – SAS’ Visual Analytics
49
Risk based thinking or Risk
management addresses
 System risk
Auditors don’t
forget or  Project risk
neglect
 Business risk
 Safety,
environmental and
risks to the public

50
Auditors don‟t forget or neglect
 Good risk management or Risk based thinking
will not prevent bad things from happening.
 But when bad things happen, good risk
management or risk based thinking will have
anticipated them and will reduce their negative
effects.

51
CLAUSE 7 SUPPORT
CLAUSE 7.1.6 ORGANIZATIONAL
KNOWLEDGE
• The Standard addresses the need to determine

and manage the knowledge maintained by the
organization, to ensure that it can achieve
conformity of products and services.
• Requirements regarding organizational knowledge
were introduced for the purpose of:

52
a) safeguarding the organization from loss of
knowledge, e.g.
— through staff turnover;
— failure to capture and share information;
b) encouraging the organization to acquire
knowledge, e.g.
— learning from experience;
— mentoring;
— benchmarking.

53
 Auditors should ensure that organisations have
taken steps to identify the organisational knowledge
necessary to establish the continuing conformity of
their products and services.
 Auditors should ensure that organisational

knowledge has been communicated as necessary
within the organisation and that it is being
maintained and protected.
 They should also ensure that an assessment of

organisational knowledge has taken place prior to
any changes made to the quality management
system in response to changing needs or trends.
54
CLAUSE 7.5 DOCUMENTED
INFORMATION
7.5.3 Control of
documented information
 Auditors will increasingly find themselves having to

access and use electronic systems in order to
evidence how organisations are controlling their
documented information. This could require a
technical upskilling.

55
QMS Documented Informations
What you are doing?
Your processes and Status ISO 9001
Risks Must
Da
Ne
Doc.
Informations Context
Ne Da
Interested How objectives are achivied Status

parties What procesess and activites We are here

56
CLAUSE 8 OPERATION
8.1 Operational planning and control
 This section should be implemented in conjunction
with clause 4.4. The increased focus on the process
approach makes properly understanding clause 4.4
and clause 8.1 a fundamental requirement for
auditors.
 Besides the change in the title (―production and

service provision‖), auditors should note that this
clause now includes implementation and control
requirements, not just planning and development
requirements as per ISO 9001:2008.
57
 It is very clear (clause 4.4, supported with clause

8.1), that the organisation is required to determine
and plan (design) its processes to meet
requirements.
 As such, auditors need to evidence that this has

been done, ie evidence that the process (including
process inputs, outputs, resources, controls,
criteria, process measurement and performance
indicators) has been planned.

58
 There is also a clear link and, hence, audit trail,

from clause 6.1 ―Actions to address risks and
opportunities‖ through to clause 8.1.
 For those risks and opportunities that the

organisation has determined need to be addressed,
auditors should gather evidence that these actions
have been integrated into the management system;

59
 Auditors also need to seek evidence that processes

have been implemented and controlled as planned,
and in so far as they relate to process planning and
control, evidence that the organisation has
evaluated the effectiveness of actions taken to
address risks and opportunities.
 Auditors should also gather and evaluate evidence

relating to planned changes and to any unintended
changes.

60
8.4 Control of externally provided
processes, products and services
• All forms of externally provided processes, products and

services are addressed in 8.4, e.g. whether through:
– a) purchasing from a supplier;
– b) an arrangement with an associate company;
– c) outsourcing processes to an external provider.
• Outsourcing always has the essential characteristic of a

service, since it will have at least one activity necessarily
performed at the interface between the provider and the
organization.
61
8.4 Control of externally provided products
and services
• Auditors should note the new requirement for the

organization to establish criteria to allow it additionally to
monitor the performance of external providers. This must
be maintained as documented information.
• They should also note the requirement for organisations
to provide a record of the results of their monitoring of
the external provider‘s performance as documented
information.

62
8.4.2 Type and extent of control of
external provision
 Auditors should note the revised

requirements as set out above,
including those relating to outsourced
processes

63
8.5.5 Post-delivery activities
 Auditors should be aware that these are

new requirements.
 They should ensure that the organisation
has taken into account the necessary
considerations when determining the nature
and extent of post-delivery activities.

64
8.5.6 Control of changes
 Auditors should evidence that the

organisation has controlled unplanned
changes in accordance with the
requirements set out above.
 Auditors should evidence that organization
shall retain documented information
describing the results of the review of
changes, the person(s) authorizing the
change, and any necessary actions arising
from the review.

65
CLAUSE 9 PERFORMANCE
EVALUATION
Monitoring, Measurement,
Analysis and Evaluation
• The organization shall determine:
• a) what needs to be monitored and measured;
• b) the methods for monitoring, measurement, analysis and
evaluation needed to ensure valid results;
• c) when the monitoring and measuring shall be performed;
• d) when the results from monitoring and measurement shall be
analysed and evaluated.
• The organization shall evaluate the performance and the
effectiveness of the quality management system.
66
Monitoring, Measurement, Analysis
and Evaluation Mechanisms
The market demands continual improvement, the software based

solution in monitoring, measuring, analyzing & evaluating
company’s process & product performance accelerate time to
market, protect company brand by minimizing customer complaints
Source : SAS JMP
67
Monitoring – crucial for auditing

68
Monitoring involves:
•Establishing indicators of efficiency, effectiveness and
impact;
•Setting up systems to collect information relating to
these indicators;
•Collecting and recording the information;
•Analysing the information;
•Using the information to inform day-to-day
management.

69
Evaluation involves:
• Looking at what the project or organisation intended to
achieve – what difference did it want to make? What
impact did it want to make?
• Assessing its progress towards what it wanted to achieve,
its impact targets.
• Looking at the strategy of the project or organisation. Did it
have a strategy? Was it effective in following its strategy?
Did the strategy work? If not, why not?

70
• Looking at how it works

• Was there an efficient use of resources?
• What were the opportunity costs of the way it chose to
work?
• How sustainable is the way in which the project or
organisation works?
• What are the implications for the various stakeholders in
the way the organisation works.

71
Specific interest of auditors connected with 8.4
but also with 4.1, 4.2, 4.3, 6.1 and 6.2 clauses of
ISO 9001:2015
 Control of
externally
provided
processes,
products
and
services

72
Auditor need to consider following areas of
monitoring and evaluations during audit
• Relevance: Do the objectives and goals match the problems or needs
that are being addressed?
• Efficiency: Is the project, program, changes or any activities delivered

in a timely and cost-effective manner?
• Effectiveness: To what extent does the intervention achieve its

objectives? What are the supportive factors and obstacles encountered
during the implementation?
• Impact: What happened as a result of the activities? This may include

intended and unintended positive and negative effects.
• Sustainability: Are there lasting benefits after the intervention is

completed?
73
Monitoring and evaluation results - Validation
and verification aspect
• Validation:  Auditors need to

building the right system understand
clearly
• Verification:
building the system right
 This loop need

to be closed

74
Auditor needs to understand
differences
[Source: Zall Kusek J, Rist R. Ten steps to a results-based monitoring
and evaluation system. A handbook for development practitioners.
Washington D.C.: The World Bank, 2004: p.14

75
Management Review: A Process, Not
an Event
 Management review is often misunderstood and
underutilized, but it is the process that supports
continuous improvement and emphasizes its importance
in the drive for success.
 Successful organizations use frequent management
reviews to foster continuous improvement.
 Continuously reviewing (and achieving) management
goals can ensure an organization‘s success.
 Not by accident, management review is an essential
requirement of the ISO 9001 standard.

76
Management Input/Feedback/Decisions
 Are we headed in the Auditor KEY interests :
right direction?
 Are changes needed?
Can we get better?
 How do we change
and do you agree with
the plan?
 Do we have your
ongoing commitment?
 Are you willing to
provide the resources?

77
CLAUSE 10 IMPROVEMENT
• Nonconformity and Corrective

Action
• Continual Improvement

78
CHAPTER 2:
Principles of Quality
Management and other Basic
Quality Concepts

79
2.1 The Principles of Quality Management
• QMP 1 – Customer Focus

• QMP 2 – Leadership
• QMP 3 – Engagement of People
• QMP 4 –Process Approach
• QMP 5 – Improvement
• QMP 6 – Evidence-based Decision Making
• QMP 7 – Relationship Management

80
• QMPs offers potential benefits for
– Policy and strategy formulation,

– Goals and targets setting,
– Operational Management, and
– Human Resources Management.

81
QMP 1: Customer Focus
a) Statement
A new approach of text

The primary focus of quality management is
to meet customer requirements and to strive
to exceed customer expectations.
b) Rationale
Sustained success is achieved when an
organization attracts and retains the
confidence of customers and other interested
parties on whom it depends. Every aspect of
customer interaction provides an opportunity
to create more value for the customer.
Understanding current and future needs of
customers and other interested parties
contributes to sustained success of an
organization.
82
QMP 2: Leadership
a) Statement
Leaders at all levels establish
unity of purpose and direction and
create conditions in which people
are engaged in achieving the
quality objectives of the
organization.
b) Rationale
Creation of unity of purpose,
direction and engagement enable
an organization to align its
strategies, policies, processes
and resources to achieve its
objectives.
83
QMP 3: Engagement of People
a) Statement
It is essential for the organization that all
people are competent, empowered and
engaged in delivering value.
Competent, empowered and engaged

people throughout the organization enhance
its capability to create value.
b) Rationale
To manage an organization effectively and
efficiently, it is important to involve all people
at all levels and to respect them as
individuals. Recognition, empowerment and
enhancement of skills and knowledge
facilitate the engagement of people in
achieving the objectives of the organization.
84
QMP 4: Process Approach
a) Statement
Consistent and predictable results are
achieved more effectively and efficiently
when activities are understood and
managed as interrelated processes that
function as a coherent system.
b) Rationale
The quality management system is
composed of interrelated processes.
Understanding how results are produced by
this system, including all its processes,
resources, controls and interactions, allows
the organization to optimize its performance.

