Professional Documents
Culture Documents
© Operational
© Operational Excellence
Excellence Consulting.
Consulting. All
All rights
rights reserved.
reserved.
Disclaimer and Approved Use
Disclaimer
• This presentation is intended for use in training individuals within an organization. The
handouts, tools and presentations may be customized to suit your needs and preferences.
• THE FILES AND PRESENTATIONS ARE DISTRIBUTED ON AN "AS IS" BASIS WITHOUT
WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED.
Copyright
• This presentation is created and copyrighted by Operational Excellence Consulting.
• Copyrights of all the pictures used in this presentation are held by their respective owners.
Approved Use
• Each copy of this presentation can be used throughout a single Customer location, such as a
manufacturing plant. Multiple copies may reside on computers within that location, or on the
intranet for that location. Contact us for authorization to use this presentation at multiple
locations.
• The presentation may be customized to satisfy the customer’s application.
• The presentation, or portions or modifications thereof, may not be re-sold, rented or
redistributed in isolation or as part of any commercial offering.
• Current contact information can be found at: www.oeconsulting.com.sg
2 Principles of Auditing
4 Conducting an Audit
6
About ISO
• Principles of auditing
• Managing an audit program
• Conducting management system audits
• Evaluation of competence of individuals involved in the audit
process
It is applicable to all
organizations that need to plan
and conduct internal or
external audits of management
systems or manage an audit
program
2002
ISO 19011:2002 (1st issue)
5.2 Establishing audit program 6.2 Initiating audit 7.2 Personal behavior
objectives
5.3 Determining and evaluating audit 6.3 Preparing audit activities 7.3 Knowledge and skills
program risks and opportunities
5.4 Establishing the audit program 6.4 Conducting audit activities 7.4 Selecting appropriate auditor
evaluation method
5.5 Implementing audit program 6.5 Preparing and distributing audit 7.5 Conducting audit evaluation
report
5.6 Monitoring audit program 6.6 Completing audit 7.6 Maintaining and improving auditor
competence
Certification
External provider and/or
audit accreditation
audit
Internal audit
Audit
Combined audit
Joint audit
Audit program
Audit scope
Audit plan
Audit criteria
Objective evidence
Audit evidence
Audit findings
Audit conclusion
Audit client
• [In the case of internal audit, the audit client can also be the auditee or
the individual(s) managing the audit program; Requests for external audit
can come from sources such as regulators, contracting parties or
potential or existing clients]
Auditee
Audit team
• [One auditor of the audit team is appointed as the audit team leader; The
audit team can include auditors-in-training]
Auditor
Technical expert
Observer
• Individual who accompanies the audit team but does not act as an
auditor
Management system
Risk
• Effect of uncertainty
Conformity
• Fulfillment of a requirement
Nonconformity
• Non-fulfillment of a requirement
Competence
Requirement
Process
Performance
• Measurable result
Effectiveness
Principles of Auditing
28
Principles of Auditing
Risk-based Due
approach professional
care
Evidence-based
approach Confidentiality
Independence
38
Managing an Audit Program
General
Objectives
Relevant
Risks and
documented
opportunities
information
Audit team
members Scope of
selection each audit
criteria
Audit
Program
Information
Audit Schedule of
methods the audits
Audit types
Audit criteria (e.g. internal
or external)
Act Plan
Correct and improve your Establish objectives and draft
plans to meet and exceed your plans (analyze your
your planned results organization’s current systems,
establish overall objectives, set
interim targets for review and
develop plans to achieve them)
Check Do
Measure and monitor your Implement your plans within
actual results against your a structured management
planned objectives framework
u o us t
n
o nti emen
C rov
p
Im
A
P
C
D
rd
Quality Improvement
t anda
S
A
P
C
D
a ti on
d
n soli g h n
Co throu izatio
dar
d
d a rd
an n
St Sta
Time
5.3
Determining 5.2
5.4
PLAN 6.3 Preparing 6.2 Initiating and evaluating Establishing PLAN
Establishing
audit activities audit audit program audit program
audit program
risks and objectives
opportunities
6.5 Preparing
6.4 5.5
and
DO distributing
Conducting Implementing DO
audit activities audit program
audit report
6.6
5.6 Monitoring
CHECK Completing
audit program
CHECK
audit
Clause 6 Clause 5
RISKS OPPORTUNITIES
Planning Allowing multiple audits to be conducted in a single
Resources visit
Selection of audit team Minimizing time and distances travelling to site
• Provision of resources
• Documentation
the objective, scope and duration of each audit and the number of audits to be
conducted, reporting method and, if applicable, audit follow up
significant changes to the auditee’s context or its operations and related risks
and opportunities
• Consider
audit methods
the individual and overall availability of auditors and technical experts having
competence appropriate to the particular audit program objectives;
the extent of the audit program (see 5.4.3) and audit program risks and
opportunities
• Consider (con’t)
General
communicate the relevant parts of the audit program, including the risks and
