Professional Documents
Culture Documents
info@isom.co.uk 1
ISOM QUALITY INTERNAL AUDIT GUIDE
Isom Ltd
9 Patford Street
Calne
Wiltshire
Tel: 01249 812343
Fax: 01249 816963
www.isom.co.uk
e-mail: info@Isom.co.uk
info@isom.co.uk 2
ISOM QUALITY INTERNAL AUDIT GUIDE
CONTENTS
Page No
CONTENTS 3
SECTION 1 INTRODUCTION 4
1.1 Purpose of the Guide 4
1.2 Aim of Internal Audit 4
1.3 Requirements for Internal Audit 5
1.4 Terminology 6
info@isom.co.uk 3
ISOM QUALITY INTERNAL AUDIT GUIDE
SECTION 1
INTRODUCTION
The Internal Audit should ascertain the level of control that the
organization has over its quality systems and the effectiveness of those
systems. Ideally (and hopefully), you are confirming that your
info@isom.co.uk 4
ISOM QUALITY INTERNAL AUDIT GUIDE
info@isom.co.uk 5
ISOM QUALITY INTERNAL AUDIT GUIDE
1.4 Terminology
Generally, terminology within this guide is the same as used with the
ISO 9001:2000 standard (and defined within the ISO 9000:2000
standard). For example, ‘organization’ is used to denote a company,
corporation, firm, enterprise, business, etc.
info@isom.co.uk 6
ISOM QUALITY INTERNAL AUDIT GUIDE
SECTION 2
2.1 General
info@isom.co.uk 7
ISOM QUALITY INTERNAL AUDIT GUIDE
2.2 Responsibilities
info@isom.co.uk 8
ISOM QUALITY INTERNAL AUDIT GUIDE
Frequency of audits
The ISO 9001:2000 standard requires only that internal audits are
conducted at ‘planned intervals’ - there is no guidance as to what those
intervals should be.
Certainly, the internal audits should be carried out no less than once
per year. More meaningful results will be obtained if they are carried
out more often. Obviously, the higher the frequency of the internal
audits, the greater need for auditing resources and the greater the
interruption to day-to-day operation of the organization. In Isom’s case,
we considered every six months to be a reasonable compromise. It
should also be noted that it is perfectly acceptable to audit some
activities at a higher frequency than others
info@isom.co.uk 9
ISOM QUALITY INTERNAL AUDIT GUIDE
• are staff aware of the organization’s quality policy and are the
quality procedures and objectives relevant to their work?
• does the quality of the organization’s product(s) reflect that staff
are adequately and appropriately trained, skilled and competent?
• are the relevant documented procedures being followed?
• are appropriate records being kept?
The standard does not include specific requirements for the source of
internal auditors. However, it does state that the selection of auditors
should ‘ensure objectivity and impartiality of the audit process’ (ISO
9001:2000 clause 8.2.2). Neither does the standard include a
requirement for specially trained internal auditors, although it does
include a general requirement that staff performing specific tasks
affecting quality should be assigned on the basis of appropriate
education, training, experience and competency (ISO 9001:2000 clause
6.2.1). These points should be considered when selecting and
assigning auditors.
info@isom.co.uk 10
ISOM QUALITY INTERNAL AUDIT GUIDE
Quite a tall order and obviously very much the ideal auditor.
info@isom.co.uk 11
ISOM QUALITY INTERNAL AUDIT GUIDE
info@isom.co.uk 12
ISOM QUALITY INTERNAL AUDIT GUIDE
Internal Audit
(ISO 9001:2000, Clause 8.2.2)
At least one audit must be carried out in every six month period. Any higher
frequency of audits is at the discretion of the Quality Manager. The Quality
Manager may assign any suitably trained personnel to carry out the audit but
must ensure that the personnel assigned has not been involved in the
activities being audited.
Internal Audits shall be carried out using QMS Form 6. Procedures for
Internal Audits are described in 1.3 INTERNAL AUDIT in SECTION 1 of the
organization’s Quality Procedures Manual.
info@isom.co.uk 13
ISOM QUALITY INTERNAL AUDIT GUIDE
At least one audit shall be carried out on a six-monthly basis. Any higher
frequency of audits is at the discretion of the Quality Manager.
The Quality Manager may assign any suitably trained personnel to carry out
the audit but must ensure that the personnel assigned have not been involved
in the activities being audited.
The audits shall be carried out by using QMS Form 6 (refer to Appendix F)
and are designed to ensure the following:
(1) That quality system documentation adequately defines the needs of
the organization.
(2) That the documented procedures are practical, understood and
followed.
(3) That training is adequate.
(4) That customer satisfaction can be measured and monitored (refer to
SECTION 5 of the Quality Manual and Appendix L of this manual).
The results of the audit shall be recorded on QMS Form 6 (refer to Appendix
F) and shall indicate the following:
(1) The deficiencies found.
(2) The corrective action required.
(3) The time agreed for corrective action to be carried out.
(4) The person responsible for carrying out the corrective action.
(5) The recommendations for improvements as necessary.
QMS Forms 6 shall be filed with other Quality Records by the Quality Manager
and shall be made available when Management Reviews are carried out.
This text defines the responsibility for organizing the audits, their
planned frequency and the criteria for assigning auditors. The text also
gives a summary of what the audit should achieve and what should be
included in its record - in Isom’s case this also refers to our QMS Form
info@isom.co.uk 14
ISOM QUALITY INTERNAL AUDIT GUIDE
6 which is used to carry out and record the actual Internal Audit (refer to
text below).