85
Illustration of PRNCIPLE 4 :
“Process Approach”
P1 P2 Interaction
E M M
I/P S O/P S
M M A P
Sequence of Activities
C D KPI
P2 P4 “PDCA” For
Continual
Improvement (CI)
Resources – man, material, machine (infrastructure), environment
P1,2,3,4 – Supporting processes
86
QMP 5: Improvement
a) Statement
Successful organizations have an
ongoing focus on improvement.
b) Rationale
Improvement is essential for an
organization to maintain current
levels of performance, to react to
changes in its internal and
external conditions and to create
new opportunities.

87
QMP 6 : Evidence-based Decision Making
a) Statement
Decisions based on the analysis and
evaluation of data and information are
more likely to produce desired results.
b) Rationale
Decision-making can be a complex
process, and it always involves some
uncertainty. It often involves multiple
types and sources of inputs, as well as
their interpretation, which can be
subjective. It is important to understand
cause and effect relationships and
potential unintended consequences.
Facts, evidence and data analysis lead to
greater objectivity and confidence in
decisions made.
88
QMP 7: Relationship Management
a) Statement
For sustained success, organizations
manage their relationships with interested
parties, such as suppliers.
b) Rationale
Interested parties influence the
performance of an organization.
Sustained success is more likely to be
achieved when an organization manages
relationships with its interested parties to
optimize their impact on its performance.
Relationship management with its
supplier and partner network is often of
particular importance.
89
2.2 Some key terms and definitions in clause 3
of ISO 9000:2015
Risk
Effect of uncertainty
 Note 1 to entry: An effect is a deviation from the

expected — positive or negative.
 Note 2 to entry: Uncertainty is the state, even partial,

of deficiency of information related to, understanding
or knowledge of, an event, its consequence, or
likelihood.
90
Risk
 Note 3 to entry: Risk is often characterized by reference
to potential events (as defined in ISO Guide 73:2009,
3.5.1.3) and consequences (as defined in ISO Guide
73:2009, 3.6.1.3), or a combination of these.
 Note 4 to entry: Risk is often expressed in terms of a

combination of the consequences of an event (including
changes in circumstances) and the associated likelihood
(as defined in ISO Guide 73:2009, 3.6.1.1) of occurrence.
 Note 5 to entry: The word ―risk‖ is sometimes used when

there is the possibility of only negative consequences.
 Note 6 to entry: IQCS/QMSLA/01A

This constitutes one of the common term
2/14/2022May 2012 Issued April 2020 R23
91
Documented Information
 Information required to be controlled and maintained
by an organization and the medium on which it is
contained
 Note 1 to entry: documented information can be in any
format and media and from any source.
 Note 2 to entry: documented information can refer to:
-The quality management system , including related
processes;
- Information created in order for the organization
to operate (documentation);
- Evidence of results achieved (records).

92
Performance
Measurable result
 Note 1 to entry: Performance can relate either to

quantitative or qualitative findings.
 Note 2 to entry: Performance can relate to the

management of activities, processes, products,
services, systems or organizations.

93
Outsource (verb)
Make an arrangement where an external organization
performs part of an organization‘s function or process
 Note 1 to entry: An external organization is outside

the scope of the management system, although the
outsourced function, or process, is within the
scope.

94
Monitoring
Determining the status of a system, a process or an
activity
 Note 1 to entry: To determine the status, there may

be a need to check, supervise or critically observe.
 Note 2 to entry: Monitoring is generally a

determination of the object being monitored, carried
out at different stages or at different times.

95
Context of the Organization
Bussiness environment combination of internal and external
factors and conditions that can have an effect on an
organization's approach to its products, services and
investments and interested parties.
 Note 1 to entry: The concept of context of the

organization is equally applicable to non-profit or public
service organizations as it is to those seeking profits.
 Note 2 to entry: In English this concept is often referred

to by other phrases such as business environment,
organizational environment or ecosystem of an
organization.

96
Innovation
Process resulting in a new or substantially changed object
 Note 1 to entry: The object for the purpose of innovation

can be e.g. a management system, a process, a product,
a service or technology.

97
Performance indicator
Performance metric
 Characteristic having significant impact on realization of

the output and customer satisfaction
 Examples: Non conformities per million opportunities, first

time capability, nonconformities per unit.
Note to entry: The characteristic can be quantitative or

qualitative

98
2.3 Terms related to audit
audit
systematic, independent and documented process (3.4.1) for obtaining
objective evidence (3.8.3) and evaluating it objectively to determine the
extent to which the audit criteria (3.13.7) are fulfilled
Note 1 to entry: The fundamental elements of an audit include the

determination (3.11.1) of the conformity (3.6.11) of an object (3.6.1)
according to a procedure (3.4.5) carried out by personnel not being
responsible for the object audited.
Note 2 to entry: An audit can be an internal audit (first party), or an

external audit (second party or third party), and it can be a combined
audit (3.13.2) or a joint audit (3.13.3).

99
Note 3 to entry: Internal audits, sometimes called first-party audits, are
conducted by, or on behalf of, the organization (3.2.1) itself for
management (3.3.3) review (3.11.2) and other internal purposes, and
can form the basis for an organization‘s declaration of conformity.
Independence can be demonstrated by the freedom from responsibility
for the activity being audited.
Note 4 to entry: External audits include those generally called second

and third-party audits. Second party audits are conducted by parties
having an interest in the organization, such as customers (3.2.4), or by
other persons on their behalf. Third-party audits are conducted by
external, independent auditing organizations such as those providing
certification/registration of conformity or governmental agencies.

100
Note 5 to entry: This constitutes one of the common terms
and core definitions for ISO management system standards
given in Annex SL of the Consolidated ISO Supplement to
the ISO/IEC Directives, Part 1. The original definition and
Notes to entry have been modified to remove effect of
circularity between audit criteria and audit evidence term
entries, and Notes 3 and 4 to entry have been added.

101
Figure 2.1: First, Second and Third Party Quality Management System
Audit
102
CHAPTER 3:
QMS Documented Information

103
3.1 Introduction
• Documented Information: an activity essential to the
achievement of continual quality improvement in a
company.
• Appropriate QMS documented information is important

for two major reasons:
1. To accomplish a company‘s quality objectives.
2. For the evaluation of quality systems using audits,
measuring and monitoring mechanism and
management reviews to create and maintain a
continual improvement loop.
• Documented information provides objective evidence

that a process has been sufficiently and accurately
defined. 104
Management Review Process Internal Quality Audit Process
Establishment and maintenance of

Quality Records
Objective evidence for second and third party Objective evidence that
audits that: IQA is planned and
-Processes are defined. conducted
-Procedures are approved.
-Procedures are under control.
-QMS is implemented and maintained under
controlled conditions
3.1: The Purpose of Documentation

105
3.2 Value of QMS Documented
Information
The value of QMS Documented Information can be

summarized as follows:
1. Effective management information tool
2. Enables consistency and effectiveness
3. Provides a record of communication between

internal and external parties
4. Provides objective evidence of compliance to the

ISO 9001:2015 requirements and the applicable
regulatory requirements.

106
3.2: QMS Documentated Information for
Policy Deployment
C Q
O U
M A
P L
Policy A I
QM A P
N T
Y Y C D
D D
I E
R P
Objectives & L System Procedures A P
E
Macro processes O (Management Level)
C C D
(Evidence Of Y
T
Implementation) M
I
O E
N N A P
Plans, Operating Procedures
T C D
(Operations Level)
Targets &
Micro Processes
Work Instructions,
(Evidence Of Implementation) A P
Records, forms, etc.
C D
(Operations level)

107
3.3 Additional Flexibility in
The type and extent of the documentation and the levels of

documentation hierarchy depends on the:
1. size and type of the organization

2. complexity and interaction of the working
processes
3. competence of personnel.

108
1. ANALYSE EXTERNAL REQUIREMENTS
ISO 9001 contractual requirements
Industry/regulatory requirements
Customers & stakeholders requirements
2. ANALYSE YOUR BUSINESS PROCESS

Organizational Context
Risk & Opportunities
Policy and objectives
Input and output of all major processes
Business Flow
3. REVIEW CURRENT DOCUMENTATION SYSTEM

Identify responsible ownership, creation, approval
Document distribution and control
Assess existing documents and record management system
Gap analysis and streamlining
4. DEVELOP A QMS DOCUMENTED INFORMATION

Define each level of documentation
Identify process interaction
Establish suitable document and record format
Create a suitable document and record control system
3.3 Documented Information
Development Process Steps
5. CREATE SPECIFIC DOCUMENTS
Define responsibilities and authorities
Create operating documents
Create quality records
Establish the QMS documentation
109
Identify ISO 9001 documented Information
requirements
Review existing documentation against ISO 9001
Existing documentation Y Keep existing documentation intact

comply and adequate?
N
Identify areas of inadequacy for
modification/update
Modify existing documentation or create new

documented information
Verify modified/new document with specific ISO 9001 requirements
Perform internal adequacy audit to ensure all

documented information comply with ISO 9001
requirements
3.4: Documented Information
Company wide Briefing and Implementation Gap Analysis Process
110
3.3.1 Documentation Strategies to ISO 9001
• communication of quality and related regulatory

requirements throughout the organization
• Enhance training of personnel to perform their job
• Top management play important roles in developing

overall quality system and identifying activities that
require formal procedures.
• Planning should ensure that procedures written are

logical, well structured and coherent.

111
• Key aspects to be considered are:
– scope of coverage
– objectives
– process steps and method
– related resources and infrastructure
– time scale
– desired output/effect.

112
“Process Approach” QMS Documentation Layout ?
Resources or
The process sequence and steps infrastructure in
form the basis of “Process Identify the communication
place for
Based” QMS documentation and link between departments/
managing the
work procedures. processes must
interested parties with Factory
be identified.
Management.
8.5.5
8.5.1
8.3
8.7
8.5.2
8.5.4
8.5.4
8.5.4
8.5.2
9.2
Key ISO clauses identified Arrows depict the process flow of this
to ensure compliance with Factory Management department.
ISO MODEL

113
3.4 Documented Information Hierarchy
• The company‘s quality manual is typically used as a

main documented information to demonstrate the
existence of a documented quality system.