opportunities involved, to relevant interested parties and inform them
periodically of its progress, using established external and internal
communication channels
coordinate and schedule audits and other activities relevant to the audit
program
© Operational Excellence Consulting. All rights reserved. 60
Managing an Audit Program
Implementing audit program
General
ensure the conduct of audits in accordance with the audit program, managing
all operational risks, opportunities and issues (i.e. unexpected events), as they
arise during the deployment of the program
define and implement the operational controls necessary for audit program
monitoring
review the audit program in order to identify opportunities for its improvement
• When more than one discipline is being audited at the same time it
is important that the audit objectives, scope and criteria are
consistent with the relevant audit programs for each discipline
No human interaction Conducting document review (e.g. records, data Conducting document review (e.g. records, data
analysis) analysis)
Observing work performed Observing work performed via surveillance
Conducting on-site visit means, considering social and statutory and
Completing checklists regulatory requirements
Sampling (e.g. products) Analyzing data
On-site audit activities are performed at the location of the auditee. Remote audit activities are performed at any place other than the location of the
auditee, regardless of the distance.
Interactive audit activities involve interaction between the auditee’s personnel and the audit team. Non-interactive audit activities involve no human
interaction with individuals representing the auditee but do not involve interaction with equipment, facilities and documentation.
• Size and composition of the audit team for the specific audit should
be decided considering necessary impacting factors (such as
overall competence needed, complexity, joint/combined audit, audit
methods, elimination of the conflicts of interest, ability of the audit
team to work with stakeholders, relevant external/internal issues
(language, social, cultural characteristics), need for interpreters/
technical experts and type and complexity of processes to be
audited)
evaluation of the achievement of the objectives for each audit within the audit
program
review and approval of audit reports regarding the fulfilment of the audit scope
and objectives
Records
Related to Audit Program Related to Each Audit Related to the Audit Team
Schedule of audits Audit plans and audit reports Competence and
Audit program objectives Objective audit evidence and performance evaluation of the
Those addressing audit findings audit team members
program risks and Nonconformity reports Criteria for the selection of
opportunities, and relevant Corrections and corrective audit teams and team
external and internal issues action reports members and formation of
Reviews of the audit program Audit follow-up reports audit teams
effectiveness Maintenance and
improvement of competence
• whether schedules are being met and audit program objectives are
being achieved
The individual(s) managing the audit program and the audit client
should review the audit program to assess whether its objectives
have been achieved
Conducting an Audit
73
Conducting an Audit
Initiating audit
General
• The responsibility for conducting the audit should remain with the
assigned audit team leader until the audit is completed
• The audit team leader should ensure that contact is made with the
auditee to:
confirm communication channels with the auditee’s representatives
• The audit team leader should ensure that contact is made with the
auditee to:
request access to relevant information for planning purposes including
information on the risks and opportunities the organization has identified and
how they are addressed
confirm the agreement with the auditee regarding the extent of the disclosure
and the treatment of confidential information
• The audit team leader should ensure that contact is made with the
auditee to:
determine any location-specific arrangements for access, health and safety,
security, confidentiality or other
agree on the attendance of observers and the need for guides or interpreters
for the audit team
resolve issues regarding composition of the audit team with the auditee or audit
client
• The review should take into account the context of the auditee’s
organization, including its size, nature and complexity, its related
risks and opportunities as well as the audit scope, criteria and
objectives
Audit planning
The audit team leader should adopt a risk-based approach to planning the
audit based on the information in the audit program and the documented
information provided by the auditee
The amount of detail provided in the audit plan should reflect the scope and
complexity of the audit, as well as the risk of not achieving the audit objectives
Risks to the auditee can result from the presence of the audit team members
adversely influencing the auditee’s arrangements for health and safety,
environment and quality, and its products, services, personnel or infrastructure
(e.g. contamination in clean room facilities)
The scale and content of the audit planning can differ, for example, between
initial and subsequent audits, as well as between internal and external audits.