Note that the Isom text refers to ‘... suitably trained personnel ...’ (see
2.3 Planning and Preparing Internal Audit Procedures).
Isom’s Internal Audits are carried out using the QMS form mentioned
above. This is an integral part of the procedure and is used as an
enhanced check list. A copy of the form is reproduced as Appendix 1
to this guide. Notes on the use of the form are included as italic text in
grey boxes.
info@isom.co.uk 15
ISOM QUALITY INTERNAL AUDIT GUIDE
SECTION 3
Depending upon the organization's structure, size and its QMS, some
or all of the following preparatory actions may need to be carried out by
the audit team, or auditor, prior to the audit:
• review the scope and size of the audit, determine size of audit
team;
• obtain audit check lists (procedures) and ensure they are up to
date and complete;
• obtain details (work carried out, personnel, management
structure) of the department(s) or process area being audited;
• obtain copies of relevant work process flow charts or work
instructions;
• prepare audit programme and agree programme with auditees;
• obtain details of any restrictions that may apply to the audit (e.g.
restricted access to certain areas on security or safety grounds);
• arrange for departmental guide(s) or escort(s) for the auditor(s),
these guides should:
have a good knowledge of the activities carried out by the
department or work area being audited;
know the names, titles, etc. of department personnel;
be capable of understanding audit observations.
The mutually agreed audit programme formalizes the audit and should:
• inform those involved (the auditees) about what will happen during
the audit;
info@isom.co.uk 16
ISOM QUALITY INTERNAL AUDIT GUIDE
The lead auditor should assign specific tasks to each team auditor
before the opening meeting.
The internal audit should start with an 'Opening Meeting' with the head
of the department/work area being audited. The objectives of the
opening meeting are:
• to confirm arrangements for the audit; to introduce the audit team;
• to meet key participants in the audit;
• to confirm specific details (of the department/work area);
• to brief the departmental management/work area supervisors and
to answer any questions raised;
• to gain information about the working of the department/work
area;
• to verify that nothing has changed since pre-audit contact;
• to allow clarification of any aspect of the audit.
The audit team should arrive together and at the agreed time. The
meeting should be controlled by the lead auditor who should endeavour
to maintain the initiative at all times. Other auditors within the team
should contribute to the meeting when invited to do so. The meeting
should be kept as short as possible; time wasting should be avoided.
info@isom.co.uk 17
ISOM QUALITY INTERNAL AUDIT GUIDE
Behaviour of auditors
• the auditor should show a friendly but formal approach to
auditees;
• the auditor should be observant and understanding;
• the auditor should strive to achieve good communication and
recording during the audit;
• the auditor should be aware of their ‘body language’, e.g. do not
display aggression, do not point fingers at auditees, etc.
Interviewing auditees
• use the procedures/check lists as guides, do not be inhibited by
them;
• wherever possible, ask only open-ended questions’, e.g. ‘How do
you monitor the ...?’ not ‘Do you monitor the ... by ...?’;
• allow the auditee time to answer your question fully, do not lead
their answers;
• do not let the departmental guide or escort answer for the auditee;
• observe the auditee’s body language, are they:
looking uncomfortable;
looking too comfortable/acting too confidently;
passing ‘secret messages’ (by means of gestures, facial
expressions, etc.) to other auditees;
• wherever possible use the ‘feedback loop’ method of checking,
i.e.:
ask questions (open-ended) to provide information;
observe what is happening;
info@isom.co.uk 18
ISOM QUALITY INTERNAL AUDIT GUIDE
info@isom.co.uk 19
ISOM QUALITY INTERNAL AUDIT GUIDE
For the closing meeting, the audit team should report back to the
people (appropriate managers, supervisors, etc.) that attended the
opening meeting. The following protocol should be observed during
this meeting:
• address comments to the manager or other senior person
present;
• do not criticise any of the auditees;
• confine the discussion to the relevant features of the QMS and
product realization process(es);
• do not try to tell the managers/supervisors how to do their jobs:
• include the positive findings of the audit;
• invite agreement on the audit findings, try not to close the meeting
with disagreements outstanding - it may be better for the audit
team to back-down on some contentious findings;
• reach agreement on nonconformitiess, the associated corrective
action required and the timing of that action;
• invite suggestions for actions:
• answer all queries;
• produce a (hand written) summary of the meeting and get it
signed by the manager/supervisor before closing the meeting.
info@isom.co.uk 20
ISOM QUALITY INTERNAL AUDIT GUIDE
SECTION 4
Following the closing meeting, the audit report should be finalised and
completed. The report should then be submitted to the Quality
Manager. The Quality Manager should be briefed on any
nonconformitiess found and the associated corrective action(s) and
timing agreed with the auditees. Depending upon your findings, the
Quality manager may decide that a complete re-audit is required; any
such decision should be communicated without delay to the
department.
On completion of the original audit and after discussion with the Quality
Manager (see 4.1. above), the actions detailed below should be carried
out:
info@isom.co.uk 21
ISOM QUALITY INTERNAL AUDIT GUIDE
Your organization’s procedures may require that you also report audit
findings to top management. In this case it is likely that the report is
made jointly by the auditor and Quality Manager.
High
Cost
Low n
Revise documentation
Management will show great enthusiasm for Items in the bottom right of
the matrix; items in the top left hand will be of no interest whatsoever!
info@isom.co.uk 22
ISOM QUALITY INTERNAL AUDIT GUIDE
info@isom.co.uk 23
ISOM QUALITY INTERNAL AUDIT GUIDE
info@isom.co.uk 24
ISOM QUALITY INTERNAL AUDIT GUIDE
info@isom.co.uk 25
ISOM QUALITY INTERNAL AUDIT GUIDE
info@isom.co.uk 26