114
Company ISO 9001 QMS
High-tech Electronic
QMS Documented Information Hierarchy Content Electronic Products
Products (350
(1500 Employees)
Employees)
Tier 1: Describes Tier 2: Describes
Quality Policy and Activities to be Done,
Objectives 1 1
Quality Methods, Activities Generic
Manual Sequence and
Responsibilities
Tier 4:
Evidence Departmental Tier 3: Detailed 125 40
of Procedures and Descriptions on Specific
Implement Responsibilities How Operators
ed Quality Perform
Activities Specific Tasks
Work Instructions, Machine 150 - 250 40-60

and Equipment Instructions
Detailed
Forms and Records
3.6: The Four Levels of Quality System Documentation

115
3.4.1 Quality Manual (1st level) :
– provides sufficient description of a quality management

system
– required by clause 4.3 to include the scope of the quality

management system
– Include or make reference to the documented procedures

established for the QMS as well as a description of the
interaction (or ‗Map‘) between the processes.
– Must be able to show company‘s commitment to quality

and methods used by company to assure product quality by
means of general procedures.

116
Quality plan:
• For major projects
• Specific to a product, project or service
• Shows responsibilities and various tasks
• Drawn up when required by a contract in order to

demonstrate how a company will control processes to
ensure that the contract quality requirements are met

117
3.4.2 Procedure Manual (2nd level)
• Comprises detailed quality procedures to satisfy relevant

clauses
• Includes technical procedures that provide detailed

descriptions of activities to be performed, methods of
carrying out activities, sequence of performing them, and
people responsible for these actions.
• Establishment, implementation and verification of these

procedures are to be performed by staff familiar with the
activities and functions to be controlled

118
3.4.3 Work Instructions, Forms and Quality
Records
• The last two levels of documentation are supporting

documents such as:
a) Quality records.
b) Quality reports.
c) Work instructions.
d) Forms.
e) Drawings and product specifications and references

119
3.5 Documentation Numbering
• essential for proper identification of documents and
effective documentation control.
• crucial to use a consistent numbering system throughout
the company to ensure proper identification.
3.6 Documentation Control

• ISO 9001 standards require that all documents and data
that relate to the requirements of this international
standard be controlled.
• A maintenance system of identifying all controlled
documents for distribution should be established.
• This may be done using a red stamp with the word
―Controlled Document‖ or by other appropriate means.

120
The tripartite system:
ABC-XXX-ZZZ
Where
ABC Denotes the company, which may include identification as to

whether the document is generated and/or controlled by the
company, the corporate organization or other divisions where
appropriate.
XXX Represents the type of document and/or the department or
discipline to which the document is directly applicable. You
may like to distinguish this by having two separate
identifications, e.g. XX-YYY, QM.
ZZZ Represents the serialized running number of that particular
document.
3.7a: An Example of a Document Numbering System

121
The numbering system for drawings:
For example:
A prefix letter denoting the drawing Part number of the A revision

size: product. number.
A = A4 B = A3 C= A2
D = A1 E = A0
A-2345-04 denotes a drawing of the fourth revision for part ―2345‖ on A4 paper.
3.7b: Another Example of a Document Numbering System

122
3.6.1 Review and Approval of Documents
• Requirement of ISO 9001 standards states that all

controlled documents shall be reviewed and approved by
authorized personnel prior to issue.
• Manner or mechanism for such control should be defined

in a documented procedure.

123
3.6.2 Distribution Control
• A system of distribution control shall be established in

order to ensure that the appropriate documents are
available at all operational locations essential to the
effective functioning of the quality system.
• Manner or mechanism for such control shall be defined

in a documented procedure.

124
Department/ QA Production Warehouse
Document
Tooling Drawing Yes Yes No
Quality Manual Yes Yes Yes
Packing No Yes Yes

Specification
Yes = Department in the distribution list.

No = Department NOT in the distribution list.
3.8: An Example of a Document Distribution List

IQCS/QMSLA/01A Issued April 2020 R23
2/14/2022May 2012
125
3.6.3 Obsolete Documented Information
• Provision must be made to identify the application of the
correct revision during operations.
• When obsolete documented information is needed for

reference for one reason or another, they should be
retained separate from the place of use or issue or
suitably identified as such.
3.6.4 Document Change

• Changes shall be reviewed and updated when
necessary
• All controlled documented information shall be approved

for adequacy and accuracy prior to issue and distribution.
126
3.6.5 Identification of Changes
• Changes to a document shall be identified.
• One common practice is to list the changes on a cover

page which is located at in front of the document.
3.6.6 Identifying Current Revision Levels

• A good practice is to maintain a master list or equivalent
documentation of all the QMS documented information
and their current revision levels.

127
ECN
S/N: ECN 00973
ABC Pte Ltd
Originator: Spec Title: Quality
Manual
Date: 17/06/2016 Spec No: ABC-QM-003
Effective From: Immediate Effective To: Permanent
Description of Changes:
To change the scope of all related pages
From: ―......‖
To: ―......‖
Reason for Changes:
1. Updating of Manual
Approval:
Department Signature Date Departme Signature Date
nt
QA MKG
MFG PRO
HR PUR
3.9: Document Change Request
128
ISO 9001 standard requires that all documents and data related to the
requirements of this international standard shall be controlled.
Thus, a system of identifying all controlled documents for distribution should
be established ...
5.10: Shading May Be Used to Identify Changes
Controlled Document Master List

Revision: 01 Date: 5 Sept 2016 Page 1 of 5
Prepared By: _______________ Verified By:_______________
Doc No Subject Rev No
Q02-0201 QA Incoming Quality Control Procedure 01
Q02-0202 Analyzer Test Procedure 02
Q02-0203 QA Final Packing Procedure 0
Q02-0204 Radio Frequency Measurement Procedure 0
Q02-0205 QA Audit Power Jack Sub Assy 0
... ... ...
3.10a: An Example of a Document Master List
129
Procedure Manual Master List
Tuesday, 14 Aug 2016
Page 2 of 3
Document Description Rev Eff Date Origin Approved
Number
PM-QA-014 Evaluation 01 1/10/16 Paul John
Procedure
PM-QA-015 Product 02 4/10/16 Paul John
Integration
Procedure
PM-TT-001 Test Software 02 3/10/16 Paul Jason
Maintenance
Procedure
PM-PR-002 PCB Burn-in 02 2/10/16 Peter Jason

Procedure
... ... ... ... ... ...
3.10b: Another Example of a Document Master List

130
3.7 Matrix of Requirements
• Purpose of preparing a matrix of the standards‘

requirements:
– to provide an effective approach for establishing a
QMS within an organization; achieved by including
the matrix in the quality manual, although not
mandatory.
– to ensure that the audit may be conducted in a
systematic and effective manner in both the adequacy
and site audit phases
• A good matrix of requirements should allow for the

possibility of cross-referencing to lower tier documents,
such as procedures and work instructions.

131
Clause No. Mgmt Sales/ Mktg R&D Purchasing Planning Engrg Mfg QA/QC HR Logistic
4.1 / / / / / / / / / /
4.2 / / / / / / / / / /
4.3 / / / / / / / / / /
4.4 / / / / / / / / / /
5.1 /
5.2 /
5.3 / / / / / / / / / /
6.1 / / / / / / / / / /
6.2 / / / / / / / / / /
6.3 / / / / / / / / / /
7.1 / / / / / / / / / /
7.2 / / / / / / / / / /
7.3
/ / / / / / / / / /
7.4
/ / / / /
7.5 / / / / / / / / / /
8.1 / / / / / / /
8.2 / / /
8.3 / / / / / / / / / /
8.4 / / / /
8.5 / / / / /
8.6 / /
8.7 / / / /
9.1 / / / / / /
9.2 / / / / / / / / / /
9.3 / / / / / / / / / /
10 / / / / / / / / / /
10.1 / / / / / / / / / /
10.2 / / / / / /
10.3 / / / / / / / / / /
Typical Manufacturing and Local Trading Organization

2/14/2022May 2012 3.11: Example of Matrix
IQCS/QMSLA/01A Issued Aprilof Requirements
2020 R23
132
3.8 Process Flow Chart
• Schematic representation of a process or procedure.
• Easiest and the most effective tool for documenting an
operating procedure.
3.9 Examples of Flow Charting

• No international standards for the preparation of flow
charts
• Therefore, different companies may use different
symbols for the same purpose
• Should be stressed that consistency must be observed
for all documentation within a company.

133
Symbol Usage Example
Use to describe an Remove

operation or a task tape A
Is it
Use for decision points ok?
*
Use for inspection points QC 3
*
Use to indicate storage
Use to indicate flow of

material, process, data or
information
Use to indicate delay

or waiting
Project
Use to indicate document
Invoice
*
Use for combined activities Setup &
QC 3
* Use to indicate
transportation
* Mullee, W. R., and Porter D.B., (1971)
3.12: Commonly Used Flow Charting Symbols

134
Interaction
No Main
Description Custome Product Logisti Resources
. Req. Sales Planning
rs ion c
Customer Start
8.2.1 Human,
1. Order/
8.2.2 Infrastructure
Requirements
N
Ability to meet 8.2.1 End Human,
2.
requirements 8.2.3 Infrastructure
Y
Available N Human,
3. Stock/ 9.1.2
Database
Inventory
Human,
Production Y
8.1 Material,
4. Plan (including Production
8.5 Environment,
QC)
Infrastructure
Product Human,
5. 8.5 Delivery
Delivery Infrastructure
Figure 3.13: Illustration of Process Interaction

135
Flow Chart for Incoming Material Inspection and Testing
Flow Chart Step Description Responsibility/
Interaction
1 Order materials from approved suppliers. Purchasing Officer
Material
Order
Deliver materials to laboratory.
2 Vendor
Material
Delivery
3 Chemist supervisor shall inspect whether Chemist

CoA CoA* is available or not. Supervisor
Inspection
Request
for CoA If CoA is available, CoA material shall be
4 inspected. Otherwise, skip this step. Chemist
CoA N
Available Supervisor
?
Y
5 If CoA material conforms to Chemist
specifications, ―QC PASS‖ shall be Supervisor
Invoice stamped and material submitted to
stamped
“QC PASS” warehouse personnel.
Inspected materials which meet Store

6 specifications are allowed to be stored in Supervisor
Material the store for production use.
Storage
2/14/2022May 2012 3.14: Flow Chart for Incoming