Audit planning should address or reference the key information of audit such
objectives, scope, methods, criteria, schedule, audit team, etc.
Audit plans should be presented to the auditee, and any issues with the audit
plans should be resolved between the audit team leader, the auditee and, if
necessary, the individual(s) managing the audit program
• The audit team leader, in consultation with the audit team, should
assign to each team member responsibility for auditing specific
processes, activities, functions or locations and, as appropriate,
authority for decision-making
• The audit team members should collect and review the information
relevant to their audit assignments and prepare documented
information for the audit, using any appropriate media.
physical or digital checklists
audit sampling details
audio visual information
• Guides, appointed by the auditee, should assist the audit team and
act on the request of the audit team leader or the auditor to which
they have been assigned
confirm the agreement of all participants (e.g. auditee, audit team) to the audit
plan
• Where the degree of verification is low the auditor should use their
professional judgement to determine the degree of reliance that can
be placed on it as evidence
Interviews
Observations
Audit evidence
Audit findings
Reviewing
Audit conclusions
• The audit team should meet as needed to review the audit findings
at appropriate stages during the audit
• Preparation for closing meeting: The audit team should confer prior to
the closing meeting in order to:
review the audit findings and any other appropriate information collected during
the audit, against the audit objectives
agree on the audit conclusions, taking into account the uncertainty inherent in
the audit process
similar findings made in different areas that were audited or from a joint or
previous audit for the purpose of identifying trends
• The closing meeting should be chaired by the audit team leader and
attended by the management of the auditee and include, as
applicable:
those responsible for the functions or processes which have been audited
audit scope, particularly identification of the organization (the auditee) and the
functions or processes audited
audit criteria
audit conclusions
a statement on the degree to which the audit criteria have been fulfilled
any unresolved diverging opinions between the audit team and the auditee
audits by nature are a sampling exercise; as such there is a risk that the audit
evidence examined is not representative
The audit is completed when all planned audit activities have been
carried out, or as otherwise agreed with the audit client
Lessons learned from the audit can identify risks and opportunities
for the audit program and the auditee
104
Competence & Evaluation of Auditors
General
Confidence in the audit process and the ability to achieve its objectives
depends on the competence of those individuals who are involved in
performing audits, including auditors and audit team leaders
It is not necessary for each auditor in the audit team to have the same
competence
General
• In deciding the necessary competence for an audit, an auditor’s
knowledge and skills related to:
the size, nature, complexity, products, services and processes of auditees
the methods for auditing
the management system disciplines to be audited
the complexity and processes of the management system to be audited
the types and levels of risks and opportunities addressed by the management
system
the objectives and extent of the audit program
the uncertainty in achieving audit objectives
other requirements, such as those imposed by the audit client or other relevant
interested parties, where appropriate.
Personal behavior
Ethical
Open-
Collaborative
minded
Culturally
Diplomatic
sensitive
Open to
Observant
improvement
Professional
Behaviors
Able to act
Perceptive
with fortitude
Self-reliant Versatile
Decisive Tenacious
• General
plan the audit and assign audit tasks according to the specific competence of
individual audit team members
The audit team member should have an understanding of the interactions and
synergy between the different management systems
QUALITTATIVE QUANTITATIVE
Review of records To verify the background of the auditor Analysis of records of education, training,
employment, professional credentials and
auditing experience
Observation To evaluate desired professional behavior Role playing, witnessed audits, on-the-job
and the ability to apply knowledge and skills performance
Testing To evaluate desired behavior and Oral and written exams, psychometric testing
knowledge and skills and their application
Post-audit review To provide information on the auditor Review pf the audit report, interviews with
performance during the audit activities, the audit team leader, the audit team and, if
identify strengths and opportunities for appropriate, feedback from the auditee
improvement
1. Scope
2. Normative references
4. Principles of auditing
5.1 General
5.4.1 Roles and responsibilities of the individual(s) managing the audit program
5.5.1 General
5.5.2 Defining the objectives, scope and criteria for an individual audit
5.5.5 Assigning responsibility for an individual audit to the audit team leader
6. Conducting an audit
6.1 General
6.2.1 General
6.4.1 General
7.1 General
7.2.1 General
Annex A (informative) Additional guidance for auditors planning and conducting audits
Bibliography