IQCS/QMSLA/01A Material
Issued Inspection and Testing
April 2020 R23
136
Start
New N
product?
Y Review by Ops
& Manu Engr
Review by
Dir . of Engg
Y
Requirement
N Contract adequate?
Reject within scope?
N
Y Ops to request for
Contract review by more information
Design/ Manu Engr
Within N
Requirement Y capability?
adequate?
Y
N
Enter into MRP II
Dir . of Engg to request
for more information
PM-003
Within N
capability?
3.15: Flow End
Y
Chart for
Review of Enter into MRP II
Product MGT to decide whether

Requirements PM-001
to turn down the contract
or increase capability
IRCA/QMS/00 Rev16 Issued Mar 2013 End 137
3.17: Matrix of Requirements for ABC Electronics Distribution
Clause No. Management Sales Logistics Customer Service (including QA)
4.1 C A A A
4.2 C A A A
4.3 C A A A
4.4 C C C C
5.1 C A A A
5.2 C
5.3 C C C C
6.1 C C C C
6.2 C C C C
6.3 C C C C
7.1 C C C C
7.2 A A A C
7.3 C A A A
7.4 C C A C
7.5 C C C C
8.1 A C C A
8.2 C C
8.3 N.A. N.A. C A
8.4 N.A. N.A.
8.5 C C
8.6 C A C C
8.7 A C
9.1 C C
9.2 A A A A
9.3 C A A A
10 C C C C
10.1 C C C C
10.2 A A C C
10.3 C C C C
C: crucial/prime responsibility A: applicable/require awareness of the main process

138
CHAPTER 4:
Planning & Conducting The

“Process Approach” Audit –
The Responsibilities &
Activities

139
4.1 Auditor skills and knowledge
1. Have a good knowledge of the specific sector
2. Possess adequate auditing skills and experience
3. Be well versed with ISO 19011
4. Be more focused on the auditing of processes rather than

procedures
5. Be able to prepare appropriate audit plans
6. Understand the additional documentation flexibility
7. Be competent to exercise optimum discretion with regard to

subjectivity
8. Be able to use appropriate audit methodology to ensure an

effective ―Process Approach‖ & ―PDCA‖ auditing.
9. Communicate effectively with auditee and audit team.

140
CONTINUAL IMPROVEMENT
(VISI0N/MISSION/POLICY)
KPI
C Output D P C
KPI
U R C A U
E S
S Q PLAN & ACT A S
U T
I Output I
T
R
PLAN CHECK S
T
E F
O M Quality O
A
E D P Management D P C
M N T M
T
System
I
E S C A C A O E
N
R Output DO R
Output Output
Input D P
Product
C A
KPI
KPI
Legend: “Process” & “PDCA” Audit

Value Adding
Approaches (MACRO & MICRO)
Information
141
Value Added Audit Approach
(Process Approach)
Backward/Upstream
Forward/Downstream Supporting Functions Interaction/Communication
P1 P2
E M M
I/Ps O/Ps
A P
Process Sequence M M
C D
KPI
P2 P4 Remember “PDCA”
For “Continual
Improvement”
142
4.2 Responsibilities and Activities
4.2.1 The Auditor

~ Have the appropriate education, training, work experience and
audit experience
~ should carefully plan the audit by clarifying audit requirements with

the help of the lead auditor and execute the audit efficiently within
the scope of the audit
~ duties include documenting relevant observations and findings,

submitting his audit findings to the lead auditor
~ verify that the appropriate corrective actions have been

implemented for any nonconformance found in previous audit.

143
4.2.2 The Lead Auditor
• Auditor team managed by the lead auditor may include
experts with specialized backgrounds, auditors, auditor
trainees or observers who are acceptable to the
company.
• A lead auditor is in overall charge of leading the audit

team.
• The Lead Auditor should be able to lead the team and

manage the audit effectively.

144
4.2.3 Auditors‟ Attributes
• good analytical skills and good observant nature
• ability to relate the procedures and practices to the

standard requirements
• impartial and objective in order for draw accurate audit

conclusions
• diplomacy, tactful and be patient and communicative
• good integrity and resistance to bribery, indiscreet and

cheating act during the audit.

145
4.2.4 The Auditee and Guides
Auditee organization:
• should inform employees about the objectives and scope
of the audit as necessary
• provide the facilities needed for the audit team in order to

ensure an effective audit process
• Appoint responsible and competent staff to accompany

members of the audit team, to act as guides to the site
and to ensure that the audit team is aware of health,
safety, security and other appropriate requirements
• guides should not interfere with the audit unnecessarily
• may also function as the witness for the audit.

146
4.3 Holding Regular Meetings with Auditee
• Team should hold regular meetings during the audit
• Verify evidence collected and clarify any observations
• Lead auditor obtains feedback concerning the audit team

performance from the auditee.
• Enable the lead auditor to continuously monitor and

manage his audit time-table effectively.
• Provide opportunities for Team to feedback and consider

any need for changes in the scope.

147
4.4 The Application for Certification
4.4.1 Application
• The certification body shall require an authorized

representative of the applicant organization to provide the
necessary information to enable it to establish the
following:
a) the desired scope of the certification;
b) the general features of the applicant organization,

including its name and the address(es) of its physical
location(s), significant aspects of its process and
operations, and any relevant legal obligations;
148
c) general information, relevant for the field of certification
applied for concerning the applicant organization, such
as its activities, human and technical resources,
functions and relationship in a larger corporation, if any;
d) information concerning all outsourced processes used

by the organization that will affect conformity to
requirements;
e) the standards or other requirements for which the

applicant organization is seeking certification;

149
f) information concerning the use of consultancy
relating to the management system.
4.4.2 Application Review

• Before proceeding with the audit, the certification body
shall conduct a review of the application and supplementary
information for certification to ensure that
a) the information about the applicant

organization and its management system is sufficient for the
conduct of the audit

150
b) the requirements for certification are clearly
defined and documented, and have been
provided to the applicant organization;
c) any known difference in understanding between

the certification body and the applicant
organization is resolved;
d) the certification body has the competence and

ability to perform the certification activity;

151
e) the scope of certification sought, the location(s) of
the applicant organization's operations, time
required to complete audits and any other points
influencing the certification activity are taken into
account (language, safety conditions, threats to
impartiality, etc.);
f) records of the justification for the decision to

undertake the audit are maintained.

152
4.5 The Audit Process
• Internal audits, sometimes called first-party audits, are

conducted by the organization itself, or on its behalf, for
management review and other internal purposes (e.g to
confirm the effectiveness of the management system or
to obtain information for the improvement of the
management system).
• Internal audit can form the the basis for an organization's

self-declaration of conformity. In many cases, particularly
in small organizations,

153
• independence can be demonstrated by the freedom from
responsibility for the activity being audited or freedom
from bias and conflict of interest.
• External audits include second- and third-party audits.

Second party audits are conducted by parties having an
interest in the organization, such as customers, or by
other persons on their behalf. Third-party audits are
conducted by external. independent auditing
organizations, such as regulators or those providing
certification.

154
Internal auditing External auditing
Sometimes called Supplier auditing Third party auditing
first party audit
Sometimes called second For legal, regulatory and
party audit similar purposes
Fr certification (see also
requirements in ISO/IEC
17021:2011)
Figure 4.1 Scope of this International Standard and its

relationship with ISO/IEC 17021:201

155
4.5 The Audit Process
• Figure 4.2 shows the flow process for a

company seeking certification to one of the
contractual standards (ISO 9001).

156
Start * CAR = Corrective Action Request
Company contacts a CB** and gives details ** CB = Certification body
of its activities and scope of its system
Application N Request for Figure 4.2: The

OK? more details
Audit Process
Y
Within N
scope of CB**? En
(See Chapter 7) d
Y
OK to N
Proceed? Surveillance
Y (See Chapter 6)
Certification body
Stage 2 Audit
sends quotation.
Close CAR*
Stage 1 Audit (See Chapter 6)
Document Review &
Client’s Site Evaluation
CAR* + Audit
Recommendation
Non Y
?
Conformance CAR*
Site Visit Audit
N Written evidence
corrective actions
of Audit Team Formation
by compan
y
157
4.6 Process Approach Audit Planning
1. wider diversity of documentation
2. Auditors need to be thoroughly briefed on the co-

ordination required during the audit based on the
process oriented model
– Checklists needs to include the relevant information

gathered from the desktop audit as well as pre-audit
visit. See Chapter 5 for a typical example.

158
– An audit matrix should be prepared to ensure that
the process oriented audit model is effectively
performed by the auditors.
– Effective communication is required in the audit

team to verify their findings by each auditor
concerning the process model.
– More discussions are needed between the audit

team and the auditee organization to ensure that
subjectivity and discretion is appropriately exercised
by the auditors.

159
An Example of
Vertical Audit Planning
A P
C D
VERTICAL

160
An Example of
Horizontal Audit Planning
Sales Design Opr QA

A P
C D
downstream
upstream D P
C A

161
4.7 Process Approach Audit Conduct
– Higher emphasis on the technical and engineering
aspects and knowledge.
– Carefully plan the sequence of questions and

examination of data.
– Co-ordination and regular auditor meetings during the

audit are essential.
– Listening to auditees‘ explanation is important in view

of increased flexibility.
– Audit notes must be adequate.
4.8 Confidentiality of Audit

162
1715-1745
1700-1715
1300-1700
1200-1300
1145-1200
0845-1145
0815-0845
Time
Auditor
1. Rubber Sheets Inspection
Stages/Activities (in-coming material)
2. Washing of rubber sheets

- includes brushing
(Clause 7.1.3,8.1,8.5.1,8.5.2,8.7,9.1.1)
(Clause. 7.1.3,8.1,8.7,9.1.1,9.1.3)
Process Stages 1 & 2
3. Hanging & allowing time to dry
- Put on wooden racks
Team A
4. Smoking to cure rubber sheets
Auditors Interim Discussion

- in a smoke chamber
Opening Meeting
Auditors Review
Closing Meeting
5. Clipping to remove impurities
- manual, using scissors
Lunch
(Clause. 7.1.3,8.1,8.5.1,8.5.2,8.7,9.1.1,9.1.3)
(Clause 7.1.3,8.5.2,8.5.3,8.5.4,8.7,9.1.3)
6. Grading the quality of smoked

rubber sheets
- visual
Team B
7. Packing & Identification
- into customer-supplied metal
Figure 4.3: casings
Typical Process
Approach” Audit
8. Shipping of finished goods
Time-Table to customers
163
Patient Labour Room (LR) Nursery Room (NR)
Input Process Output Input Process Output

Safe
ER Delivery
Pregnant Of New Well-being of

Mother Born New Born
Inputs to LR =
Records from Antenatal Pregnancy New Born
Evaluation results from ER Nurses & Doctors audit Nurses & Doctors
Pregnant Mother audit
Physical Examination by Physical

Outputs of LR =
doctor Examination by
Inputs to NR = doctor
Safe delivery of
New born Doctor‘s Order Doctor‘s Order
ID of new born Investigation Investigation
Medical records of new born eg. Lab, x-ray eg. Lab, x-ray
Labour records of mother
Nurse & Doctors Treatment Nurse & Doctors
Treatment
Outputs of NR =
Well being of baby Nursing Care Nursing Care
Correct baby
Nurses & Doctor‘s Evaluation Nurses & Doctor‘s
4.4: An example of Process Evaluation
Interaction, Process Inputs and Delivery of new born Discharge to home
Outputs
164
INTENT
(Approach)
Value Added Auditing:

Re-examines Intention
EFFECTIVENESS
(Results) IMPLEMENTATION
(Deployment)
Conforming Auditing:
Checks on Implementation
4.5: Model of Value Added Auditing

165
4.9 Duration for the audit Process
• Estimation of time duration needed for complete audit

based on :
– Company size
– Scope of certification
– Complexity of quality system
• Factors to be considered when deciding on duration :

i. Complexity of production processes
ii. Physical size of organization
iii. Ease of communication
iv. Any other factors that may prolong the audit

166
4.10 Initial Certification Audit
• The initial certification audit of a management

system shall be conducted in two stages:
Stage 1 and Stage 2

167
4.10.1 Stage 1 Audit
•The stage 1 audit shall be performed to
a)audit the client's management system documented

information;
b) evaluate the client's location and site-specific conditions

and to undertake discussions with the client's personnel
to determine the preparedness for the stage 2 audit
c) review the client's status and understanding regarding

requirements of the standard, in particular with respect
to the identification of key performance or significant
aspects, processes, objectives and operation of the
management system;
168
d) collect necessary information regarding the scope of
the management system, processes and location(s)
of the client, and related statutory and regulatory
aspects and compliance (e.g. quality, environmental,
legal aspects of the client's operation, associated
risks, etc.);
e) review the allocation of resources for stage 2 audit

and agree with the client on the details of the stage
2 audit
f) provide a focus for planning the stage 2 audit by

gaining a sufficient understanding of the client's
management system and site operations in the
context of possible significant aspects;
169
g) evaluate if the internal audits and management
review are being planned and performed, and that
the level of implementation of the management
system substantiates that the client is ready for the
stage 2 audit.
For most management systems, it is
recommended that at least part of the stage 1 audit
be carried out at the client's premises in order to
achieve the objectives stated above.

170
• Stage 1 audit findings shall be documented and
communicated to the client, including identification of any
areas of concern that could be classified as
nonconformity during the stage 2 audit.
• In determining the interval between stage 1 and stage 2

audits, consideration shall be given to the needs of the
client to resolve areas of concern identified during the
stage 1 audit. The certification body may also need to
revise its arrangements for stage 2.

171
4.10.2 Stage 2 Audit
• The purpose of the stage 2 audit is to evaluate the
implementation, including effectiveness, of the client's
management system. The stage 2 audit shall take
place at the site(s) of the client. It shall include at least
the following:
a) information and evidence about conformity to all

requirements of the applicable management
system standard or other normative document;
b) performance monitoring, measuring, reporting and

reviewing against key performance objectives and
targets (consistent with the expectations in the
applicable management system standard or other
normative document);
172
c) the client's management system and performance
as regards legal compliance;
d)operational control of the client's processes;
e)internal auditing and management review;
f)management responsibility for the client's policies;

173
g) links between the normative requirements, policy,
performance objectives and targets (consistent
with the expectations in the applicable management
system standard or other normative document), any
applicable legal requirements, responsibilities,
competence of personnel, operations, procedures,
performance data and internal audit findings and
conclusions.

174
4.11 Documented Information Review
•Stage 1 audit shall include document review. The purpose

of the documented information review is to audit the client‘s
management system documentation. It is sometimes
referred to as the ―adequacy audit‖.
•For this type of audit, the lead auditor reviews the

management system documented information to determine
whether they are sufficiently and correctly interpreted /
documented against the requirements of the standard.
•This process generally takes a few man-days depending

on the amount of documentation.
•At this stage, the lead auditor should be concerned with

the2/14/2022May
following 2012
issues: IQCS/QMSLA/01A Issued April 2020 R23
175
• Clear declaration of scope, indicating any exclusion
made and supporting justification.
•Availability of a master list or equivalent document to

show current revision status of quality procedures and
instructions.
•Sufficient coverage of the quality system to meet the

standard‘s requirements as well as where the absence of
documentation may lead to adverse impact on the product
quality and/or quality management system effectiveness.

176
• Evidence of documents being reviewed and approved
by authorized personnel for adequacy.
• Proper identification and legibility.
• Consistency of the documented information in its

various tiers. For example, checking for the correct
revision status, and correct referencing between
documents.
• Appropriateness of the documented information , that

is, if these documents are necessary at all.

177
4.11.1 Typical Outputs from the Documented
Information Review
•During the documented information review, the following

actions are recommended:
-Use and expand the standard assessment checklist

provided by the certification body such that all standard
questions are answered
-Appropriately expand the standard checklist to include

organization-specific activities and operations in
preparation for the site visit assessment.

178
- Complete the documented information review report and
making sure that all CARs (corrective action
requests) that are identified are reported.
- Make notes of the discretional ―observations‖ or potential
nonconformance which will be checked at the site visit
assessment.
- The documented information review report shall be sent

to the company sufficient time before the site audit to
allow it the opportunities to make changes. The lead
auditor may need to assess the submission and revise
the original report accordingly when written evidence of
corrective actions is received from the company before
the site visit assessment. New CARs may be raised, if
necessary
179
4.12 Formation of Audit Teams
•If there is only one auditor, the auditor shall have the
competence to perform the duties of an audit team leader
applicable for that audit.
•In deciding the size and composition of the audit team,
consideration shall be given to the following:
a) audit objectives, scope, criteria and estimated time of

the audit;
b) whether the audit is a combined, integrated or joint
audit;
c) the overall competence of the audit team needed to
achieve the objectives of the audit;

180
d) certification requirements (including any applicable
statutory, regulatory or contractual requirements)
d) language and culture;
d) whether the members of the audit team have previously

audited the client's management system.
• In forming the audit team, trained and qualified auditors

who can most appropriately respond to the audit items
should be selected.

181
4.13 Pre-audit and their Purposes
•Generally, pre-audits will concentrate on a few areas that

are critical and are subjected to high levels of
nonconformance (Management Responsibility, Human
Resources Management, Design and Development
Control, Document and Data Control and Product
Realization).
•However, the auditor may at his or her discretion include

additional areas which he or she deems necessary.

182
• The purpose of a pre-audit includes the following:
– Preliminary assessment by the certification body to

determine the state of readiness of the company for
formal assessment.
– To ensure that the company understands the certification

scheme and ISO 9001 standards‘ requirements.

183
- To determine the size, scope and complexity of the
quality system for quotation, audit planning and audit
team formation
- To gain prior knowledge of the means to achieve

continual improvement, applicable regulatory and
statutory requirements, and the completeness of
documentation in the company.
- Identify high-risk area in order to assign more resources

and place attention during the actual site audit.
- Interact with key personnel and to provide opportunities

to clarify the audit scope, audit criteria, audit objectives
and audit reporting requirements in order to establish the
audit plan.
184
• The following actions are recommended during a pre-
audit visit:
– Obtain the official company name and addresses of
the site(s) to be assessed.
– Obtain the scope, including any exclusion, of

certification. For example, find out the range of
products or services.
– Obtain the latest quality system documented

information and make a preliminary check on their
completeness. The preliminary check is important as
it determines the company‘s state of readiness for
assessment. If documented information is not
available, poorly done or incomplete, stop the
assessment. Proceed to step d) if documentation is
satisfactory.
185
- Obtain an up to date organization chart and hold a brief
discussion to better understand the functions of various
departments and the lines of responsibility and
competency.
- Obtain a copy of the factory layout, process/product flow

charts, and make a quick plant tour so as to facilitate
subsequent audit planning.
- Obtain general information about the company such as

the number of employees, applicable regulatory and
statutory requirements and special processes.
- This information is essential as it helps the lead auditor

to determine the composition of the audit team,
considering any need for technical experts.
186
4.14 Audit Plan
• Audit objectives and scope, including any exclusion
• Audit criteria and reference documents
• Agreed audit date(s) and site(s)
• Identification of functions and/or individuals within auditee‘s
organization having significant direct responsibilities and
authorities regarding auditee‘s QMS
• Identification of elements of auditee‘s QMS of high audit
priority, taking into consideration findings of pre-audit contact
and document review.
• Working and reporting languages of audit
• Time-table indicating time and duration for activities to be
audited as well as times for opening, closing, auditee and
auditor interim meetings.
• Identification of audit-team members including their
responsibilities and brief description of their competence and
expertise.
• Report content and format, expected date of issue and
distribution of the audit report
187
4.15 On-Site Audit Activities
• Before the site visit audit:
– All auditors properly briefed for their tasks and
responsibilities.
– The audit plan and documented information review
report have been sent to the auditee.
4.15.1 Opening meeting

• Introduce the audit team.
• Request the company‘s representatives to introduce

themselves.
• Review and confirm the audit objectives, scope and

criteria.
188
• Review and confirm the audit timetable and
provisionally agree on the time/date/venue for the
closing meeting.
• Explain the method of reporting of findings, using

CARs, and the classification of CARs.
• Explain the audit procedures and methods and

identify escorts for each auditor.
• Confirm safety, security and other requirements.
• Confirm resources and facilities are available.
• Confirm confidentiality requirements.

189
4.15.2 Using Audit Checklists
– Prepared by the Audit team during the document
review and pre-audit
– Serve as an aid to audit planning while on-site.
– audit investigation should pursue and cover any other
aspects for conclusion.
– Clues indicating nonconformities should be noted and
investigated.
– Note the outcome (acceptable, nonconformance,
observation or legal compliance) for each audited
item.
– Completed checklists support the audit reporting to
ensure its comprehensiveness.

190
4.15.3 Taking Audit Notes and its Importance
• To provide the source of information by quoting the
relevant identification
• Demonstrate that the audit is done based on facts

obtained.
• Reduce time spent on tracing the source of information

when dispute arise.
• Importance of Audit Notes:

1. Provides a documented record of observations made
by the auditor.
2. Ensures that important observations on both good
and bad practices are not forgotten.
3. Provides documentary evidence on audit details.
4. Serves as records for CB and auditor to prove that
they have performed the audit with due diligence.
191
• Notes can be taken using the checklist, special forms or
any form of documentation.
• Should contain adequate details.
• Should be taken immediately where possible as delay

may result in inaccuracies.

192
4.15.4 Collecting Verifiable Evidence
• Collect verifiable evidence to make an unbiased
evaluation.
• Audit systematically by:
– Using matrices and well-prepared checklists.
– By reviewing the appropriate data, records and
reports.
– Interviewing the personnel directly involved in the
activity.
– By observing how an activity is being performed.
• Conclusions shall be based on observed facts or
documentary evidence.
• Should note the good practices to avoid the all-too-
frequent negative perception of auditing.
193
4.15.5 Applicable audit method
• Performance of an audit involves an interaction among

individuals with the management system being audited
and the technology used to conduct the audit.
• If an audit involves the use of an audit team with multiple

members, both on site and remote methods may be
used simultaneously.

194
Figure 4.6 Applicable audit methods
Extent of Involvement between
the auditor and the auditee Location of the auditor
On-site Remote
Human Interaction Conducting interviews. Via interaction communication mean:

Completing checklists -Conducting interviews;
and questionnaires -Completing checklists and questionnaires
Conducting document -Conducting document review with auditee participation
review with auditee
participation
Sampling
No human interaction Conducting document Conducting document review (e.g records, data analysis).
review (e.g records, Observing work performed via surveillance means, considering social
data analysis). and legal requirements.
Observation of work Analysing data.
performed.
Conducting on-site vist
Completing checklists.
Sampling (e.g.
products).
On site audit activities are performed at the location of the auditee. Remote audit activities are performed at any place other
than the location of the auditee, regardless of the distance.
Interaction audit activities involve interaction between the auditee‟s personnel and the audit team. Non-interactive audit
activities involve no human interaction with persons representing the auditee but do involve interaction with equipment
facilities and documentation. 195
4.15.6 Various Audit Trails
• Various audit trails of varying effectiveness.
• Depend very much on:
– The established organization system,
– Complexity of processes,
– Culture of the organization and
– Size of the organization.
• Single or a combination of methods can be used at
different areas, activities or stages of the audit.
4.15.6.1 Process Trail Method

• Suitable if functional departments interact closely or are
heavily inter-dependent.
• Trace forward by obtaining random sample/s of contract
or customer order and follow the contract through.
• Trace backward by taking random sample/s of
completed products, customer complaints, returned
products.
196
4.15.6.2 Horizontal Audit using ISO 9000 Requirements
• Focuses on one element of ISO 9001 at a time.
• Audit all departments for conformance to the element.
• Upon completion of an element, move on to the next

applicable requirements.
• Combined with Process trail method and vertical audit to

improve effectiveness.

197
4.15.6.3 Hold Regular Meetings with Auditee
• To verify evidence collected and clarify any observations or
audit notes made
• Consider clarifications supported by evidence submitted by
other members during such meetings.
• When necessary changes should be made to improve the
audit before the completion.
4.15.6.4 Vertical Audit using organizational structure

• Focuses on each department to audit all requirements of
ISO 9001 for conformance by the department.
• Upon its completion, move on to the next assigned
department.
• Suitable for large organizations where the access to all
areas, facilities and information are difficult.
• Combined with Process trail method and horizontal audit to
improve effectiveness.

198
4.15.6.5 Audit Techniques: Interviewing or Inquisition
4.15.6.6 Putting the Auditee at Ease
4.15.6.7 Communication Techniques
4.15.6.8 Audit Sampling
4.15.6.9 Local Customs
4.15.6.10 Rules and Regulation of Auditees

199
4.15.7 Reporting Audit Results
• The two types of nonconformance typically reported are
nonconformance and observation.
• Audit results should be based on fact obtained
substantiated by objective, verifiable evidence.
4.15.8 Closing Meeting

200
4.16 The Psychology of audit
• One effective technique for gathering objective
evidence is to interview the auditee.
• Requires an ability to:

– Ask appropriate questions,
– Listen actively,
– Articulate and interpret thoughts,
– Establish and maintain rapport
– Prevent interrogative, authoritative or instructive
mode.

201
4.17 Questioning Techniques
• Different types of question on the same topic may lead

to different depth of information.
• Auditor should develop a strategy to use the best

sequence and use appropriate type of questions.
• Good combination of different questioning techniques is

vital since the background of the auditee vary.

202
Type of Description Examples Comments
Question
Open An open question will lead 1. What is your 1. Open questions may
to a wide range of interpretation of the sidetrack your
answers. We result obtained? conversation and focus.
generally use it to 2. Could you tell me how 2. It may be difficult for the
seek the auditee‘s you process these auditee to respond.
opinion, to get an intermediate results? 3. They may be so open
explanation from the 3. How do you implement that you will get general
auditee or to allow for the calibration program? answers.
reasoning on certain
matters.
Closed/ A closed question is used 1. Do you know that there 1. These questions provide
Direct to get a ―yes‖ or ―no‖ is a documented limited information and if
answer, while a direct procedure for this? you are in search of an
question will invite a 2. What‘s your extended answer, use
short answer with one responsibility? an open question.
or a few words. These 3. Has this equipment 2. Be careful of the ―tone‖
questions are used to been calibrated? when you use this type
get specific 4. Do you check the of question.
information. measured dimensions 3. As a guide, avoid using
against the drawings? more than three
consecutive closed or
direct questions.
4.7 ( Page 1 of 2) : Different Types of Questions

203
Type of Description Example Comments
Question
Probing/ These are open 1. In what way was 1. If you need to
Clarifying questions, but they corrective action encourage the
aim at getting more completed? auditee to
or clarifying 2. Could you provide me elaborate, use this
information about a with some examples on type of question.
subject. these? 2. Avoid frequent use
3. What do you mean by as the auditee may
―verifying against the think that you are
drawings‖? not listening.
Leading leading question 1. You do check for the 1. This type of

suggests an answer, accuracy of the questions should be
as the answer is equipment every avoided as it may
normally contained morning, don‘t you? lead to biased
implicitly in the 2. You determine your information.
question. sample size based on the
sampling table, don‘t
you?
Interrogative/ These questions put the 1. Don‘t you agree with me 1. Avoid this type of
Antagonistic auditee on the that you have not questions.
defensive. correctly verified the test
data according to the
work instruction?
4.7 ( Page 2 of 2) : Different Types of Questions
204
4.18 Active Listening
• Listening skills can be improved by:
– Be friendly and support the auditee whenever

possible. When the information is too lengthy, you
may ask the auditee to summarize.
– Be observant
– Avoid any actions that may distract the auditee.
– Be patient and allow ample time for the auditee to

speak.
– Ask questions clearly to ensure that the auditee

understands your questions.

205
CHAPTER 5: 5Ws
1H
AUDIT CHECKLISTS

206
5.1 Introduction
• Checklist helps auditors to organize, plan, conduct and

report audit activities.
• It is not mandatory but highly recommended as it
provides a systematic approach.
• A good checklist should consist of structured questions
to help the auditors in his investigation.
• To develop an effective and company specific checklist,
a good understanding of the company quality system
from document review and pre-audit information.
• Master checklists are generic to ensure thoroughness of
a certification audit.
• Completed checklists also serve as objective evidence
and are part of an audit report.

207
5.2.1 Advantages of Using Checklists:
• Help auditors to organize, discuss, plan and

conduct audits, as well as audit reporting.
• Facilitate a systematic and effective approach:

1. Ensuring that all systems, functional areas and
processes are sufficiently covered.
2. Ensuring that the auditing process is

systematically done without sidetracking.

208
5.2.2 Disadvantages of Using Checklists:
• May lead to limiting questions that generate ―yes/no‖

answers.
• Auditors may just go through the questions without

getting into the details and seeking objective evidence.
• Lead an auditor into using a predetermined sequence of

thought and questions and may prevent use of his own
discretion.

209
5.3 Guide to Checklist Design
a) Examining the standard clauses that are relevant to the
area of interest.
b) Looking at the legal/statutory and regulatory

requirements.
c) Reviewing the documented quality manual, procedures

and work instructions.
d) Performing a task analysis of the process model by

going through the typical five inputs of a process – man,
machines, methods, materials and environment.
e) A preliminary plant visit familiarizes the auditor with the

facilities to be audited.
210
S/N Clause Requirements Note/Remark
1. 7.5.3 All logistics records maintained? Y N
How are they maintained?
2. 5.3 Are the duties and responsibilities of the personnel clearly defined?
(e.g. picker cannot be loader due to a conflict of interest to product
acceptance)
3. 7.2 Are records of education/skills
(e.g. driver's license) maintained?
Is there a hiring criterion for various functions?
Are there training skills for upgrading (e.g. pallet jack to forklift)?
4. 8.1 Do acceptance requirements and criteria (e.g. checklists) conform to
8.2.2 customers requirements?
5. 8.5.1c Are performance data controlled?

How is the monitoring system target tracked?
Requested time (KPI) vs. delivery time?
6. 8.5.1h Availability of product receiving/release documents (e.g. delivery
notes)?
7. 8.5.1a How are master delivery records
(on sampling) retrieved?
8. 8.5.2 Is the database maintained?
Is it traceable?
Does a system for easy traceability of delivery exist?
9. 8.5.4 How do you preserve products?
What are the guidelines to be followed during loading, picking etc.?
Documented procedures and interviews?
Figure 5.1: Audit Checklist for ABC Electronics Distribution Centre
211
5.4 Taking Audit Notes with the help of
Checklists
• A good checklist design facilitates the recording of audit

notes efficiently.
• Should be easy to use and contain enough space for the

auditor to record his notes.

212
CHAPTER 6:
CORRECTIVE ACTION REQUEST

AND AUDIT REPORTING
CAR

213
6.1.1 Legal compliance required by quality
system procedures
• If legal compliance to certain legislations is required by
quality system, it shall be audited.
6.1.2 Legal compliance not covered by quality

system procedures
• When legal matters are outside the scope of the audit,
legal non-compliance should be raised as an
observation.

214
6.2 Classification of Non-conformance
• Depending on the severity and the certification scheme,
nonconformance can be classified.
Scheme 1:
a) Critical: if the deficiency can lead to a massive product
recall, or is safety related such as food poisoning in a
food industry.
b) Major: Systemic deficiencies such as omission of a

quality system element or gross nonconformance with
elements.
c) Minor: Isolated occurrences.

215
Scheme 1 Scheme 2
Critical Category 1
Classification Major Category 2
Minor Category 3
Figure 6.1: Classification of Nonconformance

216
• Numerous similar minor deficiencies in any one area or
function may become a major deficiency.
Scheme 2:
a) Category 1: Total element or a significant part of an
element of the quality system is missing or deficient.
b) Category 2: A significant number of minor deficiencies

occurring in an element.
c) Category 3: A single deficiency found in a quality

system element.

217
6.2.1 What is an Observation
• When a nonconformance cannot be related to the
requirements of the standards,
or
• A nonconformance which does not warrant even a
minor deficiency.
• An observation may be made to highlight areas of

potential nonconformance.
6.3 Certification Decisions Based on Non-

conformance
• The criteria for deciding whether to approve a
certification vary among certification bodies.
218
Scheme 1 – Typical Certification Body
aa) No category 1 nonconformance, or
bb) A small number of category 2 and 3

nonconformance and these shall be required to
Approved be dealt with within 3 months. If subsequently
this does not occur, approval shall be
withdrawn.
aa) Until acceptable written evidence that

Withhold nonconformance have been dealt with
Approval satisfactorily is received.
bb) Until a revisit report shows that

nonconformance have been eliminated.
Figure 6.2: Examples of British and American Certification Schemes

219
6.4 Corrective Action Request
• Document used to record non-conformance for

corrective action
• Non- conformance needs to be clearly stated against

the relevant standard clause.

220
ABC Pte Ltd CORRECTIVE ACTION REQUEST CAR No : XXX/001
Department/Area Audited : Standard/Clause No.:

Production Department ISO 9001 / 8.5.1
Auditor : Tracy Auditee : John
Description of nonconformance :
a)Pressure gauge on one regulator was incapable of indicating the pressure accuracy (10 PSI
+/– 2) required for tightening the base plate mask. Procedure PD–034 requires the accuracy.
(minor)
B)After reflow, operator placed products in ultrasonic degreaser. No positive control was
exhibited (e.g., timing, charting) to indicate the length of time the products spent in the
degreasing operation. Procedure PD–035 requires the definition of time control. (major)
_________________________ __________________
Company Representative/Date Auditor/Date
Agreed Corrective Action & Proposed Time Frame :
_______________ ______________
Auditee/Date Auditor/Date
Action Taken : Satisfactory/Unsatisfactory

Comments :
________________
Auditor/Date
Figure 6.3: An Example of a CAR 221
ABC Pte Ltd CORRECTIVE ACTION REQUEST CAR No : XXX/001
Department/Area Audited : Standard/Clause No.:

Doc Control Department ISO 9001 / 7.5.3
Auditor : Tracy Auditee : James
Description of nonconformance :
1. There was no clearly defined procedure on the disposition of obsolete controlled
documented information issued to users. (minor)
_________________________ __________________
Company Representative/Date Auditor/Date
Agreed Corrective Action & Proposed Time Frame :
_______________ ____________
Auditee/Date Auditor/Date
Action Taken : Satisfactory/Unsatisfactory
Comments :
________________
Auditor/Date
Figure 6.4: Another Example of a CAR

222
6.5 Closing Out of a CAR
• Auditee should propose corrective actions for reported

deficiencies and not the auditor.
• Improper for Auditor to suggest action because:
1. The auditor will be auditing his or her own

recommendations.
2. The action may not be cost effective to the company;

an auditor has no authority to tell a company how to
correct a nonconformance.

223
• The time taken for proposal and review of corrective
actions varies depending on the extent of investigation
required to find out the root causes.
• To close out CAR, depending on the nature of the

nonconformance,
1. Written evidence of corrective actions or

2. Verification at site.
• Should be completed within a time period agreed to by

the auditee, typically 3 months.

224
CAR
Auditee proposes
corrective actions
Auditor review
N
Satisfactory ? CAR not
closed out
Y or
Auditee to proceed New CAR
may be raised
Written submission of
OR/ Revisit to confirm
evidence that
AND the noncompliance
noncompliance is dealt
has been eliminated
with satisfactorily
N
OK ?
Y
Closed out
2/14/2022May 2012
Figure 6.5: IQCS/QMSLA/01A
ProcedureIssuedforApril 2020 R23
Closing Out CARs 225
6.6 Audit Reports
6.6.1 Preparation of Audit Reports
• Should generally contain:
a) General information
b) Audit plan and process, including:
i. Audit team composition and responsibility of each auditor.
ii. A summary of the activities of the audit team. This may include
an identification of relevant documents, such as the standard and the
auditee‘s quality and procedure manual.
iii. Audit time table.

226
c) Audit findings
d) Recommendations, including:
i. A short description of the areas for improvement by

the auditee. CARs with deficiency classification are
to be referenced where appropriate.
ii. A short description of overall findings and the audit

team‘s recommendation.

227
e) Appendix, including:
i. Lists of CARs.
ii. Audit matrix of requirements
iii. Audit check lists with observations, audit notes and

comments.
iv. Any other relevant data and records.

228
6.6.2 Distribution of Audit Report
• Should be issued with minimum delay and should be
sent to the auditee representative
6.6.3 Report Retention

• All relevant audit documents should be retained according to
the certification body procedures and agreed by auditee.
6.6.4 Audit Completion and Audit Report

• The audit process is completed upon submission of the audit
report and when all the activities in the audit plan have been
carried out

229
6.7 Surveillance Activities
• The certification body shall develop its surveillance

activities so that representative areas and functions
covered by the scope of the management system are
monitored on a regular basis.
• Surveillance activities shall include on-site audits
assessing the certified client's management system's
fulfilment of specified requirements with respect to the
standard to which the certification is granted.

230
6.7.1 Surveillance Audit
• Surveillance audits are on-site audits, but are not

necessarily full system audits, and shall be planned
together with the other surveillance activities so that the
certification body can maintain confidence that the
certified management system continues to fulfil
requirements between recertification audits. The
surveillance audit programme shall include, at least
a) internal audits and management review,
b) a review of actions taken on nonconformities identified
during the previous audit,
c) treatment of complaints,

231
• d) effectiveness of the management system with
regard to achieving the certified client's objectives,
• e) progress of planned activities aimed at continual
improvement,
• f) continuing operational control,
• g) review of any changes, and
• h) use of marks and/or any other reference to
certification.
•Surveillance audits shall be conducted at least once a

year. The date of the first surveillance audit following
initial certification shall not be more than 12 months
from the last day of the stage 2 audit

232
CHAPTER 7: Customer
No. 1
CERTIFICATION/REGISTRATION
AND
ACCREDITATION

233
7.1 Differences between Certification/
Registration & Accreditation
• Certification - the procedure by which a third

party gives written assurance that an activity,
product or service conforms to specified
requirements
• Registration - the procedure by which a body

indicates relevant characteristics of an
activity, product or service, or particular body
or person, in an appropriate, publicly available
list

234
• Accreditation :It is the procedure by which
an authoritative bo dy gives formal
recognition that a body or person is
competent to carry out specific tasks.
• National accreditation bodies provide

some measure of control over the
activities of quality or environmental
management system certification bodies in
specified business sectors.

235
7.2 Purposes of Certification/Registration &
Accreditation Bodies
All certification bodies have to be fully impartial and

must conform to:
1. ISO/IEC Guide 17021: 2011 Conformity audit —
Requirements for bodies providing audit and certification
of management systems
2. IAF Guidance on the Application of ISO/IEC Guide
17021 – IAF Guidance on the application of ISO/IEC
Guide 17021: 2006.
3. ISO/IEC Guide 66: 1996 - General requirements for
bodies operating audit and certification/registration of
EMS.
236
Dutch-Raad voor
•ANAB (American National UKAS (United Kingdom
Accreditie (RvA)
Accreditation Board) Accreditation Service
Certification (RvC)
ABS Quality Evaluations Inc.

EQAICC ABS Quality Evaluations
Bureau Vertas Quality International BSI Quality Assurance
Quality System Registrar Inc.
ABS Quality
Evaluations Inc.
BSI Quality Assurance Certification Bodies
7.1: Some Examples of Accreditation and Certification Bodies

237
Using Guidelines: International Accreditation Forum
ISO 19011
ISO/IEC Guide 17021
IAF Guidance *
RAB JAB …. UKAS RvA
Using Guidelines BSI ABS ... X

ISO 19011 :2011 and
ISO 9001:2008
Certification Bodies
Companies Note: The scope of accreditation is based on

the Standard Industry Codes Registers (US)
A ... Z or NACE Codes (Europe)
Note: For requirements on ISO 19011, refer to Chapter 1

* IAF Guidance For ISO/IEC Guide 17021
7.2: Relationship Between the Accreditation and Certification Bodies

238
7.3 Selecting a Certification/Registration
Body
• It is important for a company to evaluate carefully the

five major factors before selecting the certification
body.

239
7.4 ISO/IEC Guide 17021:2011 and IAF
Guidance
• ISO/IEC Guide 17021:2011 - Conformity audit —

Requirements for bodies providing audit and certification
of management systems contains three sections.
• Section 1 describes the Scope, Normative References,

Terms and Definitions.

240
• Section 2 stipulates four main clauses and 15 sub-
clauses of requirements for certification bodies.
• Section 3 states the requirements for

certification/registration and contains 8 clauses and 2
sub-clauses, which cover major requirements
• The IAF Guidance on the Application of ISO/IEC Guide

17021 - IAF Guidance on the application of ISO/IEC
Guide 17021 aims to enable accreditation bodies to
harmonize their application of the standards against
which they are supposed to assess certification bodies.

241
7.5 Surveillance Audit
• Periodic monitoring of an established and certified

quality system by third party auditors.
• Surveillance audits are normally performed by

certification body to ensure that the quality system of the
certified organization has been maintained.

242
7.3: Audit Duration Planning Table

243
7.4: Complaints, Disputes & Appeals Procedure
Complaints, Disputes, Appeals Record

Record No : Date :
Company : Complainant’s/appellant’s name :
Scheme Member No : Method : verbal/written
Audit Report No :
Description :
Issue : Decision :
Recorded by : Time :
Signature :
Completion Date : Signature :
244
CHAPTER 8:
CQI & IRCA AUDITOR

CERTIFICATION SCHEME

245
8.1 CQI and IRCA Auditor Scheme
(Ref: CQI and IRCA Courses Regulation)
Each scheme is based on a key standard, such as:

• ISO 9001: Quality management systems –
Requirements (latest issue)
• ISO 14001: Environmental management systems –
Requirements (latest issue), etc.

246
And each scheme is influenced by the following
auditing standards:
•ISO 19011: Guidelines for auditing management systems
(latest issue)
•ISO 17021: Conformity audit – Requirements for bodies
providing audit and certification of management systems
(latest issue).

247
Our award of certification means we have recognised
that you understand and are competent (depending on
the grade awarded) to:
•Uphold the principles of proper ethical conduct, fair
presentation and due professional care
•Communicate clearly, both orally and in writing, with
personnel at all levels of an organisation
•Plan and organise an audit of a management system
•Identify, understand and audit relevant business
processes
•Sample and evaluate audit evidence, and determine the
effectiveness of a management system

248
• Report audit findings and conclusions accurately
• Plan, organise and lead the audit team, and manage the
audit process.
The scope of certification is general. You may select from a

list of up to six standard industry sectors in which you
have acquired work experience. These details, although
included within the register, are self-declarations and
outside the scope of certification.
The details of all certificated auditors are included within a

register that is publicly available.
249
The schemes are intended for:
• Auditors, e.g. those for whom auditing is a significant
part of their role, including supply chain auditors, those
employed by certification bodies/registrars, and those
conducting audits within their own organisations
•
• Practitioners, e.g. consultants, audit programme
managers, and others involved in auditing through the
development and maintenance of management systems,
auditor training and standards development

250
8.2 IRCA Code of Conduct
(Ref: IRCA/138)
• To act in a strictly trustworthy and unbiased manner in
relation to both the organisation to which you are
employed, contracted or otherwise formally engaged (the
audit organisation) and any other organisation involved
in an audit performed by you or by personnel under your
direct control.
• To disclose to your employer any relationships you may
have with the organisation to be audited before
undertaking any audit function in respect of that
organisation.
• Not to accept any inducement, gift, commission, discount
or any other profit from the organisations audited, from
their representatives, or from any other interested
person nor knowingly allow personnel for whom you are
responsible
2/14/2022May 2012 to do so.
IQCS/QMSLA/01A Issued April 2020 R23
251
• Not to disclose the findings, or any part of them, of the
audit team for which you are responsible or of which you
are part of, or any other information gained in the course
of the audit to any third party, unless authorised in
writing by both the auditee and the audit organisation to
do so.
• Not to act in any way prejudicial to the reputation or
interest of the audit organisation.
• Not to act in any way prejudicial to the reputation,
interests or credibility of CQI and IRCA.
• In the event of any alleged breach of this code, to co-
operate fully in any formal enquiry procedure

252
Certification Grades
The QMS Scheme has six grades of certification:
• Internal Auditor
• Provisional Internal Auditor
• Auditor
• Provisional Auditor
• Lead Auditor
• Principal Auditor

253
Scheme specific (additional) requirements
•In the sector understanding and work experience
sections of the application form, you are required
•to demonstrate the following knowledge and
competencies:
•Knowledge of basic quality management principles
•Understanding of quality management tools and
techniques that are applied in
•organisations that will enable the auditor to assess a
quality management system, and
•generate audit findings and conclusions
•An understanding of an organisation‘s operational
activities and its interactions, to enable you to
understand the relationship with product quality.
254
• The QMS Scheme is based on the auditing key
standard:
• ISO 9001: Quality management systems –
Requirements
• Guidance for who this scheme is intended for
• Quality management system auditors, such as those
employed by third-party certification
• bodies/registrars or by purchasing organisations
(second-party auditors)
• Quality management practitioners, such as quality
management consultants, quality
• managers and third-party certification managers
• Employees conducting quality management system
audits within their own organisations
• (internal audits).
255
Congratulations
You have completed your CQI and IRCA

certified training course. We hope that
you enjoyed the experience and
achieved your objectives.

256
www.quality.org
What can you do now?
The Chartered Quality Institute (CQI) and International Register of

Certificated Auditors (IRCA) is the professional body for management
system auditors and membership is available to all delegates who have
completed an CQI and IRCA approved course. Now have chance to
become a registered CQI and IRCA auditor*
* Subject to CQI and IRCA‘s minimum work experience and education requirements
257
www.quality.org
Become a registered CQI and IRCA auditor
To become a registered auditor with CQI and IRCA. Over 10,000 auditors
gain CQI and IRCA registration because it:
• is an easy way to let employers differentiate you from less qualified

auditors
• shows you have business expertise in addition to auditing expertise
• allows you to list yourself on the CQI and IRCA register
• connects you to a network of 10 000 contacts
• helps you to work internationally with a globally recognised qualification
• supports your career by showing a commitment to ethics and CPD
258
www.quality.org
Get in touch with CQI and IRCA
• Find out more about CQI and IRCA registration www.quality.org
We can also be contacted at our head office.

CQI, 2nd Floor North, Chancery Lane,
10 Furnival Street, London EC4A 1AB
General Enquiries:
Tel: +44 (0)20 7245 6722
Email: marketing@quality.org
259
Summary
SO THERE IS HUGE BENEFIT !
But ultimately …
Quality Comes from the HEART…

260

IQCS-QMSLA-01A Presentation Slides Apr2020 R23 (Protected)

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

IQCS-QMSLA-01A Presentation Slides Apr2020 R23 (Protected)

Uploaded by

Copyright:

Available Formats

CQI and IRCA Certified QMS

ISO 9001:2015 Lead Auditor

• The Presentation Slides shall only be used as a

• See Tutor‘s Guide on use of slides in conjunction with AL

• Reference can be made to the course note according to the

2/14/2022May 2012 IQCS/QMSLA/01A Issued April 2020 R23

2/14/2022May 2012 IQCS/QMSLA/01A Issued April 2020 R23

2/14/2022May 2012 IQCS/QMSLA/01A Issued April 2020 R23

From Chartered Quality Institute and

This course is certified by the Chartered Quality Institute

Our Competency Framework helps:

Find out more at www.quality.org

IQCS/QMSLA/01A Issued March 2019 R22

• have the knowledge to explain the purpose of a quality

• have the knowledge to explain the role and responsibilities of an

• have the skill to plan, conduct, report and follow-up an audit of a

2/14/2022May 2012 IQCS/QMSLA/01A Issued April 2020 R23 67

Chapter 2: PRINCIPLE OF QUALITY MANAGEMENT AND OTHER

Chapter 3: QUALITY MANAGEMENT SYSTEM DOCUMENATATION

Chapter 4: PLANNING & CONDUCTING THE “PROCESS APPROACH” AUDIT

2/14/2022May 2012 IQCS/QMSLA/01A Issued April 2020 R23

Chapter 6: CORRECTIVE ACTION REQUEST & AUDIT REPORTING

Chapter 7: CERTIFICATION/REGISTRATION & ACCREDITATION

Chapter 8: IRCA CERTIFICATION SCHEME FOR AUDITORS

2/14/2022May 2012 IQCS/QMSLA/01A Issued April 2020 R23

2/14/2022May 2012 IQCS/QMSLA/01A Issued April 2020 R23

• International Organization for

• Before that, there were various national

2/14/2022May 2012 IQCS/QMSLA/01A Issued April 2020 R23

• ISO (1946) is a non-governmental organization based in

• Promotes the development of international standards

2/14/2022May 2012 IQCS/QMSLA/01A Issued April 2020 R23

• ISO/TC 176 is in charge of finalizing QA requirements in

Table 1: ISO Committee

2/14/2022May 2012 IQCS/QMSLA/01A Issued April 2020 R23

• All standards reviewed approximately every five years.

• The purpose of this review is to ensure that it is usable

2/14/2022May 2012 IQCS/QMSLA/01A Issued April 2020 R23

 In the last 25 years, many other

 Organizations that use multiple

2/14/2022May 2012 IQCS/QMSLA/01A Issued April 2020 R23

2/14/2022May 2012 IQCS/QMSLA/01A Issued April 2020 R23

2/14/2022May 2012 IQCS/QMSLA/01A Issued April 2020 R23

• Consistent with other ISO management system

• The quality management principles have been

2/14/2022May 2012 IQCS/QMSLA/01A Issued April 2020 R23

Figure 1.2: ISO 9000 Series of Standards

• The 9000 series consists of 3 standards, namely ISO

Figure 1.3: Family of ISO 9000 Standards

• ISO 9001 is the sole auditable or conformance standard.

• Auditable or conformance standard  ―contains only

2/14/2022May 2012 IQCS/QMSLA/01A Issued April 2020 R23

1.7.1 ISO 19011:2018

• Guidelines for auditing management systems

• Replaces ISO 19011 : 2011 Guidelines on

2/14/2022May 2012 IQCS/QMSLA/01A Issued April 2020 R23

2/14/2022May 2012 IQCS/QMSLA/01A Issued April 2020 R23

 In particular the different approval criteria needed

 This document was drafted in accordance with

2/14/2022May 2012 IQCS/QMSLA/01A Issued April 2020 R23

1.9.1 Reasons for Certification / Registration

• Certification by any accredited registrars can

• Beneficial to customers whose suppliers are